Why are the trials under the Foreign Corrupt Practices Act multiplying 30 years after its implementation? Is it yet another example of decade long non compliance that has provided Securities and Exchange Commission almost a billion dollars in penalties?

In this and future newsletters we continue to focus on some of the IT Tools that are available on the International market. In this newsletter we focus on the GRC solutions provided by MetricStream.

Gartner and Forrester Research rank MetricStream as a market leader in the area of software for Governance, Risk and Compliance. In 2009, MetricStream has provided IT solutions to UBS, Societe Generale, Philips, Roche, NASDAQ-OMX, Fresenius Kabi etc.

How Credit Cards Will Change In 2010. Like it or not, credit cards are a major part of all western households. During the past several laws have governed the Credit card transactions, PCI being the most predominant.

The European Commission has now excluded the U.S. from a deal that will allow audit oversight bodies operating inside the European Union to share their working papers with professional supervisors in other countries.

2009 har været et anstrengende år for flere virksomheder. Men året har også budt på en række interessante begivenheder, som har krævet fokus. Jeg for min del har naturligvis udelukkende koncentreret mig om Corporate Governance, Risk Management og Compliance (GRC) aktiviteter inspireret af Præsident Obamas stabschef, Rahm Emanuels ord: Vi bør ikke lade en så alvorlig krise gå til spilde.

Flere virksomheder er i gang med at sikre, de opfylder de nye rapporteringskrav om interne kontroller (§107b årsregnskabsloven). Derudover er udbredelsen af mange elementer af hele Corporate Governance, Risk Management og Compliance området, den sunde konsekvens fra finanskrisen. Virksomhederne fortsætter deres indsats på at have en særlig fokus på GRC. Derfor har vi planlagt en række ’morgenmøder’ for at belyse området i løbet af 2010.

There is something fundamentally wrong with the way Boards go around preparing a Strategy or a plan for the enterprise. Often the senior management team presents a strategic plan and discusses it with the board and getting their approval to fulfill the requirements of the various charters. Probably strategy consultants are involved in preparing the initial paper/draft to make sure that all issues are covered for either the board or managements decision.

Convergence to best practices is no longer enough. The global credit and financial crisis has clearly indicated that a new and revised international Corporate Governance, Risk Management and Compliance (GRC) order has to be implemented by almost all enterprises. In these turbulent times, emotions sometimes run high as survival is suddenly the order of the day, distorting the strategies and perspectives. In that light it is therefore alarming that so few companies have taken a complete overhaul of their GRC practices and instead act as if it is Business as Usual. One of the major reasons for overhaul is that GRC works and functions throughout the enterprise continue to be performed in silos. The GRC integration is often not understood and accepted throughout the enterprise because it is quite complicated.

All over the world, the Board of directors currently face extraordinary challenges.

What boards often lack in their diversity are members with Street Credit (points you get for doing something impressive and bold. One can gain street credit in many ways, including, but not limited to, continuing to acquire freshness, constantly hustling, not selling-out, and of course, by making hit records). Perhaps one way to address this issue is to start each board meeting with an episode of Simpsons. Often it is alarming to observe how boards are enclosed in their glass structures without adequate business contact with the outside world.

Fixing the credit system is a necessary but not sufficient step for a long boom recovery. That the lack of credit caused the recession and that repairing the credit markets will fix the economy has for long been an assumption. However the truly systemic problems are stagnant wages for too many Americans and a legal and regulatory system that favors large established companies over smaller and more creative enterprises.

Once Corporate Governance, Risks and Compliance opportunities are clearly understood, a board can take the lead in developing and announcing an explicit GRC strategy on e.g. climate change as an integrated part of the company's business strategy.

Please allow us to thank you for your fine cooperation in 2009 and wish you a Merry Christmas and a Happy New year.

Chancellor Angela Merkel, President Nicolas Sarkozy and British leader Gordon Brown now support the idea of a tax on financial market transactions. The tax was first proposed by the American Nobel laureate James Tobin in 1971. After the financial crisis and the financing of the global climate agreement, it is once again on the agenda.

In this and future newsletters we will focus on some of the IT Tools that are available on the market. You can continue to use MS Office and manage your compliance activities in an Excel spreadsheet, but use one of the IT Tools as a dats base for security and easy retrieval.

Several International Banks made national and international headlines in 2008/9. Some of the banks were forcibly closed down by the regulators. Analysis shows that each bank owed their downfall to poor oversight by management and overly aggressive pursuit of commercial real estate loans.

