Control Freak

So the Dow isn’t doing so hot, and the economy in general is at best anemic, so perhaps you’d like to read about a sector that’s really booming.

Nope, not bankruptcy (this time – good guess, though). We’re talking DOJ (Department of Justice for those of you who haven’t had the pleasure) and SEC enforcement of FCPA violations. FCPA has been around longer than many of us at Approva, but it’s only in recent years that its real power has been realized, through an influx of funding and manpower behind enforcement efforts.

Corporate Compliance Insights has a bit of a primer on the last few years of FCPA enforcement, penned by some lawyers who seem to have been around the FCPA block. We were surprised to read that in 2010, fines for FCPA-related violations topped a billion dollars.

What this means for companies doing business overseas – and that’s a lot of them – is that FCPA needs to be a serious component of your risk strategy. You’re going to want to get your FCPA house in order, and fast. Want some tips? We’ve got a post for that.

Read more

Know how we’ve been known to say, a time or two, that the best risk plans encompass risks across functions, based on insights from process owners across the business?

Well, Michael Volkov has a great post that expands on that message in pretty persuasive detail. As he explains, there’s no shortage of regulations for companies doing business internationally – from OFAC to FCPA to AML, there are as many acronyms as there are civil penalties for breaking the rules.
What’s this mean for business? That a single bad call – like failing to check out a vendor or shipping something to the wrong person – can violate multiple statutes. That’s scary – and expensive.

Which is where convergence becomes so important. As Michael sums up Open Air’s Howard Sklar:

“It is critical for a company to weave the most common U.S. regulations of exports and international conduct into a common compliance mosaic – focusing on the key requirements of regulations, including the FCPA, the export-control and sanctions laws and the anti-boycott laws.”

We couldn’t have said it better ourselves.

Read more

There should be a variation on schadenfraude for times like this, when a story of a business done wrong makes us just cringe for nearly everyone* involved.

That’s what happened to us when we read about this case, in which the vice president of corporate risk for Novant Health has been accused of embezzling nearly $620,000 over seven years.

Apparently, an internal audit revealed the embezzlement some eleven years into the VP’s career – and, as stated above, seven years after it allegedly began. In 2004.

You know how we’re always talking about the benefits of Continuous Controls Monitoring, and how it reveals exceptions in real-time, while they can be addressed? This is why. So businesses have time to react in time to fix things, before they lose hundreds of thousands of dollars and seven years’ worth of wages paying an (alleged) embezzler to handle risk management.

Read more

We don’t often use this space to toot our own horns, shout about our awesomeness or remind you, our dear readers, that we’re kind of a big deal.

Which is why we’re sure you’ll understand this momentary divergence from tradition as we tell you about something we’re pretty excited about.

As we officially announced last week, Approva has joined the RSA Secured® Partner Program to certify interoperability between Approva One and the RSA Archer™ eGRC Platform from RSA, The Security Division of EMC (NYSE: EMC).

What’s that mean? It means that organizations can use our Approva One CCM suite to automatically monitor and test their controls for core financial applications including SAP, Oracle and PeopleSoft – and then (and this is the really cool part) publish that control evidence and associated contextual information in the RSA Archer eGRC Platform.

This means that organizations using RSA Archer™ eGRC Platform will have seriously timely analytics about their financial and operational controls. This interoperability will let RSA Archer™ Compliance Management access rules directly in Approva One, so that the controls can be continuously monitored. If or when an exception arises, that information gets published – along with additional business context – back into the RSA Archer eGRC platform.

This builds what we call a “closed-loop” remediation process – so that controls are tested and potential errors, mistakes, or other exceptions are taken care of all within a single system.

What does that mean in real value terms? Reduced risk and reduced cost of compliance. Talk about your win-win situations.

Read more