Control Freak

Did y’all see that the SEC has set up its own special office for the expected influx of whistleblower complaints?  You can check out the website of the new Office of the Whistleblower here, where you’ll find all kinds of info on the ins and outs of how the process works. 

We’d seen the many articles and read a serious amount of analysis, but it didn’t seem so real until the real estate deal. 

Anyway, as we’ve discussed, the whistle-blower provisions of Dodd-Frank are a pretty big deal, and if your business hasn’t thought of how’ll you’ll adapt, well, now’s the time. 

Fortunately for you, we’ve written a good bit on this, so at least you’ve got somewhere to start. The good news? Companies with a firm handle on internal controls can make a great case for employees that concerns should remain internal.

The other good news?  If you don’t have such a great handle on the internal controls thing, we can help with that.

Read more

We’ve posted before about incidences of fraud that just make you cringe for nearly everyone in a story – well, except the perpetrator.  In those cases, if you’re anything like us Control Freaks (hyperaware as we are of what can go wrong at any minute), you just feel bad for the poor guys who didn’t have the good sense to implement controls to prevent against fraud – or have a way of monitoring the controls they do have.

And then there are cases like this one.  Maxim Healthcare, which had at one point nearly two BILLION dollars in federal contracts for its home health aides and nurses, has admitted to $61 million worth of federal fraud and agreed to pay civil and criminal penalties totaling $150 million. 

Not that it’s a great scenario to have one lone greedy employee who’s pilfering without attracting notice.  But it’s an order of magnitude worse when DOJ investigations (spurred by a whistleblower complaint) reveal widespread instances of false billing, across multiple states. 

We talk a lot about the impossibility of legislating ethics, and how all the technology in the world can’t make people behave well.  This is a pretty bright example of just what can go wrong when a business operates without an appropriate respect for the governance and compliance concerns that should have been forefront in the minds of those in charge.  Sheesh.

Read more

Compliance Week has a good piece up on a spike in fraud reporting and just what it might mean for the future of corporate compliance efforts.

It seems that – at least according to the Corporate Fraud Index – fraud-related reports account for more than 20% of all compliance reporting activity.  This is the highest it’s been since the CFI was created in 2005.  Total incidents of reported fraud were also up, nearly 18 percent. 

So what’s this all mean? In our post-SOX world, employees are apparently hearing just as much as they should that fraud is not something to be ignored or smoothed over.  That’s got to be good news.
 
But since this index only started tracking fraud reporting in 2005, and we’ve had all kinds of developments since then – an economic meltdown, near-implosions of the financial sector and Dodd-Frank, just to name a few – it’s hard to tell what that increase in reporting really tells us.  Are more people aware of fraud, doing their jobs with an eye toward preventing it, and reporting suspicious activities?

Or is there an increase in fraud itself, and reporting is starting to reflect how widespread it is?

What do you think?  That’s what the comments are for . . .

Read more

So, the will-they-or-won’t-they Zynga IPO is in the news this week, with analysts all abuzz due to the company’s decision to restate its first quarter financials.

The cause? Zynga says it found a material weakness in internal controls over financial reporting. Kind of a big deal when you’re working to convince the whole investing world just how valuable your company is.

The restatement was a big one, bringing first-quarter profit figures from nearly $17 million down to just below $12 million.

Zynga says in its latest filing that it believes changes to its accounting policy have since fixed the identified weakness, and we’ll admit that they’re at least talking a good game on this one:

“If we are unable to maintain adequate internal controls for financial reporting in the future, or if our auditors are unable to express an opinion as to the effectiveness of our internal controls…investor confidence in the accuracy of our financial reports may be impacted or the market price of our Class A common stock could be negatively impacted.”

Not to beat a dead horse here, but we’ve heard shareholders (and would-be investors) really like when businesses can demonstrate robust internal controls – and real-time processes for monitoring them.

Read more

Courtesy of Dark Reading, Information Week has the goods this week on just the story you don’t want to be in – a case study of some serious breakdowns in oversight at Citigroup. According to FINRA, a sales assistant at Citigroup managed to steal nearly $750k from 22 customers. Over eight years.

Adding insult to the injury of an employee who’s stealing from your customer base? A $500k fine for the company for failing to detect the fraud.

Reading the details doesn’t make the case any better. Apparently, the thief was able to continue a pattern of theft despite exception reports raising flags about new accounts she managed – and similar red flags on suspicious cross-account transfers she conducted.

We’ve said it before, and we’ll say it again. All the controls in the world don’t – can’t – do much good unless there are accompanied by capabilities for addressing exceptions. That’s why we’re such fans (okay, and innovators) of Continuous Controls Monitoring solutions, which let businesses address and mitigate exceptions within a closed-loop system. It’s much more than an acronym – it’s a way go from identifying risks to fixing them before they cost you and your customers.

Read more