standards and compliance issues
DESCRIPTION
Standards and Compliance Issues. Including CMM, ISO, ITIL,& Sarbanes-Oxley. Presented By: Lauren Eilers Michele Hummel Eno Veshi. Why Regulate and Impose Standards?. Definitions: - PowerPoint PPT PresentationTRANSCRIPT
1
Standards and Compliance Issues
IncludingCMM, ISO, ITIL,&Sarbanes-Oxley
Presented By:
Lauren Eilers
Michele Hummel
Eno Veshi
2
Why Regulate and Impose Standards?
Definitions:• Regulation= “a legal restriction promulgated by
government administrative agencies through rulemaking supported by a threat of sanction or a fine”.1
• Standard= “a level of quality or excellence that is accepted as the norm or by which actual attainments are judged”.2
1 en.wikipedia.org/wiki/Regulate 2 encarta.msn.com/dictionary_/standard.html
•Ensure quality & maintain competitiveness
•Avoid disparate practices within same industry
3
Why Regulate and Impose Standards? (Cont’d)
• Increasing cost of IT – 1In U.S., “spend more than $250 billion each year on IT
application development of approximately 175,000 projects… (and) a staggering 31.1% of projects will be canceled before they ever get completed… (and) 52.7% of projects will cost 189% of their original estimates”. (CHAOS report by Standishgroup:1994 reseasrch survey of IT executive managers, from large, medium, and small companies, across major industry segments. Total sample size: 365 respondents, representing 8,380 applications. )
• Increasing size of IT workforce– 10 million in 2000 to 10.5million in 2004 in U.S.2
(Study commissioned by ITAA, with 500 random people from organizations, who were involved in hiring workers; based on phone conversations from Feb. 24-Mar. 23, 2004)
1www.standishgroup.com/sample_research/chaos_1994_1.php
2www.itaa.org/workforce/studies/04wfstudy.pdf
4
Time Line
• ISO- International Standards Organization• CMM- Capability Maturity Model• ITIL- Information Technology Infrastructure
Library• SOX- Sarbanes-Oxley
5
ISO(International Standard
Organization)
http://www.iso.org/iso/en/ISOOnline.frontpage
6
International Standard Organization (ISO)
• It is the world’s leading developer of International Standards.
• It has 156 member countries. • Its portfolio holds more than 15,036
standards that are used in every sector of business, industry and technology.
http://www.iso.org/
7
ISO Partners
• International Electrotechnical Commission (IEC)
• International Telecommunication Union (ITU)
• World Bank
http://www.iso.org/
8
ISO Path Forward
• The environment – develop standards for meeting new requirements such as greenhouse gas verification, climate mitigation, and other aspects of sustainable development.
• The service sectors – standards for personal financial services, market opinion, social research and tourism.
• Security - maritime port security, freight transport, countering illegal trafficking
• Good Managerial and Organizational Practice – develop social responsibility.
http://www.iso.org/
9
ISO Benefits
• World wide recognition.( 156 members, developed, developing countries)
• Level the playing field.• Disseminate new technologies and
businesses.
http://www.iso.org/
10
CMM(Capability Maturity Model)
• Created by the Software Engineering Institute, a research center founded by Congress in 1984
• A structure designed to direct IT organizations through software process improvement
• Philosophy of “continuous process improvement”
Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004
11
5 Levels of the Capability Maturity Model:
Optimizing 18.4%
Managed 4.5%
Defined 32.9%
Repeatable 32.9%
Initial 2.2%
9.0%
www.sei.cmu.edu/appraisal-program/profile/pdf/CMMI/ 2006marCMMI.pdf
12
CMMI Process Maturity Profile
www.sei.cmu.edu/appraisal-program/profile/pdf/CMMI/2006marCMMI.pdf
9.0%
2.2%
32.9% 32.9%
4.5%
18.4%
Not Given Initial Managed Defined QuantitativelyManaged
Optimizing
Num
ber
of O
rgan
izat
ions
50
100
150
200
250
300
350
400
450
500
550
Based on most recent appraisal of 1,106 organizations , from 3/2002 – 12/2005 & reported by 1/2006. Incl.s results for system engineering, software engineering, integrated prod & process developm, & supplier sourcing
SEI CMMI v.1.1 Class A Appraisal Results
13
The Initial Level
• Probability of producing quality software is low
• No management practices• No documentation or evaluation• If reach quality, usually due to
extreme efforts of a few people or to individual practices by a manager
• Respond to crisesPersse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001.Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004..
