There are tremendous advantages to be realized in security and compliance that can sustain competitive leverage within an industry or market. The tone-from-the-top and linkage to the cost of capital acquisition are the keys to realizing these advantages. Risk Analysis Group has reached out to financial and management experts for their insight in finding comprehensive strategic solutions for those responsible for meeting Sarbanes-Oxley legislation and the spirit which the legislation addresses.

In the article "Black hole or Competitive Advantage", author Anthony Ghosn, a corporate governance consultant and Certified Management Accountant, uses detailed economic models and business case examples to describe how an organization can create a competitive advantage with respect to capital acquisition, cost management (as tied to compliance policy), and financial reporting standards (GAAP). He introduces some very powerful decision analysis tools to reduce risk in uncertain business conditions.

The complete article, too lengthy to include in this newsletter, is available on the Risk Analysis Group site. Included among its highlights:

• The documentation of policy, procedures and controls currently within many Sarbanes-Oxley Section 302 and 404 projects can provide a tremendous foundation for integration between critical organizational and financial reporting processes. Further, these efforts can be the foundation for tremendous risk reduction (a la the COSO Enterprise Risk Management Framework) when electronic integration ties process to policy and control. Mr. Ghosn describes how the routine internal audit process can be transformed into a powerful competitive tool for the public company.


• Mr. Ghosn demonstrates that without information systems integration and electronic, on-demand auditing, normal risk-taking corporate behavior is stifled. Corporations that implement an on-demand audit system of all materiality risks, meet the requirements of Section 409 (still to be finalized, but quite clear in intent), and return to normal risk-taking behavior and capital allocation activity achieve a dramatic competitive advantage. Mr. Ghosn describes Financial Risk Management as a methodology and an information systems algorithmic model to solve the issue of materiality within an organization and foster that organization's ability to clearly control the management and reporting of material events.


• Issues surrounding forward-looking statements in the annual report of public corporations have had extra attention and publicity of late. The industry-specific metrics used by analysts i.e. same-store metrics, cash flow projections, market share and others alike are now under such scrutiny that any "non-GAAP" financial measurement must tie back to the most appropriate GAAP measure in order to comply with Section 401 of the Sarbanes-Oxley Legislation. Mr. Ghosn presents the use of corporate score-cards, target costing and other management accounting models to "tie back" to GAAP through corporate and director dashboards for full disclosure to the investing public as a powerful competitive tool.

Integrated Risk Management (IRM) is a methodology that identifies many business risks, including those in the finance arena. Mr. Ghosn's approach is typical of the many opportunities that develop when IRM is implemented. A streamlined organization that has developed a blue print to address business risks of all types is an organization that is positioned to survive current legislative challenges, secure its competitive advantage and ensure investor confidence. Perhaps most importantly, IRM will keep the CEO out of the crosshairs of federal and state prosecutors.

Discuss this article! Post your thoughts to RAG's message boards. If you have not used the RAG website before, you will be asked to create a user profile. The message boards are currently free for all users.

Integrated Risk Management Strategies:
From the Front Gate to the Hard Drive.

Presented by former U.S. Secret Service agents and other nationally recognized security specialists, this comprehensive two-day seminar offers practical solutions for preventing harm to staff, property, and information assets.

Earn CPP, CISSP, CLE, CLSD, PHR, SHRP and other continuing education credits!

Space is limited! Sign up NOW!

Atlanta
May 18-19, 2004
Barton National Academy
800-866-1122

For additional information or to register,
click here or call us at (310) 859-9853.

Upcoming Webinars

Corporate Travel Safety Webinar
April 27, 2004

E-Crimes: An Update And Discussion Webinar
May 18, 2004

Sarbanes-Oxley, Simitian, And More Webinar
June 8, 2004

Secure Email: A Risk Assessment Perspective Webinar
June 29, 2004

For additional information or to register,
click here or call us at (310) 859-9853.

Career Opportunities
Looking for your next great opportunity? Not looking but open?

Add your resume confidentially to the Risk Analysis Group Resume Database.

Our placement experts will contact you with exciting opportunities.

news.com
Apr. 12, 2004
"Concern grows over browser integrity"

cnn.com
Apr. 9, 2004
"Virus tries to take bite out of Apple's security"

cnn.com
Apr. 2, 2004
"High pay -- and high risks -- for contractors in Iraq"

CSO Online
April 2004
"The Interactive Nightmare"

CSO Online
Mar. 29, 2004
"Should IT Be in Charge of Business Continuity Planning?"

Risk Analysis Group is dedicated to providing information and resources to security-conscious professionals.

As a RAG member, you will have access to:

• The advice and experience of experts
• Research, white papers and presentations to get your security programs funded
• Education and training seminars
• Networking opportunities and information on career advancement opportunites
• Special Interest Groups (SIGs)
• Discounts at all Risk Analysis Group events and most external events
• Preferred pricing on all RAG services

"I came down from Canada to attend the Integrated Risk Management seminar in Boston, Ma. on November 3-4, 2003 and was not quite sure what to expect. What a pleasant experience it turned out to be. I sure got my money's worth and more! Rarely in my 28 year career as a senior security practitioner have I attended such a professional, educational, forward-looking and interactive seminar, presented by highly qualified and dynamic speakers and experts. These guys know what they are talking about! The seminar is designed in such a way that it can be of interest to new and seasoned security practitioners alike."

- Gerry Deneault, Government of Canada, Privy Council Office (the Department of the Prime Minister of Canada)