Oversight Systems, the leading provider of automated continuous transaction monitoring software, announced today that The University of Texas M. D. Anderson Cancer Center has contracted to implement Oversights continuous monitoring solution for the procure-to-pay process.

iViZ, an On-Demand Penetration Testing company, announced its discovery of a new class of vulnerability at Defcon 16, the world's leading security conference. This vulnerability allows attackers to steal computer boot passwords and bypass the security of pre-boot authentication software like hard disk encryption tools. It affects general computer users, enterprises, governments and can result in unauthorized access or theft of confidential data. Incidentally, in 2007 the global loss due to data theft is estimated to be USD 40 Billion. Surprisingly, this vulnerability has been existing for 25 years, says Jonathan Brossard, iViZ lead security researcher and discoverer of this vulnerability. Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case, adds Mr. Brossard. This vulnerability affects Microso

PalmTree announced that it has made significant enhancements to its e-Governance+ Internal Audit module to further help companies looking to streamline their Internal Audit process. These improvements come at a time when companies have standardized their Sarbanes-Oxley (SOX) compliance programs and are beginning to turn energies inward to fine-tune other audit processes. Vice President of PalmTree, Inc. Ted Stone comments, Now that SOX is maturing, companies are able to re-focus on improving the efficiency of their Internal Audit department. As companies look to re-balance Internal Audit, they will be able to reduce time, costs and manpower by utilizing e-Governance+.

Centive wins CRM magazine's 2008 CRM Market Leader Award in the Incentive Management category.

Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security

Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security

Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security

Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security

The U.S. Food and Drug Administration today approved Nplate (romiplostim), the first product that directly stimulates the bone marrow to produce needed platelets in patients with a rare blood disorder that can lead to serious bleeding. The condition, which usually develops in adults, is known as chronic immune thrombocytopenic purpura (ITP), a disease that results in a low number of platelets, the blood components that help with clotting. In patients with chronic ITP, the immune system is believed to destroy platelets and the patient's bone marrow is often unable to compensate for this loss.

IT-Lifeline, provider of Disaster Recovery and Business Continuity (DRBC) services for small to medium sized businesses in the Pacific Northwest has been awarded another financial services contract with HomeStreet Bank. IT-Lifeline continues to expand their presence in the Pacific Northwest as the provider and regional leader of fully tailored business continuity solutions. This contract is a direct result of our expertise in DR/BC, but also the financial industry and its unique characteristics. We continually educate ourselves and customers on the issues that financial institutions are faced with when it comes to their assessment of risk ensuring our solutions continually align with their needs, said Steve Tabacek, President and CEO of IT-Lifeline.

Comodo announced the availability of version 1.0 of SecureEmail. Comodo SecureEmail employs well-established, de facto industry standard, PKI-based solutions/technologies that enable encryption and digital signature of outgoing emails, assuring recipients that the email has not been tampered with during transmission. Comodo's solution can be deployed with either Comodo or third party SSL Certificates. Email is one of the most vulnerable systems to attack. Comodo SecureEmail is the install-and-forget application that can automatically encrypt and sign all messages. Featuring full integration with Microsoft Outlook, Mozilla Thunderbird and other S/MIME-capable email clients, it includes a built-in wizard that allows users to easily download and setup a free Comodo email certificate. This helps automate the digital certificate acquisition, distribution, signature and encryption processes, freely building a secure email community. COMODO SecureEmail also helps companies further their compl

OpenPages, provider of enterprise GRC management solutions that optimize business performance, announced that Interpublic Group (IPG), one of the world's leading organizations of advertising agencies and marketing services companies, has selected OPENPAGES FCM(SM) for its Sarbanes-Oxley compliance programs. IPG chose OpenPages FCM given the flexibility and configurability of the solution which provides a streamlined and sustainable approach to IPG's continued compliance with Sarbanes-Oxley. OpenPages FCM allows IPG to automate the ongoing test and review of its controls documentation to reduce the time, cost and complexity associated with Sarbanes-Oxley Sections 404 and 302.