14
The Repeatable Level
• Requirements management begins: identification of project prerequisites & assignment to the appropriate area
• Project management begins: responsibility, software development plan, implementation and analysis of project plan
• Quality assurance begins: comparing actual progress on the project with the project plan
• Software management begins: collection of data, identification of elements of success and application to new projects
• Quality of projects able to be replicatedPersse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001.
Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004.
15
The Defined Level
• Defining and implementing proven practices throughout the organization
• Increased productivity, efficiency and effectiveness using these practices
• Emergence of training group to provide organization-wide knowledge
• Emergence of a group called the Software Engineering Process Group, which continues development of software processes
Persse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004.
16
The Managed Level
• Increased management of software products and processes
• Measurable goals set for quality of software products and processes
• Collection and analysis of data from all current projects using a software process database
• Increased predictability and decreased risk due to improved standardized practices used throughout the organization
Persse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004.
17
The Optimizing Level
• “Continuous process improvement”• Proactive consideration of potential
problems and weaknesses • Work to prevent defects • Analysis of any defects or problems and
making adjustments to prevent reoccurrence
Persse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001Griggs, M., and Sauter, V., "Quality Management in the Software Industry", University of Missouri Working Paper, 2004.
18
ITIL Standards(Information Technology
Infrastructure Library)
19
What is ITIL?
• ITSM (Service Management)– Managing IT services in support of one or more business
units
• ITIL (Infrastructure Library)– Developed to provide a set of Best Practices for Cost
Effective IT Services
• Adapted for delivery services.
• Presents a comprehensive set of mgr. procedures with which an organization can manage its IT operations.
ITIL Foundations for IT Service Management, HP Training, Student Guide, Pg. 5 & 9
20
ITIL
Planning to Implement Service ManagementTh
e Bu
sin
es
s
Th
e Te
chn
olo
gy
Applications Management
Th
e Bu
siness
Persp
ective
ICT
In
frastructu
re M
anag
emen
t
Security Management
Service Management
Service Support
Service Delivery
Main Reason for Creating ITIL
ITIL Foundations for IT Service Management, HP Training, Student Guide, Pg. 9
21
Core ITSM Components
Service Management
Service Delivery
Service Support
Service Level Management
Capacity Management
Availability Management
Service Continuity Management
Financial Management
Incident Management
Service Desk
Release Management
Problem Management
Configuration Management
Tactical- Medium Term Mgmt Cycles
Operational- Short Term Mgmt Cycles
ITIL Foundations for IT Service Management, HP Training, Student Guide, Pg. 23
22
ITIL Benefits
• Reduces costs.• Improves IT services, increasing customer
satisfaction.• Offers guidance, and standards.• Improves productivity.• Recognized worldwide.
ITIL Foundations for IT Service Management, HP Training, Student Guide. Pg. 16-17
23
ITIL Qualifications
• Foundation Certificate- – Aimed to all personnel who wish to become familiar with
IT management practices– Enables people to understand the terminology used
within ITSM
• Practitioner’s Certificate-– Aimed at the personnel responsible for designing specific
processes within the IT Service Management discipline– Focuses on depth in understanding and applying IT
Service Management services
• Manager’s Certificate-– Aimed at those who need to demonstrate capability of
managing ITIL-based solutions directed to the field of IT Services Management
ITIL Foundations for IT Service Management, HP Training, Student Guide, Pg. 7-8
ITIL Practitioner’s Certificate in Change Management, http://www.ddls.com.au/VendCourseDet/ITL/60/ITILPrCM.htm
ITIL Manager Certificate, http://www.itilsurvival.com/ITILManagerCertificate.html
24
Sarbanes Oxley Act
http://www.economist.com/business/displayStory.cfm?story_id=3984019
25
What is Sarbanes-Oxley?
• It is a US federal law commonly called Sox or SarbOx.
• It gives additional powers and responsibilities to the U.S Securities and Exchange Program.
