Larry Marks, CISA, CGEIT, CRISC, CFE, CISSP, PMP Plus
In 2008, the global financial system was melting down. A result of the crisis was the US Dodd-Frank Act, which arose from numerous congressional hearings, commissions and other proposals. At more than 2,300 pages, the Act requires that new formal rules be adopted by 11 different regulatory agencies, all within a year and a half of its passage.1 The new requirements are being phased in over time. No time frame for implementation of Dodd-Frank has been set. On 4 May 2011, the US House Agriculture Committee passed a bill to increase the statutory deadline by 18 months to give regulators the time and data they need to develop thoughtful guidelines without making substantive changes to the intent of the Dodd-Frank Act.
Myron S. Scholes, professor of finance, emeritus, in the Graduate School of Business at Stanford University (California, USA), indicates that infrastructure to support financial innovations, as suggested by economic theory, will, by and large, increase the chances that controls will be insufficient at times to prevent breakdowns in governance mechanisms.2 It would be too expensive to build all of the information links, legal rules, risk management controls and so forth in advance of new product introductions.
The relevant questions that need to be asked are: How does the Dodd-Frank Act impact IT auditors? How does the Dodd-Frank Act impact global organizations?
A review of a brief summary of the Dodd-Frank Act (hereafter referred to as the Act) prepared by the US Senate3 and the results of a recent research study prepared by more than 40 professors from New York University Stern School of Business (USA) found that the Act appears to impact IT auditors in the following areas:4
Given the global nature of financial markets and competition among major banks, how organizations will be impacted internationally by the Dodd-Frank Act is not yet known. For example, the Dodd-Frank Act requires all firms to disclose the permissibility of hedging their stock and option positions. Further, some believe that international cooperation in regulation is needed to prevent financial firms from arbitraging the market for human capital through choice of jurisdiction. The international Group of Twenty (G-20) Finance Ministers and Central Bank Governors put in place a set of agreed-upon principles on compensation that address three layers of governance at significant financial institutions: managerial performance and risk incentives, corporate governance, and regulatory oversight. The international Financial Stability Board proposed to operate in tandem the:
The international impact of the Dodd-Frank Act is intertwined with efforts by the G-20 to control system and institutional risk.
At this time, the Dodd-Frank Act, along with other reforms issued by the US Congress and other regulatory agencies, attempts to address the systemic risk that impacted the US economy several years ago. The impact of this act on regulatory reporting infrastructure by firms will not be seen for at least several years. One chief information officer at a global fund manager told Wall Street & Technology that there is not enough information about Dodd-Frank for his firm to comment. “The legislation is long and complex at 2,307 pages, 16 titles and 540 sections. To back the provisions of the act, dozens of new boards, bureaus and offices must be created.”13 One can expect the following: raising budgets or financial companies trying to work around this regulation via spinoffs and the like.
1 Acharya, Viral V.; Thomas F. Cooley; Matthew P. Richardson; Ingo Walter; Regulating Wall Street, The Dodd-Frank Act and the New Architecture of Global Finance, New York University Leonard N. Stern School of Business, Wiley Finance, USA, 20112 Acharya, Viral V.; Thomas F. Cooley; Matthew P. Richardson; Ingo Walter; Regulating Wall Street: The Dodd-Frank Act and the New Architecture of Global Finance, Wiley, USA, 20103 US Senate, Brief Summary of the Dodd-Frank Wall Street Reform and Consumer Protection Act, USA, 2010, http://banking.senate.gov/public/_files/070110_Dodd_Frank_Wall_Street_Reform_comprehensive_summary_Final.pdf4 Op cit, Acharya, Viral V.; Thomas F. Cooley; Matthew P. Richardson; Ingo Walter5 Ibid., page 26 Ibid.7 Ibid., page 48 Ibid., page 99 Ibid., page 1010 SSAE 16.com, “Benefits to Service Organizations,” http://ssae16.com/SSAE16_service.html11 Brenner, Bill, “SAS 70 Replacement: SSAE 16,” CSO, 6 October 2010, www.csoonline.com/article/622277/sas-70-replacement-ssae-16-12 Op cit, US Senate, page 1413 MacSweeney, Greg; “Dodd-Frank’s Impact on IT,” Wall Street & Technology, 8 February 2011, www.wallstreetandtech.com/regulatorycompliance/229200184
Larry Marks, CISA, CGEIT, CRISC, CFE, CISP, PMPis a member of ISACA’s Governmental and Regulatory Agencies Regional Area 4 Subcommittee, and is also a member of the following US Technical Advisory Groups (TAGs): International Organization of Standardization (ISO)/ Technical Committee (TC) 236—Project Management Institute (PMI)—Program Management, ISO/ International Electrotechnical Commission (IEC)/Joint Technical Committee (JTC)/Working Group (WG) 6—Information Security, and ISO/TC 247—Fraud Countermeasures and Controls. He is also a member of the Association of Certified Fraud Examiners (ACFE) Editorial Advisory Review Committee and is vice chair of the ACFE Foundation Scholarship Committee.
Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2011 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.