The key to information security and privacy compliance.

For U.S. companies, information privacy compliance is fast becoming a significant business priority, and not just because data is more decentralized, distributed and mobile than ever before. The meteoric rise of identity theft, coupled with highly publicized security breach incidents, has spawned public outrage and customer demand for swift and corrective actions. As a result, companies find themselves trying to reassure legislators and customers alike that this information is protected—before it can be compromised.

Integrated GRC can improve risk intelligence in the C-suite and the boardroom.

As we approach the fifth anniversary of Sarbanes-Oxley (SOX), I hope that the burdens of complying with this significant piece of legislation will not overshadow the benefits we are deriving from it. Granted, it has been a long and arduous journey, but let’s not lose sight of the fact that it was a series of destructive corporate scandals and governance failures—Enron, Worldcom and Tyco, among others—that paved the way for a reconstituted and reinvigorated system of checks and balances to protect investors and to restore public confidence in the capital markets.

Leading investment group closely considering governance in future votes.

TIAA-CREF, the $400 billion-plus retirement fund organization for academic, medical, research and cultural institutions, has stiffened its policies determining how it votes on a variety of corporate governance issues.

The cost of compliance may be balanced by improved efficiency and quality.

At my peril, I frequently ask senior decision makers how much Sarbanes-Oxley legislation (SOX) has benefited their companies. Because of the recently proposed management guidance from the U.S. Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board’s (PCAOB) proposed changes to their audit standard, AS 2, I have had several such SOX conversations in recent weeks.

Corporate whistleblowers might need a monetary nudge, researchers suggest.

For a working paper for the National Bureau of Economic Research, Alexander Dyck, Adair Morse and Luigi Zingales studied 230 cases of alleged corporate fraud at larger companies between 1996 and 2004. They found that, despite the incentives introduced by Sarbanes-Oxley, whistleblowing numbers decreased in post-SOX cases.

A prescription for business health.

At this time of the year, many people make resolutions to improve their overall health. It makes sense for business executives to mirror that practice with respect to their comp­any’s business health.

Is the cost of compliance too high? Lobbyists and business associations are pressuring the SEC and Congress to help ease the cost of complying with SOX.

CROs address the challenge of creating a unified approach to corporate responsibility.

In November 2000, I attended the annual Business for Social Responsibility Conference, where I was eager to explore whether the CSR movement could influence internal ethics and compliance programs. I looked forward to a workshop led by the Chief Ethics Officer at Merck and the head of Social Responsibility for Enron.