Compliance
and Controls Interchange Notes
March 25, 2008
Focus: This Interchange focused on managing multiple compliance
issues.
Issues Discussed:
Data Gathering
Alternate Perspectives
SOX Compliance
HIPPA
General Compliance and Data Gathering:
-Compliance is about hard and soft issues.
-Public perception is important for most businesses, as well
as integrity.
-Some banks are asking private company’s to be SOX compliant.
-Chief information officer should back up and support compliance
initiative within organizations.
-Answering the questions of fear, uncertainty, and doubt within
your team will encourage their buy-in with compliance.
-Implement a frequently asked questions’ document so
they have a way of communication.
-Being SOX compliant has a market and financial advantage.
-Work with auditor to determine which reports are mostly needed
to cut down on time and cost of audits.
-Do the standardization over time.
-Show auditors that you are on top of any issues and that compliance
is a priority for the company.
-Identify weaknesses and deficiencies, and group them together
in one document to present to upper management. Prioritize
them as High, Medium, or Low risk.
- Establish projects to address the weaknesses and deficiencies
based on the prioritization.
HIPPA:
-It is the least prescriptive out of any other audit or compliance.
-It demonstrates the human aspect and is more subjective.
-The chief human resources executive plays a major role in
this area.
-HIPPA deals with the protection of data in medical history,
where it is stored, and who has access to the data.
Multiple Compliance Issues:
- Establish an Integrated Compliance Team (ICT) to discuss
and combine reporting and control issues into common solutions
that will satisfy all compliance mandates.
- Include the Internal Auditor on the ICT, if you have one.
Comments/Benefits:
Data Gathering/Excellent points made
Getting owners on board
General Compliance/Learned new info
Complexity of compliance efforts in a large organization/Expands
my perspective
Clarity around HIPAA/Might be usefull in the future
Put audit data on CD’s/This would allow us to be prepared
in advance for audits
HIPPA/Did not realize all the areas it covers
|
