Saturday, July 03, 2004

SEC: SANS AuditBits Vol. 2, Num. 12

Gmail - SANS AuditBits Vol. 2, Num. 12

Hash: SHA1

SANS AuditBits July 2, 2004 Vol. 2, Num. 12


-- Four Michigan Cemeteries Violating State Law
-- Lessons to be Learned From Adecco
-- Rite Aid Execs Begin Serving Jail Time
-- Big Four Accounting Firms Gets Their Report Cards
-- KPNQwest Files Lawsuit Against Qwest International
-- Poll Shows European Companies Not Ready for 2005 IFRS
-- Shell Sued by Pension Funds for Mismanagement
-- Australian Version of International Standards to be Announced
-- IASB Publishes Preliminary Views on Standards for SMEs
-- IFAC and UNCTAD Join Forces
-- Case Against PNC Financial Dismissed
-- PCI Tells NAIC State Auditing Regulation Good Enough
-- SEC Approves Financial Reporting Auditing Standard
-- Accounting Watchdogs Report Misappropriation of USD 170 Million
-- FRC to Battle with Banks over IAS39
-- Embezzlement Leads to Proposed Reforms in State Law
-- Former Auditor Testifies Against Investment Banker
-- Parmalat Revamp Plan Filed


-- Accounting Beyond QuickBooks
-- Sarbanes-Oxley and Mergers


-- Cyber Risk Insurance: A Discourse and Preparatory Guide


-- Federal Reserve Revises Fair Credit Reporting Act Implementation
-- Free Annual File Disclosures
-- Interagency Statement on Sound Practices Concerning Complex
Structured Finance Activities
-- National Principal Contracts; Contingent Non-periodic Payments;

******************* Sponsored by SANS SCHOOL STORE ********************

Check out our School Store for recently released books on Business Law,
Solaris Securing Solaris, Computer Security Incident Handling and
exclusive books and merchandise. Also, check out our section on
recommended books written by SANS faculty, PDF samples on our
Step-By-Step Guides, and current specials on Oracle Security, 7-Pack
Guides, and T-shirts. For more information go to

Highlighted Training Programs Of The Week

SANS in London (June 21-26)
Five of our most popular tracks including Hacker Exploits, SANS Security
Essentials, Forensics, and more.

SANSFIRE in Monterey, CA (July 5-13) offers you 14 immersion training
tracks in one of the most beautiful places in America -- Monterey, CA.
Phenomenal training for auditors who want to master the challenges of
security auditors, managers who want to build a great security program,
beginners who want to get a fast start, and, of course, the only place
to go for technologists who want to master the most current methods for
protecting systems and networks.

SANSFIRE also offers lots of evening programs, extra one-day classes
ranging from Business Law to Cyberwarrior training, and vendor exhibits,



-- Four Michigan Cemeteries Violating State Law
(30 June 2004)
Four mid-Michigan cemeteries are violating a state law requiring 15
percent of proceeds from burial costs go into endowed trust. State
auditors maintain that between the four cemeteries there is USD 591,000
in trust fund deficits. However, state regulators maintain the public
should not worry yet. According to Alan J. Schefke, chief auditor with
the state Bureau of Commercial Services, while the four cemeteries are
making deposits slower than state law dictates, there is no evidence
that funds are being withdrawn improperly.
(Subscription Required)

-- Lessons to be Learned From Adecco
(29 June 2004)
Adecco shareholders are going to be demanding answers at the company's
annual meeting in Lausanne, Switzerland as to how the company's stock
plunged six months ago due to the perception of wrongdoing. Ultimately,
it was deemed that Adecco, the world's largest temporary employment
group, had only committed minor procedural irregularities. The events
at Adecco over the last six month have significance for executives
throughout Europe. Was Adecco merely the first victim of new
legislation or did the events at Adecco provide an object lesson? The
answers to these questions are vital for European executives. In
addition to companies affected by the U.S. Sarbanes-Oxley (SOX)
legislation, European firms will soon have to be compliant with a
European Commission directive on corporate governance in which key parts
are nearly identical to provisions in the SOX Act. Stewart Hamilton, a
professor of finance and accounting, asserts, "Key parts were lifted
from Sarbanes-Oxley. It's a wake-up call. It's coming here too."
(Subscription Required)

