Process Improvement News: "Can you measure the benefits of your process improvement effort and other quality initiatives? Is there duplication of effort and limited communication with your various quality initiatives? "

Interesting article on A Process Approach To HIPAA Compliance Through A HIPAA-CMM©, by Ronald L. Krutz, Ph.D., PE, CISSP.

A HIPAA-CMM and assessment methodology have been developed by Corbett Technologies as a standard for evaluating HIPAA compliance. With appropriate guidance and use of the SSE-CMM PAs and the defined HPAs to achieve the additional granularity and coverage as required, the HIPAA-CMM provides a formal, repeatable and consistent methodology to assess an organization's HIPAA compliance. This approach will identify areas of strong compliance, marginal compliance and lack of compliance and provide a consistent basis for defining remediation means. Inherently, the HIPAA-CMM also serves as a tool for implementing continuous improvement and evaluating the effectiveness of the improvement measures.

Additional information on the HIPAA-CMM can be found at the Corbett-Technologies, Inc. web site at www.corbett-tech.com.

(0) comments

Council Updates and Community News: "Why the City of Toronto Needs an Integrity Commissioner" An Integrity Commissioner, especially when combined with a Lobbyist Registry, could help restore public confidence that City Hall is operating in a responsible manner with high standards of ethical conduct.

How should elected officials deal with the pleas and benefactions of lobbyists? What kind of contact is appropriate between city staff and their suppliers and commercial contractors? What is appropriate for political aides with access to privileged information both while they are in the employ of elected officials and after their employment ends? How does City Hall ensure the highest ethical conduct and public accountability?

These kinds of questions are a sign of the times.

(0) comments

Why it has found itself in the governance quagmire it now faces.

[...]

In the company's assessment, its failure to 'identify, prevent or fully disclose' transactions that are at the centre of its current scandal is the fault of three factors: the presence of the same executives managing both Hollinger International and its parent company, Hollinger Inc.; the lack of a clear policy for dealing with related-party transactions; and the absence of a policy that related-party deals must be negotiated by officers who do not have a significant personal interest in the outcome of the deal.

For a company that has never paid much attention to new-fangled ideas of full disclosure, this small paragraph of honesty was revolutionary. It was a clear attempt to signal that a new guard is running the shop and is willing to criticize bluntly the old ways.

Other companies can extract some broader lessons from Hollinger International's mea culpa, even if few of them have such astoundingly weak procedures that they would require a full Hollinger-style overhaul."

Selected highlights:

Don't do related-party deals.

At least follow your own bare-minimum requirements for such deals.

Set up procedures for related-party deals that go beyond the basic requirements.

Make them contain checks and balances to avoid nasty surprises.

As well, Hollinger International said any related-party deals will have to be approved by two signing officers who are not related to its parent company.

But all companies should look at doing far more than this to ensure related-party deals are fair for all shareholders, and not just a controlling shareholder.

Further SEC requirements:

Companies must spell out many details of their related-party deals, including the anticipated effect and the full "nature of the benefit that will accrue" for every person or company involved.

Companies must also disclose information about the approval process the board followed.

They must disclose any contrary views on the board, or whether there were any directors who abstained from supporting the deal.

Companies should also disclose whether they struck a special committee to review the deal, and whether the board accepted or disagreed with its recommendations.

Companies should go further and get independent valuations done -- or independent fairness opinions -- of any significant transactions.
(not a complete list)

__posted by Carolyn L Burke @ 8:40 a.m.
subscribe to Integrity

(0) comments

Audit Committee: "Given the boardroom split, the committee issued a statement saying: 'The members of the audit committee believe that they are no longer in a position to serve effectively'. Hollinger Inc no longer has an audit committee following the resignations.

The departing independent directors are Douglas Bassett, the Canadian TV businessman, retail entrepreneur Fredrik Eaton, Allan Gotlieb, a former Canadian ambassador to the US, and Maureen Sabia, a board member at Canadian Tire."

CLB: When must watchdogs take a stand? When are their own standards and and their other responsibilities at risk?

(0) comments

For security ask yourself...what would Microsoft do?:
"In the paper, Microsoft describes its risk management strategy, which involves classifying different computing resources according to their 'value class' -- from servers hosting the Windows source code down to test servers. Microsoft also provides guidance on how its security group assesses the potential risks and threats to those assets and creates policies to secure the assets that are appropriate, given the value of the data they contain. "

(0) comments

Forensics course breaks new ground:
"[...]'The whole intent of the program was to obviously improve standards and skill levels in this particular branch of accounting,' said Gary Moulton, partner in forensic services at Deloitte and Touche and member of the CICA's alliance for excellence in investigative and forensic accounting. 'When I got into this 20 years ago, because it was so new, there weren't any courses. As time went on, we saw a need developing,'

When it comes to forensic accounting, learning on the job just isn't good enough anymore, adds Len Brooks, director of the DIFA program at Rotman.

'It's a program which is much needed because organized and unorganized white collar crime is really a growth phenomenon. The minds at work on the other side are quite clever,' Brooks said.

'The issue is that it takes a long time to learn because your experience isn't sequential, it isn't organized. You don't have access to experts. You're learning from your own mistakes in many cases.'

Nor is the standard chartered accounting training good enough.

'When you go to the forensic and investigative accounting field, you've got to have an extra dimension of professional skepticism. Instead of a watchdog, you've got to be a bloodhound. You've got to be more alert to the possibilities for fraud, for misconduct,' Brooks said."

(0) comments

Welcome to the Feelings Economy: "A simple Theory of Everything in Business: in an oversupplied economy, customer feelings drive purchase decisions and profitability. "

(0) comments

Advanced Security Industry in Canada

(0) comments

Review the Executive Summary: Highlight: convergence between info sec and physical security companies, both services and hardware.

(0) comments

Where's our homeland security plan?

(0) comments

Steptoe & Johnson: "The old saw that 'a stitch in time saves nine' also applies to computer security. No computer software is perfectly secure, but much of the damage from Internet virus and worm attacks can be prevented by promptly installing software security patches. But even in corporate environments, compliance with patch recommendations can be, well, patchy. And as the public grows less tolerant of Internet insecurity, there is increasing reason to fear that a failure to patch will become the basis for lawsuits and regulatory penalties. The attached paper prepared by Stewart Baker and Maury Shenk provides a more detailed analysis of this issue."

(0) comments

Managing With Soul: Combining Corporate Integrity With the Bottom Line : "... corporations not only have a moral duty to be good citizens but can also improve their own commercial prospects in the process of doing business in an ethical way..."

(0) comments

CLICK

Recommendations from the report include:

Developing self-assessment and performance tools to track how the Board is performing as a team;

Creating an open information-sharing system between the Board and top management;

Facing emotional flare-ups as they arise through direct and timely confrontation of the issues;

Holding a Board retreat to deal with critical issues or create necessary strategic plans.

__posted by Carolyn L Burke @ 10:12 a.m.
subscribe to Integrity

(0) comments