Archive for the ‘GRC Trend’ Category

Is SOX too costly?

June 5, 2008

Since Sarbanes Oxley became the law in 2002, the average cost of compliance for companies with revenue less than 1B has risen from 1.7 M to 2.8 M in 2006, a 165% increase since 2003.

For companies with annual revenue over 1B, the average compliance cost increased by 54%, from 8.1 M in 2003 to 12.4 M in 2006.

Is SOX compliance too costly? (more…)

Advertisements

GRC Market Overview and Trends

December 31, 2007

How was GRC doing in 2007 and what are future trends in 2008 and beyond? A recent report by John Hagerty from AMR said it all: (more…)

Gartner’s top 10 for 2008

October 23, 2007

Gartner listed top 10 strategic technologies for 2008:

The report lists the following as the top 10:

  • Green IT
  • Unified Communication
  • Business Process Modeling
  • Metadata Management
  • Virtualization 2.0
  • Mashup and Composite Apps
  • Web Platform and WOA
  • Computing Fabric
  • Real World Web
  • and Social Software

What is GRC?

September 18, 2007

One of the best explanations of GRC I’ve came across is from Michael Rasmussen, VP of GRC research from Forrester. Most poeple try to explain GRC in separate components, G, R, C. Michael explains it in a more cohesive way and a good analogy: a three legged stool

 ‘The purpose of GRC is to provide sustainability, consistency, efficiency, and transparency for the multiple GRC processes in the organization. This is achieved by encouraging collaboration among the roles responsible for GRC (e.g., corporate secretary, corporate compliance, enterprise risk, audit, IT, line-of-business, investigations, legal) as well as leveraging a common framework and technology infrastructure.’

First AS5 audit – auditor’s and company’s views

September 10, 2007

As large public companies are approaching the first reporting cycle under AS5, how are auditors and companies planning for their first AS5 audit?

After digesting several articles at Compliance Week, I have listed some important findings from both auditor’s and company’s view and opportunity for GRC software. (more…)

A Model to predict accounting fraud!

September 4, 2007

Imagine that your auditor has a magic wand to predict if your company has a high probability for financial fraud. It is true now as researchers came up with a model to predict material accounting manipulations. The mathematical model released in June, focus on 5 areas where manipulations likely to take place: accrual quality (in terms of the number of accruals being booked), financial performance (including earnings growth, cash margins, and transaction management), nonfinancial performance (order backlog and employee head count), off-balance-sheet activities (operating leases and pension assumptions), and market-based measures (valuations and price-to-earnings ratio).

As accounting numbers are balanced and inter-connected, a fraud score exceeds the norm sends immediate red signal to auditors. For more details about the model, please check out CFO.com What’s your fraud score.

A tool like this could be an option to easily spot the high risk areas for auditors. This means reducing the auditing money for companies. 

Approva’s integration with Mircosoft Office

August 28, 2007

For most of ERP vendors, one of the areas which makes the solution stands out is the usability. The application which provides the intuitive navigation and the seamless integration with information worker’s daily job, wins the competition.  I could not agree more on it. iPhone concept does work for ERP software.

Approva’s integration with Mircosoft Office is a good case study of Office Business Application (OBA) as it puts.  You can see how it integrates with Microsoft portal, Outlook and Excel.

http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000530

Choosing significant accounts after AS5

August 17, 2007

After the Auditing Standard No. 5 with ‘risk based, top down approach’ replaced AS2, companies will change the way of selecting significant accounts from previously ‘whether it exceeds materiality threshold regardless of risks’, to qualitative factors. This ‘qualatative first, quantative second’ approach will allow companies to focus resources on key controls and therefore to reduce the costs.

An article from Compliance week suggested a new way of choosing significant accounts. (more…)

Accenture to invest $250M to expand technology consulting

July 18, 2007

Accenture said it will invest more than $250 million over the next three years to expand its technology consulting capabilities.

The investment is designed to address a strong increase in demand from clients for services an advice from technology -platform-independent services providers.

Specifically, the investment will focus on helping clients: develop IT strategies that deliver measurable business outcomes; standardize, virtualize and secure their IT infrastructures and applications; improve worker productivity; and implement new consumer-like, Web-based applications that tap into the potential of services-oriented architecture (SOA) and other newer technologies.
 

Among specific areas, one of them is to deal with issues from compliance requirements, such as risk management, application security… (more…)

Automating Internal Control Process

July 18, 2007

As the part of Section 404, Sarbanes Oxley Act requires the review of user access. Most companies follow similar process: once or twice a year, IT department prints out the application access and sends to business managers to confirm their staff’s access to ERP applications. This could become a big headache for corporate internal control team if the company has thousands of employees. The complication arises because of the cultural barrier between IT and business departments. Most business managers are not familiar with the ERP backend user authorizations. And in reality, the collaboration between IT and business managers is not that great. There is one independent survey by Ponemon Institute this Feb.. which mentioned that ‘two thirds of 627 respondent companies said their IT department and business functions rarely collaborate in identity management’.

(more…)