Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (Financial Modernization Act of 1999) is designed to protect the personal financial information that is held by financial institutions through the enforcement of three primary provisional components:

1. Financial Privacy Rule that regulates collection and disclosure of customers' personal financial information by financial institutions and other companies that receive such information.
2. Safeguards Rule requiring financial institutions to design, implement, and maintain safeguards to protect customer information. The rule applies to financial institutions that collect information from their own customers, in addition to financial institutions such as credit reporting agencies that receive customer information from other financial institutions.
3. Pretexting Provisions which protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as "pretexting."

Eight federal agencies and the states are granted authority to enforce the Financial Privacy and Safeguards Rule, which apply to financial institutions including, banks, securities firms, insurance companies, and companies providing consumer services such as lending, brokering, loan servicing, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, and collecting consumer debts.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability & Accountability Act requires that healthcare organizations such as healthcare providers, health plans, public health authorities, life insurers, information systems vendors, service organizations, and universities provide improved efficiency in the delivery of healthcare services by standardizing the electronic interchange and protection of health data through standards for healthcare transactions and administrative information systems. HIPAA compliance is based on an organizations level of enforcement of the rules, regulations, and standards established by the Department of Health and Human Services (HHS) including those related to:

1. Standardization of electronic patient health, administrative and financial data
2. Unique health identifiers for individuals, employers, health plans and health care providers
3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Office of Management and Budget (OMB)-123

OMB Circular No. A-123 defines management's responsibility for internal control in Federal agencies and accentuates the need for agency integration and coordination of internal control assessments with other internal control-related activities. Circular A-123 evolved from a re-evaluation of the internal control requirements for Federal agencies, which was initiated in response to the Sarbanes-Oxley Act of 2002, stipulating the implementation of improved, more robust internal controls for publicly-traded companies. Through a comprehensive internal control review, an agency’s level of compliance with A-123 and the Federal Managers’ Financial Integrity Act of 1982 that it implements can be assessed.

Sarbanes-Oxley Act

Sarbanes-Oxley Act of 2002 introduces a new wave of corporate governance and accountability.  The need to link corporate governance with effective internal control has never been of such great concern.  The vital role information technology plays in internal control has never been more visible or important and is critical to the financial reporting process.  The directives of Sarbanes-Oxley Section 404 require that management provide an annual report on its assessment of internal control over financial reporting annually.  Section 404 also requires a company’s independent auditor to attest to management’s assessment of its internal control over financial reporting.