Fwd: Weak Enforcement of Corporate Governance andLax Technical Controls Have Enabled the Illegal Backdating ofStock Options - NTP

This is a discussion on Fwd: Weak Enforcement of Corporate Governance andLax Technical Controls Have Enabled the Illegal Backdating ofStock Options - NTP ; Interesting piece... *Weak Enforcement of Corporate Governance and Lax Technical Controls Have Enabled the Illegal Backdating of Stock Options* Feb 21, 2007 URL: http://www.wallstreetandtech.com/showArticle.jhtml?articleID=197007836 In 2006 hundreds of companies were implicated in stock-option timing scandals, and a number of executives ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Fwd: Weak Enforcement of Corporate Governance andLax Technical Controls Have Enabled the Illegal Backdating ofStock Options

  1. Fwd: Weak Enforcement of Corporate Governance andLax Technical Controls Have Enabled the Illegal Backdating ofStock Options

    Interesting piece...

    *Weak Enforcement of Corporate Governance and Lax Technical Controls Have
    Enabled the Illegal Backdating of Stock Options*

    Feb 21, 2007
    URL: http://www.wallstreetandtech.com/showArticle.jhtml?articleID=197007836

    In 2006 hundreds of companies were implicated in stock-option timing
    scandals, and a number of executives were indicted for illegally backdating
    stock options. While greed is the primary reason for backdating, it is
    abetted by weak enforcement of corporate governance that should prevent the
    practice in the first place. Often, there also is a lack of technical
    controls on corporate networks to deter such activities.

    Options backdating is the dating of employee stock options with an earlier
    date than the actual date of the grant. The objective is to choose a date on
    which the price of the underlying stock is lower than the current price,
    resulting in an instant profit to the grantee. When dealing with tens or
    hundreds of thousands of shares, and price differentials in the range of $50
    a share, the amount of illicit gain can be immense.

    This time distortion results not only in the value of the option being much
    greater to the employee receiving it, but in a correlative detriment to
    shareholders by way of stock price dilution. While backdating of stock
    options is not necessarily illegal if the grantor of the stock options
    properly discloses the backdating, it remains to be seen whether some other
    fiduciary duty has been breached.

    Most of the legal issues arising from backdating are a result of the grantor
    falsifying documents to conceal the backdating. According to attorney Louis
    Brilleman, counsel at Sichenzia Ross Friedman Ference in New York, a law
    firm specializing in securities matters, backdating is illegal under most
    circumstances. The practice usually leads to the creation of fraudulent
    documents through the disclosure of misleading corporate earnings and the
    improper reporting of the option grant under applicable tax rules, Brilleman
    explains.

    Options backdating has been going on for many years. The rules changed in
    2002 with the passage of Sarbanes-Oxley, but even that did not stop some
    companies from continuing backdating practices. Accurate timing of
    transactions stock or otherwise is fundamental to any SOX report.
    Further, beginning in August 2002, and pursuant to SOX and other securities
    laws, the SEC started requiring companies to disclose their stock-option
    awards within two days of options grants.

    With new regulations in place, backdating now is a regulatory issue, and, as
    such, companies can no longer bury their heads in the sand and hope no one
    notices. It has become clear that the element of time is now an internal
    control. Any weaknesses in tracking the time of stock-option grants must be
    investigated, reported and corrected.

    Companies now must take the necessary steps to ensure that any backdating
    will be detected. Besides the development of policies, procedures and
    standards around backdating, there are technical solutions that can be
    implemented to support such an endeavor.

    *Time Synchronization Is Imperative*

    These technical solutions center on time synchronization. Companies must
    proactively create a time-synchronization mandate and ensure that it is
    correctly deployed throughout their IT environments. Fortunately, creating
    such a time synchronization infrastructure is relatively easy, and the ROI
    on such an undertaking can be significant.

    As time-synchronization hardware is a needed investment, properly
    communicating the need to management is crucial to getting funding for the
    technology. Synchronizing time is a fundamental business and technology
    decision that should be an integral part of an effective network and
    security architecture.

    The need for this is evident in that an enterprise information network and
    security infrastructure is highly dependent on synchronized time. In
    addition, there also are regulatory issues that require correct synchronized
    time from NASD OATS, FFIEC and GLBA, to Visa CISP and many more. All of
    these regulations recognize that correct time is critical for transactions
    across a network. Many events on the network need the correct time to
    initiate jobs, complete transactions, etc. Correct time is critical for
    billing systems, authentication systems, manufacturing, forensics and more.

