Just when corporate America thought it had met all of the reporting and auditing demands resulting from the Sarbanes Oxley Act (http://www.tidwelldewitt.com/sox.htm), another piece of Senate legislation is pending that would assess huge fines for financial service companies and other data managers that fail to adequately protect personal data.

The Personal Data Privacy and Security Act (S1332) is a regulatory hammer pending in Congress that supporters say will help ensure that data brokers utilize adequate data privacy and security systems. The pending legislation provides for fines of up to a maximum of $35,000 per day for violations of certain sections of the act. It?s a sign of the times, and no one is going to be off the radar. Get ready for son of Sarbox.

This legislation underscores the need for companies outsourcing their business processing services to make sure their vendors have the necessary internal and external safeguards in place. The SAS 70 (Statement of Auditing Standards No. 70) (http://www.tidwelldewitt.com/sas70.htm) audit is quickly becoming the industry standard for making such determinations. We are seeing a significant upsurge in demand for the SAS 70 in this era of heightened awareness about maintaining confidentiality of personal information.

Companies outsourcing their business processing services ? such as claims management, credit card processing, information technology and other data-based processes ? should now insist their service vendors undergo a rigorous examination under the SAS 70. The SAS 70 is simply an auditing tool that outsourced financial service providers use to demonstrate to their clients the integrity of their processes.

For companies not already utilizing SAS 70, the pending S1332 bill ? which may come up for full Senate consideration in this term of Congress ? is a prudent step toward meeting expanding federal data security regulations. U.S. Sen. Patrick Leahy (D-Vt), one of the co-sponsors of S1332, puts it this way: ?Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online virtual bazaars.? His co-sponsor on the bill is U.S. Sen. Arlen Specter (R-Pa.), so it is a bipartisan initiative that has a reasonable possibility of passage.

HOW TO CHOOSE A SAS 70 AUDITOR

In choosing a SAS 70 auditor (http://www.tidwelldewitt.com/), you should:

? Make sure the audit will not be done with a standard template, but will be customized for you and your data vendor.

? Choose a firm that has significant experience in SAS 70 audits, one that can take it to full completion and then stand by its work if you come under regulatory scrutiny or face a legal challenge.

? Ask for examples of their SAS 70 work in the past or at the present time.

? Ask if their clients have survived a regulatory or legal challenge to their data control standards.

? Find out if the firm has a specialized SAS 70 unit that performs only that type of work.

? Determine if the potential auditor is a consulting firm only. If so, they cannot legally sign off on the audit (only a CPA firm can do this).

TWO TYPES OF AUDITS

There are actually two levels of SAS 70 audits service organizations must complete:

In a Type I report, the service organization provides a description of its controls at a given time. During the audit, the service auditor evaluates the accuracy of that description and whether the controls were suitably designed to achieve the specific control objectives.

A Type II report includes the information from the Type I, as well as an analysis and results of detailed tests conducted on the service organization?s controls over a period of at least six months.

In order to be sound, SAS 70s must be performed by outside auditing firms with significant experience in this specific type of audit.

MARKETING VALUE SHOULD BE CONSIDERED

Service organizations receive significant value from having a SAS 70 engagement performed. A service auditor?s report with an unqualified opinion that is issued by an independent accounting firm differentiates the service organization from its peers by demonstrating the establishment of effectively designed control objectives and control activities.

Rather than look at the SAS 70 as just another audit process to be endured, smart service providers see having an SAS 70 as a seal of approval they can use in their marketing efforts, similar in industry to the ISO 9000 designation or Underwriter?s Laboratories seal of approval. Having completed a SAS 70 audit also helps service organization build trust with their customers ? and get repeat business and referrals to others.

It has reached the point that the SAS 70 is no longer optional for outside vendors providing financial and I/T services to clients. Given the stakes now, companies just can?t run the risk of assuming that an outside service provider is doing all of the right things. The SAS 70 audit (http://www.tidwelldewitt.com/) is one way they can be certain those vendors meet all of the requirements of Sarbanes Oxley and the new Senate legislation under consideration.

SAS 70 was first developed by the American Institute of Certified Public Accountants in 1992, but was not widely applied until the Sarbanes Oxley Act became law in 2002. Following implementation of the Sarbanes Oxley Act in 2005, SAS 70 audit reports became essential to full compliance with the act?s external service control requirements. If you haven?t asked if your service provider is SAS 70 compliant, you should do so right away.

A personal loan is a broad term for a loan and it can either be secured or unsecured depending on your personal circumstances and preferences. An unsecured personal loan is often used for debt consolidation, taking a vacation, or purchasing a new car. When applying for a personal loan the lender assesses the borrower?s income, current debt and credit history.

A personal loan is different from a secured loan in that the amount is not backed by a form of collateral. Generally, the borrower can take out a personal loan for up to ?25,000 for a period ranging from six months to ten years. Typically, the more you borrow the lower the interest rate

How can you use a personal loan?

ou can use a personal loan to take a much dreamed about vacation or to purchase a new car, or used to help payoff credit card debts or aid in debt consolidation. Whatever you use the money for there are many benefits of applying for a personal loan. You can choose an amount from ?1,000 to ?25,000 and spread the payments over a period of one to seven years. You can even choose a fixed rate for the term of the loan, which makes it easier to plan. If you want to repay your loan early, look closely at any penalties that the lender may charge.

