Module I - Exercises
Download
Report
Transcript Module I - Exercises
MODULE III - EXERCISES
Carmen R. Cintrón Ferrer © 2014
Compliance Exercise
2
Choose a regulation from the Personal Data Protection List
Determine dimension of responsibility for:
Board
Officers & Managers
IT Management and Staff
Staff
What would the Standard of Due Care be if there is a:
Breach of security and clients’ data is exposed?
Scenario of industrial espionage?
Major fraud involving securities transactions (SEC)?
Unethical behavior by an Officer/Manager/Staff Employee?
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Compliance Laws and Regulations
Personal Data and Privacy Protection (limited listing)
Electronic Communications Privacy Act
PL 99-508 (1986)
Children's Online Privacy Protection Act
PL 105-277 (1998)
Health Insurance Portability & Accountability Act
Health Information Technology for Economic and Clinical Health (HITECH) Act
PL 104-191 (1996)
PL 111-5 (2009)
Family Education Rights and Privacy Act (Buckley Amm.)
(1974)
Sarbanes Oxley Act
PL 107-204 (2002)
Gramm-Leach Bliley Financial Privacy Act (GLB)
PL 106-102 (1999)
Digital Millennium Copyright Act (DMCA)
PL 105-304 (1998)
Control Assault of Non-Solicited Pornography & Marketing Act
PL 108-187 (2003)
Electronic Signatures in Global & National Commerce Act
PL 106-229 (2000)
Communications Assistance for Law Enforcement Act
PL 103-414 (1994)
Real ID Act
PL 109-13 (2005)
The Lisbon Treaty significantly affects the data
protection framework. It establishes that Personal data
protection is a fundamental human right
http://europa.eu/lisbon.treaty
Federal Information Security Management (FISMA)
Computer Fraud and Abuse Act
Cyber Security Enhancement Act
PL 107-347 (2002)
PL 107-296 (2002)
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and
Obstruct Terrorism Act
PL 107-56 (2001)
Cyber stalking, Cyber Harassment & Cyber Bullying laws
http://www.ncsl.org/default.aspx?tabid=13495
Federal Information Security Management Act
PL 107-347 (2002)
Electronic Freedom of Information Act
PL – 104-231 (1996)
Carmen R. Cintron Ferrer, 2014, Reserved Rights
Compliance Exercise 1(a)
4
Dimension of
Responsibility
Board of Officers
Directors
Managers
IT Management &
Staff
Strict/Direct
Indirect/
Vicarious
Fiduciary
Negligent
actions
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Other Staff
Compliance Exercise 1(b)
5
Expected Standard
of Due Care
Board of
Directors
Officers
Managers IT Management & Other Staff
Staff
Client’s Data
Exposed
Industrial
Espionage
SEC fraud
Unethical behavior
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
SOX Compliance Team Exercise
6
Review the linked references that discuss SOX compliance.
Choose two different frameworks/checklists to review SOX
compliance from those introduced in the references.
Apply each frameworks/checklists to the assigned scenario that
gave way to the approval of SOX.
Hand-in an essay that provides consensus agreement on the
following questions:
Which were the key Governance-Risk Management issues?
What controls were present/lacking that could have prevented those issues?
Would that scenario have occurred if SOX was approved before?
Are there any other major compliance issues involved?
Did ITC Resources or ITC infrastructure play any role in the scenario?