    Common to all of these regulations is the requirement that financial
    transactions and changes to electronic records be accurately time-stamped.
    To provide accurate time stamps, all network devices must be synchronized
    relative to national and international time standards.

    At the application and operating system level, most applications and
    networking protocols require correct synchronized time. Vendors such as
    Microsoft, Cisco, Oracle, Red Hat, Novell and Baan all state that their
    systems must be configured to an authoritative time server for proper and
    secure use.

    Time servers cost from $2,000 to $10,000, depending on the level of accuracy
    and redundancy required. Time servers, which take but a few hours to
    install, provide additional benefits, such as reduced downtime and the
    ability to mitigate legal exposure.

    Options backdating is the problem, and time synchronization is the solution.
    But getting from solution to implementation takes proper planning and
    project management. With that, the following five steps can be used as a
    high-level framework for implementing synchronized time in your
    organization.

    *Step 1: Risks and Requirements*
    The first step is to formally determine the risk to your company if you do
    not have synchronized time. Don't underestimate the risks; if you don't
    practice due care pertaining to the time on your network system, you can be
    legally liable for negligence and held accountable for the ramifications of
    that negligence.

    Next, determine how accurate your clocks need to be. This can be anywhere
    from milliseconds to a few seconds. Finally, advise management of the risks
    of nonsynchronized time and get their approval for the purchase of
    time-synchronization equipment and the initiation of a time-synchronization
    project.

    *Step 2: Hardware and Software*
    Start meeting with vendors of time-synchronization equipment to determine
    the solution that best fits your organization and specific needs. Some of
    the leading vendors in this space include
    Spectracom,
    Symmetricom and EndRun Technologies.


    *Step 3: Policy*
    If policies for time synchronization are not in place already, work with the
    information security department to ensure that time synchronization becomes
    part of the global enterprise information technology policy. Time
    synchronization must be made part of the corporate IT systems and security
    policies. Without a policy, there will be no impetus for staff to achieve
    accurate, synchronized time. Often, a simple policy, such as, "Time
    synchronization to an accurate time source is required on all enterprise
    network devices," is a sufficient first step.

    *Step 4: Architecture*
    The first step to architecting an accurate time-synchronization solution is
    to establish a network time source, known as a reference clock, for
    tracability to national and international standards. A typical reference
    clock would use GPS (Global Positioning System) to receive time from
    satellites. Second, create a downstream topology for all network components
    to use the reference clock as the network's master source of time.

    *Step 5: Auditability*
    Steps 1 through 4 are important from a technical perspective. But even with
    the most sophisticated timing device, you still need to have independent and
    auditable time controls in place. As part of this, you must be able to prove
    to auditors and regulators that the time on any monitored system was
    correctly synchronized with a specified time source.

    Also, it is important to note that time synchronization will not magically
    cure a regulatory material weakness leading to an internal controls problem.
    Those in control of time synchronization still can manipulate time and/or
    data. It becomes an issue, at least in part, of taking control over this
    material weakness away from insiders. With that, it is imperative to ensure
    that insiders are not engaging in any time-based data manipulation.

    Also, if something goes to court, you need to prove that all your devices on
    your network are synchronized and that all transactions that took place are
    able to provide an accurate, authenticated time source. This requires that
    all logs are handled within the context of digital forensics and staff
    members are following the appropriate rules of evidence.

    *Conclusion*
    The backdating fiasco demonstrates that the need for synchronized time is a
    crucial business and technology requirement. As such, it is an integral part
    of an effective network and security architecture. Ensuring accurate time is
    relatively inexpensive and offers a significant ROI. And it is a great way
    to stop your company from getting negative press not to mention to keep
    your management team from being indicted.
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  2. Re: Fwd: Weak Enforcement of Corporate Governanceand Lax Technical Controls Have Enabled the Illegal Backdating of StockOptions

    Jared Morrisen wrote:
    > Interesting piece...
    >
    > *Weak Enforcement of Corporate Governance and Lax Technical Controls Have
    > Enabled the Illegal Backdating of Stock Options*
    >


    Please take this elsewhere. This has nothing to do with NTP which deals
    with technical issues involving millisecond accuracy while you are
    foisting stories on social/governance issues involving days and weeks.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


+ Reply to Thread