IT and Information Security After Sarbanes-Oxley: A New Paper From Compliance LLC

An open letter to IT and Information Security professionals that discusses the shift of focus from information security to "reasonable assurance."

IT and Information Security After Sarbanes-Oxley: A New Paper From Compliance LLC
Washington, DC, December 18, 2007 --( Compliance LLC, a leading provider of compliance training, executive coaching and consulting in more than 34 countries, today announced the launch of a new paper with the title: "IT and Information Security after Sarbanes-Oxley."

"It is good to remember that nobody has promised that our financial statements are accurate. We have promised adequate controls that provide reasonable assurance that we do not have material misstatements, and can prevent (not will prevent) or detect material misstatements on a timely basis," said George Lekatis, General Manager and Chief Compliance Consultant of Compliance LLC.

"Try to stand in the shoes of your CEO. His fate depends heavily on the company’s stock performance, and stock performance depends on shareholders’ perception and the external auditors’ opinion, not information security or better IT governance.

"Every three months, the CEO has to disclose to the company’s shareholders that based on his knowledge, the financial statements and other financial information, fairly present in all material respects the financial condition, results of operations and cash flows of the company. Does he have any reason to pay six figure fees to penetration testers and ethical hackers, in order to take a very scary report that describes every conceivable hole in the company’s systems?

"After reading this report, based on his knowledge, there are massive problems to the internal controls that protect the financial information from unauthorized modification, and to make things worse, the company’s staff cannot handle them. He has the obligation to disclose the problems to the public, and this disclosure will definitely not increase shareholder value or his compensation. In fact, he will lose money, as he has stock options that give him the right to buy a stock from the company at a certain price at a future date," said George.

"You can download the paper "IT and Information Security after Sarbanes-Oxley" from our web site (no registration needed):
You may laugh or you may cry. If you are an information security professional, you will rather cry," continued George.

Compliance LLC, areas of expertise:
Basel ii Capital Accord, MiFID (Markets in Financial Services Directive), the US Sarbanes-Oxley Act, the European Sarbanes Oxley (8th Company Law Directive, E-SOX), the Japanese Sarbanes Oxley (Financial Instruments and Exchange Law, J-SOX), the European Union's Financial Services Action Plan (FSAP), the Solvency ii, UCITS iii and Reinsurance Directives, and compliance training and consulting for Hedge Funds, Alternative Investments and Structured Products.

For further information, you may contact Lyn Spooner, E-mail:, Tel: +1 (302) 342-8828 Ext 1, or George Lekatis, E-mail:, Tel: +1 (302) 342-8828 Ext 5.

Web sites include:

Training Catalog (100 pages):

Training Catalog for Banks(87 pages):

Compliance LLC
Lyn Spooner
(302) 342-8828
Mail: 1200 G Street NW Suite 800
Washington, DC 20005 USA