The EU believes that if a fight breaks out in a bar, you don't attack the person who started it. You bash the person you don't like instead. Some analysts believe that the European Union's proposed Alternative Investment Fund Managers directive is disparaging.

Here are some interesting statistics regarding whistle blowers.

Various forms of fraud are detected 40 percent of the time by tips. Whistleblower systems are the leading method of detecting fraud. There is however the fear of retaliation by either peer groups, or by supervisors.

The Audit Committee should be involved in setting policies and overseeing the ongoing implementation of the Whistleblower policies. It cannot be farmed out to a third party or delegated to the company. Periodic reports from management of the third party institutions are inadequate.

In this issue we focus on the various aspects of the Whistle Blower introductions. Several European Data Protection Agencies are now ready to consider applications from companies who want to introduce a whistleblower system.

We have compiled a list of several International GRC related organizations standards and practices with their corresponding websites.

EU shocked the accountancy community last month when it decided not to proceed with the fast track procedure to endorse the International Accounting Standards Board’s simplification of measurement of financial assets, IFRS 9. The delay came just as the new rules were introduced in most of the rest of the world outside the US. Brussels’ decision, which followed calls by the Group of 20 nations for clearer rules in response to the financial crisis, revealed a deep split among European financial institutions.

As a sum of all presentations and in general terms, the conference focused on the future oversight and Governance regulations that will take place with regards to Financial and Legal responsibility starting with the responsibilities of corporate board members to the technicalities related to prudent Risk Management. Compliance also means that CEOs and their Boards will become increasingly dependent upon those people who see how the details of compliance fit into the larger business picture and can communicate this intelligibly.

Risk Management has more or less in some form or another always been on the corporate agenda. However the responsibility for risk management no longer lies with the company's treasury function. Risk management is now the responsibility of the board of directors and includes all risk-classes across business units, processes and functions.

Normally Corporate Governance (CG) focuses on practical issues such as independence, special interests, audit trails, corruption, segregation of duties, directors’ remuneration, sustainability, etc. With the award of this year's Nobel Prize in economics given to Elinor Ostrom, and Oliver Williamson, the discipline of CG is strengthened both at the micro-, macro-and transaction level.

IT governance is the process of establishing visible, positive oversight over the management of IT, practices. The components of IT governance set the discipline and determine the resources required to demonstrate that risks are managed and corporate objectives are achieved.

Investors were offered returns of up to 219% a year for funding the purchase of pharmaceutical ingredients to be resold for the production of antiretroviral drugs.

The word TIPS is an acronym To Insure Proper Service. Many overseas employees encounter the issue of bribing someone to get something done. It could be from the installation of a telephone line to getting a letter delivered to the right authority. FCPA and compliance to EU directives and the corresponding laws are such a vital part of chief compliance officers’ jobs these days.

En nylig undersøgelse fra Osterman Research viser, at over 2/3 af samtlige virksomheder har brugt tid i det sidste år med at finde gamle eMails i deres back-up, der skulle bruges som dokumentation i personaleafdelingen eller i en retssag.

Scandinavian Information Audit afholder kurset Bliv fortrolig med records management og ISO 15489-familien den 2-3 december i København.

The financial crisis and economic turmoil has split more or less all business sectors. There is a surprisingly considerable gap between the winners and losers.

Success of the GRC efforts on the other hand, is dependent on the creativity, drive, and productivity of the GRC staff and the IT tools. GRC efforts are magnified in the current environment where we can expect more oversight and regulations. The conference focuses on establishing Good Governance, implement Enterprise Risk Management (instead of silos), implement sustainable Compliance programs.

During the current crisis we have witnessed the fall of several companies of high repute. There are many reasons for their failures. There is however a common factor that determined the success. How well the board of directors dealt with Risk management.

We are looking for a prospective candidates (Key requirement is that the candidate is a practicing Roman Catholic) for a major Bank in East Africa. You are a Professional Banker preferably with 15 years banking experience of which 5 in a senior position, with Micro Finance experience in East Africa, or any developing country.

National Banks in Europe have now set requirements for reserves based on a weighted average of the bank’s assets, using weights that are determined by past default frequencies for different asset classes. The theory is that historical default frequencies often quite accurately reflect reserves going forward. Historical record provides a good indication for distinguishing between cyclical and more permanent components of loan performance.

This article briefly explores what the Governance, Risk and Compliance (GRC) community could be doing to promote a clearer understanding of cybercrime and the effects it is having on our way of life. Cybercrime is the threat which increasingly dares not speak its name and organisations which become its victims often find it difficult to expose their shortcomings, brushing it under the corporate carpet in the misguided hope that it will go away. This response only emboldens the perpetrators and so the wretched cycle continues.

A year ago a complete overhaul of international standards of bank accounting practices and regulatory compliance was high on the agenda when the world’s banking system was on the brink of a complete collapse were bailed out. Politicians and oversight boards vowed to get tough and insisted that revised rules cannot wait until the current recession is over.

EU enforcement of anticorruption laws is intensified. Prosecutions under the U.S. Foreign Corrupt Practices Act (FCPA) have increased dramatically in recent years. Penalties for violations are stepped up as enforcement action thru intergovernmental cooperation is expanding.

Since 2005 we have provided information and hosted conferences, seminars, education and training of the highest standard related to all aspects of EGRC (Enterprise Governance, Risk and Compliance activities on 4 continents.

The aim is to provide companies with effective and qualitative hands on research with focus on areas of GRC "pain" within the businesses. Therefore we design and provide custom tailored practical, relevant and up-to-date GRC workshops and training events that focus on "pain free" solutions that are relevant throughout the organization.

Please read the Kersis thoughts on Governance, Risk, and Compliance.

A former prisoner of the Plymouth County Correctional Facility was found guilty for intentionally damaging the prison’s computer network while he was an inmate.

As we have informed our reader earlier this year, Charlie McCreevy, the European commissioner responsible for auditing, issued a draft deal on cooperation that did include the U.S. Later he announced that he had decided to remove the U.S. from the proposal because he wanted more time to ensure that the country’s audit regulators were willing to cooperate with European authorities on an equal and peer basis.

Obviously not all well governed companies do well in the market place. Nor do the badly governed ones always sink. But even the best performers risk stumbling some day if they lack strong and independent boards of directors.

Corporate governance among the large international business enterprises in India is often considered good. The board of Satyam comprised of a bunch of esteemed business leaders. However Satyam was involved in a billion-dollar fraud.

Like in the western companies, International Indian companies with significant overseas business followed the International Governance, Risk and Compliance (GRC) codex and standard quite eagerly. Website jargon, diagrams and multi page glossy GRC descriptions of strenuous efforts in the annual reports showed that they were all in compliance.

The majority of respondents in this report from the survey by the Health Care Compliance Association & the Society of Corporate Compliance and Ethics indicated that compliance and ethics are not strongly tied to how executives and line employees are compensated. When it comes to bonuses, ethics and compliance plays an even smaller role.

In April 2009 FBI opened more than 200 mortgage-fraud cases and 36 corporate-fraud investigations than in March, a by-product of the recession. FBI officials expect the number of cases to grow exponentially There’s pretty good evidence that white-collar crime, primarily embezzlement, increases during a recession.

2009 will be A Year of Change. You are welcome to Share your expertise in The Governance, Risk and Compliance (GRC) Observer.

Many European professionals in the GRC field are drawn to our newsletter as a critical source of GRC and ethics information. We endeavor to provide current views on the corporate regulatory environment, internal controls, and overall conduct of business related to GRC.

We are now open to ‘experts’ to provide informative articles, share their knowledge, and provide professional support. You are also welcome to propose corporate GRC topics you wish to know more about.

Send your articles to the editor.

Now it is time for action. It will be now or never, if we cannot reform the financial sector, financial supervision, when we have a real crisis when will we reform it? I am determined to reform financial supervision in Europe I can only hope the member states will follow us. And today we are making a very important and I believe achievable and realistic, but at the same time ambitious proposals.

With special permission from one of Denmark’s leading Corporate Governance specialists’ Gorrissen, Federspiel and Kierkegaard we provide an analysis on how company’s noted on the Copenhagen OMX stock exchange follow the Corporate Governance recommendation.

Danish companies admitted for trading on NASDAQ OMX Copenhagen A / S shall, in their annual report must provide an explanation on how they relate to the Nørby Committee corporate management's recommendations.

The Recommendations consists of 67 specific recommendations for good corporate governance. The statement in the annual report shall be prepared in accordance with the "comply or explain" principle. We recommend revisiting our previous articles on the European Comply or Explain principles which dwell into the idiosyncrasies that companies either to follow recommendations or explain why the recommendations in whole or in part are not followed.

It is now that management can provide guidance to the organization and employees on behavior and corporate priorities in the event of a disaster that follows a pandemic situation caused by the Swine flu.

Issues such as pandemic planning are also a part of management responsibilities in the Risk Assessment and the Business Continuity Planning process of the enterprise. Depending on the geographical location many companies have already taken action to implement their pandemic plans. Here are a few suggestions for updating the plans Action Plans.

A number of regulatory and accounting issues related to Governance, Risk and Compliance (GRC) have emerged in the wake of the current global financial turmoil. An important question is particularly related to the problems concerning the soaring price of crude oil as in 2008 and the lack of risk management of accounting and balance sheet items in banks and other financial institutions.

On March 19, 2009, the International Accounting Standards Board (IASB) and the US Financial Accounting Standards Board (FASB) published their preliminary views on lease accounting in a joint discussion paper. The discussion paper, Leases: Preliminary Views is issued in response to concerns raised by investors and other users of financial statements regarding the treatment of lease contracts under International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (US GAAP).

The quality and quantity of overall capital in the global banking system should be increased, resulting in minimum regulatory requirements significantly above existing Basel rules. The transition to future rules should be carefully phased given the importance of maintaining bank lending in the current macroeconomic climate. is one of the recommendations in the Turner Review.

At a recent power lunch arranged by the British Chamber of Commerce at the SAS Royal Hotel, CEO Lars Rohde of ATP summarized the current crisis under the heading, "Greed, Governance and Greenspan. Earlier this week Microsoft Denmark held a CFO conference with focus on Risk Management.

The goal of any organization’s ethics and compliance program is to develop an effective program for the detection of potential misconduct. Each investigation must be tailored to the issue presented, after consulting with internal or external counsel, this basic framework should help the compliance professional in conducting an investigation.

The de Larosière group’s proposal on creating a financial market supervision and regulation oversight board, probably represents an essential step forward towards creating a European oversight board from scratch. Furthermore it is also a test of the commission’s ability, courage and conviction in this respect. The challenge to agree and implement the proposals, and to do so in the timeline proposed by de Larosière.

Bonuses especially in the financial services industry have caught a great deal of attention in the current post bailout economy. Entertainment or gift giving has not created any headlines on lavish expenses, probably because managers and employees have learnt that it’s advisable to have restrained behavior as the lavishness is often prone to ‘jealousy’.

Compliance departments often wrestle with two challenges: they face enormous pressure to reduce costs, while simultaneously facing the need to comply with the regulatory requirements to combat money laundering.

The European Commission proposed a draft law this week (18/2009) that would make it mandatory for hedge funds to register and disclose information on leverage to supervisors if they want to operate in the EU. EU countries are divided on this issue. Britain, the European Union's hedge fund capital, fears overly stringent regulation, while France is a keen backer of tighter regulation. Denmark’s ex Prime Minister Poul Nyrup Rasmussen is one of the eminences behind the demand for more regulation for Hedge Funds.

In this volatile global economy, there is great need for risk professionals to come together and discuss the latest, ever changing industry challenges. Featuring the risk profession’s top thought leaders and risk practitioners, our European Risk Congress is designed to give insight into how others are approaching many of the same issues that risk professionals are grappling with every day.

As a Eurosox newsletter subscriber, you’re eligible for the exclusive offer of £249 for the 2-Day Congress & £149 for Workshops.

GARP is the Global Association of Risk Professionals.

Governance, Risk Management, Internal Control, and Compliance (GRC) activities are often enabled by a patchwork of manual processes and virtual paperwork in the form of uncontrolled documents and spreadsheets. GRC is the way to start addressing current and upcoming issues.

Success of the GRC efforts on the other hand, is dependent on the creativity, drive, and productivity of the GRC staff and the IT tools. GRC efforts are magnified in the current environment where we can expect more oversight and regulations. The conference focuses on establishing Good Governance, implement Enterprise Risk Management (instead of silos), implement sustainable Compliance programs.

Read five reasons why you must attend - and reserve your place at the Copenhagen Compliance Conference without delay.

A response to the Current Financial Market Turmoil could be rigorous focus in implementing the 4th, 7th and the 8th EU directives to the letter could provide the answers to stabilize the financial reporting system.

Stakeholders need to be reassured that the fundamental issues that led to the current turmoil are being addressed to. EU directives could provide some answers.

In Scandinavia like in several other countries, many senior managers were released of their responsibilities in 2008. Patience is currently not a virtue in the board rooms. The leash given to the President and/or CEO by the stakeholders will probably be much shorter in 2009.

Within the first two quarters of 2009 the President together with other board members will clarify the future role and responsibilities of the CEO/CFO.

EU has opted for 'comply-or-explain' as standard, probably because it simply follows the trail from the English Cadbury Report. The knowledgeable EU Commissioner Charlie McCreevy is familiar with the English combined code of corporate governance, from his time as Irish accountant, minister and politician.

With special permission from Colleen Cunningham, managing director of the New York tristate area for Resources Global Professionals, we are pleased to provide you with an interesting article.

The recent collapse of a number of major financial institutions globally has demonstrated that despite being the most regulated sector in every territory, despite the level of oversight and financial reserving or asset set aside required, despite the complexities of risk management supposedly inherent in the business models and engrained in the DNA of financial institutions, something went massively wrong.

Considerable attention must be geared in resolving the current crisis. Given the current market conditions, the scope of work to be undertaken indicates the changes in various regulation now being considered.

The European Commission has suspended plans that would improve the regulation of audit firms, citing a lack of cooperation from the U.S. as the primary reason.

Charlie McCreevy, the commissioner for the internal market and services, circulated a draft decision in January 2009 that would let Europe’s national audit regulators cooperate with their counterparts in the U.S., Japan, and Canada.

But now the plan is on hold. The reason is that before making a decision The European Commission needs time to ensure that the United States, in particular, is ready to cooperate fully, based upon mutual trust and mutual assistance.

By Jesper Jarlbæk

Just as we thought the accounting profession might finally be sheltered from “knock out” financial scandals by the European Commission's proposals for limited liability, the US court decisions to allow the coordinating entities to be sued together with their member firms and the anger from shareholders that the ongoing financial crisis has created, appear to constitute the prelude to a battle of life and death of the public accounting industry's major players.

International accounting rules and standards are complex. Probably an extensive overhaul is past overdue. However the company’s GRC response to the complexity should be to encourage clarification and not concealment.

From 2009 European Stock-listed companies has to set up an Audit Committee, consistent with international conclusions, EU directives and e.g. SOX rules. The purpose of the committee is to

• review and evaluate the company’s reporting procedures
• review and evaluate business procedures
• handle internal controls in relation to financial reporting
• assess reports from the external auditors
• oversee accurate financial reporting and disclosure
• ...

It was a “Christmas calendar” for adults with every Hollywood ingredient imaginable – fraud, violence, drugs, a mistress, secret homes, fast cars, luxury yachts, missing files, shady business associates and so on. The entire Danish press had a field day.

In the UK, a ‘Comply or explain’ regime has been in place for over a decade. The "comply-or-explain" approach calls for companies to disclose the extent of compliance with corporate governance codes or explain deviations from them. In the US where a ‘rule-based’ approach is customary, it’s rather a ‘Comply or Die’ approach.

To adhere to the EU directives and the Governance, Risk and compliance (GRC) mandates and frameworks, European IT companies (and European branches of foreign companies) are going to drive demands for tools, services and systems which help them to comply with these binding and legal GRC regulations.

The EU needs common rules to facilitate 'whistleblower codex' & avoid corporate confusion, in order to protect employees of publicly traded companies who provide evidence of fraud.

US multinationals find that SOX section 806 (PROTECTION FOR EMPLOYEES OF PUBLICLY TRADED COMPANIES WHO PROVIDE EVIDENCE OF FRAUD) is in conflict in Europe.

Meet the Creator of the premier performance management system: Tools for clarifying corporate vision and aligning people, business units and resources with a unified business strategy. Author of seven books, including forthcoming The Execution Premium. One of the most valuable speakers on business strategy and leadership today.

It is once again a time of the year when it’s time to let the old dogs out and some new ones in. The first weeks of each New Year marks the changing of the sled team for those who follow the Governance, Risk and Compliance (GRC) Dogs while others adjust the GRC mix to meet new challenges.

E-mail has now become one of the most important media for business communications. Customer Correspondence, contracting descriptions, contracts and land prices only in employees' e-mail inboxes.

In this newsletter we review in more detail the issues, legal requirements and functional demands you should be setting to your corporate archive in the unstructured and distributed world of electronic communication.

