With information in mountain stacks of paper files coupled with financial records, electronic media, instant messaging, tweets and blogs are you able to locate specific information to support an inquiry?
Is the greater challenge in finding it or in missing it all together?
Tags: Dispute Analysis & Investigations, e-Disclosure, e-Discovery, Forensics, legal technology, Risk
Granted, an audit is usually not perceived as a pleasant thing, but it doesn’t have to be a painful experience either.
Let’s imagine, for a moment, that you feel you have a rough idea what software is being used in your company. You have a robust security policy and more or less good guidelines on how software should be installed and used. But, you haven’t actually ever counted and verified against the contracts. Should you worry?
I am afraid the answer will be yes. Users often easily install software on corporate machines without giving it much thought. The company, however, can be held liable for this. But, the larger issues often lie within the server environment rather than the pc-environment. Due to the very nature of the software contracts and the rapid developments in IT, you can become heavily out of compliance by simple actions such as upgrading or changing a processor. As a result, a potential compliance audit by a software publisher may cause more disruption than desired and the findings may cause a small financial hangover. And if it doesn’t, you could worry that perhaps you have been spending too much on software.
For readers that just want to avoid worrying all together, maybe you want to think about a software asset management function. I will pick that up next time.
Cheers,
Sally
Tags: compliance audit, licence compliance audits, Risk, Risk Management, SAM, Software Asset Management, Software licence audits
Good risk management at UBS, you say?
The Harvard Business Review seems to thinks not…
HBR: UBS Systems Failed the “Too Big to Fail” Bank
An eye-opening piece on risk management systems at UBS, which permitted this massive fraudulent trading to take place, without ever being detected.
Despite a recent and large scale overhaul and improvement.
Sort of makes you think, doesn’t it?
Tags: Fraud, Fraud prevention, Risk, Risk Management
UK Bribery Act: the British act against corruption is not something that Belgian business can just ignore.
Tags: Corruption, Fraud, Fraud prevention, Risk, UK Bribery Act
The Bribery Act 2010 received Royal Assent on 8 April 2010 and came into force on 1 July 2011. In addition to the two offences of active and passive bribery (paying and receiving bribes respectively), two specific offences are covered:
With the Bribery Act the UK has one of the strictest anti-bribery regimes in the world and its reach is even broader than the US Foreign Corrupt Practices Act.
As the Bribery Act will have implication for all businesses that are incorporated in the UK and for the businesses that carry on all or part of their business in the UK, it is of utmost importance to have a fully integrated and effective anti-corruption program.
In many ways the introduction of the Bribery Act could require a fundamental reassessment of the risks that a company is running and how those risks are addressed.
Tags: Corruption, Fraud, Fraud prevention, Risk, UK Bribery Act
When fraud appears, the culprit identified is usually always the same: CONFIDENCE!
Most companies have developed internal control mechanisms but weaknesses are unfortunately often considered only after the onset of a suspicion or a fraud. Once on the field, the Forensic Auditor repeatedly remarks that most fraud’s cases are related to the following issues:
No matter that the fraud is perpetrated within or outside the organization, the only real way to protect an organisation from fraud is to implement efficient and effective controls with regular monitoring / controls testing.
Create or Challenge the control environment
The only way for an organization to effectively fight against fraud is to create an environment that’s discouraging it. Prevent fraud through the creation and implementation of processes and controls, codes of conduct and ethics along with management and staff training. A key element that is too often neglected is “communication”. A good fraud prevention plan involves the setting up of a “communication plan” tailored to both management and staff on the available tools to prevent and detect fraud as well as an action plan in case of a fraud case (suspicion).
Tags: Fraud prevention, Risk, Risk Management
Recent Comments