• Why important? 210,453 US and 234,086 Int’l SEC registrants
www.secinfo.com/$/SEC/Location.asp
26
History Behind Sarbanes Oxley Act• Stock market boom of the 1990s and crash in
2000• Fraud, misconduct and manipulation of
financial information led to financial scandals and huge losses by investors – Examples: Enron, WorldCom, Tyco
• Act sponsored by Senator Paul S. Sarbanes (MD) and Representative Michael G. Oxley (OH)
http://www.cartoonbank.com/product_details.asp?mscssid=J0NC8F3AST458KRV1WKPNH51641V5JX4&sitetype=1&did=4&sid=47897&pid=&keyword=enron§ion=notecards&title=undefined
&whichpage=1&sortBy=popularID: 47897, Published in The New Yorker March 18, 2002
27
Goals of Sarbanes Oxley Act
• Renew Investors’ Trust in Accounting and Auditing Professions
• Corporate responsibility for financial reporting• Accurate reporting and release of information• Increased auditor independence
www.sec.gov/news/press/2003-89a.htm, viewed on March 11, 2006.
28
Renew Investors’ Trust in Accounting and Auditing
Professions• Established the Public Company Accounting Oversight Board (101)• Separation of auditing from accounting• Limitation of services provided by auditors (201)• Financial Accounting Standards Board named as the
accounting standard setter and supplied with an independent funding source
• Retention of audit records by outside auditors • FAIR Funds for Investors established (308a)
www.sec.gov/news/press/2003-89a.htm, viewed on March 11, 2006. www.sec.gov/news/testimony/022603tssmc.htm
29
Corporate Responsibility for Financial Reporting
• CEOs and CFOs must evaluate controls and certify this information in quarterly and annual reports (302, 404)
• More severe civil and criminal penalties for fraud and misconduct
• New regulations related to insiders• No personal loans to director or executive director• CEO and CFO compensation and profit information
released to the public• CIOs are responsible for Security, Accuracy, and
Reliability of the systems that manage and report the financial data.
www.sec.gov/news/press/2003-89a.htm, viewed on March 11, 2006.
30
Accurate Reporting and Release of Information
• New rules regarding disclosure• Annual management reports on internal controls
over financial reporting:– Financial data– Material changes– Effectiveness/ Security– Material weaknesses
• Auditor verification of internal controls over financial reporting:– “Control Environment, Risk Assessment, Control
Activities, Information and Communication, and Monitoring”
• SEC to review Exchange Act reports at least once every three years
Haworth, Dwight A., and Pietron, Leah R., “Sarbanes-Oxley: Achieving Compliance by Starting with ISO 17799” Information Systems Management, Boston: Winter 2006. Vol. 23, Iss. 1, pp. 73-87.
www.sec.gov/news/press/2003-89a.htm, viewed on March 11, 2006.
31
Costs Associated with Implementation
• Section 404- Requires Management and Independent auditors to issue separate assessments of a publicly held company’s internal control over financial recording
• Requires two new public reports– A management report on the effectiveness of
the company’s internal control over financial reporting
– An independent auditor’s report that includes both an opinion on management report and it’s own opinion of the company’s control over financial reporting
Sarbanes Oxley Compliance (http://sarbanes-oxley-101.com/SOX-404.htm)
32
Estimated Costs vs. Actual costs• First year compliance estimated at $1 million
for $1 billion in revenue• Actual cost
Average Company Annual Sales in US
$
Average Cost of Section 404
Compliance for External Resources
Only
0-250 Million $1.56 Million
250-500 Million $1.71 Million
500-750 Million $1.78 Million
750-1 Billion $2.03 Million
1-2 Billion $2.4 Million
2-7 Billion Insufficient Data
7-10 Billion $10 Million
Sarbanes-Oxley Implementation Costs What Companies are Reporting in their SEC Filings, February 2005 (www.auditnet.org/articles/Sarbanes-Oxley_Implementation_Costs.pdf)
33
Costs to Decline in Year Two
• CRA International conducted a survey of Sarbanes-Oxley Implementation Issues
• Findings include– Average total Section 404 costs are to decline for
both large and small companies in the second year
• Smaller companies expect decline of 39% from $1.5 million to $900,000
• Larger companies expect decline of 42% from $7.3 million to $4.3 million
– Audit fees account for minority of cost in first year• Smaller companies 35% of total cost• Larger companies 26% of total cost
CRA International (www.law.berkeley.edu/centers/bclbe/symposia/postenron/sox%20404%20survey%20update.pdf)
