Archive for September, 2007

What is GRC?

September 18, 2007

One of the best explanations of GRC I’ve came across is from Michael Rasmussen, VP of GRC research from Forrester. Most poeple try to explain GRC in separate components, G, R, C. Michael explains it in a more cohesive way and a good analogy: a three legged stool

 ‘The purpose of GRC is to provide sustainability, consistency, efficiency, and transparency for the multiple GRC processes in the organization. This is achieved by encouraging collaboration among the roles responsible for GRC (e.g., corporate secretary, corporate compliance, enterprise risk, audit, IT, line-of-business, investigations, legal) as well as leveraging a common framework and technology infrastructure.’


Oracle Buys Enterprise Role Management Leader Bridgestream

September 10, 2007

REDWOOD SHORES, Calif.   05-SEP-2007 05:01 AM    Oracle today announced that it has acquired Bridgestream, Inc., a leading provider of Enterprise Role Management software. Enterprise Role Management has emerged as a key component of identity management deployments to improve overall security and address regulatory requirements. By adding Bridgestream’s leading role discovery, definition and management capabilities to Oracle’s widely adopted access management and user provisioning solutions, Oracle provides the most comprehensive and feature-rich identity management solution. Oracle’s Identity and Access Management Suite is a component of Oracle Fusion Middleware, the industry’s fastest growing, most standards- compliant, and best-of-breed technology foundation for Service-Oriented Architecture. (more…)

First AS5 audit – auditor’s and company’s views

September 10, 2007

As large public companies are approaching the first reporting cycle under AS5, how are auditors and companies planning for their first AS5 audit?

After digesting several articles at Compliance Week, I have listed some important findings from both auditor’s and company’s view and opportunity for GRC software. (more…)

A Model to predict accounting fraud!

September 4, 2007

Imagine that your auditor has a magic wand to predict if your company has a high probability for financial fraud. It is true now as researchers came up with a model to predict material accounting manipulations. The mathematical model released in June, focus on 5 areas where manipulations likely to take place: accrual quality (in terms of the number of accruals being booked), financial performance (including earnings growth, cash margins, and transaction management), nonfinancial performance (order backlog and employee head count), off-balance-sheet activities (operating leases and pension assumptions), and market-based measures (valuations and price-to-earnings ratio).

As accounting numbers are balanced and inter-connected, a fraud score exceeds the norm sends immediate red signal to auditors. For more details about the model, please check out What’s your fraud score.

A tool like this could be an option to easily spot the high risk areas for auditors. This means reducing the auditing money for companies.