CIS 438 Assignment 2 COPA and CIPA

Strayer CIS Information Security Legal Issues Assignment 2 COPA and CIPA
Due Week 4 and worth 70 points
7 pages, 1262 words, Graded A
The Children’s Online Privacy Protection Act (COPPA) and the Children’s Internet Protection Act (CIPA) are both intended to provide protections for children accessing the Internet. However, they both have had some opposition.
Write a three to five page paper in which you:
1. Describe the main compliancy requirements and the protected information for both COPPA and CIPA.
2. Analyze how COPPA and CIPA are similar and how they are different, and explain why there is a need for two different acts.
3. Describe what you believe are the most challenging elements of both COPPA and CIPA to implement in order to be compliant.
4. Speculate on why COPPA and CIPA define protection for different ages; COPPA defines a child as being under the age of 13 and CIPA defines a minor as being under the age of 17.
5. Identify the main opposition to COPPA and CIPA based on research and speculate on whether they will be changed in the future based on the opposition.

Download Now
(sent via email)

Discussion 4/1

Search on the Internet and select and describe a corporate fraud
incident.

President of Costa Rican Company Sentenced for Fraud Scheme
On October 23, 2012, in Richmond, Va., Minor Vargas Calvo was sentenced to
6o years in prison for canying out a half-billion-dollar fraud scheme that
affected more than 3,500 victims throughout the United States and abroad.
Vargas, a citizen and resident of Costa Rica, is the majority owner of Provident
Capital Indemnity (PCI) Ltd., an insurance and reinsurance company registered
in the Commonwealth of Dominica and doing business in Costa Rica. Vargas
was sentenced for one count of conspiracy to commit mail and wire fraud, three
counts of mail fraud, three counts of wire fraud and three counts of money
laundering. Evidence at trial showed that Vargas and Jorge Castillo, PCI’s
purported independent auditor, used lies and omissions to mislead PCI’s clients
and investors regarding PCI’s ability to pay claims when due on the financial
guarantee bonds that PCI issued. Evidence at trial showed that Vargas spent
more than $23 million of his ill-gotten gains on his professional soccer teams in
Costa Rica, his unrelated companies, his family and himself. Castillo, who was
a PCI employee prior to becoming PCI’s “outside auditor,” pleaded guilty to
conspiring to commit mail and wire fraud and awaits sentencing.

According to the SEC’s complaint filed in U.S. District Court for the Eastern
District of Virginia, PCI is an offshore company located in Costa Rica that
provides financial guarantee bonds on life settlements and claims to protect
investors’ interests in life insurance policies by promising to pay the death
benefit if the insured lives beyond his or her estimated life expectancy. From at
least 2004 to March 2010, PCI issued approximately 197 bonds backstopping
numerous bonded offerings of investments in life insurance policies with a face
value of more than $670 million. The PCI bonds were a material component of
numerous third-party life settlement offerings in the U.S. and abroad.
The SEC’s complaint alleges that PCI’s “audited” financial statements were
provided to Dun & Bradstreet (D&B), which issued PCI a favorable rating of “5
AfS” based exclusively on PCI’s reported net worth. PCI then misleadingly
represented in its marketing materials that D&B’s rating is a reflection of
“successful customer satisfaction” and “the ability to maintain one of the
insurance industry’s lowest loss ratios.” According to the SEC’s complaint, PCI
and Vargas also have represented that PCI was backed by a “bouquet” of
reputable reinsurers that would backstop PCI’s obligations under its life
settlement bonds. PCI did not have that bouquet of reinsurance.

Analyze the organization’s response to the incident, and describe
what controls could have been implemented to prevent the
incident.

