DOCSLIB.ORG

11 What Is Risk Assessment? 185 12 Risk Analysis 195 13 Who Is Responsible? 207

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
11 What Is Risk Assessment? 185 12 Risk Analysis 195 13 Who Is Responsible? 207 RISK MANAGEMENT FOR COMPUTER SECURITY This Page Intentionally Left Blank RISK MANAGEMENT FOR COMPUTER SECURITY Protecting Your Network and Information Assets By Andy Jones & Debi Ashenden AMSTERDAM ● BOSTON ● HEIDELBERG ● LONDON NEW YORK ● OXFORD ● PARIS ● SAN DIEGO SAN FRANCISCO ● SINGAPORE ● SYDNEY ● TOKYO Elsevier Butterworth–Heinemann 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Copyright © 2005, Elsevier Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permis- sion of the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also complete your request on-line via the Elsevier homepage (http://books.elsevier.com/security), by selecting “Customer Support” and then “Obtaining Permissions.” ϱ Recognizing the importance of preserving what has been written, Elsevier-Science prints its books on acid-free paper whenever possible. Library of Congress Cataloging-in-Publication Data Jones, Andy. Risk management for computer security: protecting your network and information assets/Andy Jones and Debi Ashenden. —1st ed. p. cm. Includes bibliographical references and index. ISBN 0-7506-7795-3 (alk. paper) 1. Industrial safety—Management. 2. Computer security. I. Ashenden, Debi. II. Title. T55. J655 2005 658. 4’78—dc22 20040755 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 0-7506-7795-3 For information on all Elsevier Butterworth-Heinemann publications visit our Web site at http://books.elsevier.com/security Printed in the United States of America 05060708091010987654321 To my wife, Kath, who has always given support and shown tolerance and patience and without whose support I would not have been able to complete this book. Dr. Andrew Jones, MBE MSc. MBCS University of Glamorgan United Kingdom This Page Intentionally Left Blank Contents Foreword by Dr. Jerry Kovacich ix Preface xiii Acknowledgments xix About the Authors xxi SECTION I: AN INTRODUCTION TO RISK MANAGEMENT 1 1 Introduction to the Theories of Risk Management 3 2 The Changing Environment 11 3 The Art of Managing Risks 25 SECTION II: THE THREAT ASSESSMENT PROCESS 35 4 Threat Assessment and Its Input to Risk Assessment 37 5 Threat Assessment Method 55 6 Example Threat Assessment 89 SECTION III: VULNERABILITY ISSUES 131 7 Operating System Vulnerabilities 133 8 Application Vulnerabilities 143 vii viii Risk Management for Computer Security 9 Public Domain or Commercial Off-the-Shelf Software? 149 10 Connectivity and Dependence 165 SECTION IV: THE RISK PROCESS 183 11 What Is Risk Assessment? 185 12 Risk Analysis 195 13 Who Is Responsible? 207 SECTION V: TOOLS AND TYPES OF RISK ASSESSMENT 213 14 Qualitative and Quantitative Risk Assessment 215 15 Policies, Procedures, Plans, and Processes of Risk Management 219 16 Tools and Techniques 231 17 Integrated Risk Management 243 SECTION VI: FUTURE DIRECTIONS 253 18 The Future of Risk Management 255 Index 261 Foreword This book, Risk Management for Computer Security: Protecting Your Network and Information Assets, as the name obviously implies, is a book about managing risks. But not just any type of risks—risks to information systems and computers. Computers may be networked or stand alone, although very few these days are not somehow connected to one another through local area networks, wide area networks, and the “mother of all networks,” the Internet, as well as the informa- tion they display, store, process, and transmit. It is about cost-effectively managing those risks. You are probably saying “so what?” There are thousands of such books on the market, so why this one? I anticipated that question because I also was a potential reader of this book and did not want to waste time reading a book that was not practical and only provided “scholarly” information but was of little practical application for me in establishing and managing a risk management program. I asked myself the same question. After all, why should I endorse this book? To find the answer to “our question,” I decided to do some research. I went on- line to one of the world’s most well-known on-line booksellers (who shall remain nameless) and found 90,316 “hits” on risk management books and magazines. The books and magazines listed ran the gamut from risk management topics related to finance, product development, insurance, investing, computing, secu- rity, personal credit, healthcare, and the like. I narrowed the search to “computer security risk management” and found “only” 53,872 hits. That helped but still didn’t work very well. Therefore, I decided to see what these 53,872 books were about. I found that many were very narrow in focus, dealing with risk issues per- taining to U.S. Government matters, a new health law, vulnerabilities of some networks, risk stuff related to the Internet, and the like. Some were somewhat dated, actually out of date based on the rapidly changing world of our informa- tion environment. To narrow my book choices down even more, I looked at the ix x Risk Management for Computer Security information provided about many of the books’ authors. Some were written by individuals who may be nice people, good writers, and researchers but obviously either have little or no experience in the “real-world” of doing risk management processes, projects, establishing risk management programs, and the like—or if so, their experiences seemed to be limited (based