Comments: KPMG establishes the price of the get-out-of-jail card

I think you might be overreacting wildly, bringing everything the Big 4 do under one heading of theft, from isolated incidents in particular firms, regions and practices.

Admittedly, my perspective may be limited - I am not an accountant, but as a CISSP and CISM, with over 12 years in the information security industry, and almost 29 years in networking and IT, I can honestly say I have never seen any organisation conduct itself as professionally and ethically as the practice I currently work for in one of the Big 4.

Media scaremongering and hype serves no-one but the media. Comments like "today's ludicrous audit news..." are just a sop to a public looking for juicy gossip. The standards are not set by the auditor or assessor, and if we are asked to measure against standards, that is what we must do. A system compliant with industry security standards is still going to be vulnerable to attack, as all systems are vulnerable to something, be it a technical, physical, social or other attack. All a company can do is implement RELEVANT controls to a level which is APPROPRIATE for their risk profile.

That is where teams like mine come in - years of expertise across a wide range of technologies, industries and processes. The most telling indication of our value to clients is being retained for long periods of time, even though our rivals (not just Big 4, but many smaller infosec boutiques) are often cheaper. You get what you pay for!-

Posted by Rory A at September 2, 2005 08:56 AM

It's curious isn't it. We pretty much all are in agreement that, according to the standards of the prosecutors, what we have here is criminal behaviour. (This was why I was careful to state "regardless of your views on taxation..." etc etc.)

Yet, solely because the firm would collapse if indicted following the clear precedent set by AA, even though the criminal acts were clearly pre-meditated, the company argued its way out to a fine.

And, now, the accounting profession can rally around and say "well, let's not overreact here..."

What message is it that we should draw from this? That's a serious question - I think we all want to know what we can expect from the accounting profession on these issues.

Posted by Iang at September 2, 2005 09:19 AM

Ian, my compliments on that story. I hope it gets a lot more attention.

Posted by Mark Miller at September 2, 2005 10:44 AM

I don't see how auditors will ever serve the public interest as long as they are paid by the people they audit. What we see is a preordained outcome in such a system.

Posted by O.L. at September 2, 2005 12:12 PM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x5635a2a21b58) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.