| This week's sponsor is EMC. |  | Case Study: Accounts Payable Automation
Download this case study to learn how a premier global supplier of integrated systems to the motor vehicle industry, used EMC's BRT APx Solution to improve efficiency and reduce overall costs, while receiving the strategic ability to better monitor and manage their overall AP business process and working capital. |
What's New
More XBRL-based applications being used
Social media ramps up as a compliance issue
Time to revamp SEC?
SEC lawyer also a witness in Tourre proceedings Editor's Corner: What to make of McAfee's Shady RAT report? Tip of the Week
eDiscovery solutions vendors selling to IT managers now--a big change Also Noted: IBM
Managing the risks of "gamification"; CFTC makes case for Dodd Frank and much more... News From the Fierce Network:
1. The ultimate irony: Treasuries soar!
2. What to make of Goldman Sachs' stock?
3. Piling on, AIG sues Bank of America over MBS
 | Leveraging Predictive Analytics in the Data Center to Manage Performance & Risk - August 9, 12 pm ET
Complex IT environments are generating massive amounts of performance, metric, and alert data every day. It’s becoming increasingly difficult to sort through this information in a timely manner to take actionable steps to manage risk & minimize outages, improve operational efficiencies, or identify new growth opportunities. View this webcast to learn more. |
| 
What to make of McAfee's Shady RAT report?
On one hand, the much-discussed 14-page report from McAfee on Operation Shady RAT was phenomenally successful. It generated lots of government and corporate angst as just about all publications ran with big scary-sounding headlines.
The relatively staid The Atlantic ran with "How Did We Miss the World's Largest Cyber Attack?"And FOX News ran with this one: "U.S. Cybercops Caught Flat-Footed by Massive Global Cyberattack." The article duly summarized the basics of the report: A big single "state actor" had been perpetrating a coordinated 5-year scheme to steal data from governments, big corporations, small NGOs and others with sophisticated malware. It quoted from the report's author, McAfee's vice president of threat research, Dmitri Alperovitch, "Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators." The media coverage was indeed breathtaking. Some featured quotes from national security agency heads about it all. But how much exactly of this is really new? It's a fair question. Sci-TeToday.com writes: "Security researchers see nothing new in McAfee's cyberattack report. Malware attacks and the theft of intellectual property are known, an analyst said, and the report skips useful details. And the rampant speculation that the cyberattacks are coming from China may be simplistic." Of course, this response may simply be the sniping of rival vendors in the security software industry. The fact is that reports of this nature are marketing and PR pieces as well as research pieces. There's no reason why a white paper can't be both. Indeed, white papers are a time-honored marketing tradition in the technology industry. If you've got a new product, you pretty much have to come out with a white paper. In the case of the security industry, these sorts of reports are designed to generate headlines and position the company as a thought leader . Timing is also key, and the PR and marketing folks were wise to release the report ahead of the Black Hat conference. So perhaps a dose of restraint is needed when interpreting the results. This is not to say that the report's conclusions aren't interesting and important. They are. But we need to balance them against the marketing needs of McAfee. - Jim Read more about: malware, McAfee, Cyber Crime, Security Software
back to top |
|
Today's Top News More XBRL-based applications being used
Now that XBRL-compliant financial reports are a reality for just about all companies, we will be looking for interesting applications built on XBRL-tagged data. So far, we've seen most companies focus more on compliance than the actual benefits that might flow from tagged data. This state of mind may continue as the second phase of compliance--which may be trickier--looms large. At some point, we would hope that more companies realize the power of this data standard. Brokerage firms and mutual funds companies, it would appear to us, are in good position to develop all sorts of new applications that would go over well with their clients. Heck, they may even be able to charge for such applications. A techie with an entrepreneurial mind might come up with some he could market over the Net to lots of people. So far, we haven't been wowed by what we've seen. But in a good sign, more people are thinking along the lines of better applications for internal use. It may be seen as a bit self-serving, but a recent survey by Edgar Online has found that "XBRL data will significantly advance analysis, particularly regarding industry research, performance benchmarking and investment decisions." So far, industry analysis, benchmarking and equity investment decisions are the most popular uses of data: 74 percent use data for industry analysis, 51 percent for benchmarking other companies, 40 percent for analyzing equity investment decisions and 30 percent for evaluating mergers and partnerships. To be sure, there are many companies at which compliance is exactly that-a burden more than anything useful. Hopefully, that will change. For more:
- here's the release Related articles:
XBRL at the finish line: Was it worth the effort?