In the newly released benchmark report, Application Security: Protect Sensitive Data while Improving Compliance, Aberdeen Group, a Harte-Hanks Company, found that on average, Best-in-Class organizations were able to realize a 12x greater decrease in the number of successful application security attacks than Industry Average companies as a direct result of incorporating the right blend of technologies and services as a part of their comprehensive application security strategies. This report examined and analyzed organizations' planning, deployment, use, and management of their application security to provide a roadmap for constructing holistic, business-advancing application security strategies. As part of their comprehensive application security, Best-in-Class organizations are 3.5x as likely as Laggards to incorporate real or near-real time application security monitoring tools. Using tools that track and report defects throughout the application lifecycle allows organizations to sign

PureSafety, the leading provider of online safety training and risk management software solutions, today announced the release of a new online Spanish OSHA 10-Hour program for construction. The new program, along with 10-Hour programs in English for construction and general industry, are available for purchase at PureSafetys dedicated 10-hour website: www.oshatrainingondemand.com The rate of U.S. Hispanic employment in the construction industry has grown significantly in recent years. According to the Pew Hispanic Center, in 2006 alone, two-thirds of all new construction jobs were filled by workers of Hispanic descent, many of whom speak Spanish as a first language or are bilingual. This has highlighted the need for more accessible workplace safety education and training in both English and Spanish that can help mitigate risk and on-the-job injuries.

St. Jude Medical announced U.S. Food and Drug Administration (FDA) approval of the company's new facility in Arecibo, Puerto Rico, for the manufacturing of pacemakers and cardiac leads. The 150,000 square-foot facility, located in Arecibo's Santana Industrial Park, will initially be used to produce St Jude Medical pacemakers and cardiac leads for domestic and international markets, and the company plans to begin manufacturing implantable cardioverter defibrillators (ICDs) at the facility late this year. The new plant will expand the company's cardiac rhythm management manufacturing capacity and is expected to create at least 1,250 new jobs within the next three years. The approval followed a six-month review that included an on-site evaluation by FDA inspectors. Our success in Puerto Rico reflects our commitment to the highest quality standards, so we are pleased to expand our manufacturing capabilities there, said Daniel J. Starks, chairman, president and chief executive officer of St

CA and Arcot Systems announced the availability of a solution designed to help organizations reduce the risk of fraud and identity theft in online transactions through risk-based authentication. Businesses are employing risk-based authentication technologies for their Web-facing applications in light of threats such as phishing and other forms of social engineering, as well as in response to regulatory initiatives such as online banking guidance issued by the Federal Financial Institutions Examination Council, the market trend to deliver software-as-a-service, and simple good business practices. The reseller agreement with Arcot allows CA to extend its suite of identity and access management products that help secure Web businesses and identities online. By implementing risk-based authentication technology, CA customers can confidently conduct Web-based transactions. It also helps instill in their customers and other users a level of comfort that their identities and their personal, pr

The Department of Health and Human Services (HHS) released the much-anticipated Notice of Proposed Rule Making (NPRM) for the adoption of Accredited Standards Committee (ASC) X12 version 005010 transactions enhancements, pertaining to Health Insurance Portability and Accountability Act (HIPAA) transactions. The new ASC X12 version 005010 standard is key in the use of the larger International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM) for diagnosis codes and also the International Classification of Diseases, Tenth Revision, Procedure Coding System (ICD-10-PCS) for inpatient hospital procedures, proposed under the new rule. The new 005010 transaction standards are essential in implementing the ICD-10-CM codes and lead promise to a health care system focused on improved efficiency and accuracy, reduced costs and expanded care, said Dan Kazzaz, Chair of ASC X12. X12 members who developed the 005010 standards see the magnitude of this effort and are dedica

Private Access and Genetic Alliance, a 501organization, announced that they have formed a novel public-private partnership designed to simultaneously protect patients' privacy rights while creating a faster and more cost effective way for researchers to connect with patients in order to find causes and treatments for chronic illnesses and diseases. Leaders of both organizations believe that their combined efforts will help transform today's medical research environment, saving time and money, producing better outcomes, and in a manner that respects each individual patient's right to decide with whom they share their confidential health information. The announcement was made today in conjunction with the prestigious Harvard Privacy Symposium and 16th Annual National HIPAA Summit. Private Access' founder and CEO, Robert Shelton, speaking on a panel entitled Privacy and Technology: Giving Patients Control Over Uses of Their Health Information, previewed both the company's planned technolo

Guardium, the database security company, is aggressively expanding its international presence to meet increasing demand for safeguarding enterprise data and automating compliance controls. The company has formed new strategic partnerships with 29 international resellers and system integrators in the past 18 months, and expanded its global team to include five new regional directors responsible for managing and supporting Guardiums growing indirect channel. This expansion enables Guardium to align its worldwide sales organization and partners to strengthen the companys market leadership and ability to penetrate emerging markets.

