Author: admin

Categories
Digging Deeper

Digging Deeper Episode 7: Investigating Fraud and Corruption


Fraud and corruption can permeate any industry – and as Darren Matthews saw early in his career as a grocery clerk all the way to K2 Integrity’s regional head of EMEA, it can take varying forms. In Episode 7 of Digging Deeper, Chris Morgan Jones and Darren Matthews explore how fraudsters find new avenues to take advantage of a business, and some cases where investigators cracked the code on bad actors.
 

According to Darren, “This type of work requires somebody with attention to detail, and somebody with a creative mindset. You’ve got to think like a criminal – if I was going to defraud this company, how would I do it?”
Listen to more episodes of Digging Deeper:

Digging Deeper, an investigative podcast series by K2 Integrity, helps shine a light on the investigations industry as few can: via the real-world, exceptional practitioners who, day in and day out, conduct this work across sectors and around the globe. Listen in to each episode where guests explore unique cases and share what they uncovered along the way to crack the code for clients. Learn more by clicking here, or subscribe on Apple PodcastsSoundCloudSpotify or Stitcher
 

Categories
Innovation in Compliance

Smart Automation for Risk Management: Part 3, a Holistic Approach to Risk Monitoring With Data Analytics

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We are reviewing the Lextegrity Product Suite, taking a deep dive into continuous risk monitoring, considering pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 3, I conclude my two-part visit Miller about risk monitoring with data analytics.

We began with the Department of Justice’s (DOJ) 2020 Update to the Evaluation of Corporate Compliance Programs, (2020 Update), which mandated for the first time that compliance practitioners and the corporate compliance function have access to a company’s data lakes. Miller believes the DOJ 2020 Update has really been an eye opener for a lot of risk professionals and companies out there that they “need to do better.” Compliance professionals should have access to their own data as risk professionals, they need to have a plan and an actual program to monitor their company’s data. This works directly on the first two prongs of any compliance program; to prevent and detect actions which could be fraudulent, corrupt such as bribery, or other actions which could put your company in danger. This is even more true in 2021 as the DOJ is ramping up their enforcement efforts. Lextegrity provides a continuous monitoring solution that provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk.

Miller emphasized the key is that your continuous monitoring solution should be flexible and curable to your specific company. The Lextegrity platform provides analyses that are broken out in a variety of areas to look for specific types of risk in that general risk-based area. It allows you to identify transactions that could be associated with some wrongdoing like bribery, corruption or fraud. However, what many compliance professionals struggle with is separating the wheat from the chaff. In other words, they are bogged down in the details of a transaction such as gifts, travel and entertainment (GTE) spend, lack of approvals on discounts or third-party issues and do not have the ability to step back and look at a bigger picture.

This is where the Lextegrity platform is so powerful. It allows a deep dive into each step in the cycle, such as QuoteToCash and ProcureToPay, so that each part of the transaction can be seen. How can you both see the dots and connect the dots in a more macro view of risk? Miller said Lextegrity is thinking about that bigger picture of risk is because many customers are looking to connect the dots. What the Lextegrity solution provides is “to bring in that transactional data in as robust of a fashion as possible.” I asked him for an example. Miller said, “I’ll give you an example with vendor spend. When we look at that vendor spend data coming from SAP or Oracle, we’re not just bringing in the payment, we’re actually bringing in the payment that was made across eight different invoices. And then from each one of those invoices, we’re digging into the actual invoice detail that came along with that, the invoice line-item detail, the purchase order information, as well as the purchase requisition details at every one of those steps of the business process.” While each view could provide a small amount of detail that could be relevant from a risk perspective, it may not go into this identification of risk in that transaction as a whole. However, when you add “information coming from the financial side of the house, this provides accounts which can impact an organization from an expense perspective as there “lot of good clues there.”  But then you can supplement that data with other information, such as information from the Human Resources (HR) master file. This allows you to look at who approved the Purchase Order (PO) who requested the purchase requisition and then who approved the ultimate payment or invoice, and how does your network look in regard to the overall transaction. This allows a much more holistic approach to the overall data.

We concluded by considering what connecting all these dots might look like. Miller said that by  “connecting the dots of risk you start to see other things happen, you catch an exception in this area and now you say, well, so-and-so was a major part of that. Let’s see what else they’ve touched in this area or looking at the cross impact between employee spend and vendor spend, and then be on that in the compliance space”. You can also cross-reference hotline reports, due diligence metrics, audit reports, training completion data and indeed “all this other program information that compliance has a hand into that can feed into this transactional data.” It can truly provide to you the broadest look at your compliance risk.

Join us tomorrow where we explore pre-approvals and third-party due diligence with Kara Bonitatibus.

For more on Lextegrity, check out their website here.

Categories
Popcorn and Compliance

Falcon and the Winter Soldier, Episode 4


In this special podcast series, One Stone Creative co-founder Megan Dougherty and Tom Fox, the Voice of Compliance indulge in their love of all things MCU by watching and discussing the Falcon and the Winter SoldierIn this episode we look at episode 4 of the series currently running on the Disney channel.

  1. Synopsis
  2. Cookies and other Cool Stuff

The Whole World is Watching
Deprograming in Wakanda
What does the serum do?
Super Heros and Supremacist
Turkish Delight
The two Captain Americas and Rage
3.  Discussion
Does look like Sharon Carter is the Power Broker. Or is she?
How far will the flag smashers go?
Sam and Karli-are they closer in spirit than is obvious?
Should Zemo face justice in Wakanda? Are the Dora Milaje now bounty hunters?
Is the new Captain America damaged goods?

Categories
Cordery

Cordery Head to Head @ Home: Claudia Natanson on Current Cyber Threats – Phishing & Ransomware


In this edition of Cordery Head to Head @ Home Cordery’s Jonathan Armstrong talks to Claudia Natanson.  Claudia is the former Chief Security Officer of The Department for Work and Pensions (DWP) the UK’s largest Government department.  Prior to that, she had a distinguished career as a security professional and Chief Information Security Officer at blue-chip organizations including Diageo and BT.
Claudia and Jonathan talk about:

  • how Claudia first became involved in cybersecurity.
  • current threats including phishing and cybersecurity and the rise of criminal activity during the pandemic.
  • the importance of human behavior in dealing with those threats.
  • the future of cybersecurity and how the profession might become more diverse.

You can find out more about Claudia here http://securitypractitioners.com/Aboutus.aspx
Jonathan and Claudia also discuss the Blackbaud ransomware attack.  There is more on this here: https://bit.ly/blackcrack.
You can find out more about Cordery and its work here https://www.corderycompliance.com/.
You can also read about current issues in dealing with the pandemic here https://www.corderycompliance.com/category/covid19/
You can also find out more about Cordery’s experience of cybersecurity issues here https://www.corderycompliance.com/category/cyber-security/
You can view more Cordery Head to Head interviews here www.bit.ly/corderytv.
 

Categories
Compliance Into the Weeds

Cybersecurity, ERP and Compliance


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into the type of cybersecurity risk where ERP software is compromised due to a bug or other vulnerability. Some of the issues we consider are:

  • What are two types of cybersecurity risk?
  • How does this second type of risk impact ERP systems?
  • What are the compliance implications? Internal Audit? Crop Governance?
  • What steps can a CISO take?
  • What does this mean for compliance officers?

 Resources
Matt’s blog post on Radical Compliance: 
More on Cybersecurity, Compliance Risk

Categories
Daily Compliance News

April 14, 2021 the Ishaguro and the Workplace edition


In today’s edition of Daily Compliance News:

  • What is imperfect sustainability? (FT)
  • What does ESG mean, really? (FT)
  • Ishaguro and AI at the workplace. (FT)
  • Get ahead of change. (FT)
Categories
Digging Deeper

Digging Deeper Episode 6: One-on-One with Jules Kroll


Jules Kroll is widely credited as the founder of the modern corporate investigations industry, and this episode goes behind the scenes of Jules’ career. What are some of the cases that stick out in his mind over the course of his career? What are the biggest changes for the industry, where is it heading, and what makes a good investigator? Guest host Bob Brenner interviews Jules on this and more in Episode 6 of Digging Deeper.
 

Listen to more episodes of Digging Deeper:

Digging Deeper, an investigative podcast series by K2 Integrity, helps shine a light on the investigations industry as few can: via the real-world, exceptional practitioners who, day in and day out, conduct this work across sectors and around the globe. Listen in to each episode where guests explore unique cases and share what they uncovered along the way to crack the code for clients. Learn more by clicking here, or subscribe on Apple PodcastsSoundCloudSpotify or Stitcher
 

Categories
The Compliance Life

Jonathan Kellerman – Early Professional Career


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Jonathan Kellerman, Partner at StoneTurn and former CCO at Allergan. When Coopers merged with PriceWaterhouse to form PwC, Kellerman continued his health care consulting work. He worked under John Dugan, a health care industry, compliance veteran. While at PwC, he launched two industry leading global advisory practices for compliance management in health care, pharmaceuticals and life sciences. He also worked with Brent Saunders, another health care industry, compliance veteran.
Resources
Jonathan Kellerman LinkedIn Profile
Jonathan Kellerman StoneTurn Profile
StoneTurn

