|
IT E-News
In This Issue:
IT Risk Management Out of Sync With Overall Plans
Computer Flaws Pin-Pointed within IRS
SEC Offers New Tool for Investors Through XBRL
With BPO Comes Increased Data Risk
Planted Malware Software at Hannaford Cause of ID Theft Scare
Member News & Reminders
New IT Section and CITP Members for March
Reader Feedback
In the News
IT Risk Management Out of Sync With Overall Plans
According to an Ernst & Young survey issued in December 2007, nearly 60 percent of respondents believe their IT risk management (ITRM) programs aren't necessarily lined up with their company’s overall risk management plan. However, 80 percent of respondents anticipate they will increase ITRM spending in the next 12 to 18 months.
"You should align all your risk management plans before investing further in any one area," says Keith Matcham, an EY partner. "By integrating your plans, you reduce redundancies, eliminate duplication, drive down costs and make strategic decisions."
The survey found that almost 41 percent of respondents indicate they do not have effective coordination of risk and compliance activities, and more than 40 percent do not feel their organization is effective in risk reporting and disclosure, risk and issues management, and trend analysis. In addition, more than 33 percent believe their risk management programs have no common control library and no common risk language across the organization (or are unsure if one exists).
Back to top
Computer Flaws Pin-Pointed within IRS
One week before the filing deadline, Treasury watchdogs reported that poor controls over IRS computers could have allowed a disgruntled employee, agency contractor or outside hacker to steal taxpayers' confidential information.
According to an article on CBS News.com that quoted the Office of the Treasury Inspector General for Tax Administration, a hacker might even "gain full control of the IRS network.”
While investigators did not cite any specific cases of wrongdoing within the IRS, which processes some 137 million tax returns, they did suggest that a lack of review means someone could get sensitive information and no one would ever have known.
Back to top
SEC Offers New Tool for Investors Through XBRL
Using XBRL, the SEC is offering investors a new interactive tool for comparing the costs, risks, investment strategies and past performance of mutual funds.
According to an article at WebCPA.com, the new Mutual Fund Reader tool is available on the SEC's XBRL site. It leverages recent SEC rules that allow mutual funds to voluntarily report information using interactive data in XBRL format.
"The Mutual Fund Reader is an important, time-saving step to help investors compare various mutual funds at the click of a mouse," says SEC Chairman Christopher Cox in a statement. "It will help ordinary investors use mutual fund information quickly to make the best decisions in investing for retirement, college education, health care and other financial needs."
Back to top
With BPO Comes Increased Data Risk
Business Process Outsourcing (BPO) is a common practice these days – and it comes in many different forms, all of which are designed to provide cost savings.
However, the benefits associated with reduced cost, improved efficiency and the increased expertise of outsourcing, may be offset by having to provide outsourcers with access to sensitive corporate data assets or an increased risk to data.
Data risks are an inherent problem for companies that outsource. Whether they take the form of compliance issues, legal liability, brand risk or customer concern, companies choosing to use BPO must handle the security challenges whenever processes are moved outside of the company.
Read the full story in SC Magazine.
Back to top
Planted Malware Software at Hannaford Cause of ID Theft Scare
Hannaford Bros, a Northeast, U.S.-based grocery chain, recently disclosed that the intruders who stole up to 4.2 million credit and debit card numbers from the grocer's systems did so by planting malware programs on servers at each of its stores in New England, New York and Florida.
According to a report on ComputerWorld.com, the malicious software was used to intercept the payment card data as the information was being transmitted from Hannaford's point-of-sale systems to authorize transactions. The malware then forwarded the stolen card numbers as well as their expiration dates to an overseas destination.
Based on the information available so far, the initial intrusion into Hannaford's systems could have happened in several ways. One likely scenario is that the attackers took advantage of an undetected remotely exploitable vulnerability in one of the company's servers to gain a foothold on its network and then planted the malicious code on all of the store servers.
Back to top
Member News & Reminders
CITP Networking Week for the month of May
Session Location and Dates:
• FL: May 15th from 4:30 pm - 6:00 pm in Tampa, FL (post FICPA Tech conference)
• VA: May 19th from 7:30 am - 9:30 am in Vienna, VA (TWM Associates, Inc. office – near Dunn Loring metro station)
• NC: May 19th from 11:00 am - 1:00 pm in Durham, NC (AICPA office)
• IN: May 19th from 10:00am ` 12:00pm in Indianapolis, IN (at Indiana CPA Society office)
• MO: May 19th from 11:00 am - 1:00 pm in Kansas City, MO (at the Kansas City Life Insurance facility)
• TX: May 20th from 4:00 pm - 5:30 pm in Dallas, TX (at Bent Tree Country Club)
• NJ: May 22nd from 12:00 pm - 1:00 pm in Secaucus, NJ (at NJ Accounting Business and Technology Show)
Back to top
New IT Section and CITP Members for March
24 New CITPs in March
Welcome: Scott Abrams, Bryant Armstrong, Michael Borrows, Raymond Busch, Michael Byrd, Jeffrey Geisler, Valerie Giardini, Diana Heeren, Donna Hildebrand, Brian Jackson, Jeffery Lawhorn, F.L. Lindberg, Sandra Machen, Fannie Malone, Gregory McLain, Philip Metheny, Michael Nolan, JoAnn Paluch, James Pasquarette, Hersch Patel, Eric Primuth, Walter Stockton, Amy Sub, and Kurt Teshima
Back to top
18 New ITMS in March
Welcome: Cassandra Adams, Kristina Connor, Scott Croft, Durward Ferland, Peter Fortin, Paul Halterman, Christy Handzo, Tyler Hansen. Shawn Jackson, John Krystowski, Carlos Lee, Mark Linne, Benjamin Lozano, Ronnie Mathis, Gregory Nerogic, Kevin Paschall, John Robichaud, and Al Simmons.
Back to top
Reader Feedback
If you are aware of any new and interesting IT resources or you have any feedback, we would love to hear from you, E-mail us at infotech@aicpa.org.
Back to top
|