on the information provided). This became apparent by looking at their degrees as well as their jobs as presented on the on-line books’ web pages. In addition, they, for the most part, seemed to be focused on risks without actually putting the emphasis where it belongs— applying it to businesses, thinking like a business person, and looking at it from a business perspective. In other words, how can I do it at the least cost to my busi- ness while balancing those costs with some acceptable level of risks? After all, even governments have limited budgets for information assets protection and have developed a “business approach” to dealing with this issue. Some books’ web pages I looked at indicated that the books were basically information systems security—computer security—books with some risk management things thrown in. Some had “cutesy” titles to get your attention, but when looking at the reviews by those who had purchased their books, the number of pages, table of contents, and authors’ backgrounds, well, many just didn’t seem to be worth reading. So, there we have it. I found many books published that at least alluded to risk management, but very few really seemed to be written by those whose duties involve managing risks to automated information and the information systems. Many seemed to be outdated, whereas others seemed to lack the approach used in this book. Now, there is this book you are reading—or at least reading this Foreword. What I found enjoyable about this book is that it really is a “handbook” that is easy to read and covers “everything you always wanted to know but were afraid to ask” on the topic of managing risks of information assets, with emphasis on costs versus risks. Let me say it this way: It is a business-oriented approach where costs are an important issue that must be considered. In other words, how much pro- tection is enough? How much does it cost? Is it worth the costs? Are we getting our money’s worth? How do we know? How much risk am I accepting? Is it too much? Not enough based on costs? As the authors point out: ... if the risk assessment is not carried out effec- tively, then the organization will either waste money or be exposed to an unac- ceptable risk. This says it all. This is what risk management is all about, and this is the authors’ driving thought behind this book. Now, how does one establish a program to include processes and such to address the risk manage- ment issues associated with information assets protection at least cost? In Foreword xi other words, using management terminology, effectively and efficiently (good and cheap). Speaking of the authors, look at who they are—look at their educational background and experience as noted in the “About the Authors” part of this book. Their experience is not just in information systems security, even though that background is needed. More importantly, look at their experience in actually establishing and managing risk management projects and programs. Andy Jones and Debi Ashenden indeed have “been there and done that.” They are writing based on their actual experiences in the business of managing the risks to infor- mation systems and the information that our modern systems display, process, store, and transmit. Indeed, if you could only have one book on risk manage- ment to guide you to successfully managing systems and information risks in the business world as well as in a government’s information environment, this would be the one to choose. What is also nice about this book is that it is not some statistically driven look at managing risks written by someone with a PhD in statistics and one that requires the reader a similar degree to understand what the author is talking about. No, this is an easy-to-read common business sense approach to the topic. It has information that can be easily applied by both the novice and experienced information systems security practitioners.
Load more

Recommended publications
  • Enron and Co
    Enron and Co. - the fiasco of the new USA-style economy Eric Toussaint (*) Twenty years of deregulation and market liberalization on a planetary scale have eliminated all the safety barriers that might have prevented the cascade effect of crises of the Enron type. All capitalist companies of the Triad and emerging markets have evolved, some with their own variations, on the same lines as in the USA. The planet's private banking and financial institutions (as well as insurance companies) are in a bad way, having adopted ever riskier practices. The big industrial groups have all undergone a high degree of financialization and they, too, are very vulnerable. The succession of scandals shows just how vacuous are the declarations of the US leaders and their admirers in the four corners of the globe (see Ahold, Parmalat,…). A mechanism equivalent to several time -bombs is under way on the scale of all the economies on the planet. To name just a few of those bombs: over indebtedness of companies and households, the derivatives market (which in the words of the billionaire Warren Buffet, are « financial weapons of mass destruction »), the bubble of property speculation (most explosive in the USA and the UK), the crisis of insurance companies and that of pension funds. It is time to defuse these bombs and think of another way of doing things, in the USA and elsewhere. Of course, it is not enough to defuse the bombs and dream of another possible world. We have to grapple with the roots of the problems by redistributing wealth on the basis of social justice.