34
Year-One Average per Company Section 404 Implementation Costs for Smaller
Companies
65%
35%
Average Issuer Cost (excluding Average Section 404 Audit-Related Fees) as a Percentage of Total Average Issuer Cost
Average Section 404 Audit-Related Fees as a Percentage of Total Average Issuer Cost
Year 1 Year 2
$1.5 Million
$0.9 Million
39% Decline
Expected Change Year 1 to Year 2
CRA International (www.law.berkeley.edu/centers/bclbe/symposia/postenron/sox%20404%20survey%20update.pdf
35
Year-One Average per Company Section 404 Implementation Costs for Larger Companies
74%
26%
Average Issuer Cost (excluding Average Section 404 Audit-Related Fees) as a Percentage of Total Average Issuer Cost
Average Section 404 Audit-Related Fees as a Percentage of Total Average Issuer Cost
Year 1 Year 2
$7.3 Million
$4.3 Million
42% Decline
Expected Change Year 1 to Year 2
CRA International (www.law.berkeley.edu/centers/bclbe/symposia/postenron/sox%20404%20survey%20update.pdf)
36
Other Compliance Costs
• Software development and/or acquisition• Increased general and administrative expenses• Additional human resources and training• Technological improvements and process
improvements• Projects to reorganize accounting and IT departments• Additional expenses ranged from $1200 to $34,000,000, per study by Hall & Gaetanos of 50
random accelerated filers with SICC codes ranging from 2111- 9999 & direct mention of Sct 404 costs.
Hall, Linda A., and Gaetanos, Christ, “Treatment of Section 404 Compliance Costs”, The CPA Journal, New York: Mar 2006. Vol.76, Iss.3, Pgs. 58-62.
37
Global Effects of SOX
• SOX is in Direct violation of Europe’s Data Protection Act of 1998– UK Companies must get employee permission
to disclose certain information, permission is not guaranteed, so it is impossible to complete item 8.1 of SOX agreeing to provide information at any time in the future
• Some firms threatening to de-list from US Stock Exchange
Fran Howarth., Bloor Research 1-11-05 (http://www.theregister.co.uk/2005/01/11/europeans_slam_sarbox/html)
38
Global Effects of SOX
• SOX regulations costs for UK businesses directly comparable to US costs for compliance– $1 million per $1 billion in revenue– Second and third year costs should decrease
30-40%
SOX Compliance Costs U.K. Firms, Nikki Swartz. Information Management Journal Lenexa: Jan/Feb 2006. Vol. 40, Iss 1, p. 19 (1 pp)
39
Case Studies
Utility Company
http://www.solutia.com/pages/corporate/ & http://www.pwcglobal.com/gx/eng/main/home/index.html
40
Background of Utility Company
• One of the nation’s top utility company.• Has over 9,300 employees.• Revenue = 6.78 B ( 2005 ) • Gross Profit = 2.28 B • Net Profit = 628 M• Serves 2.3 M electric customers• Serves 900,000 natural gas customers.
http://www.finance.yahoo.com
41
Energy Delivery Dept.
• Our interviewee: Mr. Jerry Pisarek, Business Performance Controller.
• Dept. is responsible for the transmission and the delivery of energy.
• System used TRIS (Time Reporting Information System) – payroll accumulation system)
From the interview with Mr. Jerry Pisarek ( march 2006)
42
IS Department
• 3,500 employees.• Cost of meeting Sarbanes-Oxley
requirements is $3-5 million annually.• TRIS Department
Director of Finance Director of IT Business Performance Specialist
Employee Request for Security Clearance
Direct Supervisor of Employee
CEO
From the interview with Mr. Jerry Pisarek ( March 2006 )
43
Effects of SOX at the Utility Co.
• Request in writing to access information.
• Before SOX, Performance Controller approves/denies request.
• After SOX, Performance Controller makes the decision, but needs the upper management to approve it.
From the interview with Mr. Jerry Pisarek, ( March 2006 )
44
Solutia Background/Overview
• Specialty Chemicals Company.• $2.7 billion in annual sales(2004).• $1.9billion in assets.• More than 5,700 employees located at 60
manufacturing sites throughout 27 countries.
http://www.solutia.com/pages/corporate/
45
Solutia’s Product Line:
• Performance Films for: - car windows - computer screens
• Specialty products such as - avionic hydraulic fluid. - heat-transfer fluids. - plastic products.
http://www.solutia.com/pages/corporate/about/overview.asp
46
Solutia’s Product Line: (cont’d)
• Integrated Nylon used to make: - wear-resistant carpets. - vibrant upholstery fabrics. - tires
http://www.solutia.com/pages/corporate/about/overview.asp
47
Solutia’s IT Department
• Our interviewee – Lori Kirk, Information Security Manager.