Categories
Innovation in Compliance

Smart Automation for Risk Management: Part 2, Risk Monitoring With Data Analytics


Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We will look at the Lextegrity Product Suite, take a deep dive into continuous risk monitoring, consider pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 2, I begin a two-part exploration Miller about risk monitoring with data analytics.
We began with a discussion about what a continuous monitoring solution is. Miller said that it “provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk in their enterprise.” The Lextegrity application “features a library of dozens of prebuilt risk data analytics across a spectrum of focuses. We have risk-based statistical behavioral and policy-based, but really the key to our analytics is they are so configurable and contextual to your specific risks or your lines of business or the historical issues that your organization may have had so that the risk algorithm is actually tailored to your business and your exposure and not, um, some static configuration.” It can connect to a wide variety of EPR systems such as SAP, Oracle, Concur, Workday and others.
The Lextegrity approach is different as it is focused on prioritizing your efforts within this monitoring of spend and revenue data, seeing the full context of the transaction and its risk results altogether, so that you can focus on the risk of that as a whole. It also is more risk focused and less control focus. Miller related that the Lextegrity “scoring algorithm is calculated at an aggregated level across multiple analytics to help you cut on the false positives and the noise as well as to then better prioritize your transactions in line with risk parameters that you set.” The solution connects with our approval workflows, our pre-approval tool, as well as workloads within this specific tool, enabling specific analytics, such as validating your approved amounts, against your actual amounts and those people that you actually said you were going to pay is who you paid.
The Lextegrity solution can also take your third-party due diligence results and increase the risk scores of transactions with “high risk-third parties, as well any low risk third parties which are showing up in high-risk expense categories, beyond transactional risk scoring and highlighting the higher risk transactions for further review.” All of this allows the compliance professional to go “in and actually explore your data with that augmented risk detail and drill into different dimensions of your data, maybe geographic, maybe a subject, or a specific subject type or that spend nature.” All down into the actual transactional level of data.
We next turned to the differences between key performance indicators (KPIs) metrics. Metrics are more generally seen as specific data points, whereas KPIs are really metrics that are closely tied to and tracked against specific goals. Miller explained, “we might have a metric that is number of trainings completed last month. The KPI might be that we have at least 90% of trainings completed at any point in time. With that we can take our measurement manipulated into more of a KPI based on what our goal might be.” The Lextegrity software has a way to look at these KPIs and metrics, all within the compliance scorecard, as well as within the risk insights platform, where you can see a variety of metrics and KPIs.
This allows the compliance professional to literally go beyond the metrics/KPIs and into data analytics. Miller explained, “when we talk about analytics, these are focused on positioning data, to be more valuable to the end user analytics, making it easier to identify something specific or generating actionable ideas and insights from the data.”
Join us tomorrow where I continue my exploration of continuous risk monitoring with Miller.
For more on Lextegrity, check out their website here.

Categories
The Compliance Handbook

Culture is the Foundation with Eric Feldman and Vin DiCianni


As we witness the evolution of work environments in the new normal, what will not change is the importance of building culture. Every successful compliance program takes roots in an organization’s values and principles that determine how employees behave and approach situations. In today’s episode of The Compliance Handbook Podcast, host Thomas Fox is joined by industry experts Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI), and Eric Feldman, Senior Vice President of AMI.
✅ Major takeaways discussed in the episode:
✔️  Feldman reminds us that culture is a foundational internal control without which all other controls will fail.  The question is not “why do people commit fraud?” but “why do people comply?”
✔️ Aspire for a culture that motivates rather than just people working for compliance. Incentivize people who make decisions based on ethics and create the kind of environment that makes people want to follow the rules.
✔️ To change an entire company’s culture, you can’t just do it at the top of the organization.Leadership needs to be brought in at different levels of the organization to make it a team approach and effectively apply ethical changes.
✔️ Independent integrity monitors need to be brought in as a third-party assessment to help companies maintain a great culture proactively.
✔️  Be constantly reminded that messaging should be consistently made from the top to the bottom of the organization to establish the culture.
✅ The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan 
This chapter of this unique work lays out a succinct yet thorough one month approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, each chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
✅ Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
✅ In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:

  • Compliance and business ventures
  • Third-party risk management
  • The Board’s Role in Compliance
  • Continuous improvement
  • Compliance innovation
  • And much more

✅ Incorporating Current Government Pronouncements
The Second Edition incorporates the most current government pronouncements governing best practices compliance programs, including the 2019 Evaluation of Corporate Compliance Programs released by the Fraud Section of the Department of Justice, and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; and the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust.
eBooks, CDs, downloadable content, and software purchases are non-cancellable, non-refundable, and non-returnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis + for further legal research options. A valid subscription to Lexis + is required to access this content.
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25