XBRL to tame corporate actions
XBRL myths exploded Read more about: compliance, XBRL, Brokerage Firms, Edgar Online
back to top |
Social media ramps up as a compliance issue
We've been talking a lot recently about the rise of social media at companies in the context of compliance programs. Many companies are beginning to embrace the idea of social media--both for internal use and for outreach purposes--and in some ways the compliance managers have been scrambling. Vendors are certainly starting to address this. Symantec, for example, recently announced its Enterprise Vault 10, which in addition to new email and content archiving software also features an application that will archive all social media interactions for compliance and eDiscovery purposes. The goal is to allow users to "effectively archive and discover the millions of records employees are creating by email, social media, SharePoint and file systems." It's a daunting task, to be sure. But it's fair to say that the train has left the station in more than a few industries. We would be remiss if we failed to remind people that there is a lot at stake. It's fine to drink the social media Kool-Aid, we're all doing so, but the pressure is on to match the roll-out with a powerful compliance program. The pharmaceutical industry is a good example of why extreme caution is merited in highly regulated industries. BioITworld.com offers an interesting rundown of the issues. "Pharma companies are bound to adhere to the guidelines of the FDA'S Division of Drug Marketing, Advertising, and Communications (DDMAC), which aims to ensure that prescription drug information is truthfully conveyed to the public. While the communication guidelines for print and broadcast media are explicit, the DDMAC has not formalized guidance for communication in the context of interactive digital media. This ambiguity leaves what is deemed appropriate for social media communication open to the DDMAC's discretion-and consequently, many pharma companies are hesitant to broach this new territory." Companies need to grapple with this sooner rather than later. For more:
- here's the article Related articles:
New privacy law regulating apps might emerge
Social media compliance issues increase
Centigage pushes financial social media movement forward
Commentary: social media expertise doesn't exist Read more about: compliance managers, Compliance Programs, Compliance Program, Social Media
back to top |
Time to revamp SEC?
The issue of a radical overhaul of the SEC's structure and even its mission has been a fairly big issue as of late. Recall that Section 967 of Dodd-Frank required that the SEC hire a consultant to look broadly at the organizational and other woes of the agency, which all would agree are severe. The subsequent report by the Boston Consulting Group recommended a wide array of reforms that are now being revived to some degree by an attempt to legislatively impose reform on the SEC. According to Reuters, Rep. Spencer Bachus, chairman of the House Financial Services Committee, plans to introduce a bill that would "consolidate offices and divisions, shore up ethics guidelines for SEC employees, and address conflicts of interest that could arise from the ‘revolving door' of people who go from the commission to often high-earning jobs on Wall Street." Among other things, the SEC Modernization Act would get rid of the agency's Office of Compliance, Inspections and Examinations and merge its staff into the agency's trading and markets and investment management divisions. The office was roundly criticized in 2009 for its failures to detect Bernard Madoff's Ponzi scheme. The proposal would also jettison the Division of Risk, Strategy and Financial Innovation, a new division created in the wake of the financial crisis tasked with staying abreast of systemic risk. For all its woes, no one is calling for the death penalty, that is, an end to system as we know it. Recall the fate of the old INS, which was essentially dealt a death blow as it was legislated into oblivion in 2003. It's duties were parceled out to other agencies. For more:
- here's the article Related articles:
SEC approves, delays registration requirement for funds
Dodd-Frank rules on OTC derivatives to be delayed
SEC hires top economist to critical regulatory post Read more about: Bernard Madoff, Ponzi Scheme, House Financial Services Committee, SEC
back to top |
SEC lawyer also a witness in Tourre proceedings