The majority of a company’s business-critical data is stored in email—data that impacts revenue, business decisions, corporate reputations and end-user productivity. With all of this at stake, it’s not surprising that email is subject to a growing range of legal, regulatory compliance, and business requirements. It’s also not surprising that email can cause serious storage issues for businesses.

In recent years, the archiving of email messages has become a business requirement driven by numerous federal and state regulations including Sarbanes-Oxley , SEC 17a 3-4, HIPAA, and NASD rules. With more than 10,000 regulations on data and record retention currently in force, very few businesses are exempt from some form of regulatory scrutiny.

Regulatory compliance, legal discovery and storage management issues are driving more organizations to consider email archiving. Here’s what you should know when making decisions about your organization’s use of email archiving technology.

Nearly every IT department has struggled with the issue of storage management for messaging servers. The pressure to increase storage limits continues to grow as the amount of email sent each day—as well as the size of messages and attachments—increases. This ever-increasing storage demand is driven in part by faster connection speeds, and partly by the fact that email’s role as a primary channel for corporate communication continues to expand. This growth is not expected to slow down in the near future; in fact, Radicati Research estimates that corporate email traffic will almost double between 2005 and 2009, going from 64.9 to 120 billion messages a day.

With special permission from The Economist Intelligence Unit, we provide you with The editor Ben Jones’ latest thoughts on what lies ahead for the world economy.

The US Investor Protection (SOX) Act, and several other GRC mandates are currently in force. They couldn't prevent this collapse of investor trust in most of the companies and financial institutions. Through enhanced disclosure requirements and the painstaking risk and controls efforts to achieve SOX and Basel certification were apparently insufficient. What do the politicians now have in store for listed and other companies in the form of additional GRC mandates is the billion dollar question.

Technological innovations and international collaboration drives today’s business environment to adapt to these changes at a high pace. Hence, entire industries, their prevailing business models and their players compete on flexibility and speed to implement these strategic changes from business cultural down to the process level. Today’s organisations are in a constant mode of adaption and reengineering. One fundamental concept that integrates the different organisational layers and synchronises the change among them is the widely known method Service Oriented Architecture (SOA).

Incidents occur daily that threaten to impact the smooth running of any organisation. Regardless of their cause or severity, management often has no warning and little direct control over them. Yet their significance to the organization can be managed, if people have anticipated and prepared for them appropriately. A senior executive has a responsibility to reduce the likelihood of such incidents and to minimize the impact should they occur. This duty of care is to all stakeholders; staff, shareholders, customers, suppliers and the community.

Business Continuity provides a method in which that duty of care and corporate social responsibility can be addressed and delivered in a practical and effective manner.

There are only 4 weeks for The Copenhagen Compliance Conference 2008. There is much excitement and buzz surrounding the current Credit and Financial crisis. Governance, Risk and Compliance mandates and issues, the EU directives that together form the platform of ‘EuroSox’ and the entire field of IT issues. All of these subjects will be the focus of the conference. Therefore we are gearing up for an incredibly thought provoking and successful conference.

We are happy to announce that subscribers to The EuroSox Newsletter are entitled to receive a 20 % discount if you wish to register at the Controller 2008 conference. If you wish to participate in both Controller 2008 and Copenhagen Compliance Conference on the 24th November 2008 you are entitled to receive a thumping 50% discount for both conferences. Please send us an e-mail to receive the participation code. Thanks.

The annual Conference ”Controlleren 2008” is an event dedicated to Controllers and other professionals in the finance department. The conference agenda is a mix of academics covering the latest theories and hands-on experience from some of the leading companies in Denmark. This year’s topics include: EuroSox, Risk Management, Activity Based Costing, Balanced Scorecard and new budgeting techniques.

Incidents occur daily that threaten to impact the smooth running of any organisation. Regardless of their cause or severity, management often has no warning and little direct control over them. Yet their significance to the organization can be managed, if people have anticipated and prepared for them appropriately. A senior executive has a responsibility to reduce the likelihood of such incidents and to minimize the impact should they occur. This duty of care is to all stakeholders; staff, shareholders, customers, suppliers and the community.

Business Continuity provides a method in which that duty of care and corporate social responsibility can be addressed and delivered in a practical and effective manner.

According to a new report released by the Association of Certified Fraud Examiners (ACFE), U.S. organizations lose an estimated seven percent of their annual revenues to fraud - but the damage is the worst among small businesses. Among the fraud cases detailed for the survey, the median loss suffered by organizations with fewer than 100 employees was $200,000, higher than the median loss for any other category.

It is time to stop lecturing the patient; it is time to start applying the cure. By popular demand we provide one of the presentations from the last Copenhagen Compliance Conference: The Root Causes of the Financial Liquidly Crisis: How to Head-off Future Catastrophic Risk Failures to understand some of the issues related to the crisis and Mr. Anthony Tarantino’s recommendations on ‘How to Prevent the Next Catastrophic Failure in Financial Risk Management’.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting Governance, Risk and Compliance disciplines like confidentiality, integrity, availability of information etc. of data regardless of the form the data may take.

Control is a business issue, not a specialist issue to be outsourced to finance staff or risk managers. Corporations have to treat Governance, Risk and Compliance (GRC) mandates not as an economic dilemma, but as a trade off between cost and benefits. This article reflects on the GRC developments in order to help better understand cost and benefit decisions in this area.

The IDCs Information Management conference in Copenhagen, on September 30th 2008 will provide you will get the latest trends and IM solutions. The program is composed in order for you to gain knowledge on how to improve use of structured and unstructured data on a strategic level in order to improve your business. Best practice cases from FL Schmidt and BookHuis is on the agenda, outlining their experiences on governance and strategic use of IM.

With special permission from Colleen Cunningham who was a member of the advisory committees to both IASB and FASB from 2003 through 2007 we provide you with a Compliance Week report on the IFRS adoption.

Technological innovations and international collaboration drives today’s business environment to adapt to these changes at a high pace. Hence, entire industries, their prevailing business models and their players compete on flexibility and speed to implement these strategic changes from business cultural down to the process level. Today’s organisations are in a constant mode of adaption and reengineering. One fundamental concept that integrates the different organisational layers and synchronises the change among them is the widely known method Service Oriented Architecture (SOA).

In collaboration with Dr Anthony Tarantino we have compiled a list of international regulations, mandates, and frameworks.

There are only 4 weeks for The Executive Briefing on EU directives and Copenhagen IT Compliance Conference 2008. There is much excitement and buzz surrounding the EU directives that together form the platform of ‘EuroSox’ Governance, Risk and Compliance issues, not forgetting the entire field of IT issues. Therefore we are gearing up for an incredibly thought provoking and successful conference.

Please make sure you register your place by Monday 7th April 2008 to receive a complimentary book on the subject of Governance, Risk and Compliance.

Note: As a subscriber to the EuroSox Newsletter, you are also entitled to receive a 30% discount on a wide selection of books from Wiley.

There are only 8 weeks for The Executive Briefing on EU directives and Copenhagen IT Compliance Conference 2008. There is much excitement and buzz surrounding the EU directives that together form the platform of ‘EuroSox’ Governance, Risk and Compliance issues, not forgetting the entire field of IT issues. Therefore we are gearing up for an incredibly thought provoking and successful conference.

Please make sure you register your place by Monday 10th march 2008 to receive a complimentary book on the subject of Governance, Risk and Compliance.

EuroSox is the EU’s equivalent of the US Sarbanes-Oxley Act, presents a heavy compliance burden. However the European Union’s corporate governance directives are in danger of being lost in translation, given the 25 different language versions into which they must be translated for member state implementation.

Typically The Delaware Chancery Court of USA, is quite business-friendly; however recent verdicts indicate that corporate governance games and board/management relations will not be tolerated.

Regulation is not amongst the top 10 concerns of CFOs. Worries about consumer spending are weighing on finance chiefs.

As anticipated, the SEC approved Auditing Standard No. 5 (AS5), intended to make Sarbanes-Oxley Section 404 audits more efficient, risk-based, and scalable to company size and complexity.

Our evaluation of the humiliating Société Générale (SocGen) finance scandal reveals the lapse of several Internal Controls. In the forthcoming article we focus on the following

• IT-Security (e.g. sluggish use of passwords)
• Backlogs and delays in settling trades
• Systems and procedures were not ‘at par’ to monitor growing volumes
• Lack of segregation of duties and probably lack of automated controls

We have so much on our GRC plate for this and the next newsletter that we will differ the 'review and study of Section 404 costs and benefits' until a future date. If you are very interested to judge whether your improvements internal controls are worth the bother, send us an email.

