Transparency for Governance
This week we want to address what regulatory compliance means and the role of IT in maintaining corporate compliance and what can happen to organizations and their senior management if they ignore compliance mandates. To start with we need to explain what regulatory compliance means. "Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. Violations of regulatory compliance regulations often result in legal punishment, including federal fines. Examples of regulatory compliance laws and regulations include the Dodd-Frank Act, Payment Card Industry Data Security Standard (PCI DSS) , Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and the Sarbanes-Oxley Act (SOX).
As the number of rules has increased since the turn of the century, regulatory compliance has become more prominent in a variety of organizations. The trend has even led to the creation of corporate, chief and regulatory compliance officer positions to hire employees whose sole focus is to make sure the organization conforms to stringent, complex legal mandates." http://searchcompliance.techtarget.com/definition/regulatory-compliance
While IT plays a big role in making sure the company is in compliance there is nothing mentioned specific in SOX regarding it. "In section 404, the SOX requires “each annual report contain an internal control report … [that] contains an assessment of … the effectiveness of the internal control structures and procedures of the issuer for financial reporting”. As information technology plays a major role in the financial reporting process, IT controls would need to be assessed to see if they fully satisfy this SOX requirement. Although information security requirements have not been specified directly in the Act, there would be no way a financial system could continue to provide reliable financial information, whether
As the number of rules has increased since the turn of the century, regulatory compliance has become more prominent in a variety of organizations. The trend has even led to the creation of corporate, chief and regulatory compliance officer positions to hire employees whose sole focus is to make sure the organization conforms to stringent, complex legal mandates." http://searchcompliance.techtarget.com/definition/regulatory-compliance
While IT plays a big role in making sure the company is in compliance there is nothing mentioned specific in SOX regarding it. "In section 404, the SOX requires “each annual report contain an internal control report … [that] contains an assessment of … the effectiveness of the internal control structures and procedures of the issuer for financial reporting”. As information technology plays a major role in the financial reporting process, IT controls would need to be assessed to see if they fully satisfy this SOX requirement. Although information security requirements have not been specified directly in the Act, there would be no way a financial system could continue to provide reliable financial information, whether