• Hierarchy in IT department:
• IT annual budget is $29M.• IT Department has approx. 100
employees.
CEO
IS ManagerVP ITCIO
VP Business Operations
Kirk, Lori, Information Security Manager, Solutia, interviewed in person by Lauren Eilers and Michele Hummel, March 29, 2006
48
Implementation of SOX at Solutia(2003 – 12/31/2004)
• Planning (2003)
• Awareness(2003)
• Intensive Documentation(2004)
• Testing(2004)
Kirk, Lori, Information Security Manager, Solutia, interviewed in person by Lauren Eilers and Michele Hummel, March 29, 2006
49
Solutia and Maintaining Compliance
• Update narrative and control activity documents.
• Test quarterly the control environments.• Annual management testing (internal).• Annual external audit.
Kirk, Lori, Information Security Manager, Solutia, interviewed in person by Lauren Eilers and Michele Hummel, March 29, 2006
50
Impact of SOX at Solutia
• Higher costs.• Time consuming. - 25% of time on average. - 75% of time in the fourth quarter.• More detailed documentation.
Kirk, Lori, Information Security Manager, Solutia, interviewed in person by Lauren Eilers and Michele Hummel, March 29, 2006
51
PricewaterhouseCoopers (PwC)Background/Overview
• ~30,000 employees in U.S., 110,000 worldwide• ~3000 firm partners in U.S.• Clients are primarily mid to large-sized companies,
mostly audit clients, and usually from the financial services, consumer or industrial products and services, technology or entertainment sectors
Meiner, Mark, Business Development Director, PricewaterhouseCoopers, interviewed by telephone by Michele Hummel, April 5, 2006.
http://www.pwcglobal.com/gx/eng/main/home/index.html
52
Interview with Mark Meiner, Business Development Director at
PwC• SOX affected all 3 areas of PwC:
assurance/audit, tax, advisory (business processes)
• Costs: audit costs increased by 50% for most clients; est. 25% of costs due to documentation of control systems, 225 clients noted 275 control deficiencies each–- est. 25% of new/revised controls contributed to costs of year 1
• SOX created need for increased software development and increased IT budgets: tools to track SOX projects, IT tools to automate the way control structures are reviewed, controls to monitor access to the IT applications
Meiner, Mark, Business Development Director, PricewaterhouseCoopers, interviewed by telephone by Michele Hummel, April 5, 2006.Current Developments for Audit Committees 2006, PricewaterhouseCoopers, 2006.
53
Interview with Mark Meiner, Business Development Director at
PwC (cont’d)
• First year of SOX compliance: companies rushed to become compliant, many had underestimated the time and cost to do this
• Second year of compliance: how will companies “do it better” in year 2 --- more efficient and less costly
• Benefits of SOX: – With audit clients: gave companies a greater awareness of
their control structures and how they mitigate risk across the enterprise
– With non-audit clients: started them thinking about some of the issues
Meiner, Mark, Business Development Director, PricewaterhouseCoopers, interviewed by telephone by Michele Hummel, April 5, 2006.
54
Time Line Completed
ISO- International Standards Organization A global organization used to determine general industry standards
across all industries
CMM- Capability Maturity Model Sequential path towards increasing quality, used by companies as
guidelines or to document quality level
ITIL- Information Technology Infrastructure Library ITIL is not a standard, it is a framework for best practice to be adopted
and adapted to fit each individual company
SOX- Sarbanes-Oxley SOX created new documentation requirements for all publicly held
companies, in order to create greater financial disclosure as well as increase security against fraudulent activity
55
Any Questions???
Sarbanes-Oxley Blues
Deface an Enron Exec
56
Source InformationCRA International (www.law.berkeley.edu/centers/bclbe/symposia/postenron/sox%20404%20survey%20update.pdf)
Current Developments for Audit Committees 2006, PricewaterhouseCoopers, 2006
Freedman, Rick, “More on Standards-Based IT Consulting”, Consulting to Management, Burlingame: Jun 2005. Vol. 16, Iss. 2; pgs. 43-46.