Minor Vargas Calvo & Jorge Castillo, PCI’s purported independent auditor,
pleaded guilty to conspiring to commit mail and wire fraud.
• Use a system of checks and balances to ensure no one person has control over all parts
of a financial transaction and provide Board of Directors oversight of agency operations
and management.
AlSO:
1.Monitor the agency’s financial activity on a regular basis, comparing actual
to budgeted revenues and expenses.
2.Require an explanation of any significant variations from budgeted
amounts.
3.Periodically review the check register or general ledger to determine
whether payroll taxes are paid promptly.
4.Document approval of financial procedures and policies and major
expenditures in the board meeting minutes.
s.Require independent auditors to present and explain the annual financial
statements to the Board of Directors and to provide management letters to the
Board.
6.Evaluate the Executive Director’s performance annually against a written
job description.
7.Participate in the hiring/approval to hire consultants including the
independent auditors.
Prepare all fiscal policies and procedures in writing and obtain Board of
Directors approval. Include policies and/or procedures for the following:
Leash disbursements
2.attendance and leave
3.expense and travel reimbursements
4.use of agency assets
s.purchasing guidelines
6.conflicts of interest
Comply with Sarbanes Oxley reporting.
Sarbanes Oxley Act Summary of Major Sections
Tens of thousands of companies face the task of ensuring their accounting
operations are in compliance with the Sarbanes Oxley Act. Auditing
departments typically first have a comprehensive external audit by a Sarbanes Oxley
compliance specialist performed to identify areas of risk. Next,
specialized software is installed that provides the “electronic paper trails”
necessary to ensure Sarbanes-Oxley compliance.
The summary highlights of the most important Sarbanes-Oxley sections for
compliance are listed below. Note that certification and specific public actions
are now required by companies to remain in SOX compliance.
SOX Section 302 – Corporate Responsibility for Financial Reports
a) CEO and CFO must review all financial reports.
b) Financial report does not contain any misrepresentations.
c) Information in the financial report is “fairly presented”.
d) CEO and CFO are responsible for the internal accounting controls.
e) CEO and CFO must report any deficiencies in internal accounting controls, or
any fraud involving the management of the audit committee.
f) CEO and CFO must indicate any material changes in internal accounting

Discussion 4/2

Describe the main elements of SOX and identify the controls
organizations need to implement to be compliant with SOX.

The main provisions of the act are sections 401, 404, 409, and 802.
Section 401:
Financial statements published by issuers are required to be accurate and
presented in a manner that does not contain incorrect statements or admit to
state material information.
Update CEO and CFO on the financials of the company on a regular basis. The
Sarbanes-Oxley Act requires that company executives sign off on quarterly
financial disclosures. In order for the executives to honestly comply with this
requirement, they must be well informed about the company’s financial s.
Section 404:
Issuers are required to publish information in their annual reports concerning
the scope and adequacy of the internal control structure and procedures for
financial reporting.
Identify the gaps within current internal financial controls.
Hire a consultant or designate an internal employee to follow the requirements
they must comply with. Sometimes the requirements change from quarter to
quarter or year to year, and it is the company’s responsibility to know of the
requirements and comply with them
Designate an independent committee to oversee audits. This group of outside
individuals, not employees or directors of the corporation, will be in charge of
hiring the company’s auditor, establishing the procedures that the auditor will
abide by, and ensuring that the auditor that they hire will perform her job
effectively. The audit committee members by law may not have any other
relationship with the company and may not receive compensation for any other
services performed for the company.
Section 409:
Issuers are required to disclose to the public, on an urgent basis, information on
material changes in their financial condition or operations.
Section 802
This section imposes penalties of fines and/or up to 20 years imprisonment for
altering, destroying, mutilating, concealing, falsifying records, documents or
tangible objects with the intent to obstruct, impede or influence a legal
investigation. This section also imposes penalties of fines and/or imprisonment
up to 10 years on any accountant who knowingly and wilfully violates the
requirements of maintenance of all audit or review papers for a period of 5
years

Choose the element of SOX you believe is most difficult or
challenging for organizations to implement and explain why.
Suggest the controls organizations should implement to mitigate
the issue you chose.

In my opinion, Section 404 is the most difficult or challenging to implement. It
is management’s job to maintain a system of internal controls so that the
financial statements will be reliable.
Identifying risks in your company’s financial reporting starts with what you
know best: how your business works. Use your knowledge of your company, as
well as of how generally accepted accounting principles apply to the business, to
identify which parts of the financial reporting process could lead to material
misstatements. Think about “what could go wrong” by considering:
• Risk factors inherent in your business, both internal and external
• Risks in the way you authorize, process and record transactions that are reflected in
the financial statements
• Your company’s vulnerability to fraud
To identify which controls address those risks, consider the following:
• How do your entity-level controls relate to financial reporting elements? With what level
of precision do they operate?
• Is there more than one control that addresses the same financial reporting risk? If so,
which one provides the most efficient way for you to evaluate how well it works?
• Is the control automated? If so, how sturdy are the relevant IT controls? Or is the
control manual- and if so, what is the risk of human error?
• Not every control within a particular process needs to be identified- only those that
adequately address financial reporting risks.