Tag: continuous controls monitoring

Categories
Compliance Tip of the Day

Compliance Tip of the Day – CCM is Essential for 2025 Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review Continuous Controls Monitoring (CCM), a requirement for the 2025 risk management professional.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Who Owns Transactions and Controls Monitoring? Lessons for Compliance Professionals

In his recent article, Who Owns Transaction and Controls Monitoring? published in Fraud Magazine, author Vince Walden explored the challenges of assigning responsibility for transaction and control monitoring within organizations. He emphasized the risks of assuming “someone else” is responsible for fraud detection and prevention, particularly within high-risk areas like accounts payable, accounts receivable, and employee expenses. This issue is both a wake-up call and a call to action for corporate compliance professionals. Here are the key lessons from the article and how compliance professionals can implement them in their programs.

Establish Ownership of Fraud Risk Management

One of the central themes is the importance of clearly assigning responsibility for fraud risk management across the organization. Walden cited the Fraud Risk Management Guide’s recommendation that one executive-level member of management be assigned ultimate responsibility for the fraud risk program. This clarity is essential to ensuring accountability and effectiveness.

You can establish this critical element by appointing a dedicated executive to lead your effort. Identify a senior executive sponsor, such as the Chief Compliance Officer (CCO) or Chief Risk Officer (CRO), to oversee the fraud risk management program. This individual should have a comprehensive understanding of fraud risks and process-level controls. The next move is to formalize a governance framework by creating a fraud risk management committee that includes leaders from compliance, finance, HR, IT, internal audit, and other key departments. Ensure this committee meets regularly to review risks and oversee fraud prevention initiatives.

Embrace a Multidisciplinary Approach

Walden highlighted the value of a committee-based, multidisciplinary approach to fraud risk. This structure fosters collaboration and ensures that diverse perspectives are brought to bear on identifying and mitigating fraud risks. Engage multiple stakeholders across multiple corporate functions. Bring together representatives from functions such as internal audit, compliance, legal, finance, and IT to collaborate on fraud detection and prevention strategies. Next, develop cross-functional training to provide fraud awareness training tailored to the unique responsibilities of each department, ensuring that everyone understands their role in mitigating fraud risks.

Align with the Three Lines Model

The “Three Lines Model,” updated by The Institute of Internal Auditors (IIA), provides a framework for distributing fraud risk management responsibilities. Walden underscores the importance of leveraging this model to enhance accountability and effectiveness. The three lines are:

  • First Line. Operational managers and staff should focus on implementing fraud prevention controls in daily processes.
  • Second Line. Compliance and risk management professionals should provide oversight, monitor emerging risks, and design advanced fraud detection tools.
  • Third Line. Internal audits should independently assess the effectiveness of fraud prevention and detection efforts.

The key is effective collaboration. You must ensure seamless communication and coordination among the three lines to prevent gaps in oversight.

Leverage Data and Technology

Walden emphasized the critical role of data-driven monitoring in ineffective fraud prevention. He noted that relying solely on internally generated data, such as surveys, is insufficient. Instead, organizations must analyze transactional data from enterprise systems and external sources. There will be a need for some investment, as you will need to deploy advanced compliance analytics platforms that can process data from enterprise resource planning (ERP) systems, accounting software, and third-party due diligence systems. Implement tools that provide real-time insights into transactional data, identifying unusual patterns or red flags indicative of fraud. Develop in-house expertise by training compliance teams to analyze and interpret complex datasets, enabling them to identify fraud risks proactively.

 Cultivate a Culture of Accountability

Fraud prevention is most effective when it is embedded within the organizational culture. Walden noted that visible and engaged leadership is critical to fostering such a culture. Once again, the fundamental ‘Tone at the Top’ must be set. Senior leaders should regularly communicate their commitment to ethical behavior and fraud prevention. This could include messages from the CEO or board-level discussions on fraud risk. Public recognition should be given to your organization’s Fraud Champions. The Department of Justice’s recommendations on monetary awards under anti-corruption compliance are equally valid in the anti-fraud realm, as you should reward employees who identify and report fraud risks, reinforcing the importance of vigilance and accountability. In training, fraud awareness should be integrated into onboarding by making fraud prevention a core part of employee onboarding and ongoing professional development.

Ensure Proactive Monitoring and Response

Walden stressed that fraud risk management cannot be reactive. Compliance professionals must take a proactive approach, using data and technology to monitor risks continuously. It begins and continues with regular fraud risk assessments to identify high-risk areas and prioritize monitoring efforts. Using these timely fraud risk assessments, develop a robust risk management response plan to ensure your organization has clear protocols for investigating and addressing suspected fraud, including escalation procedures and communication plans.