Even CEOs can't read statements compliant with the law.The goal of the 2002 Sarbanes-Oxley Act was to make corporate accounting more transparent. In practice, a new Cato Institute study finds, the law's requirements have had the opposite effect. Sarbanes-Oxley sought to achieve its aims by having the Financial Accounting Standards Board (FASB) mandate that corporations use Generally Accepted Accounting Principles (GAAP) in reporting their balance sheets to shareholders. In the Cato Institute Briefing Paper FASB: Making Financial Statements Mysterious, T.J. Rodgers explains why the GAAP rules complicate financial statements to the point where even CEOs have trouble reading them. Rodgers, a founder, president, CEO and director of Cypress Semiconductor Corporation who sits on the board of several high-technology companies, uses his personal experience to illustrate how these rules obfuscate financial reports.

IBM announced that Shared Health, one of the nation's largest public/private Health Information Exchanges (HIE) in the U.S., is using IBM InfoSphere software and services to power its newly-launched Clinical Xchange data exchange platform. Shared Health Clinical Xchange, built on IBM's information integration software, improves healthcare clinicians' access to clinical information, helping them operate more efficiently and deliver better patient care. The IBM software enables a Web-based system that supports millions of patients by merging key clinical data with administrative data from numerous sources and formats.

Palisade Systems, provider of data loss prevention products, announced today the July 2008 results of their 5-Day Secure Assessment Program. The assessments, which are performed at no cost, analyze data loss and other security compliance vulnerabilities at U.S. corporations, including healthcare, education, financial services and government entities. Based on the recently announced violations and previous 5-Day Secure Assessments performed earlier in the year, Palisade Systems estimates that the company's PacketSure appliance will uncover a total of over 4,200,000 compliance violations in 2008. Palisade Systems' 5-Day Secure Assessments are designed to help organizations understand the frequency, method(s), and remediation options of data loss occurring on their networks. Following an in-depth five-day assessment period using Palisade's PacketSure appliance to collect information, a report is produced documenting the data leakage that occurred. Below are the registered data leaks (excl

To comply with HIPAA regulations, the Georgia-based Gwinnett Medical Center already was leveraging two-factor authentication via hardware tokens in order to protect patient files, sensitive medical data and clinical information. The solution, however, was cost-prohibitive to deploy to a wider audience and cumbersome for the medical staff to use. To address these concerns, Gwinnett Medical Center (GMC) turned to Entrust, Inc. and the Entrust IdentityGuard versatile authentication platform, a cornerstone of a layered security approach. From a cost perspective, it was just hard to top the versatility and strength of the Entrust IdentityGuard authentication solution, but the usability for our staff members really put the Entrust solution over the top, said Rick Allen, IT director at Gwinnett Medical Center. We now are able to save money across the board and deploy strong enterprise authentication for a larger group of users, and the employees can just carry the grid cards with their ID bad

Tizor Systems, a leading provider of enterprise database monitoring and protection solutions,announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions, has named Mantra a winner of the 2008 Best Products and Services Award for Best in Regulatory Compliance.

Tizor Systems, a leading provider of enterprise database monitoring and protection solutions,announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions, has named Mantra a winner of the 2008 Best Products and Services Award for Best in Regulatory Compliance.

Tizor Systems, a leading provider of enterprise database monitoring and protection solutions,announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions, has named Mantra a winner of the 2008 Best Products and Services Award for Best in Regulatory Compliance.

The U.S. Food and Drug Administration has approved Xenazine (tetrabenazine) for the treatment of chorea in people with Huntingtons disease. Chorea is the jerky, involuntary movement that occurs in people with this disease. Xenazine is a new drug and is the first treatment of any kind approved in the United States for any symptom of Huntingtons disease. Currently there are no other drugs that are FDA-approved to treat chorea.

