http://queue.acm.org/listing.cfm?item_topic=Compliance&qc_type=topics_list&filter=Compliance&page_title=Compliance&order=desc http://queue.acm.org/detail.cfm?id=1687192 My mother took language, both written and spoken, very seriously. The last thing I wanted to hear upon showing her an essay I was writing for school was, "Bring me the red pen." In those days I did not have a computer; all my assignments were written longhand or on a typewriter, so the red pen meant a total rewrite. She was a tough editor, but it was impossible to question the quality of her work or the passion that she brought to the writing process. All of the things Strunk and White have taught others throughout the years my mother taught me, on her own, with the benefit of only a high school education and a voracious appetite for reading. Compliance Wed, 30 Dec 2009 14:18:47 GMT George Neville-Neil 1687192 http://queue.acm.org/detail.cfm?id=1160449 <h3>Compliance Deconstructed </h3> <h4>When you break it down, compliance is largely about ensuring that business processes are executed as expected.</h4> <h4>JC CANNON AND MARILEE BYERS, MICROSOFT</h4> <p> The topic of compliance becomes increasingly complex each year. Dozens of regulatory requirements can affect a company&rsquo;s business processes. Moreover, these requirements are often vague and confusing. When those in charge of compliance are asked if their business processes are in compliance, it is understandably difficult for them to respond succinctly and with confidence. This article looks at how companies can deconstruct compliance, dealing with it in a systematic fashion and applying technology to automate compliance-related business processes. It also looks specifically at how Microsoft approaches compliance to SOX (Sarbanes-Oxley Act of 2002). </p> <h4>Compliance Drivers</h4> <p> Regulatory legislation and corporate governance are primarily what drives compliance. Failure to comply with legislation such as Sarbanes-Oxley can lead to fines and disruption of day-to-day business. Even companies that are not concerned with regulatory legislation need to protect important corporate resources such as customer data and trade secrets.</p> Compliance Fri, 15 Sep 2006 08:48:42 GMT J. C. Cannon, Marilee Byers 1160449 http://queue.acm.org/detail.cfm?id=1160448 <h3>Box Their SOXes Off </h3> <h4>Being proactive with SAS 70 Type II audits helps both parties in a vendor relationship.</h4> <h4>JOHN BOSTICK, dbaDIRECT&nbsp;</h4> <p>Data is a precious resource for any large organization. The larger the organization, the more likely it will rely to some degree on third-party vendors and partners to help it manage and monitor its mission-critical data. In the wake of new regulations for public companies, such as Section 404 of SOX (Sarbanes-Oxley Act of 2002), the folks who run IT departments for Fortune 1000 companies have an ever-increasing need to know that when it comes to the 24/7/365 monitoring of their critical data transactions, they have business partners with well-planned and well-documented procedures. </p><p> In response to a growing need to validate third-party controls and procedures, some companies are insisting that certain vendors undergo SAS (Statement on Auditing Standards) 70 Type II audits. These audits refer to an AICPA (American Institute of Certified Public Accountants) standard that sets forth the practice for evaluating the performance of outside service organizations. (A Type I audit describes the business&rsquo;s controls, noting if they are suitably designed and in place; a Type II audit tests those controls and reports if they are working adequately.)</p> Compliance Fri, 15 Sep 2006 08:48:41 GMT John Bostick 1160448 http://queue.acm.org/detail.cfm?id=1160446 <h3>Complying with compliance </h3> <h4>Blowing it off is not an option.</h4> <h4> ERIC ALLMAN, SENDMAIL</h4> <p>&ldquo;Hey, compliance is boring. Really, really boring. And besides, I work neither in the financial industry nor in health care. Why should I care about SOX and HIPAA?&rdquo;</p> <p> Yep, you&rsquo;re absolutely right. You write payroll applications, or operating systems, or user interfaces, or (heaven forbid) e-mail servers. Why should you worry about compliance issues?</p> Compliance Fri, 15 Sep 2006 08:48:39 GMT Eric Allman 1160446 http://queue.acm.org/detail.cfm?id=1160447 <h3>A Requirements Primer </h3> <h4>GEORGE W. BEELER, JR., BEELER CONSULTING and DANA GARDNER, INTERARBOR SOLUTIONS </h4> <p>Many software engineers and architects are exposed to compliance through the growing number of rules, regulations, and standards with which their employers must comply. Some of these requirements, such as HIPAA (Health Insurance Portabililty and Accountability Act), focus primarily on one industry, whereas others, such as SOX (Sarbanes-Oxley Act), span many industries. Some apply to only one country, while others cross national boundaries. To help navigate this often confusing world, <em>Queue</em> has assembled a short primer that provides background on four of the most important compliance challenges that organizations face today.</p> <h4>SARBANES-OXLEY (SOX)</h4> <p>The Sarbanes-Oxley Act of 2002 can be tidily summed up as trying to answer the not-so-simple question, &ldquo;Says who?&rdquo; when it comes to proper corporate financial reports. Because of a spate of major corporate and accounting scandals at the turn of the century&mdash;perhaps best punctuated by the collapse of Enron and Arthur Andersen&mdash;Sarbanes-Oxley, or SOX, was designed to shore up public and investor confidence in financial reporting.</p> Compliance Fri, 15 Sep 2006 08:48:39 GMT George W. Beeler, Dana Gardner 1160447