From Cybersecurity to IT Governance – Assessing the Results of Protiviti’s Latest IT Audit Benchmarking Survey

Protiviti has released the results of yet another informative survey that puts the spotlight on IT risks and apparent shortcomings in the ability among organizations to audit them.

As we all know, IT risks are everywhere – from privacy and infrastructure to cybersecurity. The results of our latest IT Audit Benchmarking Study show these are top-of-mind issues for boards and management teams, who know that strong IT security frameworks, and robust IT compliance and assurance programs, are critical. Therefore, organizations have a significant stake in having IT audit capabilities in place that ensure an available, secure and efficient IT environment.

Our survey reveals that companies have significant room for improvement. A major concern is data security, yet IT audit resources are inadequate. More organizations have improved their IT governance programs, but there are still major shortcomings in IT audit risk assessments. Continue reading

Getting Started with ERM

Enterprise risk management (ERM) is one of those topics so daunting that companies often don’t know where to begin. Often folks experience difficulty agreeing on what it is.

At the end of the day, busy executives want some practical advice on how to begin implementing ERM. A couple of years ago I published my thoughts on the topic, along with several related posts, at Corporate Compliance Insights, an online journal featuring thought leadership from compliance and ethics professionals from around the world. I am proud to be a monthly contributor.

ERM is a favorite topic of mine and central to much of what we do at Protiviti, so I thought I’d revisit it here. Although by no means comprehensive, I’ve found the following five steps to be effective for boards and management to get the ERM ball rolling. Continue reading

New FS Insights Articles Focus on Strategies to Improve Risk Management Capabilities and Stress Testing

For those of you in the financial services industry, I want to point you to the latest issue of FS Insights, Protiviti’s quarterly newsletter that offers viewpoints on trends and issues affecting today’s financial services organizations. In this edition, our FSI team looks at the key findings of a study conducted by the Economist Intelligence Unit and Protiviti on the risk management capabilities of financial services organizations, as well as the challenges they continue to face in the wake of the financial crisis.

The second article focuses on lessons learned from regulatory stress testing. You’ll find the newsletter on our website. I encourage you to subscribe and invite you to provide any comments or responses here.

Jim

Fraud Awareness Tip No. 5 – Make Sure Your Fraud Detection Tools Actually Detect Fraud

by Scott Moritz
Managing Director – Leader, Protiviti’s Fraud Risk Management Practice

In recognition of the 25th anniversary of the Association of Certified Fraud Examiners (ACFE) and International Fraud Awareness Week, Protiviti, whose practitioners include more than 100 members of the ACFE, is releasing a series of tips on fraud awareness to help raise awareness of the various ways that fraud can affect an organization and the proactive steps organizations can take to better position themselves in the ongoing fight against fraud.
____________________________________________________
Enabling technologies can drive a lot of efficiencies across a wide array of compliance processes, including fraud detection. However, what steps should organizations take to determine if their systems have been properly configured? Is the company examining the right data and are a reasonable number of alerts resulting in actual investigations that lead to the prevention of fraud? Continue reading

Fraud Awareness Tip No. 4 – Avoid Operating in the Blind: How to Manage Corruption Risk in Your Customer Base

by Scott Moritz
Managing Director – Leader, Protiviti’s Fraud Risk Management Practice

In recognition of the 25th anniversary of the Association of Certified Fraud Examiners (ACFE) and International Fraud Awareness Week, Protiviti, whose practitioners include more than 100 members of the ACFE, is releasing a series of tips on fraud awareness to help raise awareness of the various ways that fraud can affect an organization and the proactive steps organizations can take to better position themselves in the ongoing fight against fraud.
____________________________________________________
Many uncomfortable conversations with the SEC, Department of Justice or the Serious Fraud Office start with the questions:

– Who among your customers are state-owned companies?
– How do you identify your state-owned customers?
– What heightened standard of care do you hold them to? Continue reading

Fraud Awareness Tip No. 3 – Be Diligent In Your Due Diligence Investigations: Don’t Just Check the Box

by Scott Moritz
Managing Director – Leader, Protiviti’s Fraud Risk Management Practice

In recognition of the 25th anniversary of the Association of Certified Fraud Examiners (ACFE) and International Fraud Awareness Week, Protiviti, whose practitioners include more than 100 members of the ACFE, is releasing a series of tips on fraud awareness to help raise awareness of the various ways that fraud can affect an organization and the proactive steps organizations can take to better position themselves in the ongoing fight against fraud.
____________________________________________________

There is a dizzying array of due diligence investigative options for organizations today. Moreover, there are an equally confusing number of categories of relationship that a company may need to subject to a background investigation. One size definitely does not fit all. So, where do you start?

Assess Where Your Risks Are and Their Severity
While the term “risk-based approach” may be overused, it’s a critically important concept. Before designing a due diligence process that is risk-based, organizations must have a firm grasp of the types of risk that their organizations may face across their different relationships, lines of business, activities and geographies. Broadly, due diligence can be applied to customers, business intermediaries, suppliers, venture partners and employees. When added together, the sheer numbers can be overwhelming, especially for very large organizations. Continue reading

Fraud Awareness Tip No. 2 – Keeping Your Competitive Bid Process Free From Corruption

by Scott Moritz
Managing Director – Leader, Protiviti’s Fraud Risk Management Practice

In recognition of the 25th anniversary of the Association of Certified Fraud Examiners (ACFE) and International Fraud Awareness Week, Protiviti, whose practitioners include more than 100 members of the ACFE, is releasing a series of tips on fraud awareness to help raise awareness of the various ways that fraud can affect an organization and the proactive steps organizations can take to better position themselves in the ongoing fight against fraud.
___________________________________________________________________

One way to gain some assurance that you are getting the best price and that your bidding process is free from corruption is to implement a system of competitive bidding. The flaw in that thinking is that most competitive bidding programs assume that employees who are administering the bidding process have your company’s best interests in mind.

Unfortunately, companies are microcosms of society and a small number of your employees may see nothing wrong in committing crimes, large and small. For example, a common scheme that undermines the efficacy of any competitive bidding process is when someone involved in its administration elicits or agrees to accept a bribe or kickback that is often a percentage of the value of the contract award. Continue reading