Sponsored by International Quality and Productivity Center Conference on THE CHANGING ROLE OF THE INTERNAL AUDITOR March 31-April 2, 2003 * Georgian Terrace Hotel * Atlanta, GA
<See Details at the end of this email> Seats are limited so sign up now at www.iqpc.com! *************************************** Jim, You raised an interesting thought/topic. But, I suspect you haven't gone far enough. Most auditors need to know that simply having a good policy or a well worded disclaimers isn't anymore sufficient to protecting your company from a lawsuit then, lets say having a well documented policy on how to capitalize and expense certain telecommunication investments at a company like ahh shall we say - WORLDCOM???? Unfortunately, most auditors think that it's a matter of well documented "policies and procedures". And, then they top that off with something like "we need effective controls" "controls, controls, controls." Well, the fact of the matter is that doesn't mean JACK. Consider this: Your Company sends out their "disclaimer" which perhaps they learned about from a subscription to audit_net or which the their consultant Protiviti recommended they adopt. Then, their computers are in fact used to perpetrate a DNS attack on several other companies through malicious code sent via email. Fast forward to a federal district court hearing where the PA (Plaintiffs Attorney) is cross examining your IT Auditor: "So you hired Protiviti to test your systems?".... "They recommended that you put a disclaimer on your emails?" ... "They didn't recommend that you run CSAHDAJHD scan to stop malicious outbound code?", "Now, exactly what skills did this 'Protiviti' have??? "Hmm, they had a staff fill out a form and send you a report?" "Did they run an Attack and Penetration against your systems" "Did your CIO get the report?" You see the point - it's ludicrous to suggest that policies and procedures and disclaimers are what this is all about. That kind of shallow thinking (and a little group thinking like this down in Houston last year) is what has given this profession a bad name. Now there's a topic for that conference down in Atlanta next Month!!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Kaplan Sent: Monday, February 10, 2003 6:16 AM To: [EMAIL PROTECTED] Subject: Re: E-Mail Disclaimers Sponsored by International Quality and Productivity Center Conference on THE CHANGING ROLE OF THE INTERNAL AUDITOR March 31-April 2, 2003 * Georgian Terrace Hotel * Atlanta, GA <See Details at the end of this email> Seats are limited so sign up now at www.iqpc.com! *************************************** It is important to add disclaimers to your internal and external mails, since this can help protect your company from liability. Consider the following scenario: an employee accidentally forwards a virus to a customer by email. The customer decides to sue your company for damages. If you add a disclaimer at the bottom of every external mail, saying that the recipient must check each email for viruses and that it cannot be held liable for any transmitted viruses, this will surely be of help to you in court. Another example: an employee sues the company for allowing a racist email to circulate the office. If your company has an email policy in place and adds an email disclaimer to every mail that states that employees are expressly required not to make defamatory statements, you have a good case of proving that the company did everything it could to prevent offensive emails. Check out the following: http://www.emaildisclaimers.com/ For email policy: http://www.emailreplies.com/Email_policy.html Hope this helps, Jim Kaplan At 10:29 AM 2/10/2003 +0800, you wrote: >-----Original Message----- >From: Abdul Samad Jaafar >Sent: Friday, January 17, 2003 11:39 AM >To: [EMAIL PROTECTED] >Subject: E-mail disclaimer > >Dear all, > >I have a question on the above matter, particularly to those who work with >organisation that make it a policy for every outgoing e-mail to be >attached with disclaimer/caution, such as the two e-mails below. > >My question is, does the disclaimer legally protect the >sender/organization from potential problems arising from unauthorised >dissemination, distribution or reproduction of the e-mail contents? > >Thank you. > >Abdul Samad Jaafar >Head of Internal Audit & Compliance >Public Mutual Berhad >Kuala Lumpur This conference provides expert speakers addressing the latest and most topical issues regarding new processes & practices helping internal auditors successfully meet the expectations of BODs & auditing committees, senior executives, clients and external consultants. Includes case studies from Fidelity Investments, Bon Secours Health Systems, Staples, Schwan Food Company, FedEx, Anchor Bancorp, and others. AUDIT-L SUBSCRIBERS WILL SAVE $200 using discount code: A434E. Register by calling 1-800-882-8684, email to: [EMAIL PROTECTED] or online at www.iqpc.com! Note: This discount cannot be combined with any other offer. Payment in full upon registration. For cancellation and conference policies, please visit www.iqpc.com. If your organization would like to sponsor this discussion list send an e-mail to [EMAIL PROTECTED] for information. To unsubscribe to the Audit-l list send an e-mail to [EMAIL PROTECTED] Leave the subject line blank and include the This conference provides expert speakers addressing the latest and most topical issues regarding new processes & practices helping internal auditors successfully meet the expectations of BODs & auditing committees, senior executives, clients and external consultants. Includes case studies from Fidelity Investments, Bon Secours Health Systems, Staples, Schwan Food Company, FedEx, Anchor Bancorp, and others. AUDIT-L SUBSCRIBERS WILL SAVE $200 using discount code: A434E. Register by calling 1-800-882-8684, email to: [EMAIL PROTECTED] or online at www.iqpc.com! Note: This discount cannot be combined with any other offer. Payment in full upon registration. For cancellation and conference policies, please visit www.iqpc.com. If your organization would like to sponsor this discussion list send an e-mail to [EMAIL PROTECTED] for information. To unsubscribe to the Audit-l list send an e-mail to [EMAIL PROTECTED] Leave the subject line blank and include the