    [Show full text]
  • Reforming the Auditing Industry
    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/330983629 REFORMING THE AUDITING INDUSTRY Technical Report · December 2018 DOI: 10.13140/RG.2.2.15538.04802 CITATIONS READS 4 2,647 14 authors, including: Prem Sikka Christine Cooper University of Sheffield and University of Essex University of Strathclyde 118 PUBLICATIONS 3,957 CITATIONS 28 PUBLICATIONS 1,192 CITATIONS SEE PROFILE SEE PROFILE John Christensen Paddy Ireland Tax Justice Network University of Bristol 30 PUBLICATIONS 718 CITATIONS 40 PUBLICATIONS 732 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: EURAM 2019, Lisbon, Rethinking the Form, Governance & Legal Constitution of Corporations. Theoretical Issues & Social Stakes. View project Project on property rights and China View project All content following this page was uploaded by Prem Sikka on 09 February 2019. The user has requested enhancement of the downloaded file. REFORMING THE AUDITING INDUSTRY Prem Sikka Colin Haslam Christine Cooper James Haslam John Christensen Deepa Govindarajan Driver Tom Hadden Paddy Ireland Martin Parker Gordon Pearson Ann Pettifor Sol Picciotto Jeroen Veldman Hugh Willmott *REFORMING THE AUDITING INDUSTRY This review was commissioned by the Shadow Chancellor of the Exchequer, John McDonnell MP, and conducted independently by Professor Prem Sikka and others. The contents of this document form a submission to Labour’s policy making process; they do not constitute Labour Party policy nor should the inclusion of conclusions and recommendations be taken to signify Labour Party endorsement for them. This report is promoted by John McDonnell MP, Shadow Chancellor of the Exchequer at House of Commons, Westminster, London SW1A 0AA.
    [Show full text]
  • The Sarbanes-Oxley Act and Ethical Corporate Climates: What the Media Reports; What the General Public Knows, 2 Brook
    Brooklyn Journal of Corporate, Financial & Commercial Law Volume 2 | Issue 2 Article 4 2008 The aS rbanes-Oxley Act and Ethical Corporate Climates: What the Media Reports; What the General Public Knows Cheryl L. Wade Follow this and additional works at: https://brooklynworks.brooklaw.edu/bjcfcl Recommended Citation Cheryl L. Wade, The Sarbanes-Oxley Act and Ethical Corporate Climates: What the Media Reports; What the General Public Knows, 2 Brook. J. Corp. Fin. & Com. L. (2008). Available at: https://brooklynworks.brooklaw.edu/bjcfcl/vol2/iss2/4 This Article is brought to you for free and open access by the Law Journals at BrooklynWorks. It has been accepted for inclusion in Brooklyn Journal of Corporate, Financial & Commercial Law by an authorized editor of BrooklynWorks. THE SARBANES-OXLEY ACT AND ETHICAL CORPORATE CLIMATES: WHAT THE MEDIA REPORTS; WHAT THE GENERAL PUBLIC KNOWS Cheryl L. Wade* I. INTRODUCTION The question for participants in the Securities Regulation Section’s program at the 2008 AALS Annual Meeting was whether recent securities regulation reforms hit their mark. I focus in this essay on The Sarbanes- Oxley Act of 2002 (SOX or the Act),1 the most important legislative reform of securities markets in recent decades.2 Enacted to assuage public outrage about corporate greed and malfeasance ignited by media reports describing debacles at Enron, WorldCom, Adelphia, Tyco and other companies in 2001 and 2002 (the Corporate Scandals)3, SOX represented a legislative and political response to public resentment of what some considered a morally impaired corporate America. In the immediate aftermath of its enactment, the mark at which SOX took aim was the allaying of public indignation.
