Professional Services Monitor: Today


June 2, 2009

Security Auditor Is Sued in Credit-Card Data Breach

Filed under: Consulting,Liability,Technology — psmtoday @ 8:35 am

Savvis, a “IT infrastructure services” provider, is being sued after issuing a clean security audit to CardSystems Solutions in 2004, three months before CardSystems was hacked and compromised.  Wired’s Threat Level blog calls this the first such suit against a security auditing firm.

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.

The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.

Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway.

A Visa executive told an audience earlier this month that the companies were not compliant, though auditors certified they were. “No compromised entity has yet been found to be in compliance with [the standards] at the time of the breach,” she said.

In the CardSystems case, Merrick Bank, which is based in Utah and services 125,000 merchants, sued Savvis last year in Missouri. Merrick says Savvis was negligent in certifying that CardSystems was compliant. The case was moved to Arizona five months ago but only recently assigned a judge, allowing the suit to finally move forward.

March 24, 2009

Deloitte & PwC Purchase Business Units from BearingPoint

Filed under: Consulting,Deloitte,Firms,PricewaterhouseCoopers — psmtoday @ 5:16 pm

Deloitte and PricewaterhouseCoopers separately announce their purchases of business units BearingPoint in North America.

Deloitte will “acquire substantially all of the assets” of BearingPoint’s Public Services practice.

Deloitte today announced that it has signed an asset purchase agreement to acquire substantially all of the assets of the North American Public Services practice of BearingPoint out of bankruptcy for total consideration of $350 million in cash and the assumption of certain BearingPoint liabilities. BearingPoint is a global management and technology consulting company that filed for Chapter 11 bankruptcy protection on February 18, 2009. The agreement is subject to approval by the bankruptcy court, which may consider competing bids, and there can be no assurance that the purchase will be consummated.

PwC announced its own acquisition of BearingPoint’s North American Commercial Services practice.

he United States firm of PricewaterhouseCoopers LLP (PwC) today announced that it has reached an agreement in principle with BearingPoint, Inc. to acquire portions of BearingPoint’s North American Commercial Services practice, which includes its financial services segment. At the same time, PwC Advisory Co., Ltd. (PwC Japan), a PricewaterhouseCoopers firm operating in Japan, has reached an agreement in principle to acquire and integrate with BearingPoint’s entire Japan practice consulting business, which has a leading position in the business consulting market.

In the United States, the proposed transaction will integrate selected contracts and assets of BearingPoint into PwC’s Advisory practice, while bringing to the firm client service professionals with significant business and consulting expertise in industries including energy, utilities, insurance, pharmaceuticals and life sciences.

In Japan, the strength of BearingPoint’s business means that this transaction will create a combined team of over 1,500 professionals which will be one of the largest advisory practices in the Japanese market.

The Washington Post reported that PwC will pay $25 million for the unit.

In BearingPoint’s Fy2007 Annual Report, Public Services and Commercial Services comprise two of BearingPoints three principal North American units, with Financial Services being the third.  Public Services generate $263 million in gross profit in Fy2007, and Commercial Services $82 million.

February 18, 2009

BearingPoint Files for Bankruptcy

Filed under: Consulting,Firms — psmtoday @ 10:37 am

BearingPoint Inc., the consulting firm spun-off from KPMG in 2001, has filed for bankruptcy protection.

BearingPoint Inc. said it filed for bankruptcy-court protection after reaching a deal with its lenders as part of a debt-reduction effort.

The McLean, Va., management and technology consulting firm said its operations based outside the U.S. aren’t included in the filing and won’t be affected.

BearingPoint had been reporting weakened results for some time, and in late 2007 named a new chief executive in hopes of turning around its fortunes.

Wednesday, BearingPoint’s stock was trading around 30 cents on the over-the-counter bulletin board. The stock traded at a split-adjusted $60 on Sept. 3, accounting for a 1-for-50 reverse split in December before careening to a split-adjusted $1.50 in November amid concerns about the company’s viability.

August 22, 2007

BusinessWeek: “Consulting Pays Off for Accountants Again”

On Monday, BusinessWeek published an article on the new face of the old consulting-services businesses at the Big Four. Specifically, the article discusses Deloitte Consulting and the serendipitous collapse of the deal to spin-off the consulting in March 2003. Since then, Deloitte has continued as the only of the Big Four to have a major consulting practice named as such. E&Y sold its consulting practice to Cap Gemini; KPMG spun-off its consulting business to become BearingPoint; and PwC sold its consulting division to IBM to become part of IBM Global Services. And in the luckiest break of all, Andersen Consulting completed its prolonged and painful departure from Arthur Andersen in August 2000 to become Accenture.
Deloitte bucked the trend by keeping Deloitte Consulting under the same roof. Not only did it retain the business, as the article details, Deloitte has made the consulting business even more integrated with the audit and tax practices.

At Deloitte, partners say consultants are far more intertwined with the rest of the business than ever before, starting with their wallets. The SEC outlawed the practice of paying auditors based on non-audit work. So now Deloitte has one big pool of profit that auditors, tax experts, and consultants all share. Audit partners can still refer business to their consulting counterparts, but they only benefit in a broad sense, no longer directly. “Teaming became our mantra,” says Salzberg. James Quigley, chief executive of the global firm, Deloitte Touche Tohmatsu, says the U.S. firm’s array of services makes it “a category of one.”

But, as the article continues, the rest of the Big Four might quibble with Quigley’s assertion of Deloitte’s singular station in consulting. “And it hasn’t taken long for the other audit firms to do the math, and quickly rebuild their own consulting arms. KPMG Worldwide last year sold $5.3 billion of consulting, a 12% jump from the year before; PricewaterhouseCoopers (PwC) $3.7 billion, up 20%; and Ernst & Young $2.4 billion, a 2% increase.” As a Deloitte consulting executive told me even three years ago, “I know the rest of the firms have consulting, even if they’re aren’t calling it that anymore, because they’re bidding against me for the same consulting work.”

Link: Consulting Pays Off for Accountants Again – BusinessWeek

March 14, 2006

IBM Consulting Eyes Smaller Clients

Filed under: Consulting,Firms,Professional Services — psmtoday @ 3:02 pm

WSJ reports that IBM's Consulting division is going after smaller companies in an effort to increase revenue.

IBM has provided the bulk of its consulting services to major companies on high-priced projects. But revenue from IBM's Business Consulting Services group fell 6% in the fourth quarter, prompting the company to pursue consulting arrangements with smaller businesses.

These services will not be sold directly, but instead through resellers. Among the services that IBM will be offering is a $65,000 "IT strategy assessment," which examines customer's information-technology equipment and figure out how the systems and infrastructure could better work.