Language Selection

English French German Italian Portuguese Spanish

SEC gets a taste of its own medicine

Filed under
Security

Like a professor flunking part of his own test, the agency that grades corporate America on its accounting announced Thursday that it had three major flaws of its own in its internal systems for preventing financial fraud or mistakes.

The Securities and Exchange Commission got a passing grade for financial accuracy in its first-ever audited financial statements. But the Government Accountability Office found the SEC lacking in how it tracks fines and penalties collected from corporations and others, how it ensures that unauthorized people can't tamper with its computer systems, and how it prepares its financial reports.

The finding was part of the SEC's first annual Performance and Accountability report, required by a 2002 law that aimed to make government agencies account for how they spend taxpayer dollars.

That the SEC had to disclose three ``weaknesses'' will probably be a bittersweet irony for the hundreds of valley companies that file their financial reports for SEC approval. Many of them have been loudly decrying the cost and burden of new requirements to document and test such controls, while getting only minimal relief from the SEC.

``This will probably give people in public companies a lot of emotional satisfaction, seeing the SEC hoisted on its own petard,'' said Bill Sherman, a corporate lawyer with Morrison & Foerster in Palo Alto.

Asked by reporters on a conference call if it was embarrassed to have failed standards it enforces every day, the SEC reacted like many of the dozens of companies that have reported material weaknesses -- by focusing on the positive.

``We feel the process was a healthy process,'' said Peter Derby, the SEC's managing executive for operations, noting that the SEC was fixing the problems.

Other executives say they'd laugh at the irony if they weren't still crying over the multimillion-dollar cost and thousands of hours required to document and test their controls -- made mandatory in the 2002 corporate crackdown law known as Sarbanes-Oxley. ``It's amusing,'' said Bryan Stolle, chief executive of Agile Software.

``But the damage and the pain is so high, it's a shame.''

David Dunlap, chief financial officer at Socket Communications in Newark, said he's not surprised the SEC's first audit wouldn't be perfect. But he said it's ``satisfying'' that the SEC is now following its own rules.

``What's good for the goose is good for the gander.''

By Deborah Lohse
Mercury News.

More in Tux Machines

today's howtos

Linux Graphics

  • The RADV Radeon Vulkan Linux Driver Continues Picking Up Features
  • OpenChrome Maintainer Making Some Progress On VIA DRM Driver
    Independent developer Kevin Brace took over maintaining the OpenChrome DDX driver earlier this year to improve the open-source VIA Linux graphics support while over the summer he's slowly been getting up to speed on development of the OpenChrome DRM driver. The OpenChrome DRM driver was making progress while James Simmons was developing it a few years back, but since he left the project, it's been left to bit rot. It will take a lot of work even to get this previously "good" code back to working on the latest Linux 4.x mainline kernels given how DRM core interfaces have evolved in recent times.
  • My talk about Mainline Explicit Fencing at XDC 2016!
    Last week I was at XDC in Helsinki where I presented about the Explicit Fencing work we’ve been doing on the Mainline Linux Kernel in the lastest few months. There was a livestream of all presentations during the conference and recorded sections are available. You can check the video of my presentation. Check out the slides too.

Linux Kernel News

  • Linux 4.8 gets rc8
    Chill, penguin-fanciers: Linux lord Linus Torvalds is sitting on the egg that is Linux 4.8 for another week. As Torvalds indicated last week, this version of the kernel still needs work and therefore earned itself an eighth release candidate.
  • Linux 4.8-rc8 Released: Linux 4.8 Next Weekend
  • Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements
    The fifth maintenance update to the Linux 4.7 kernel series, which is currently the most advanced, secure and stable kernel branch you can get for your GNU/Linux operating system, has been announced by Greg Kroah-Hartman. Linux kernel 4.7.5 is here only ten days after the release of the previous maintenance version, namely Linux kernel 4.7.4, and it's a big update that changes a total of 213 files, with 1774 insertions and 971 deletions, which tells us that the kernel developers and hackers had a pretty busy week patching all sorts of bugs and security issues, as well as to add various, much-needed improvements.
  • Blockchain Summit Day Two: End-Of-Conference Highlights From Shanghai
    Financial services firms and startups looking to be the bridge to blockchain ledgers continued to dominate presentations on the second and final day of the Blockchain Summit, ending International Blockchain Week in Shanghai that also saw Devcon2 and a startup demo competition.
  • Testing Various HDDs & SSDs On Ubuntu With The Linux 4.8 Kernel
    Here are some fresh benchmarks of various solid-state drives (SATA 3.0 SSDs plus two NVMe M.2 SSDs) as well as two HDDs for getting a fresh look at how they are performing using the Linux 4.8 Git kernel. After publishing Friday's Intel 600P Series NVME SSD tests of this lower-cost NVM Express storage line-up, I continued testing a few other SSDs and HDDs. These additional reference points are available for your viewing pleasure today. The additional data is also going to be used for reference in a Linux 4.8-based BCache SSD+HDD comparison being published next week. Stay tuned for those fresh BCache numbers.

Behind the GNOME 3.22 Release Video

This is less than usual. The time saving mostly stems from spending less time recording for the release video. At first thought you might think recording would be a breeze but it can be one of the most frustrating aspects of making the videos. Each cycle the GNOME community lands improvement a wide set of GNOME’s applications. So before each release I have to find some way to run a dozen of applications from master. I do this either by: Read more