    [Show full text]
  • The Role Enron Energy Service, Inc., (Eesi) Played in the Manipulation of Western State Electricity Markets
    S. HRG. 107–1139 THE ROLE ENRON ENERGY SERVICE, INC., (EESI) PLAYED IN THE MANIPULATION OF WESTERN STATE ELECTRICITY MARKETS HEARING BEFORE THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED SEVENTH CONGRESS SECOND SESSION JULY 18, 2002 Printed for the use of the Committee on Commerce, Science, and Transportation ( U.S. GOVERNMENT PRINTING OFFICE 83–978 PDF WASHINGTON : 2005 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2250 Mail: Stop SSOP, Washington, DC 20402–0001 VerDate 0ct 09 2002 14:07 Sep 26, 2005 Jkt 083978 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 S:\WPSHR\GPO\DOCS\83978.TXT JACK PsN: JACKF SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED SEVENTH CONGRESS SECOND SESSION ERNEST F. HOLLINGS, South Carolina, Chairman DANIEL K. INOUYE, Hawaii JOHN MCCAIN, Arizona JOHN D. ROCKEFELLER IV, West Virginia TED STEVENS, Alaska JOHN F. KERRY, Massachusetts CONRAD BURNS, Montana JOHN B. BREAUX, Louisiana TRENT LOTT, Mississippi BYRON L. DORGAN, North Dakota KAY BAILEY HUTCHISON, Texas RON WYDEN, Oregon OLYMPIA J. SNOWE, Maine MAX CLELAND, Georgia SAM BROWNBACK, Kansas BARBARA BOXER, California GORDON SMITH, Oregon JOHN EDWARDS, North Carolina PETER G. FITZGERALD, Illinois JEAN CARNAHAN, Missouri JOHN ENSIGN, Nevada BILL NELSON, Florida GEORGE ALLEN, Virginia KEVIN D. KAYES, Democratic Staff Director MOSES BOYD, Democratic Chief Counsel JEANNE BUMPUS, Republican Staff Director and General Counsel (II) VerDate 0ct 09 2002 14:07 Sep 26, 2005 Jkt 083978 PO 00000 Frm 00002 Fmt 5904 Sfmt 5904 S:\WPSHR\GPO\DOCS\83978.TXT JACK PsN: JACKF C O N T E N T S Page Hearing held on July 18, 2002 ..............................................................................
    [Show full text]
  • The Accounting Problems at Worldcom
    WRONG NUMBERS: THE ACCOUNTING PROBLEMS AT WORLDCOM HEARING BEFORE THE COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED SEVENTH CONGRESS SECOND SESSION JULY 8, 2002 Printed for the use of the Committee on Financial Services Serial No. 107–74 ( U.S. GOVERNMENT PRINTING OFFICE 83–079 PDF WASHINGTON : 2002 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2250 Mail: Stop SSOP, Washington, DC 20402–0001 VerDate 11-MAY-2000 12:14 Jan 10, 2003 Jkt 000000 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 C:\DOCS\83079.TXT HBANK1 PsN: HBANK1 HOUSE COMMITTEE ON FINANCIAL SERVICES MICHAEL G. OXLEY, Ohio, Chairman JAMES A. LEACH, Iowa JOHN J. LAFALCE, New York MARGE ROUKEMA, New Jersey, Vice Chair BARNEY FRANK, Massachusetts DOUG BEREUTER, Nebraska PAUL E. KANJORSKI, Pennsylvania RICHARD H. BAKER, Louisiana MAXINE WATERS, California SPENCER BACHUS, Alabama CAROLYN B. MALONEY, New York MICHAEL N. CASTLE, Delaware LUIS V. GUTIERREZ, Illinois PETER T. KING, New York NYDIA M. VELA´ ZQUEZ, New York EDWARD R. ROYCE, California MELVIN L. WATT, North Carolina FRANK D. LUCAS, Oklahoma GARY L. ACKERMAN, New York ROBERT W. NEY, Ohio KEN BENTSEN, Texas BOB BARR, Georgia JAMES H. MALONEY, Connecticut SUE W. KELLY, New York DARLENE HOOLEY, Oregon RON PAUL, Texas JULIA CARSON, Indiana PAUL E. GILLMOR, Ohio BRAD SHERMAN, California CHRISTOPHER COX, California MAX SANDLIN, Texas DAVE WELDON, Florida GREGORY W. MEEKS, New York JIM RYUN, Kansas BARBARA LEE, California BOB RILEY, Alabama FRANK MASCARA, Pennsylvania STEVEN C.
