Regulatory Reality:

Audit


June 1, 2010  7:32 PM

Flu pandemic plan: No need to go overboard



Posted by: David Schneier
Audit, bcp, business continuity planning, findings, observations, pandemic, Pandemic Planning, regulatory, Regulatory Compliance, testing

I'm returning to the office after having given in to the siren song of Memorial Day weekend.  Despite enjoying the long break and all its trappings (way too much I might add), something that hit my radar last week remained on my mind. Earlier in the week, I came across a comment in an IT audit...

May 21, 2010  1:55 PM

The new Senate finance bill: not what I hoped for



Posted by: David Schneier
Audit, compliance, FDIC, OCC, Regulatory Compliance, risk, risk assessment, risk assessments, SEC

I'm an optimist:  Ask anyone who knows me either personally or professionally and they'll agree.  And I've been eagerly anticipating new legislation ever since the banks spiraled out of control and needed government intervention to save themselves.  As my wife likes to tell people, when the...


April 23, 2010  10:14 PM

Compliance professionals need thick skins



Posted by: David Schneier
assessment, assessments, Audit, bcp, business continuity planning, controls, framework, general controls, GLBA, IT General Controls, NCUA, Regulatory Compliance, Security, security awareness, Vendor Management

I've often surprised people when it comes to conducting audit/assessment work or developing compliance programs.  Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life.  However when it comes to my career, I tend to be much more of a...


April 16, 2010  4:56 PM

Regulatory compliance is not optional



Posted by: David Schneier
Audit, bcp, business continuity planning, compliance, exam, examiner, FDIC, NCUA, Regulatory Compliance, vendor, Vendor Management

If I haven't already shared this with you, I'm a partner in a regulatory compliance advisory firm.  We offer services to the banking sector that pretty much cover the entirety of the information security spectrum.  And as you might imagine, there's a fair amount of sales and marketing that go...


March 14, 2010  3:59 AM

Muddy waters: Governance, risk and compliance



Posted by: David Schneier
assessment, Audit, framework, GLBA, GRC, IT General Controls, ITGC, Regulatory Compliance, risk, risk management

I had an email exchange with a colleague last week in which GRC (governance, risk and compliance as a unified methodology) was central to the discussion.  She felt that there's been a blurring of the lines in how people view GRC versus ERM (enterprise risk management) as disciplines and wanted to...


February 23, 2010  4:17 AM

Rethinking compliance software



Posted by: David Schneier
Audit, bcp, disaster recovery, GLBA, PCI, Regulatory Compliance, risk assessment, SOX, Vendor Management

Here's me about to eat crow. After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, I'm being forced to reconsider my position. I've long advocated that an institution or organization could just as easily develop manual...


February 12, 2010  11:38 PM

IT audit reports: Why you can’t handle the truth



Posted by: David Schneier
Audit, corruption, fraud, GLBA, Information Technology General Controls, infrastructure, IT, IT General Controls, ITGC, NCUA, Regulatory Compliance

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...


February 5, 2010  3:57 AM

How security aware is your organization?



Posted by: David Schneier
Audit, GLBA, information security, NCUA, phish, phishing, Regulatory Compliance, risk, risk assessment, Security, security testing, social engineering

Consider this post to be something of a (banking) community service announcement. It's February 2010, do you know when the last time was that your organization conducted a social engineering exercise? I come across instances almost all of the time where financial institutions have obvious...


January 15, 2010  6:05 AM

The best part of audit (yes, I mean audit)



Posted by: David Schneier
Audit, controls, evidence, GLBA, Regulatory Compliance, risk

A recent jobs survey released last week indicated that less than 50% of the work force is satisfied with their job. Me, I’m a lucky guy as I genuinely like what I do for a living. It’s funny in a way because over the first decade or so of my...


December 29, 2009  5:30 PM

Was 2009 the year regulatory compliance became a good thing?



Posted by: David Schneier
Audit, business continuity planning, GLBA, information security, IT General Controls, red flags, red flags identity theft, Regulatory Compliance, Vendor Management

When I sat down to write my last blog post for 2009, I was planning to write either about my predictions for 2010 or a retrospective of 2009. But that’s just so clichéd; everyone does that or tries to. And as I’d wrote in a recent post about...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: