Categories
Digging Deeper

Digging Deeper Episode 7: Investigating Fraud and Corruption


Fraud and corruption can permeate any industry – and as Darren Matthews saw early in his career as a grocery clerk all the way to K2 Integrity’s regional head of EMEA, it can take varying forms. In Episode 7 of Digging Deeper, Chris Morgan Jones and Darren Matthews explore how fraudsters find new avenues to take advantage of a business, and some cases where investigators cracked the code on bad actors.
 

According to Darren, “This type of work requires somebody with attention to detail, and somebody with a creative mindset. You’ve got to think like a criminal – if I was going to defraud this company, how would I do it?”
Listen to more episodes of Digging Deeper:

Digging Deeper, an investigative podcast series by K2 Integrity, helps shine a light on the investigations industry as few can: via the real-world, exceptional practitioners who, day in and day out, conduct this work across sectors and around the globe. Listen in to each episode where guests explore unique cases and share what they uncovered along the way to crack the code for clients. Learn more by clicking here, or subscribe on Apple PodcastsSoundCloudSpotify or Stitcher
 

Categories
Innovation in Compliance

Smart Automation for Risk Management: Part 3, a Holistic Approach to Risk Monitoring With Data Analytics

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We are reviewing the Lextegrity Product Suite, taking a deep dive into continuous risk monitoring, considering pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 3, I conclude my two-part visit Miller about risk monitoring with data analytics.

We began with the Department of Justice’s (DOJ) 2020 Update to the Evaluation of Corporate Compliance Programs, (2020 Update), which mandated for the first time that compliance practitioners and the corporate compliance function have access to a company’s data lakes. Miller believes the DOJ 2020 Update has really been an eye opener for a lot of risk professionals and companies out there that they “need to do better.” Compliance professionals should have access to their own data as risk professionals, they need to have a plan and an actual program to monitor their company’s data. This works directly on the first two prongs of any compliance program; to prevent and detect actions which could be fraudulent, corrupt such as bribery, or other actions which could put your company in danger. This is even more true in 2021 as the DOJ is ramping up their enforcement efforts. Lextegrity provides a continuous monitoring solution that provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk.

Miller emphasized the key is that your continuous monitoring solution should be flexible and curable to your specific company. The Lextegrity platform provides analyses that are broken out in a variety of areas to look for specific types of risk in that general risk-based area. It allows you to identify transactions that could be associated with some wrongdoing like bribery, corruption or fraud. However, what many compliance professionals struggle with is separating the wheat from the chaff. In other words, they are bogged down in the details of a transaction such as gifts, travel and entertainment (GTE) spend, lack of approvals on discounts or third-party issues and do not have the ability to step back and look at a bigger picture.

This is where the Lextegrity platform is so powerful. It allows a deep dive into each step in the cycle, such as QuoteToCash and ProcureToPay, so that each part of the transaction can be seen. How can you both see the dots and connect the dots in a more macro view of risk? Miller said Lextegrity is thinking about that bigger picture of risk is because many customers are looking to connect the dots. What the Lextegrity solution provides is “to bring in that transactional data in as robust of a fashion as possible.” I asked him for an example. Miller said, “I’ll give you an example with vendor spend. When we look at that vendor spend data coming from SAP or Oracle, we’re not just bringing in the payment, we’re actually bringing in the payment that was made across eight different invoices. And then from each one of those invoices, we’re digging into the actual invoice detail that came along with that, the invoice line-item detail, the purchase order information, as well as the purchase requisition details at every one of those steps of the business process.” While each view could provide a small amount of detail that could be relevant from a risk perspective, it may not go into this identification of risk in that transaction as a whole. However, when you add “information coming from the financial side of the house, this provides accounts which can impact an organization from an expense perspective as there “lot of good clues there.”  But then you can supplement that data with other information, such as information from the Human Resources (HR) master file. This allows you to look at who approved the Purchase Order (PO) who requested the purchase requisition and then who approved the ultimate payment or invoice, and how does your network look in regard to the overall transaction. This allows a much more holistic approach to the overall data.

We concluded by considering what connecting all these dots might look like. Miller said that by  “connecting the dots of risk you start to see other things happen, you catch an exception in this area and now you say, well, so-and-so was a major part of that. Let’s see what else they’ve touched in this area or looking at the cross impact between employee spend and vendor spend, and then be on that in the compliance space”. You can also cross-reference hotline reports, due diligence metrics, audit reports, training completion data and indeed “all this other program information that compliance has a hand into that can feed into this transactional data.” It can truly provide to you the broadest look at your compliance risk.

Join us tomorrow where we explore pre-approvals and third-party due diligence with Kara Bonitatibus.

For more on Lextegrity, check out their website here.

Categories
The Ethics Experts

Episode 055–Rumina Morris

In this episode of The Ethics Experts, Nick welcomes Rumina Morris, Equity and Inclusion Expert, to the show.

Categories
Popcorn and Compliance

Falcon and the Winter Soldier, Episode 4


In this special podcast series, One Stone Creative co-founder Megan Dougherty and Tom Fox, the Voice of Compliance indulge in their love of all things MCU by watching and discussing the Falcon and the Winter SoldierIn this episode we look at episode 4 of the series currently running on the Disney channel.

  1. Synopsis
  2. Cookies and other Cool Stuff

The Whole World is Watching
Deprograming in Wakanda
What does the serum do?
Super Heros and Supremacist
Turkish Delight
The two Captain Americas and Rage
3.  Discussion
Does look like Sharon Carter is the Power Broker. Or is she?
How far will the flag smashers go?
Sam and Karli-are they closer in spirit than is obvious?
Should Zemo face justice in Wakanda? Are the Dora Milaje now bounty hunters?
Is the new Captain America damaged goods?

Categories
Cordery

Cordery Head to Head @ Home: Claudia Natanson on Current Cyber Threats – Phishing & Ransomware


In this edition of Cordery Head to Head @ Home Cordery’s Jonathan Armstrong talks to Claudia Natanson.  Claudia is the former Chief Security Officer of The Department for Work and Pensions (DWP) the UK’s largest Government department.  Prior to that, she had a distinguished career as a security professional and Chief Information Security Officer at blue-chip organizations including Diageo and BT.
Claudia and Jonathan talk about:

  • how Claudia first became involved in cybersecurity.
  • current threats including phishing and cybersecurity and the rise of criminal activity during the pandemic.
  • the importance of human behavior in dealing with those threats.
  • the future of cybersecurity and how the profession might become more diverse.

You can find out more about Claudia here http://securitypractitioners.com/Aboutus.aspx
Jonathan and Claudia also discuss the Blackbaud ransomware attack.  There is more on this here: https://bit.ly/blackcrack.
You can find out more about Cordery and its work here https://www.corderycompliance.com/.
You can also read about current issues in dealing with the pandemic here https://www.corderycompliance.com/category/covid19/
You can also find out more about Cordery’s experience of cybersecurity issues here https://www.corderycompliance.com/category/cyber-security/
You can view more Cordery Head to Head interviews here www.bit.ly/corderytv.
 

Categories
Compliance Into the Weeds

Cybersecurity, ERP and Compliance


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into the type of cybersecurity risk where ERP software is compromised due to a bug or other vulnerability. Some of the issues we consider are:

  • What are two types of cybersecurity risk?
  • How does this second type of risk impact ERP systems?
  • What are the compliance implications? Internal Audit? Crop Governance?
  • What steps can a CISO take?
  • What does this mean for compliance officers?

 Resources
Matt’s blog post on Radical Compliance: 
More on Cybersecurity, Compliance Risk

Categories
Daily Compliance News

April 14, 2021 the Ishaguro and the Workplace edition


In today’s edition of Daily Compliance News:

  • What is imperfect sustainability? (FT)
  • What does ESG mean, really? (FT)
  • Ishaguro and AI at the workplace. (FT)
  • Get ahead of change. (FT)