We've often discussed the problem of the regulatory revolving door, which usually features regulators angling for jobs with the firms they once regulated. It's a huge issue. Now, the New York Times offers an interesting twist on the issue. As the financial crisis really started to hit home, many people in the financial services industry sought jobs as regulators. Althought it was easy to couch this as a desire to help out and "give back" via public service, a lot of people simply needed jobs. Adam Glass was an attorney advising hedge fund honcho John Paulson before he made his way to the SEC as a lawyer helping to write the new rules for derivatives trading. In the SEC's case against Goldman Sachs's Fabrice Tourre, who intends to go to trial against the SEC, Glass has found himself a major witness. And that has lead to some head-scratching. One professor told the Times: "There are a lot of talented people out there you could hire who weren't necessarily part of the problem. If he was involved in Abacus, how is he supposed to police it?" The bigger problem for the SEC is whether this will somehow undermine its case against Tourre. Glass was apparently a major player in the creation of the ABACUS securities that led to a major prosecution of Goldman Sachs and Tourre. The Times notes the words of Franklin D. Roosevelt in justifying Joe Kennedy as chairman of the SEC, something along the lines of "you need to set a thief to catch a thief." The SEC is betting that Glass is sincere in his work as a regulator, though the controversial door might make one more revolution and land him back on the more lucrative side of the game. For more:
- here's the article Related articles:
Fabrice Tourre's fabulous laptop makes waves
Fabrice Tourre, a minor player in larger CDO drama
Read more about: regulators, Financial Services Industry, Goldman Sachs, CDS
back to top |
Tip of the Week eDiscovery solutions vendors selling to IT managers now--a big change
As the eDiscovery imperative took root at many organizations, legal departments took the lead in ensuring compliance. The process has quickly veered into the realm of IT, however, which has required vendors to re-think their sales strategies. EnterpriseStorageForum.com notes: "Legal used to have a stranglehold on budgets and purchasing decisions. But as eDiscovery products around search and collections grew in importance, they increasingly impacted IT. The size of data collections grew, and the cost of culling the results for review was and is prohibitive. Attorneys look to their eDiscovery vendors and to IT for help in collecting more relevant data faster." As of now, the IT staff are not necessarily making the purchase decision. But as the legal staff looks to the IT staff for critical systems, the input from the IT side is critical. Vendors have to take all that into account as they plan their pitches. At many places, IT will consider eDiscovery its natural domain, as it essentially boils down to yet another example of data retention, intelligent storage and retrieval. Hosted solutions have come to the fore of course. But even that will likely entail a discussion between the IT and legal teams. The good news is that e-Discovery vendors tend to be very comfortable in the realm of IT-speak. This trend is good one for most firms. For more:
- here's the article Related articles:
Bloomberg to enter e-discovery market
E-discovery looms as a growth market
E-discovery spending slows a bit Read more about: compliance, lawyers, Data Retention, ediscovery
back to top |
Also Noted
> Good corporate governance good for stocks? Article
> CFTC makes case for Dodd Frank. Article
> OSHA strengthens whistleblower rules. Article
> Managing the risks of gamification. Article
> U.S. to fund cyber security proposals. Article
> Microsoft offers prize money for anti-hacking ideas. Article
> DARPA and the global hacking problem. Article
> Entrants line up for XBRL competition. Article And Finally... iPad credit card reader hacked. Article > Health Market Science Compliance Webinar: CMS 6028 and You - August 9 Join Mike Sharp, former pharmacy director, Indiana Office of Medicaid Policy and Planning, and HMS experts as they outline cost-effective prescriber enrollment options, easy access to current prescriber data and best practices for data integration & operational excellence. Learn more and register here.
| > Whitepaper: IT GRC Turning Operational Risks into Returns Recent financial upheavals have resulted in a wave of increased regulations. As a result, companies across the spectrum must implement an effective IT governance, risk and compliance (GRC) framework. Download this white paper to learn how to turn IT GRC processese into strategic assets. > Whitepaper: Top Six Essentials to Your Risk Management Strategy Expanding regulatory environment and greater business complexities have transformed the way organizations are viewing information security. Download our Whitepaper, to learn how a risk-based, business-aligned and integrated IT Risk Management approach can lead to enhanced security, improved productivity and increased savings. | |
