Corporate scandals and breakdowns such as the Enron case of reputational risk in 2001 have highlighted the need for stronger compliance and regulations for publicly listed companies. The most significant regulation in this context is the Sarbanes-Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significant tighter personal responsibility of corporate top management for the accuracy of reported financial statements.
Compliance in the USA generally means compliance with laws and regulations. These laws can have criminal or civil penalties. The definition of what constitutes an effective compliance plan has been elusive, and as many organizations who require regulation have found the cost of compliance can be significant.
There are a number of other regulations such as GLBA, FISMA, Joint Commission and HIPAA. In some cases other compliance frameworks (such as COBIT) or standards (NIST) inform on how to comply with the regulations.
Regulations - USA:
- Sarbanes-Oxley (SOX )
- Healthcare Insurance Portability and Accountability Act (HIPAA)
- CA SB 1386 and other State Privacy Laws
- Payment Card Industry Data Security Act
- FDA CFR 21 Part 11
- FISMA (Federal Info Security Mgmt Act)