I have two disscussion post below that needs to be answered with at least 250 words each. There isn't a need for formal formatting, however I do need at least two different refrences for each disscussion post.
Compliance Audit Tools and Resources
Historically, compliance audits were difficult and costly, driving many organizations to choose to assume the risk of not really knowing the organization's posture in terms of compliance. Today, a number of software solutions are able to reach out into a network and perform controls and configuration testing against a set of criteria matched to specific laws, regulations, and statutes. Commonly available software tests for the Sarbanes-Oxley Act (also known as SOX), the Payment Card Industry Data Security Standard (PCI-DSS), and the Health Insurance
Portability and Accountability Act (HIPAA), with variations among product packages as to other functionality that can be tested.
The CIO of a local medical device company is concerned about how well his employees are complying with the laws and regulations that apply to his organization. He asks you to research and deliver recommendations for the tools and resources you will need to purchase a suitable software package. Following that recommendation, you are to use the software to determine the level of compliance and to identify any areas of weakness. Finally, you are asked to report back to him on mitigations that will strengthen the organization's regulatory compliance posture.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
1. Describe the steps necessary to determine what laws, regulations, and statutes impact this organization.
2. Identify the process to select the appropriate compliance software for this organization.
3. Explain the selection of team members and process steps from selection of the compliance software through creation of the recommendations for mitigation.
Compliance Auditing in Regulatory Environments
A series of high visibility examples of corporate fraud motivated the federal government to step in and create laws to hold corporations more accountable to the public and to their shareholders. Two of the more well-known examples are Gramm-Leach-Bliley (GLB Act) passed in 1999 and Sarbanes-Oxley Act (SOX) passed in 2002. Both of these laws have information security and privacy components that impact financial management and creation of financial statements within certain organizations.
The CFO of a large investment company that is publically traded on the American Stock Exchange is preparing for a significant external audit as part of preparing the organization for creation of the annual financial statements and report to shareholders. He hires you establish what obligations they have under the GLB and SOX laws that relate to creation of those financial statements.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
1. Describe the steps necessary to determine what specific criteria within the GLB and SOX laws pertain to this particular type of organization.
2. Identify the process that will identify how well the organization is in compliance with the criteria.
3. Explain the selection of team members and process steps from being hired to determine the relevant parts of GLB and SOX through reporting on the identification of compliance levels.