Jeff Jinnett: Towards a Structured GRC Taxonomy

Although governance, risk management and compliance laws and regulations may vary greatly depending on the jurisdiction, issuing authority, regulator and target industry, there appear to be certain common GRC issues that can be used to group mandates into categories. For example, the following nine GRC issues (with examples) may represent a useful taxonomy for the…

0

Jeff Jinnett: Prepare for Coming HITECH Act Healthcare Privacy & Security Audits

The Health Information Technology for Economic and Clinical Health (HITECH) Act[i], signed into law on February 17, 2009, is designed to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act strengthens the civil and criminal enforcement of the privacy and security requirements of the Health Insurance Portability and…

0

Semi-Automation of Compliance Processes: A UML Approach – insight from Jeff Jinnett

It has been estimated that 55 percent of the cost of any compliance program is due to staffing and training1.  Therefore, semi-automation or full automation of compliance processes can be a critical path to lowering overall compliance costs for large enterprises. One possible approach to developing a semi-automated approach to a compliance function could be the…

0

Jeff Jinnett: The Nimble Approach to Compliance: Multi-Purpose IT Solutions and “Nexialist” Compliance Attorneys

Regulatory compliance has become an increasingly costly burden. For example, SIFMA has estimated that the U.S. securities industry in 2004 spent $23.2 billion on compliance-related activities(1). In addition, regulatory mandates have become more intrusive in their application to how business is conducted. In response to corporate scandals such as Enron, the mandates have shifted from…

0

Jeff Jinnett: Value of an IT Security Due Diligence Document/Risk Mitigation Plan

If a company were ever asked to describe its IT security program, the company likely would have to bring in numerous staffers from the IT department and refer to reams of documents to present a full picture of the company’s IT security approach.  The need to be able to describe the company’s IT security program…

0

Jeff Jinnett: IT Approaches to State Law Preemption Under the Proposed Consumer Financial Protection Agency

On June 17, 2009, the U.S. Department of the Treasury issued a white paper entitled “Financial Regulatory Reform – A New Foundation: Rebuilding Financial Supervision and Regulation”(1).  This document sets forth the vision of the Obama administration for a new federal regulatory regime for the U.S. financial services industry. One proposed change is to create…

0

Jeff Jinnett: How to Take a Holistic Approach to Governance, Risk Management and Compliance – part 1

Today’s increasingly complex business landscape is matched by an increasingly challenging governance, risk management and compliance (GRC) landscape. U.S. multi-national companies are faced with a bewildering array of international, U.S. federal and state regulations, depending on the nature of the company’s business. These regulations can include the EU privacy directive, the Basel II Accord, the…

0