Legiant, provider of workforce management software, announced results of their SAS 70 Type II audit. With the introduction of the Sarbanes-Oxley Act, the SAS 70 Type II audit was identified as the only acceptable method of assuring a third party that a service organization's controls are in place and working effectively. According to the independent service auditor's report, Legiant's hosted data center has the necessary controls in place and these controls are operating effectively. Legiant provides attendance tracking software that can be offered as SaaS, which reduces internal IT costs, increases the speed of implementation and ensures the correct controls are in place to protect critical data associated with time keeping. As a leading time and attendance system provider, we take data security and reliability very seriously, said Rod Crane, CTO of Legiant. Due to the nature of human resources, it is critical for any organization offering hosted time and attendance services to be SAS

Dependable Computer Guys (DCG) has partnered with Zenith Infotech to offer an affordable data backup solution that plugs up many of the leaks found in typical small business data storage systems. This is the Rolls-Royce of backup and storage, says Brent Whitfield, President of Dependable Computer Guys. This system resolves the security and accessibility concerns that come up when you rely on magnetic tape or local backup. Yet the cost is within the budgets of most smaller organizations. In a recently published white paper available at http://www.dcgla.com/backup, Dependable Computer Guys identified 5 essential practices for reliable data storage and backup. Dependable SafeSTOR addresses all five.

Guardian Analytics, a provider of online account fraud prevention software for financial services institutions, announced the general availability of a new version of its flagship product, FraudMAP 2.0. This new release extends Guardian Analytics' proprietary Dynamic Account Modeling technology to model all individual online account holder activity session by session, from login to logout, increasing FraudMAP's ability to detect suspicious actions and flag behaviors inconsistent with predicted account holder behavior. The newly advanced activity modeling capabilities in Guardian Analytics' FraudMAP 2.0 analyzes all online account activity within and across sessions, including seemingly benign actions such as viewing check images or updating contact information. Sophisticated algorithms predict and weigh inherent risk by a number of parameters, such as expected account holder behavior and size of potential loss, to more accurately alert financial institutions to suspicious activity w

Autonomy Corporation announced that General Vision Services (GVS) has selected Cardiff's information capture and business process management solutions, as well as Meridio's enterprise records management solution, to automate the processing of hundreds and thousands of vision care claims and payments. Digital Vision of Chicago, Illinois was the Systems Integrator for the project. GVS is one of the largest third-party provider of vision plans in the northeastern part of the US, specializing in the vision needs of the Tri-State and retirement areas, servicing more than five million members in HMO's, corporations and unions. GVS is endorsed by the New York State AFL-CIO, New York City Central Labor Council and Long Island Federation of Labor as The Preferred Vision Provider. With Autonomy, GVS will be able to deliver timely and accurate processing of payment claims, enabling the vision plan provider to further streamline its internal operational processes; accelerate delivery of data and d

Guidance Software gives enterprises world-class in-house eDiscovery processing capabilities including new connectors for leading archiving and content management solutions and a new work-flow driven interface in version 3.1 of its industry-leading EnCase(R) eDiscovery solution. These added competencies further expand the search, collection, preservation and processing capabilities of EnCase eDiscovery, enabling litigants to reduce risk and realize tremendous cost savings by eliminating outsourcing and bringing the eDiscovery process in-house.

Coordinated Systems, the first call recording vendor to meet Payment Card Industry (PCI) Compliance, has expanded the Virtual Observer platform to remove credit card transactions from recorded audio and screen captures. Expanded security features which provide data protection functionality clearly places the solution in a leader position when it comes to PCI, HIPAA, and overall call recording security. We continue to pave the way for new PCI Compliance features even though they may not yet be part of the compliance specification, said Dan McGrail, Vice President of Product Development. Today, the PCI standard states a single transaction need not be encrypted.

digiMedical Solutions has implemented its next generation digital prescription handling software at Golden Gate Pharmacy in Naples, Florida. digiMedical software is being used by the pharmacy to manage and fulfill prescriptions quickly, accurately and in line with HIPAA and DEA requirements, enhancing and differentiating Golden Gate's prescription fulfillment services to its customers. digiMedical will receive a transaction fee for each prescription filled through the Company's software at Golden Gate Pharmacy.