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
SOX Compliance References
7
Computron, Sarbanes-Oxley Compliance: A Checklist for Evaluating
Internal Controls
Correlog, Sarbanes-Oxley (SOX) Compliance Checklist
Deloitte, Taking Control, A Guide to Compliance with Section 404 of
the Sarbanes-Oxley Act of 2002
Ernst & Young, The Sarbanes-Oxley Act at 10, Enhancing the
reliability of financial reporting and audit quality
KPMG, Sarbanes-Oxley Section 404: Summary of key points from
submissions to the SEC
J. StephenMcNally, CPA, The 2013 COSO Framework & SOX
Compliance, One Approach to Effective Transition
Protiviti, Guide to the Sarbanes-Oxley Act: Internal Control
Reporting Requirements, FAQ’s Regarding section 404
SPLUNK, SOX Compliance
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
SOX Compliance Team Exercise
(continued)
Segregate roles among the team group:
For the assigned scenario:
CEO, CFO, CIO & Internal/External Auditor
Provide a summary background of the scenario before foreclosure
and/or SEC intervention
Identify the issues (risk events) and possible controls that prevent or
reduce impact on those issues for the scenario assigned
Determine responsibility level(s) for the Role being assumed
Perform a live team discussion where each member, assuming the
corresponding role, provides insight into the scenario issues. During
the live team discussion consider:
Risk mitigation strategies
Cost/benefit analysis for Risk mitigation
Compliance and Ethical issues
9
Governance Cases - Teamwork Exercise
•
•
•
Enron
Tyco
Adelphia & Peregrine
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Cases in Governance
Enron
10
Lee Ann Obringer - Stuffworks
http://money.howstuffworks.com/cooking-books7.htm
Robert Jon Petersen – Sophia.org
http://www.sophia.org/tutorials/enron-case-study
The Economist - http://www.economist.com/node/940091
The FBI, Crime in the Suites: A look back at the
Enron Case - http://www.fbi.gov/news/stories/2006/december
Leigh Tesfatsion – Iowa State University http://www2.econ.iastate.edu/classes/econ353/tesfatsion/enron.pdf
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Cases in Governance
Tyco International
11
Lee Ann Obringer – Stuffworks http://money.howstuffworks.com/cooking-books10.htm
Tyco Fraud InfoCenter http://www.tycofraudinfocenter.com/information.php
Daniels Fund Ethics Initiative – University of New Mexico
- http://danielsethics.mgt.unm.edu/pdf/Tyco%20Case.pdf
Law Teacher – Unethical issues or legal issues in Tyco
International - http://www.lawteacher.net/companylaw/essays//unethical-issues-or-legal-issues-in-tyco-international-companylaw-essay.php
Study Mode - http://www.studymode.com/essays/Tyco-InternationalCase-Study-1022395.html
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Cases in Governance
Adelphia
12
The Adelphia Case Scandal -
https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=
3&cad=rja&ved=0CDQQFjAC&url=http%3A%2F%2Fwww.aicpa.org%2FI
nterestAreas%2FAccountingEducation%2FResources%2FDownloadableDocu
ments%2Fadelphia.ppt&ei=8i_wUtHdMZG8kQfJuIDYCg&usg=AFQjCNEhp
tLoBmQE4mMGBg0lUoPs6TikXQ
CNN Money – The Adelphia Story -
http://money.cnn.com/magazines/fortune/fortune_archive/2002/08/12/
327011/
C.P. Carter et als. – The Adelphia Fraud – American
Accounting Association, http://aaahq.org/fia/attachments/fianewsletter-v2n3.pdf
Adelphia Communications Case Study
http://www.docstoc.com/docs/23287542/Adelphia-Communications-ACase-Study
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Cases in Governance
Peregrine Systems
13
FBI – Peregrine Systems Indictment –
http://www.fbi.gov/news/pressrel/press-releases/executives-andauditor-of-peregrine-systems-inc.-indicted-on-securities-fraud-charges
http://en.wikipedia.org/wiki/Peregrine_Systems
Carmen R. Cintrón Ferrer, 2014, Reserved Rights
Cases in Governance
WorldCom
14
Lee Ann Obringer – Stuffworks http://money.howstuffworks.com/cooking-books9.htm
Romar et als – Santa Clara University – World Com
Case Study
http://www.prmia.org/sites/default/files/references/WorldCom
_Case_Study_April_2009.pdf
http://www.scu.edu/ethics/dialogue/candc/cases/worldcomupdate.html
Kristin A. Kennedy – An Analysis of Fraud … University of New Hampshire
http://scholars.unh.edu/cgi/viewcontent.cgi?article=1099&context=honors
Carmen R. Cintrón Ferrer, 2014, Reserved Rights