    [Show full text]
  • Annual Hyman P. Minsky Conference on the State of the US and World Economies Program
    Conference Proceedings Levy Economics Institute of Bard College rd annual hyman p. minsky conference on the state of the us and 23world economies Stabilizing Financial Systems for Growth and Full Employment April 9–10, 2014 The National Press Club, Washington, D.C. A conference organized by the Levy Economics Institute with support from the Ford Foundation Contents FOREWORD 1 PROGRAM 2 WELCOME AND INTRODUCTION Dimitri B. Papadimitriou 5 SPEAKERS Carolyn B. Maloney 8 Sherrod Brown 13 Charles L. Evans 19 Daniel K. Tarullo 29 Peter Praet 39 Jason Furman 50 Vítor Constâncio 70 SESSIONS 1. Financial Reregulation to Support Growth and Employment 82 2. Financial Regulation and Economic Stability: Was Dodd-Frank Enough, or Too Much? 87 3. The Global Growth and Employment Outlook: Cloudy with a Risk of . ? 91 4. The Euro and European Growth and Employment Prospects 96 5. What Are the Monetary Constraints to Sustainable Recovery of Employment? 101 PARTICIPANTS 106 These proceedings consist of edited transcripts of the speakers’ remarks and summaries of session participants’ presentations. Foreword I am delighted to welcome you to the 23rd Annual Hyman P. Minsky Conference, “Stabilizing Financial Systems for Growth and Full Employment,” organized by the Levy Economics Institute with support from the Ford Foundation. As part of its monetary policy research, the Institute is partnering with the Ford Foundation to examine financial instability and the reregulation of financial institutions and markets within the context of Minsky’s path-breaking work on financial crises. Despite the appearance of greater stability in the US financial system since the 2008–09 global recession, the economic recovery remains fragile and uneven, and social conditions are expected to improve even more slowly.
    [Show full text]
  • The Sarbanes-Oxley Act: Is the Investing Public Really Any Better Off
    Volume 33 Issue 3 Summer 2003 Summer 2003 The Sarbanes-Oxley Act: Is the Investing Public Really Any Better Off Emily Williams Recommended Citation Emily Williams, The Sarbanes-Oxley Act: Is the Investing Public Really Any Better Off, 33 N.M. L. Rev. 481 (2003). Available at: https://digitalrepository.unm.edu/nmlr/vol33/iss3/7 This Notes and Comments is brought to you for free and open access by The University of New Mexico School of Law. For more information, please visit the New Mexico Law Review website: www.lawschool.unm.edu/nmlr THE SARBANES-OXLEY ACT: ISTHE INVESTING PUBLIC REALLY ANY BETTER OFF? EMILY WILLIAMS* I. INTRODUCTION On July 30, 2002, President Bush signed legislation intended to address the corporate accounting issues that arose in the corporate scandals of late 2001 and 2002.' The Sarbanes-Oxley Act, designed to "protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities law,"2 passed Congress in the wake of the Enron bankruptcy and other corporate accounting scandals.3 The Act attempts to address a number of the issues related to publicly traded corporations by creating a new federal oversight agency,4 establishing auditor independence rules,5 creating new laws to address corporate responsibility,6 enhancing financial disclosure requirements,7 addressing analyst conflicts of interest,' creating new corporate and criminal fraud laws,9 and enhancing penalties for white collar crime.'° One of the key ways the Sarbanes-Oxley Act attempts to protect investors and restore confidence is by addressing corporate accounting issues." The Act creates a new federal agency to oversee accounting firms that perform audits, the Public Company Accounting Oversight Board (PCAOB).2 The Act also establishes new rules and procedures for auditors 3 and issuers.'4 This comment analyzes the provisions of the Sarbanes-Oxley Act that attempt to improve corporate accounting and examines how the Act fits into the already complicated statutory and regulatory scheme designed to protect and inform the investing public.