Research all loan offers before your final decision

It is important to gather as much information on all the potential lenders you have applied with so that you make an informed decision. If you already have a lender, it is important to compare their offer with other lenders. It is also crucial to answer all of the questions on the applications. Doing so will decrease the chance of any errors occurring that may impact whether your personal loan application is accepted. In addition, if there are errors on your application this can slow down the amount of time it takes to approve your personal loan application. When you are researching lenders, do not forget to look online for personal loan offers as well. Quite often, they can be very competitive with those you find locally.

What is personal loan protection?

t is wise to consider taking some form of protection out on your personal loan. If an unforeseen accident occurred, rending you unable to make the scheduled repayments personal loan protection will cover your payments for the allotted period. Loan protection is available to anyone over the age of 18 who is working more than 16 hours per week. There are also options when you sign up for loan protection, that provide life cover up to a maximum of ?50,000 so that in the unfortunate event of your death your loan would be paid in full.

If you lose your job during the term of the loan and have loan protection your payments are covered if you have been in continuous employment for at least six months from the time, you took out the loan and have had the loan for thirty days or more.

To manage an effective risk management solution requires more than the calculation of VaR. Ultimately a successful risk management program requires the execution of an effective hedge. Technical analysis is a vital element of this strategy.

Recent market reversals brought about by the Sub-Prime mortgage melt down is clearly a significant market correcting event. No matter if you work in the risk department of a large bank with many employees or a small fund of funds as co-manager, you share the same basic concerns regarding the management of your portfolio(s).

1. how to maintain top quartile performance;

2. how to protect assets in times of economic uncertainty;

3. how to expand business reputation to attract new client assets;

It remains common in the financial industry to hear experienced Portfolio Managers state their risk management program consists of timing the market using their superior asset picking skills. When questioned a little further it becomes apparent that some confusion exists when it comes to hedging and the use of derivatives as a risk management tool.

Risk management analysis can certainly be an intensive process for institutions like banks or insurance companies who tend to have many diverse divisions each with differing mandates and ability to add to the profit center of the parent company. However, not all companies are this complex. While hedge funds and pension plans can have a large asset base, they tend to be straight forward in the determination of risk.

While Value-at-Risk commonly known as VaR goes back many years, it was not until 1994 when J.P. Morgan bank developed its RiskMetrics model that VaR became a staple for financial institutions to measure their risk exposure. In its simplest terms, VaR measures the potential loss of a portfolio over a given time horizon, usually 1 day or 1 week, and determines the likelihood and magnitude of an adverse market movement. Thus, if the VaR on an asset determines a loss of $10 million at a one-week, 95% confidence level, then there is a 5% chance the value of the portfolio will drop more than $10 million over any given week in the year. The drawback of VaR is its inability to determine how much of a loss greater than $10 million will occur. This does not reduce its effectiveness as a critical risk measurement tool.

A sound risk management strategy must be integrated with the derivatives trading department. Now that the Portfolio Manager is aware of the risk he faces, he must implement some form of risk reducing strategy to reduce the likelihood of an unexpected market or economic event from reducing his portfolio value by $10 million or more. 3 options are available.

1. Do nothing - This will not look favourable to investors when their investment suffers a loss. Reputation suffers and a net draw down of assets will likely result;

2. Sell $10 million of the portfolio - Cash is dead money. Not good for returns in the event the market correcting event does not occur for several years. Being overly cautious keeps a good Portfolio Manger from achieving top quartile status;

3. Hedge - This is believed by all of the worlds largest and most sophisticated financial institutions to be the answer.

Let’s examine how it’s done.

Hedging is really very simple, and once you understand the concept, the mechanics will astound you in their simplicity. Let’s examine a $100 million equity portfolio that tracks the S&P 500 and a VaR calculation of $10 million. An experienced CTA will recommend the Portfolio Manager sell short $10 million S&P 500 index futures on the Futures exchange. Now if the portfolio losses $10 million the hedge will gain $10 million. The net result is zero loss.

Some critics will argue the market correcting event may not happen for many years and the result of the loss from the hedge will adversely affect returns. While true, there is an answer to this problem which is hotly debated. After all, the whole purpose of implementing a hedge is because of the inability to accurately predict the timing of these significant market correcting events. The answer is the use of technical analysis to assist in the placement of buy and sell orders for your hedge.

Technical analysis has the ability to remove emotional decisions from trading. It also provides the trader with an unbiased view of recent events and trends as well as longer term events and trends. For example, a head and shoulders formation or a double top will indicate an important rally may be coming to an end with an imminent correction to follow. While timing may be in dispute, there is no question a full hedge is warranted. Reaching a major support level might warrant the unwinding of 30% of the hedge with the expectation of a pull back. A rounding bottom formation should indicate the removal of the hedge in its entirety while awaiting the commencement of a major rally.

It is evident that significant market correcting events occur infrequently, in the neighbourhood of every 10 to 15 years. Yet many minor corrections and pullbacks can seriously damage returns, fund performance and reputation.

If you have ever been confronted with upcoming quarterly earnings or a topping formation which has caused you to consider liquidation then you should have first considered a hedge used in conjunction with the evidence from a well thought out analysis of technical indicators. Together they are a powerful tool, but only for those who have the insight to consider asset protection as important as big returns. I guarantee your competition understands and so does your clients who are becoming more sophisticated each year. It’s important that you do too.