Here's a quick tip on how your 10-K language may need to change to represent your compliance with the new COSO 2013 standards / Sarbanes-Oxley. Remember, this is due by 12/15/2014, it is not optional, and if you directly reference the 1992 guidance like most companies do, you will need to make this edit.
There are 17 Principles discussed in the new COSO 2013 guidance that every public company must demonstrate compliance with by 12/15/2014.
Now this is interesting. Whistleblower protection laws previously did not apply to contractors so, as a for instance, if and accountant were to find fraud, they could not report it to the SEC or PCAOB without risking a lawsuit for violating their non-disclosure agreement and they were not protected under Section 806 of the Sarbanes-Oxley Act (whistleblower section). This was the reality for all consulting firms. We were essentially required to keep our mouths shut or suffer literally being sued into the ground for trying to “do the right thing.” This was always a concern for us consulting firms because “doing the right thing” is required by the SEC and PCAOB or you could face sanctions that would never allow you to work with a public company again; however, if you did “do the right thing,” then you could literally face losing your business, home, and career for violating your contract with your fraudster customer. This was a serious dilemma.
I found an interesting article from intuit relating to IT General Computer Controls (ITGCC) and what is the definition of a minimum requirement for a password to be accepted as 'complex.' According to the article from Intuit: