Is SOX too costly?

June 5, 2008

Since Sarbanes Oxley became the law in 2002, the average cost of compliance for companies with revenue less than 1B has risen from 1.7 M to 2.8 M in 2006, a 165% increase since 2003.

For companies with annual revenue over 1B, the average compliance cost increased by 54%, from 8.1 M in 2003 to 12.4 M in 2006.

Is SOX compliance too costly? Read the rest of this entry »


GRC Market Overview and Trends

December 31, 2007

How was GRC doing in 2007 and what are future trends in 2008 and beyond? A recent report by John Hagerty from AMR said it all: Read the rest of this entry »

Delay on Sec. 404 for SME

December 18, 2007

SEC Chairman Christopher Cox plans to propose giving non-accelerated filers another year’s extension before they must get an auditor’s attestation on their internal controls, as required by Section 404 of Sarbanes-Oxley. Speaking at a House committee hearing Wednesday morning, Cox said the SEC will launch a study of Section 404 costs and benefits early next year; according to Cox, forcing non-accelerated filers to comply with Section 404(b) before that analysis was complete would be unwise.

Oracle launches GRC initiative for partners

November 12, 2007

According to AMR Research, governance, risk and compliance spending will reach US$29.9 billion in 2007, an increase of 8.5 percent over 2006. In 2008, this number will increase an additional 3.6 percent to US$31 billion.

Available to select members of the Oracle PartnerNetwork who deliver security and/or compliance solutions or services complementary to Oracle’s, the initiative helps create a partner ecosystem offering world-class, integrated, comprehensive solutions and services for access control, data protection and privacy and compliance management, based on Oracle Applications and technology.

Gartner’s top 10 for 2008

October 23, 2007

Gartner listed top 10 strategic technologies for 2008:

The report lists the following as the top 10:

  • Green IT
  • Unified Communication
  • Business Process Modeling
  • Metadata Management
  • Virtualization 2.0
  • Mashup and Composite Apps
  • Web Platform and WOA
  • Computing Fabric
  • Real World Web
  • and Social Software

New internal control monitoring guidance by COSO

October 10, 2007

COSO has released the new guidance for companies to conduct ongoing and special purpose minotoring. The new guidance provides the tools and examples that will help companies more thouroughly understand the monitoring component of the IC framework. It also demonstrates how monitoring controls integrates with management’s responsibility to perform 404 assessment in a cost effective way.

The 40 – page draft has been released. COSO is seeking the feedback by Oct. 31.  The final version is scheduled to be released for Q1, 08.

Oracle buys Logical Apps

October 10, 2007

As a step forward to strengthen the GRC leadership, Oracle announced to acquire Logical Apps, a leading compliance vendor for Oracle applications on Oct. 9, 2007

What is GRC?

September 18, 2007

One of the best explanations of GRC I’ve came across is from Michael Rasmussen, VP of GRC research from Forrester. Most poeple try to explain GRC in separate components, G, R, C. Michael explains it in a more cohesive way and a good analogy: a three legged stool

 ‘The purpose of GRC is to provide sustainability, consistency, efficiency, and transparency for the multiple GRC processes in the organization. This is achieved by encouraging collaboration among the roles responsible for GRC (e.g., corporate secretary, corporate compliance, enterprise risk, audit, IT, line-of-business, investigations, legal) as well as leveraging a common framework and technology infrastructure.’

Oracle Buys Enterprise Role Management Leader Bridgestream

September 10, 2007

REDWOOD SHORES, Calif.   05-SEP-2007 05:01 AM    Oracle today announced that it has acquired Bridgestream, Inc., a leading provider of Enterprise Role Management software. Enterprise Role Management has emerged as a key component of identity management deployments to improve overall security and address regulatory requirements. By adding Bridgestream’s leading role discovery, definition and management capabilities to Oracle’s widely adopted access management and user provisioning solutions, Oracle provides the most comprehensive and feature-rich identity management solution. Oracle’s Identity and Access Management Suite is a component of Oracle Fusion Middleware, the industry’s fastest growing, most standards- compliant, and best-of-breed technology foundation for Service-Oriented Architecture. Read the rest of this entry »

First AS5 audit – auditor’s and company’s views

September 10, 2007

As large public companies are approaching the first reporting cycle under AS5, how are auditors and companies planning for their first AS5 audit?

After digesting several articles at Compliance Week, I have listed some important findings from both auditor’s and company’s view and opportunity for GRC software. Read the rest of this entry »