Control Freak

Compliance Week has a good piece up on a spike in fraud reporting and just what it might mean for the future of corporate compliance efforts.

It seems that – at least according to the Corporate Fraud Index – fraud-related reports account for more than 20% of all compliance reporting activity.  This is the highest it’s been since the CFI was created in 2005.  Total incidents of reported fraud were also up, nearly 18 percent. 

So what’s this all mean? In our post-SOX world, employees are apparently hearing just as much as they should that fraud is not something to be ignored or smoothed over.  That’s got to be good news.
 
But since this index only started tracking fraud reporting in 2005, and we’ve had all kinds of developments since then – an economic meltdown, near-implosions of the financial sector and Dodd-Frank, just to name a few – it’s hard to tell what that increase in reporting really tells us.  Are more people aware of fraud, doing their jobs with an eye toward preventing it, and reporting suspicious activities?

Or is there an increase in fraud itself, and reporting is starting to reflect how widespread it is?

What do you think?  That’s what the comments are for . . .

Read more

So, the will-they-or-won’t-they Zynga IPO is in the news this week, with analysts all abuzz due to the company’s decision to restate its first quarter financials.

The cause? Zynga says it found a material weakness in internal controls over financial reporting. Kind of a big deal when you’re working to convince the whole investing world just how valuable your company is.

The restatement was a big one, bringing first-quarter profit figures from nearly $17 million down to just below $12 million.

Zynga says in its latest filing that it believes changes to its accounting policy have since fixed the identified weakness, and we’ll admit that they’re at least talking a good game on this one:

“If we are unable to maintain adequate internal controls for financial reporting in the future, or if our auditors are unable to express an opinion as to the effectiveness of our internal controls…investor confidence in the accuracy of our financial reports may be impacted or the market price of our Class A common stock could be negatively impacted.”

Not to beat a dead horse here, but we’ve heard shareholders (and would-be investors) really like when businesses can demonstrate robust internal controls – and real-time processes for monitoring them.

Read more

Courtesy of Dark Reading, Information Week has the goods this week on just the story you don’t want to be in – a case study of some serious breakdowns in oversight at Citigroup. According to FINRA, a sales assistant at Citigroup managed to steal nearly $750k from 22 customers. Over eight years.

Adding insult to the injury of an employee who’s stealing from your customer base? A $500k fine for the company for failing to detect the fraud.

Reading the details doesn’t make the case any better. Apparently, the thief was able to continue a pattern of theft despite exception reports raising flags about new accounts she managed – and similar red flags on suspicious cross-account transfers she conducted.

We’ve said it before, and we’ll say it again. All the controls in the world don’t – can’t – do much good unless there are accompanied by capabilities for addressing exceptions. That’s why we’re such fans (okay, and innovators) of Continuous Controls Monitoring solutions, which let businesses address and mitigate exceptions within a closed-loop system. It’s much more than an acronym – it’s a way go from identifying risks to fixing them before they cost you and your customers.

Read more

So the Dow isn’t doing so hot, and the economy in general is at best anemic, so perhaps you’d like to read about a sector that’s really booming.

Nope, not bankruptcy (this time – good guess, though). We’re talking DOJ (Department of Justice for those of you who haven’t had the pleasure) and SEC enforcement of FCPA violations. FCPA has been around longer than many of us at Approva, but it’s only in recent years that its real power has been realized, through an influx of funding and manpower behind enforcement efforts.

Corporate Compliance Insights has a bit of a primer on the last few years of FCPA enforcement, penned by some lawyers who seem to have been around the FCPA block. We were surprised to read that in 2010, fines for FCPA-related violations topped a billion dollars.

What this means for companies doing business overseas – and that’s a lot of them – is that FCPA needs to be a serious component of your risk strategy. You’re going to want to get your FCPA house in order, and fast. Want some tips? We’ve got a post for that.

Read more

Know how we’ve been known to say, a time or two, that the best risk plans encompass risks across functions, based on insights from process owners across the business?

Well, Michael Volkov has a great post that expands on that message in pretty persuasive detail. As he explains, there’s no shortage of regulations for companies doing business internationally – from OFAC to FCPA to AML, there are as many acronyms as there are civil penalties for breaking the rules.
What’s this mean for business? That a single bad call – like failing to check out a vendor or shipping something to the wrong person – can violate multiple statutes. That’s scary – and expensive.

Which is where convergence becomes so important. As Michael sums up Open Air’s Howard Sklar:

“It is critical for a company to weave the most common U.S. regulations of exports and international conduct into a common compliance mosaic – focusing on the key requirements of regulations, including the FCPA, the export-control and sanctions laws and the anti-boycott laws.”

We couldn’t have said it better ourselves.

Read more