SECNAP Network Security Corporation today announced addition of the newest feature to its award-winning Email Security Gateway Powered by SpammerTrap. The Email Archiving enhancement enables clients to archive both incoming and outgoing mail, and is compatible with virtually all messaging systems including Microsoft Exchange, Lotus Notes and Novell GroupWise.Available with ENT- and GEM-model gateway appliances as well as Premier- level hosted service, Email Archiving provides user-convenient archiving with optional remote storage through add-on hot-swap storage or network-attached storage (NAS). Separate configurations are available for incoming and outgoing messages, with access to archiving functionality limited to client site administrators to preserve security.

Individuals and firms seeking best practices for bringing new medical technologies to market will benefit from a one-day seminar offered by the Beaumont Commercialization Center and Beaumont Hospitals. The event will take place October 7 at Oakland University and is designed for companies and individuals interested in medical device development and strategies for diversifying into the health care industry. The seminar offers the unique perspectives of regulators, hospital buyers, and industry leaders, all synthesized into one constructive day of learning. Experts from the Beaumont Commercialization Center will be joined by representatives from leading medical technology organizations, including U.S. Food & Drug Administration (FDA), Stryker, and Abbott. Planned topics include FDA pre-market approval process, the health care provider buyers' dynamics, and industry case studies of successful commercialization.

Shavlik Technologies' customers utilize single solution to simplify and automate the reports recommended steps of Assess, Prioritize, Remediate, Repeat.

Shavlik Technologies' customers utilize single solution to simplify and automate the reports recommended steps of Assess, Prioritize, Remediate, Repeat.

Research and Markets has announced the addition of Javelin Strategy & Research's new report Consumer Authentication for Retail Banking: Compliance Does Not Equal Security to their offering. With the majority of financial institutions in compliance after the frenzied rush to meet the authentication requirements of the 2005 FFIEC Guidance, a number of financial institutions have relaxed into a satisfied mode. Compliance is not security, however, and complacency increases risk. Weaknesses have already been proven for widely adopted methods such as mutual authentication and device recognition. In this report, Javelin takes a hard look at how two-factor authentication has impacted consumers' attitudes toward online banking, as well as some of the obstacles that banks continue to face despite the stronger verification controls that are now required to authenticate online bankers. Included is a projection of the number of consumers that would bank online if institutions could provide the nece

Protiviti, provider of internal audit and risk and advisory services, has been positioned by Gartner, Inc. in the Challengers quadrant in the Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms. The Protiviti Governance Portal provides organizations with a software solution that addresses multiple Governance, Risk, and Compliance (GRC) objectives through one unified technology platform. According to its report, Gartner defines Challengers as follows: Challengers have proven viability, demonstrated market performance and the ability to exceed customer expectations on technical functionality.Challengers need to focus on their product road maps, as well as their sales, marketing, geographic and vertical industry strategies to move into the Leaders quadrant. Gartner evaluated Protiviti on ability to execute, including product/service; overall viability; market responsiveness; and customer experience, and on completeness of vision, which includes market understanding, pr

The Risk Management Association, in alliance with Automated Financial Systems, this week released its Risk Analysis Service data. Representing the industry's only comprehensive credit risk benchmark, today's RAS metrics on commercial credit risk reveal ongoing deterioration in the middle market through the second quarter of 2008. These results reflect portfolio data for middle market exposure provided by 17 top-tier participating institutions, estimated to represent more than half of all middle market commercial loans in the U.S. The data clearly shows that delinquencies and nonaccruals are rising. We are in the downward swing of the business cycle, so we can expect continued asset quality deterioration for a period of time, said Kevin Blakely, RMA president and CEO.

Teradata Corporation announced that China Industrial Bank has adopted the Teradata Enterprise Data Warehouse (EDW) to establish its information management infrastructure. The first phase of the EDW project went into production on April 30, 2006, and was one of the largest information technology (IT) investments by the bank. Delivering operational stability and outstanding performance, the EDW has greatly enhanced the decision making capabilities and core competitiveness for Industrial Bank.

Secure Elements announced that the company has released a new version of the C5 Compliance Platform capable of auditing and managing EPA ENERGY STAR settings for Windows XP and Vista for Desktop and Laptop configurations consistent with the NIST Security Content Automation Protocol (SCAP). The C5 Compliance Platform is currently used by the Presidential Management Agenda (PMA) Scorecard Agencies for reporting their FDCC Security Settings to OMB. These agencies are now able to use C5 to audit and manage their power savings settings within the same compliance solution, thereby complying with Executive Order 13423, which requires federal agencies to activate ENERGY STAR sleep features on computers and monitors.