Griggs, M., and Sauter, V., “Quality Management in the Software Industry” , University of Missouri Working Paper, 2004.
Hall, Linda A., and Gaetanos, Christ, “Treatment of Section 404 Compliance Costs”, The CPA Journal, New York: Mar 2006. Vol.76, Iss.3, Pgs. 58-62.
Herbsleb, James, Zubrow, David, et al., “Software Quality and the Capability Maturity Model”, Association for Computing Machinery. Communications of the ACM. New York: Jun 1997. Vol.40, Iss. 6; pgs. 30-
41.
Howarth, Fran, Anti Sarbanes-Oxley mood rises in Europe,., Bloor Research 1-11-05 (http://www.theregister.co.uk/2005/01/11/europeans_slam_sarbox/html)
ISO, Detailed Information about the International Standards Organization ( www.iso.org/)
ITIL Practitioner’s Certificate in Change Management, (http://www.ddls.com.au/VendCourseDet/ITL/60/ITILPrCM.htm), viewed April 11, 2006
ITIL Manager Certificate, (http://www.itilsurvival.com/ITILManagerCertificate.html), viewed April 11, 2006
Keller, Eric, “The Last Mile of Finance” Strategic Finance, March 2006.
57
Sources Continued:Kirk, Lori, Information Security Manager, Solutia, interviewed in person by Lauren Eilers and Michele
Hummel, March 29, 2006.
Meiner, Mark, Business Development Director, PricewaterhouseCoopers, interviewed by telephone by Michele Hummel, April 5, 2006.
Persse, James R., Implementing the Capability Maturity Model, John Wiley & Sons, Chichester, 2001.
Pisarek, Jerry, Business Performance Specialist, Utility Company, interviewed in person by Lauren Eilers, Michele Hummel and Eno Veshi, March 12, 2006.
Price Waterhouse Coopers Logo- (http://www.pwcglobal.com/gx/eng/main/home/index.html), viewed 4/10/2006
Sarbanes-Oxley Implementation Costs What Companies are Reporting in their SEC Filings, February 2005 (www.auditnet.org/articles/Sarbanes-Oxley_Implementation_Costs.pdf)
Sarbanes Oxley Compliance (http://sarbanes-oxley-101.com/SOX-404.htm)
Solutia, Company Profile ( www. Solutia.com/)
Solutia Logo- http://www.solutia.com/pages/corporate, viewed 4/10/2006
Swartz, Nikki, SOX Compliance Costs U.K. Firms,. Information Management Journal Lenexa: Jan/Feb 2006. Vol. 40, Iss 1, p. 19 (1 pp)
Utility Company overall information ( www.finance.yahoo.com )
Wagner, Stephen, and Dittmar, Lee, “The Unexpected Benefits of Sarbanes-Oxley” Harvard Business Review, April 2006, Vol. 84, Iss. 4.
ww.secinfo.com/$/SEC/Location.asp, viewed on March 1, 2006.
58
Sources Cont’den.wikipedia.org/wiki/Regulate, viewed on April 7, 2006.
en.wikipedia.org/wiki/Sarbanes_Oxley, viewed on March 28, 2006
www.encarta.msn.com/dictionary_/standard.html, viewed on April 7, 2006.
www.itaa.org/workforce/studies/04wfstudy.pdf, viewed on April 7, 2006.
www.secinfo.com/$/SEC/Location.asp, viewed on March 1, 2006.
www.sec.gov/news/press/2003-89a.htm, viewed on March 27, 2006.
www.sec.gov/news/studies/sox308creport.pdf, viewed on March 1, 2006.
www.sec.gov/news/testimony/090903tswhd.htm, viewed on March 27, 2006.
www.sec.gov/news/testimony/022603tssmc.htm, viewed on March 1, 2006.
www.sec.gov/news/press/2003-89a.htm, viewed on March 11, 2006.
www.sei.cmu.edu/appraisal-program/profile/pdf/CMMI/2006marCMMI.pdf
www.sox-online.com/sox_humor.html, viewed on March 28 & April 11, 2006.
www.standishgroup.com/sample_research/chaos_1994_1.php, viewed on April 7, 2006.