compliance

Accountability key to banking recovery

Every day, I receive a semi-deluge of industry related emails.  Between the various agencies, media sites, organizations and associations I tend to receive more communiqués than I know what to do with.  But I developed an interesting habit last year when the banking...

Can the economy rebound without the banks?

I had one of those odd moments yesterday regarding the banking industry that I wanted to share with you.

On the homepage of a major news website were two headline stories. The first was about how Ben Bernanke believes the recession we’re...

IT audits versus reviews

I had mentioned in my last post a recent conversation with my partner regarding a proposed IT general controls (ITGC) audit. My primary role in our practice is to head up regulatory compliance services which includes audits, assessments and program development; my...

Let the FDIC lead the way!

I can’t think of any more telling comment about where I am in my professional life than what I’m about to offer:

Sheila Bair rocks!

If you don’t know who she is, well, shame on you.  Because...

Does compliance equate to secure?

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...

How’s about a federally mandated Information Security Assessment?

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...

2 for 1 sale: How governance leads to compliance.

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...

Financial regulations and my crystal ball.

I had a great piece lined up for this week about a governance project I’m working on but was waylaid by all the news that hit the radar around regulatory reform.

In what may be the understatement of the year, the plans revealed last week by President...

Risk is at the heart of what matters most.

I had two great conversations this week regarding risk assessments (jeez, does that ever sound geeky). The first conversation centered on what an associate was expecting  to accomplish via the risk assessment process and the second one was a general conversation about the proper approach to...

Who put the G in GRC?

I’m something of an advocate for Governance, Risk and Compliance (GRC) and have been for several years.  I’ve been known to rant a bit how it’s not properly organized as an acronym because everyone who knows knows that risk comes first and so it should’ve been...