Administration September 2, 2007

Letter Urges Regulators not to Implement SOX Exemption

February 21, 2006 (PLANSPONSOR.com) - A letter from former Securities and Exchange Commission Chairman Arthur Levitt and former Federal Reserve Chairman Paul Volcker urges regulators to reject a proposal to exempt thousands of smaller public companies from Sarbanes-Oxley-imposed rules on internal controls.
Reported by

The letter, addressed to the current SEC chairman, Christopher Cox, and William Gradison, acting chairman of the Public Company Accounting Oversight Board, said that the proposal for exemption is “misguided” and “goes too far” in addressing concerns of small businesses, according to the Wall Street Journal.

After receiving many complaints from smaller companies about the impact of the Sarbanes-Oxley (SOX) internal controls rule on their budgets, the SEC again extended the deadline for SOX compliance for those companies with market capitalization of up to $75 million.   A survey last year found that the average compliance bill for SOX came to $16 million, and a later survey said that those costs were not likely to decline for companies with market capitalization less than $120 million (See  Small Cos Won’t See SOX Implementation Costs Decline).

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

In response to the cost complaints, an SEC advisory panel made a recommendation in December that would lead to exempting an estimated 80% of public companies from at least part of the rules, the WSJ reports. Companies with market values below about $125 million would be exempt from the rules entirely; others would face relaxed variations on the rules.

Exempting smaller companies from the internal-controls rules would be a mistake, according to the letter, which said, “When new accounting and corporate-fraud scandals develop, as they surely will, people will ask who was responsible for a policy decision resulting in such sweeping exemptions.”

The letter was also signed by John Bogle, the former chairman of Vanguard Group Inc.; John Biggs, the former chairman and chief executive of pension company TIAA-CREF; and Charles Bowsher, former US comptroller general and former head of the Public Oversight Board, the PCAOB’s predecessor in regulating the accounting industry.

Bowsher said in an interview that the exemption proposal “basically is undermining the whole thrust of the Sarbanes-Oxley legislation – to get better reporting, better audits.”

Meanwhile, the SEC and PCAOB announced February 16 that they will sponsor a roundtable May 10, 2006, at the Commission’s headquarters in Washington, D.C., to discuss second-year experiences with the reporting and auditing requirements of the SOX internal controls rule.

In addition, the agencies announced they are seeking written feedback from registrants, auditors, investors and others on their experiences with complying with the Section 404 requirements.

The announcement, with directions for making submissions, is  here .   The deadline for submissions is May 1, 2006.

Benefits August 31, 2007

Hackers Steal Info from Federal Govt. Job Site

August 31, 2007 (PLANSPONSOR.COM) - Hackers stole information on about 146,000 users of a federal government jobs Web site after an apparently Ukraine-based attack on Monster Worldwide computers.
Reported by

The theft on the USAjobs.gov site, which has about 2 million users, was part of a hacking operation Monster disclosed last week, Peter Graves, a spokesman for the U.S. Office of Personnel Management (OPM), told Reuters. Monster runs the site on behalf of the government.

Get more!  Sign up for PLANSPONSOR newsletters.

The information stolen from the federal database included names, mailing addresses, phone numbers and e-mail addresses. Social Security numbers, which are encrypted in the database, were not compromised, Graves said.

Earlier this week, OPM restricted recruiters from accessing the database until Monster makes sure its system is secure, Graves told Reuters. “We disabled it yesterday as an extra precaution on our part to best protect our users,” Graves said, adding that the government expected to restore access Friday.

The government found out the site had been compromised July 20, when a subscriber submitted what appeared to be a fraudulent e-mail, Graves said, causing OPM to immediately pass the information on to Monster, the government spokesman said.

A response team from computer security firmSymantecfound that the hackers had managed to get unsuspecting PC users to download malicious software on to their computers so that hackers could gain control of their PCs.

From a command and control center relying on a Ukraine-based Web-hosting company, hackers hijacked the compromised computers so they could access Monster’s site using stolen credentials of job recruiters. The malicious software then sent the information to a second server in the Ukraine, which Monster said was shut down on about August 23.

The hackers’ ultimate goal was to launch so-called phishing attacks on the job seekers whose data was taken, according to Monster and Symantec. In such schemes, hackers use the stolen data to persuade their targets to provide financial information or download malicious software.

Pension Funds’ Computer Security Problems

Earlier this month, reports surfaced that two pension funds in California and New York had compromised the personal information of retirees.

The California Public Employees’ Retirement System (CalPERS) security breach happened when pension fund brochures containing part or entire Social Security numbers on the envelope were mailed out to 445,000 retired workers. Also, a laptop computer with the financial information of as many as 280,000 New York City retirees disappeared from a restaurant (See CalPERS Says Computer Error Compromised Retirees’ Social Security Numbers ).

«