Clean Air Act (CAA):A U.S. law first passed in 1963 and amended most
recently in 1990. The Clean Air Act is enforced by the Environmental
Protection Agency (EPA) to help control and reduce smog and air pollution.Clean Water Act (CWA):A U.S. law enforced by the EPA, the CWA is the
foundation of surface water quality protection in the U.S. today.CLERP 9:An Australian law comparable to, though less stringent than, SOX.
CLERP 9 is part of the Corporate Law Economic Reform Program (CLERP).COBIT:Published by the IT Governance Institute and the Information
Systems Audit and Control Association (ISACA), COBIT (Control Objectives
for Information and Related Technologies) provides an IT governance
framework to manage risk and compliance issues based on best practices.compliance: The C in GRC, compliance is the act of adhering to and demon-
strating adherence with laws, regulations, or policies. Compliance relates
not just to financial regulations but also to regulations in a host of other
areas including the environment, global trade, worker safety and privacy.COO (Chief Operating Officer):Also called a Chief Operations Officer, an
executive in charge of the company’s day-to-day operations.corrective controls:Internal controls that come into play once a problem
is discovered. An example would be removing access from users who have
excessive privileges or executing a backup and recovery plan after a
physical disaster has occurred.COSO (Committee of Sponsoring Organizations):COSO was formed in 1985
to sponsor the National Commission on Fraudulent Financial Reporting, an
independent private sector initiative that studied the causal factors that can
lead to fraudulent financial reporting and developed recommendations for
public companies, the SEC and other regulators, and educational institutions.CPM (Corporate Performance Management): A combination of strategy
management, planning, reporting and consolidation, and revenue, cost, and
profitability modeling that enables companies to measure their performance
and improve it.CRM (Customer Relationship Management):An enterprise software applica-
tion that allows companies to track their relationships with and provide
better service.CRO (Chief Risk Officer):Sometimes also called the Chief Risk Management
Officer, an executive in charge of enterprise risk management and the
compliance efforts of a company.CSO (Chief Sustainability Officer):An executive in charge of the company’s
emphasis on sustainability.Glossary 323
27_333174 bgloss.qxp 4/4/08 7:12 PM Page 323