Information security analytics

Problems found in 2004 remained through 2005, but no regulatory compliance issues were uncovered Most of the internal control weaknesses that the Government Accountability Office cited the SEC for in 2004 persisted through 2005. Inaccurate data and material internal control weaknesses concerning financial statements, disgorgements, penalties, and data security were among the problems cited. Internal processes were largely manual. However, there were no instances of noncompliance with laws and regulations.

Police, security experts and lawyers are warning IT departments to be on their guard against corporate data theft as companies wind down their operations over the Christmas holidays. Law firm Mishcon de Reya said data theft was the fastest growing area of corporate fraud and featured in one in every three fraud cases investigated by the firm. The Metropolitan Police's Computer Crime Unit said that although hacking and virus attacks tend to slow down over Christmas, businesses were at greater risk from internal attacks on company data.

In North American, senior managers were behind nearly a quarter of the cases Despite or because of the global spread of corporate governance codes, reports of financial fraud rose 22 percentage points in the last two years, reported Pricewaterhouse Coopers. The audit firm polled corporate officers in 34 countries, and found that 45 percent reported fraud detections, up from 37 percent in 2003. The average incident cost $1.7 million. But internal audits found the fraud only 26 percent of the time. Chance accounted for more than a third of the detections.

Today's corporate environment is clouded by widespread suspicion and mistrust. The high-profile failures of Enron, WorldCom and Global Crossing, followed by the revelations of improper financial reporting in complicity with outside auditors led Congress to enact the Sarbanes-Oxley Act (SOX) in 2002. In hopes of restoring investor's faith in corporate America, SOX established significant changes in both management's reporting responsibilities and the scope and nature of the auditor's responsibilities.

The SEC has received an unqualified opinion on its 2005 financial statements. In its audit opinion, the Government Accountability Office (GAO) concludes that the SEC™s financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles. This year, the SEC significantly accelerated its financial reporting in order to issue these financial statements by November 15, the deadline set by the Office of Management and Budget. In its audit opinion, GAO called this a notable achievement.

The British government has known for months that criminals were using stolen identities to make fraudulent online tax credit claims worth millions of pounds, but ministers have not done anything to stop swindlers.

According to a settlement, discount shoe retailer Designer Shoe Warehouse, which discovered in March that information on 1.5 million customers had been stolen, will put in place a comprehensive security program and have its systems audited by independent experts every other year for 20 years. Thus expenses due to data theft increases from $6.5M to $9.5M.

For banks, the cost of Sarbanes-Oxley compliance came from hiring additional staff, and not from investments in technology, according to a study by the Risk Management Institute. The survey showed that two-thirds of banks reported that less than 10 percent of their cost of compliance came from IT. Hiring staff or diverting existing staff accounted for the bulk of their costs. SOX-related costs averaged $422,600 at smaller banks (i.e., with assets less than $15 billion) and $4,553,800 at larger banks.

But they fear the current atmosphere of anti-fraud vigilance might be just be a fad A recent survey of certified fraud examiners found that most of them considered Sarbanes-Oxley to be an effective weapon against fraud, but they worry that corporate executives won't remain focused on the issue.

Most worry about the privacy of their data and fear what employers might do with it Two-thirds of Americans are concerned about the privacy of their personal health data and 52 percent fear that employers might use it to limit job opportunities. Other results of a periodic survey taken by the California HealthCare Foundation were that 67 percent of Americans had some awareness of their rights or recalled getting privacy notifications.