    [Show full text]
  • MCI, Inc. Is an American Telecommunications Subsidiary of Verizon Communications That Is Headquartered in Ashburn, Unincorporated Loudoun County, Virginia
    Worldcom MCI, Inc. is an American telecommunications subsidiary of Verizon Communications that is headquartered in Ashburn, unincorporated Loudoun County, Virginia. The corporation was originally formed as a result of the merger of WorldCom (formerly known as LDDS followed by LDDS WorldCom) and MCI Communications, and used the name MCI WorldCom followed by WorldCom before taking its final name on April 12, 2003 as part of the corporation's emergence from bankruptcy. The company formerly traded on NASDAQ under the symbols "WCOM" (pre-bankruptcy) and "MCIP" (post-bankruptcy). The corporation was purchased by Verizon Communications with the deal closing on January 6, 2006 and is now identified as that company's Business division with the local residential divisions slowly integrated into local Verizon subsidiaries. MCI's history, combined with the histories of companies it has acquired, echoes most of the trends that have swept American telecommunications in the past half-century: It was instrumental in pushing legal and regulatory changes that led to the breakup of the AT&T monopoly that dominated American telephony; its purchase by WorldCom and subsequent bankruptcy in the face of accounting scandals was symptomatic of the Internet excesses of the late 1990s. It accepted a proposed purchase by Verizon for US$7.6 billion. For a time, WorldCom was the United States's second largest long distance phone company (after AT&T). WorldCom grew largely by aggressively acquiring other telecommunications companies, most notably MCI Communications. It also owned the Tier 1 ISP UUNET, a major part of the Internet backbone. It was headquartered in Clinton, Mississippi, before being moved to Virginia.
    [Show full text]
  • Corporate Governance: Sarbanes-Oxley Act, Related Legal Issues, and Global Comparisons
    Denver Journal of International Law & Policy Volume 32 Number 2 Spring Article 3 April 2020 Corporate Governance: Sarbanes-Oxley Act, Related Legal Issues, and Global Comparisons John M. Holcomb Follow this and additional works at: https://digitalcommons.du.edu/djilp Recommended Citation John M. Holcomb, Corporate Governance: Sarbanes-Oxley Act, Related Legal Issues, and Global Comparisons, 32 Denv. J. Int'l L. & Pol'y 175 (2004). This Article is brought to you for free and open access by Digital Commons @ DU. It has been accepted for inclusion in Denver Journal of International Law & Policy by an authorized editor of Digital Commons @ DU. For more information, please contact [email protected],[email protected]. CORPORATE GOVERNANCE: SARBANES-OXLEY ACT, RELATED LEGAL ISSUES, AND GLOBAL COMPARISONS JOHN M. HOLCOMB "I don't sense an enthusiasticpursuit of the fundamental principles of corporate governance even today. I see a reluctant minimalist approach, staying one step ahead of the regulators more than anything else. I am trying to find my own way in getting a stronger boardand strongershareholder involvement on the issues. If you re not utterly insensitive to matters, you have to a ree that restless. They want more say. shareholders are getting more active and When even a leading corporate CEO such as Andrew Grove is skeptical of the system of corporate governance in place today at most corporations, there is a real problem. Many of the corporate scandals of the past two years come back to the deficiencies in corporate governance. At Enron and other companies, the focus was on the failure of the audit committee of the board of directors.
    [Show full text]
  • The Role of Audit Firms in Fraud Detection Against the Backdrop of Potential Conflicts of Interest
    The Role of Audit Firms in Fraud Detection Against the Backdrop of Potential Conflicts of Interest Jonathan Hucke BACHELOR’S THESIS September 2020 Bachelor of Business Administration International Business ABSTRACT Tampereen ammattikorkeakoulu Tampere University of Applied Sciences Bachelor of Business Administration International Business JONATHAN HUCKE The Role of Audit Firms in Fraud Detection against the Backdrop of Potential Conflicts of Interest Bachelor's thesis 91 pages September 2020 Most of the financial and economic crises in recent history have not just had major negative implications on the economic situation of industrial and developing countries and their peoples but have also been accompanied by spectacular cor- porate collapses and bankruptcies. Two of the most prominent victims are former telecommunications firm WorldCom and the investment bank Lehman Brothers. WorldCom went bankrupt during the burst of the tech bubble in 2002, and Leh- man collapsed at the height of the financial crisis in 2008. What both companies had in common were their contentious accounting practices and the failure of their respective auditors who neither detected WorldCom’s accounting fraud nor reported Lehman’s accounting gimmick. Both auditors, Arthur Andersen and Ernst & Young, faced heavy criticism in the wake of the collapses; and the audit- ing profession in general has been under close scrutiny ever since. This research aims to examine the role of audit firms in general but also specifi- cally in fraud detection, especially against the backdrop of potential conflicts of interest these audit firms might face during their work. The purpose was to de- velop solutions which, if implemented, can eliminate conflicts of interest in audit and improve audit quality.
