Vericept and Sarbanes Oxley - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Vericept and Sarbanes Oxley

Description:

... Shopping, Trading, Games, Confidential, Extended ... Harassment Free Workplace. Racism. Equal Employment. Vericept Category. Guide to Ethical Conduct ... – PowerPoint PPT presentation

Number of Views:69
Avg rating:3.0/5.0
Slides: 10
Provided by: agran4
Category:

less

Transcript and Presenter's Notes

Title: Vericept and Sarbanes Oxley


1
Vericept and Sarbanes Oxley
2
Sarbanes-Oxley Requirements
  • Antifraud programs and controls
  • Fraud risk assessment (Section 103)
  • Actions to identify, prevent and mitigate
    fraudulent financial reporting or misuse of
    company assets
  • Revenue recognition, pricing discussions
  • CEO and CFO certification
  • Disclosure of controls and procedures (Section
    302)
  • Ensure material information is made known to them
  • Evaluated effectiveness of disclosure controls
    and procedures
  • Disclosed to audit committee and independent
    auditors any significant control deficiencies,
    material weaknesses and actos of fraud involving
    management or other employees

3
Sarbanes-Oxley Requirements
  • Managements Annual Assessment Report
  • Assessment of Internal Controls over Financial
    Reporting (Section 404)
  • Statement Management is responsible for
    establishing and maintaining controls
  • Disclosure of any material weakness in system of
    internal controls
  • Independent Auditors attestation report on
    managements assessment of internal controls
  • Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)
  • Existence does not address effectiveness
  • Should address conflicts of interest,
    confidentiality of information, proper use of
    assets, RPT, illegal acts and compliance with
    laws and regulations
  • E-mail is a common communication method

4
Vericept Enabling Sarbanes-Oxley Compliance
  • Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to
    satisfy and enforce Internal Control requirements
  • Information financial and proprietary
  • Ethical and Conduct Codes
  • Communication paths
  • Data-in-Motion and Data-at-Rest
  • Specifically addresses 103, 302, 404 and 406

5
Actual Examples
  • Case No. 1. Potential Insider Tipping
  • Just prior to a Companys earnings announcement
    (but luckily after the close of trading), a Sales
    Employee contacts a third party by email and
    indicates that the Company will have a great
    quarter and that the third party should buy
    stock. The Companys policy as well as federal
    law prohibits such activity. The email is
    retrieved using Vericept along with other emails
    and the employee is dismissed. Employee does not
    bring a wrongful termination lawsuit.
  • Case No. 2. Posting of Confidential Company
    Information on the Internet
  • Highly confidential Product roadmap information
    is posted on a message board on the internet.
    Given the information, the Company believes that
    someone in an Engineering lab may be posting the
    information or providing a third party with the
    information. The Company conducts an
    investigation and immediately communicates to all
    employees a new email policy noting that any
    email communications are not subject to privacy.
    Management describes to the employees Vericept as
    a tool being utilized. No similar internet
    postings have occurred since the communication of
    the policy and the use of Vericept.
  • Case No. 3. Revenue Recognition Reviews
  • A non-material software sales transaction is
    identified early in the quarter close procedures
    as potentially not meeting the revenue
    recognition rules. Vericept is utilized to find
    the email trail that cleared the transaction.

6
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
7
Other Regulation and Compliance Areas Enforced
  • Internal Acceptable Use Policies
  • Sexual harassment policy
  • Use of e-mail/IM policy
  • Insider trading policy
  • CA SB 1386 Compliance
  • Identity theft
  • Conduct business in California
  • Maintain computerized data with personal
    information
  • First and last name in combination with SS or
    drivers license or credit or debit card
    (password)
  • Failure to report unauthorized breach
  • Company liable to civil action for damages
  • Similar legislation introduced at federal level

8
Customer Feedback
  • Vericepts Fraud and Identity Theft solution was
    a perfect fit when we were looking for a way to
    comply with the California Database Protection
    Act of 2003 (CDPA), which essentially mandates
    that any company doing business in California
    must protect the consumer information that
    resides in its database. Vericepts technology
    accurately monitors all communications across our
    network and flags all violations of the Act.
  • We view Vericepts Fraud and Identity Theft
    solution as a integral element in our
    Sarbanes-Oxley Act compliance strategy, as it is
    able to pinpoint and document instances of fraud
    across the network.
  • Paul Brothe
  • Director Internal Audit
  • McData

9
Analyst Feedback
  • Increasingly, Fraud and Identity Theft are
    becoming significant problems for business. IDC
    estimates that over one third of the financial or
    data loss incidents involve insiders. Vericept's
    innovative approach ties the insider problem with
    the leaking of sensitive information. IDC
    believes organizations that are trying to combat
    fraud and identity theft should consider
    integrating Vericepts solution into their
    overall exposure management and security
    infrastructure.
  • -Brian Burke
  • Research Manager, Security Products
  • IDC
Write a Comment
User Comments (0)
About PowerShow.com