-- Rite Aid Execs Begin Serving Jail Time
(29 June 2004)
Three Rite-Aid executives, including Martin J. Grass, the company's
former chief executive, began serving their jail terms after pleading
guilty to federal conspiracy charges related to an accounting scandal
in which the company had to restate its earnings downward by USD 1.6
billion. Grass and Rite Aid's former chief financial officer Franklyn
M. Bergonzi will serve their sentences at prison camps for low security

-- Big Four Accounting Firms Gets Their Report Cards
(28 June 2004)
The Big Four accounting firms, PricewaterhouseCoopers LLC, Ernst & Young
LLC, KPMG LLP and Deloitte Touche USA LLP, received draft reports from
the Public Company Accounting Oversight Board (PCAOB). PCAOB chairman
William McDonough, speaking to lawmakers, revealed that the Big Four
accounting firms had "significant" problems; some of their issuing
clients did not appear to follow Generally Accepted Accounting
Principles (GAAP). In addition, McDonough asserts, "In terms of
overall, really tough application of quality, there's room for
improvement. The firms have 30 days to respond to the reports.

-- KPNQwest Files Lawsuit Against Qwest International
(28 June 2004)
A lawsuit against Qwest International, the regional telecommunications'
group, was filed in a New Jersey district court by the trustees of
KPNQwest. KPNQwest, which carried most of the Internet traffic in
Europe before it became insolvent two years ago, is seeking USD 3
billion in damage under the US Rico (Racketeer Influenced and Corrupt
Organization Act for damages KPNQwest and its creditors suffered due to
Qwest's mismanagement and breach of duty.

-- Poll Shows European Companies Not Ready for 2005 IFRS
(28 June 2004)
New international financial reporting standards (IFRS) are due to take
effect in 2005 but several recent polls indicate that companies are
ill-prepared for the deadline. According to a straw poll by accounting
firm KPMG, only twenty-five percent of Scottish non-executive directors
claim to have adequate preparations for the switch to the new IFRS.
Another study done by Atos KPMG Consulting found that preparations by
U.K. companies for IFRS were the worst in Europe with twenty-six percent
of companies maintaining they will not be able to meet the 2005
deadline, compared to 12% in France, Germany and the Netherlands. Also,
at this time, only two percent of U.K. companies are ready, compared
with twenty percent in the other three countries.

-- Shell Sued by Pension Funds for Mismanagement
(28 June 2004)
Two U.S.-based pension funds, the New York City-based UNITE National
Retirement Fund and the Virginia-based Pipefitters National Pension
Fund, filed a lawsuit in New Jersey Superior Court in Middlesex County
against twenty-seven directors and officers of the Royal Dutch/Shell
Group and their accounting and auditing firms PricewaterhouseCoopers
International and KPMG International following financial losses and
scandal associated with Shell's cutting its proved oil and natural gas
reserves four times since January. Among the allegations are "breach
of fiduciary duty, abuse of control, mismanagement, fraud and unjust
enrichment." The plaintiffs are seeking monetary damages against each
defendant, as well as new controls and limits on insider stock sales and
increased transparency of executive compensation and improved board
accountability to investors.

-- Australian Version of International Standards to be Announced
(28 June 2004)
According to the Australian Accounting Standards Board, Australia is
committed to pushing ahead with the implementation of international
accounting standards, despite letters from the Australian Institute for
Company Directors requesting a deferment of the January 1, 2005
implementation date. One of the standards, which requires the
disclosure of the market value of investments in derivative securities,
has sparked bitter opposition both in Australia and Europe; Belgium,
France and Italy have rejected the rule.

-- IASB Publishes Preliminary Views on Standards for SMEs
(28 June 2004)
The International Accounting Standards Board (IASB) has published a
Discussion Paper "Preliminary Views on Accounting Standards for Small
and Medium-sized Entities (SMEs)" which differs significantly from the
traditional views in standard-setting for the U.K. and the Republic of
Ireland who use the Accounting Standard Board's (ASB's) Financial
Reporting Standard for Smaller Entities (FRSSE) which is tailored to the
needs of small entities. The IASB hopes to receive comments on its
basic approach to the project on accounting standards for SMEs. The
ASB's Committee on Accounting for Smaller Entities (CASE) has requested
copies of responses to the IASB Discussion Paper from parties in the
U.K. and Ireland to allow discussion on the issue at its September 8th

-- IFAC and UNCTAD Join Forces
(28 June 2004)
The International Federation of Accountants (IFAC) and the United
Nations Conference on Trade and Development (UNCTAD) have joined forces
to boost accounting standards in developing nations and transitional
countries. A representative from UNCTAD summed up the joint effort with
a statement maintaining, "The two organizations share the objectives of
achieving greater transparency and accountability with a view to
strengthening the international financial systems and contributing to
economic growth."

-- Case Against PNC Financial Dismissed
(24 June 2004)
The U.S. District Court for Western Pennsylvania dismissed the case
against PNC Financial Services Group at the request of the U.S.
Department of Justice (DOJ) citing the fact that dismissal of the case
was part of a deferred prosecution agreement the DOJ had with PNC. The
settlement, reach in July 2002 required PNC to pay 115 million USD in
penalties connected with security fraud charges. The charges arose due
to PNC's removal of USD 762 million in bad corporate loan and
investments in 2001, which inflated the company's annual earnings by USD
155 million. According to PNC spokes man Bryan Goerke, the case
dismissal "brings closure to the main governmental investigations and
inquires into PNC and its affiliates stemming from the 2001
Related Article: Judge Says PNC Didn't Prove Breach

-- PCI Tells NAIC State Auditing Regulation Good Enough
(24 June 2004)
The Property Insurers Association of America (PCI), and other industry
representatives attending a public hearing, told the National
Association of Insurance Commissioners (NAIC) Working Group that the
Group needs to reconsider proposed amendments to its Model Audit Rule
that would incorporate provisions from the Sarbanes-Oxley (SOX) Act.
According to PCI's financial vice president Stephen W. Broadie current
state regulations achieve the goals of SOX. He notes "the working group
needs to examine whether there is a problem with current regulation and
what the cost and benefits of potential solutions are before assuming
that the very costly internal controls provisions of SOX are the

-- SEC Approves Financial Reporting Auditing Standard
(24 June 2004)
The Public Company Accounting Oversight Board, a private, nonprofit
company established by the Sarbanes-Oxley Act, developed an auditing
standard for internal control over financial reporting that identifies
four major categories of IT control: program development, program
changes, computer operations and access to programs and data. The
standard, approved by the Oversight Board in March, covering section 404
of Sarbanes-Oxley, has now been approved by the Securities and Exchange
Commission (SEC). Foreign companies listed at U.S. stock exchanges and
companies with less than USD 75 million market capitalization must
comply by 15 July 2005, while all other publicly traded companies will
have to include such attestations with their 2004 annual reports
starting 15 Nov. 2004.

-- Accounting Watchdogs Report Misappropriation of USD 170 Million
(24 June 2004)
In a recently published report covering its annual audit of select
government departments and state-owned enterprises, China's National
Audit Office found that officials at 41 out of 55 departments had
diverted funds into other areas that had been allocated for specific

-- FRC to Battle with Banks over IAS39
(24 June 2004)
Sir Bryan Nicholson, chairman of the UK's accounting regulator, the
Financial Reporting Council (FRC), in a letter to the internal market
commissioner of the European Union, Frits Bolkestein, talking about the
International Accounting Standards IAS32 and IAS39, warned that "Failure
to endorse these standards will have serious implications for the
quality and credibility of the EU's financial reporting regime," adding
that failure to endorse the standards would be incompatible with the
stated objectives of the EU's own regulation for international
accounting standards. Opposition to the IAS39 standard centers around
concerns from European banks over the introduction of "false volatility"
into their accounts.

-- Embezzlement Leads to Proposed Reforms in State Law
(23 June 2004)
The Roslyn, Virginia Council of School Superintendents is calling for
reforms in state law following the embezzlement of school funds by
school superintendent Pamela Gluckin in October 2002. According to
Jericho District Superintendent Henry Grishman, the council discussed
ways to prevent theft in school districts and came up with several
recommendations to change legislation to tighten weaknesses in audit and
hiring procedures that may have contributed to the embezzlement.
Recommendations include banning officials accused of fraud from
resigning without disclosure or an investigation and mandating that
annual district audits include checks for fraudulent vendors or vendor

-- Former Auditor Testifies Against Investment Banker
(23 June 2004)
Charged with embezzling USD 518,145 from his publicly traded companies,
Nathan A. Chapman Jr. heard his company's former auditor, Graylin Smith,
testify that he had warned the investment banker in 2001 that he had to
stop taking checks for expenses he couldn't document. Evidence
introduced in the federal fraud trail showed that, two days after
receiving the warning, Chapman accepted another such "business
development" check. According to Smith, he had talked with Chapman
about accepting loans from his own company as early as 2000.

-- Parmalat Revamp Plan Filed
(23 June 2004)
Antonio Marzano, Italian Industry Minister, was presented with a plan
developed by Enrico Bondi, late last year named commissioner to organize
the bankruptcy-protection restructuring of dairy giant Parmalat after
its massive fraud scandal, which he is expected to approve soon.
According to one news agency, Marzano wants Parmalat to remain in
Italian hands and expects the company to return to "strong profits once
the plan is implemented, by the years 2005 and 2006." The plan
recommends the company to concentrate on fruit juice, milk and
milk-related products, sell the dairy group's non-core assets, and slash
the number of the group's brands from 120 to 30.

*************************** SPONSORED LINKS ***************************
Notice: These links may redirect to non-SANS web pages.

(1) Interested in a Roadmap to Security Tools & Services?
Go to:

(2) Got a SSH client? Need secure access to your servers? Get OpenSSH
server free today:

(3) Need guidance on implementation and configuration of OpenSSH?
Order a Step-by-Step guide:



-- Accounting Beyond QuickBooks
As a small business grows so do its accounting needs. Over time,
software accounting applications such as QuickBooks are not sufficient
to meet the company's expanding accounting needs. This tutorial
examines questions that the business owner must consider before
purchasing a more complex accounting solution.

-- Sarbanes-Oxley and Mergers
This tutorial examines the effect of Sarbanes-Oxley on the merger and
acquisition activities of companies. It provides discussion on several
specific issues that should be examined when conducting a Sarbanes-Oxley
audit including control and procedures, financial statement
certifications, prohibition on insider loans and corporate governance
http://www.accountingweb.com/cgi-bin?id=99353 NOT FOUND


-- Cyber Risk Insurance: A Discourse and Preparatory Guide
By Denis Drouin
This paper offers insight to the implications of insurance and cyber
crime coverage and raises the awareness of the uncertain ties within
cyber insurance. It will also examine topics such as what technology
based insurance policies are available to the insured, the
organizational liabilities and what effect changing technology is likely
to have on organizations over time.


-- Federal Reserve Revises Fair Credit Reporting Act Implementation
The Board of Governors of the Federal Reserve System has published
revisions to Regulation V which implements the Fair Credit Reporting Act
(FCRA). Section 217 of the Fair and Accurate Credit Transactions Act of
2003 (FACT Act) amends the FCRA, requiring financial institutions that
extend credit and regularly furnish information to a nationwide consumer
reporting agency, and furnishes negative information to such an agency
regarding credit extended to a customer, the institutions must also
provide a clear and conspicuous notice about furnishing negative
information, in writing, to the customer. The term "financial
institution" is defined by Section 217 to have the same meaning as in
the privacy provisions of the Gramm-Leach-Bliley Act.
Effective: 16 July 2004.

- -- Free Annual File Disclosures
This final rule implements provisions made law by the Fair and Accurate
Credit Act of 2003. Under this law, the Federal Trade Commission was
mandated to establish a centralized source through which consumers may
request a free annual file disclosure from each nationwide consumer
reporting agency as well as an efficient process for them to do so.
Date: This rule is effective on December 1, 2004.

-- Interagency Statement on Sound Practices Concerning Complex
Structured Finance Activities
The Office of the Comptroller of the Currency, Treasury (OCC), Office
of Thrift Supervision, Treasury (OTS); Board of Governors of the Federal
Reserve System (Board); Federal Deposit Insurance Corporation (FDIC);
and Securities and Exchange Commission (SEC) are extending the comment
period for a proposed Interagency Statement on Sound Practices
Concerning Complex Structured Finance Activities.
Date: Comments should be received by July 19, 2004.

-- National Principal Contracts; Contingent Non-periodic Payments;
The Internal Revenue Service (IRS) is publishing a correction to a
correction notice for proposed regulations that were published in the
Federal Register on March 23, 2004 (69 FR 13498). The proposed
regulations call for the inclusion into income or deduction of a
contingent nonperiodic payment provided for under a notional principal
contract (NPC).


AuditBits Editorial Board:
Aminah Grefer, Roland Grefer, David Mangefrida, Stephen Northcutt,
Aurobindo Sundaram, Arrigo Triulzi

If you would like to provide feedback, have additional news items or
other information you would like to share with us, please send an email
to AuditBits@sans.org.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit

An archive of past issues of the AuditBits newsletter is available at

The AuditBits newsletter is also available as a RSS feed at

Version: GnuPG v1.2.4 (Darwin)



Post a Comment

<< Home

Get Firefox!