Subscribe: ACM Queue - Compliance
Added By: Feedage Forager Feedage Grade B rated
Language: English
act  business processes  business  companies  compliance  oxley act  oxley  requirements  sarbanes oxley  sarbanes  sox sarbanes  sox 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: ACM Queue - Compliance

ACM Queue - Compliance


Standards Advice

Wed, 30 Dec 2009 14:18:47 GMT

My mother took language, both written and spoken, very seriously. The last thing I wanted to hear upon showing her an essay I was writing for school was, "Bring me the red pen." In those days I did not have a computer; all my assignments were written longhand or on a typewriter, so the red pen meant a total rewrite. She was a tough editor, but it was impossible to question the quality of her work or the passion that she brought to the writing process. All of the things Strunk and White have taught others throughout the years my mother taught me, on her own, with the benefit of only a high school education and a voracious appetite for reading.

Compliance Deconstructed

Fri, 15 Sep 2006 08:48:42 GMT

Compliance Deconstructed

When you break it down, compliance is largely about ensuring that business processes are executed as expected.


The topic of compliance becomes increasingly complex each year. Dozens of regulatory requirements can affect a company’s business processes. Moreover, these requirements are often vague and confusing. When those in charge of compliance are asked if their business processes are in compliance, it is understandably difficult for them to respond succinctly and with confidence. This article looks at how companies can deconstruct compliance, dealing with it in a systematic fashion and applying technology to automate compliance-related business processes. It also looks specifically at how Microsoft approaches compliance to SOX (Sarbanes-Oxley Act of 2002).

Compliance Drivers

Regulatory legislation and corporate governance are primarily what drives compliance. Failure to comply with legislation such as Sarbanes-Oxley can lead to fines and disruption of day-to-day business. Even companies that are not concerned with regulatory legislation need to protect important corporate resources such as customer data and trade secrets.

Box Their SOXes Off

Fri, 15 Sep 2006 08:48:41 GMT

Box Their SOXes Off

Being proactive with SAS 70 Type II audits helps both parties in a vendor relationship.


Data is a precious resource for any large organization. The larger the organization, the more likely it will rely to some degree on third-party vendors and partners to help it manage and monitor its mission-critical data. In the wake of new regulations for public companies, such as Section 404 of SOX (Sarbanes-Oxley Act of 2002), the folks who run IT departments for Fortune 1000 companies have an ever-increasing need to know that when it comes to the 24/7/365 monitoring of their critical data transactions, they have business partners with well-planned and well-documented procedures.

In response to a growing need to validate third-party controls and procedures, some companies are insisting that certain vendors undergo SAS (Statement on Auditing Standards) 70 Type II audits. These audits refer to an AICPA (American Institute of Certified Public Accountants) standard that sets forth the practice for evaluating the performance of outside service organizations. (A Type I audit describes the business’s controls, noting if they are suitably designed and in place; a Type II audit tests those controls and reports if they are working adequately.)

Complying with Compliance

Fri, 15 Sep 2006 08:48:39 GMT

Complying with compliance

Blowing it off is not an option.


“Hey, compliance is boring. Really, really boring. And besides, I work neither in the financial industry nor in health care. Why should I care about SOX and HIPAA?”

Yep, you’re absolutely right. You write payroll applications, or operating systems, or user interfaces, or (heaven forbid) e-mail servers. Why should you worry about compliance issues?

A Requirements Primer

Fri, 15 Sep 2006 08:48:39 GMT

A Requirements Primer


Many software engineers and architects are exposed to compliance through the growing number of rules, regulations, and standards with which their employers must comply. Some of these requirements, such as HIPAA (Health Insurance Portabililty and Accountability Act), focus primarily on one industry, whereas others, such as SOX (Sarbanes-Oxley Act), span many industries. Some apply to only one country, while others cross national boundaries. To help navigate this often confusing world, Queue has assembled a short primer that provides background on four of the most important compliance challenges that organizations face today.


The Sarbanes-Oxley Act of 2002 can be tidily summed up as trying to answer the not-so-simple question, “Says who?” when it comes to proper corporate financial reports. Because of a spate of major corporate and accounting scandals at the turn of the century—perhaps best punctuated by the collapse of Enron and Arthur Andersen—Sarbanes-Oxley, or SOX, was designed to shore up public and investor confidence in financial reporting.