    [Show full text]
  • Corporate Governance Changes As a Signal: Contextualizing the Performance Link
    Columbia Law School Scholarship Archive Faculty Scholarship Faculty Publications 2016 Corporate Governance Changes as a Signal: Contextualizing the Performance Link Merritt B. Fox Columbia Law School, [email protected] Ronald J. Gilson Columbia Law School, [email protected] Darius Palia [email protected] Follow this and additional works at: https://scholarship.law.columbia.edu/faculty_scholarship Part of the Business Organizations Law Commons, European Law Commons, and the Law and Economics Commons Recommended Citation Merritt B. Fox, Ronald J. Gilson & Darius Palia, Corporate Governance Changes as a Signal: Contextualizing the Performance Link, EUROPEAN CORPORATE GOVERNANCE INSTITUTE (ECGI) LAW WORKING PAPER NO. 323/2016; STANFORD LAW & ECONOMICS OLIN WORKING PAPER NO. 496 (2016). Available at: https://scholarship.law.columbia.edu/faculty_scholarship/1989 This Working Paper is brought to you for free and open access by the Faculty Publications at Scholarship Archive. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of Scholarship Archive. For more information, please contact [email protected]. Corporate Governance Changes As a Signal: Contextualizing the Performance Link Merritt B. Fox, Ronald J. Gilson,** and Darius Palia*** November 2016 _______________________ Promoting “good” corporate governance has become a global industry. Large international organizations like the OECD have adopted corporate governance codes of best practice.1 Major institutional investors like the Norwegian Government Fund Global (a sovereign wealth fund), the California Public Employees Retirement System and BlackRock have similar codes to guide their choices as to where to invest and how to vote the shares in their portfolio.2 Corporate governance concerns have also animated regulatory change.
    [Show full text]
  • Leadership on Trial: an Existentialist Assessment
    Covenant International Journal of Psychology (CIJP). Vol.2, No.1, June. 2017 An Open Access Journal Available Online Leadership on Trial: An Existentialist Assessment Godwyns A. Agbude1, Aize Obayan2, Ademola, L. Lawal3, & Ugochukwu D. Abasilim1 1Development of Political Science and International Relations, College of Leadership Development Studies, Covenant University, Ota, Ogun State, Nigeria. [email protected]; [email protected] 2College of Leadership Development Studies, Covenant University, Ota, Ogun State, Nigeria. [email protected] 3Department of Philosophy, University of Ibadan, Oyo State, Nigeria. [email protected] Abstract: The importance of leadership in society calls for a continuous attempt to improving on leadership studies so as to build societies (in all its constitutive units) that are humane. This paper, therefore, engages in the perennial dialogues of leadership development vis-à-vis leadership performance from an existentialist paradigm in making a case for a more holistic and viable prescription for effective and functional leadership. The existentialists are notorious for their redefinition of Husserlian Phenomenology in which the Transcendental Ego escaped to the world of loneliness where it only serves as an impartial and uninterested observer of human events. From the pedestal of the Transcendental Ego, the Existentialists pulled it down to the world of empirical reality where the Transcendental Ego becomes an 46 Godwyns A. Agbude et al CIJP (2017) 2(1) 46-62 interactive, interested and interwoven reality with the other realities of the world. Putting this in the context of leadership, contemporary leadership performance, both in the political and the corporate (organisational) worlds, reflects a Husserlian disinterested Transcendental Ego in which both public and corporate policies are shaped first and foremost for the interest of the political and the corporate leaders and their compatriots.
    [Show full text]