AlgoSec, provider of Firewall Operations and Security Risk Management solutions, today announced that leading analyst firm Frost & Sullivan called its FireFlow offering an instrumental network security lifecycle management solution. In a Network Security Technology Alert, Frost & Sullivan addressed the growing market demand for network security lifecycle management solutions to meet external and corporate compliance requirements in increasingly complex environments. According to the alert, in what is a growing challenge, businesses must ensure their IT processes and structure meet regulations such as Sarbanes-Oxley (SOX) and Payment Card Data Security Standards (PCI DSS).

AlgoSec, provider of Firewall Operations and Security Risk Management solutions, today announced that leading analyst firm Frost & Sullivan called its FireFlow offering an instrumental network security lifecycle management solution. In a Network Security Technology Alert, Frost & Sullivan addressed the growing market demand for network security lifecycle management solutions to meet external and corporate compliance requirements in increasingly complex environments. According to the alert, in what is a growing challenge, businesses must ensure their IT processes and structure meet regulations such as Sarbanes-Oxley (SOX) and Payment Card Data Security Standards (PCI DSS).

Humana Military Healthcare Services (HMHS), a wholly owned subsidiary of Humana, recently received the second re-accreditation for Health Utilization Management and first for Health Network from URAC, a Washington, D.C. based healthcare accrediting organization that establishes quality standards for the industry. HMHS first received accreditation for Health Utilization Management in 1999 and Health Network in 2005. Our organization is unwavering in our commitment of providing high quality, cost effective, accessible health care services to the military populations we serve, said Dave Baker, president and CEO of HMHS. We are honored to be recognized by URAC for demonstrating our commitment to quality services.

The U.S. Food and Drug Administration (FDA) today announced that it has approved this year's seasonal influenza vaccines that include new strains of the virus likely to cause flu in the United States during the 2008-2009 season. The six vaccines and their manufacturers are: CSL Limited, Afluria; GlaxoSmithKline Biologicals, Fluarix; ID Biomedical Corporation of Quebec, FluLaval; MedImmune Vaccines Inc., FluMist; Novartis Vaccines and Diagnostics Limited, Fluvirin; and Sanofi Pasteur Inc., Fluzone.

Crossbeam Systems, provider of next-generation security platforms for high-performance networks, today announced that it has certified Imperva's SecureSphere 6.0 to run on the X-Series Next Generation Security Platform through the iBeam ISV Certification Program. Deployed on the Crossbeam chassis, SecureSphere's market-leading application data security solution will help enterprises and carriers protect their Web applications and databases from attack, as well as enable companies to comply with a wide variety of regulatory initiatives.

A new downloadable guide from two of the leading companies in the nonprofit sector aims to assist healthcare organizations thinking about the ramifications of the Health Insurance Portability and Accountability Act (HIPAA) in fundraising. The HIPAA Effect: Considerations for Fundraising After the Health Insurance Portability and Accountability Act, created by Changing Our World, Inc. and Convio, examines how HIPAA laws have affected fundraising for nonprofit hospitals, foundations, and health organizations. Since HIPAA was enacted in 2000, professionals working in healthcare philanthropy have discovered that HIPAA has not had a negative impact on fundraising for healthcare professionals. But, although HIPAA has had only minor effects, it remains a concern among fundraisers, according to the guide, which provides an overview from HIPAA's inception to its current status, as well as steps on how to work within the letter of the law to maximize their efforts.

Three surveys, with more than 780 respondents, show the increasing importance of enterprise risk management (ERM) to chief financial officers, audit committee members and chief audit executives. Crowe Chizek and Company LLC released the surveys results, which included participants from a broad spectrum of public and private companies, with revenues ranging from $100 million to more than $10 billion. The surveys found that more than 65 percent of chief financial officers (CFOs) and 70 percent of audit committee members cited managing enterprise risk as the biggest challenge for their organizations over the next 12 months. According to those surveyed, ERM was considered an even bigger challenge than improving financial reporting and improving internal controls for CFOs.