Copenhagen Compliance Conference den 22. november var en succes. Grevinde Alexandra åbnede konferencen, som havde en perlerække af internationale foredragsholdere, bl. a Jens Røder fra PwC og formand for Statsautoriserede Revisorer, prof. Steen Thomsen fra CBS og Dr. Anthony Tarantino fra IBM i USA. Jens Hald Madsen var konferencens ordstyrer. Se programmet her.

Besides our suggested calendar of events for 2008, we put forward 4 suggestions on the board’s focus on performance related to governance, risk issues, compliance and audit committees.

As we mentioned in our last newsletter we present The Board of Directors (BoD) Decision Planning Guide. Focus is laid on the Decisions Delegated to the Board of Directors and managements responsibilities. Some of the key areas covered in the guide are Annual business plan, Officer hiring and compensation plans, Stock options, Capital structure and liabilities, Dividends, Risk management, Insurance Policies, Acquisitions, divestitures, and capital expenditures, Litigation settlements, Fines and penalties, Restructuring issues, Tax settlements, Contingent liabilities and more.

Governance, Risks and Compliance activities are abundant. Avoid surprises and forgotten issues and plan the year ahead for GRC issues. Review the Board of Directors annual calendar with monthly tasks for The Board, Audit Committee, Corporate Governance Committee and Compensation Committee.

The world renowned expert in corporate governance and compliance, Dr. Anthony Tarantino will talk at the Copenhagen Compliance Conference in Copenhagen November 22nd, 2007.

He will talk about Compliance in the Public Sector and Federal Agencies of Europe. Later in the afternoon he will give the talk Risk Implications in International Compliance, Governance, and EuroSox.

For many companies Compliance will be considered as ’An Inconvenient Truth’ – similar to what global warming is for the international society.

To find out the particulars of ’The Convenient Truth’ on Governance, Risks and Compliance we suggest that you attend the upcoming Copenhagen Compliance Conference. For details click here.

Denne bog supplerer ovennævnte med et stort udvalg af formularer. Bøgerne er ikke just billige, men de vil være tjent ind i løbet af godt en (konsulent)times tid.

For revisorer, konsulenter og andre, som står overfor at skulle opfylde Sarbanes-Oxley loven, specielt Section 404 om interne kontroller, er denne bog uhyre relevant, konkret og tæt, men velskrevet.

Hvis bogens målgruppe virkelig er ignoranter, er projektet mislykkedes. Bogens forfatter, Jill Gilbert Welytok, er uddannet både jurist og CPA, men bogen er bestemt ikke skrevet for Dummies.

Hvis du vil vide mere om implementering af automatiserede, interne kontroller i en service-orienteret arkitektur, så start med den nye bog The Joy of SOX med den vidunderlige undertitel Why Sarbanes-Oxley and Service-Oriented Architecture May Be the Best Thing That Ever Happened to You.

SOX er efterhånden blevet til International Best Practice, fordi flere og flere lande i verden vælger at lovgive om compliance regler for finansielle rapportering efter amerikanske standarder. Først kom Investor Protection Act i USA, populært kaldet SOX. Siden har de store investor lande gennemført tilsvarende lovgivning. JSOX in Japan, 8. direktiv i EU, Bill 198 i Canada m.fl.

Flere internationale undersøgelser har påvist store problemer med anvendelse af regneark i forhold til compliance. I denne korte artikel gives nogle få tips til hvordan nogle af disse problemer kan overvindes.

EU's ottende direktiv, som ministerrådet godkendte i maj 2006, har i lighed med Sarbanes-Oxley loven, til formål at styrke troværdigheden af virksomhedernes regnskaber, så investorer atter kan have tillid til tallene efter regnskabsfusk i europæiske virksomheder Parmalat og Ahold.

EU’s omstilling til den nye internationale regnskabsstandard (IFRS) giver de danske og europæiske virksomheder problemer. Resultatet er at arbejdet med at tilpasse og udvikle IT-systemerne er påbegyndt på et sent tidspunkt. Det gælder såvel for tilpasning af det den teknologiske infrastruktur som inden for finansielle regnskabsstandarder.

ISACA holds a conference covering IT Governance, Security and Assurance April 22-23. The conference is Scandinavian with highly respected speakers from Denmark, Norway and Sweden. The conference consist of three tracks covering IT Governance, IT Security and IT Assurance each with three speakers from each country. Furthermore there will be four international key note speakers, including Professor Steen Thomsen from Copenhagen Business School.