Final Thoughts

Walden’s insights powerfully remind us that fraud risk management is a shared responsibility. Compliance professionals can play a pivotal role in protecting their organizations from fraud and other risks by adopting a multidisciplinary approach, leveraging data-driven tools, and fostering a culture of accountability.

To be effective, these strategies must be implemented thoughtfully and consistently. Start by assessing your current fraud risk management framework and identifying gaps. Then, build on these lessons to create a program that meets regulatory expectations and strengthens your organization’s resilience against fraud. As Walden succinctly puts it: “If it isn’t you, an anti-fraud professional, who monitors and oversees high-risk transactions, then who should it be?” This is a question every compliance professional must ponder and address proactively.

Categories
Data Driven Compliance

Data-Driven Compliance: The DOJ Mandate on Transforming Compliance Through Data Analytics and AI with Vince Walden

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Vince Walden, founder of KonaAI, the sponsor of this podcast, returns to talk about the recent speech by Nicole Argentieri and the release of the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP).

Walden shares insights from the Nicole Argentieri’s keynote and ECCP update, emphasizing the DOJ’s focus on data access in compliance. We explore the importance of utilizing both compliance and business data for effective fraud and risk management. Walden underscores the necessity for compliance professionals to collaborate with internal audit and finance departments, advocating for a risk-based approach to data analytics and continuous controls monitoring. The discussion also delves into leveraging AI and machine learning to improve compliance efficacy and overall business operations, arguing for the proportional allocation of resources to match the company’s sophistication level.

Key Highlights:

  • DOJ’s Focus on Data Access
  • Understanding Compliance Data Analytics
  • Training Compliance Officers on Data
  • Implementing Continuous Controls Monitoring
  • Cost Savings and ROI in Compliance
  • Proportionate Resource Allocation
  • Documentation and Transparency

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Bre-X Mining Scandal: Part 6 – A Guide for the 2024 Compliance Professional (Part 2)

Today, we conclude a multipart blog post series exploring one of the biggest corporate scandals of the 1990s, the Bre-X mining scandal. Our most recent blog post explored the foundational lessons from the Bre-X scandal for today’s compliance professionals, focusing on due diligence, transparency, corporate governance, and more. In today’s concluding blog post,  we focus on additional critical areas where compliance officers can play a pivotal role in ensuring organizational integrity. From fostering a strong whistleblowing culture to leveraging modern technologies for continuous monitoring, these strategies will help prevent financial fraud, uphold ethical standards, and do business in compliance into 2024 and beyond.

The Role of Whistleblowing and Ethics Programs

A lack of transparency and accountability within Bre-X contributed to the persistence of fraud for years. If a robust whistleblowing mechanism had been in place, the red flags might have been raised earlier, potentially preventing the massive fallout.

  • Encouraging Whistleblowing. One of the most critical aspects of modern compliance is creating a culture where employees feel empowered to speak up without fear of retaliation. Compliance officers should focus on building and maintaining secure, confidential channels where employees can report unethical or suspicious activities. A strong whistleblowing framework protects the organization from reputational damage and demonstrates to employees that integrity is a top priority.
  • Ethics Training. In addition to promoting whistleblowing, regular ethics training can help build a culture of transparency and accountability. Employees must be educated on the importance of ethical decision-making and how their actions contribute to the company’s long-term success. Compliance teams can reinforce the core values of honesty and integrity across the organization through frequent workshops, case studies (including Bre-X), and clear guidance on ethical behavior.

Risk Management and Scenario Planning

The Bre-X scandal is a stark reminder of the importance of comprehensive risk management. The ability to foresee potential risks and prepare accordingly can be the difference between averting a disaster or getting caught in one.

  • Assessing and Mitigating Risk. Risk management is central to the work of a compliance officer. Rigid risk assessments are non-negotiable in industries like mining—where speculation, large financial stakes, and geographical challenges intersect. Compliance professionals must develop strategies that identify, assess, and mitigate potential risks early, whether they stem from operational, financial, or reputational sources. For instance, resource overestimation, as seen in Bre-X, could have been mitigated with proper checks on geological data and third-party verification.
  • Scenario Planning. Preparing for various fraud scenarios, including “what if” situations similar to Bre-X, is a valuable exercise. Scenario planning enables organizations to consider how they would respond in the event of fraud or a major compliance breach. Companies should develop detailed crisis management plans, identify key decision-makers, and outline steps for navigating potential crises. In the event of another large-scale scandal, having these contingency plans in place will reduce the organization’s response time and limit damage.

Continuous Controls Monitoring and Auditing

The importance of continuous monitoring cannot be overstated, particularly in industries prone to high levels of fraud, such as mining, finance, or healthcare. Compliance professionals must champion ongoing oversight to ensure early detection of potential issues.

  • Ongoing Oversight. Continuous auditing of processes and transactions is an effective way to catch problems before they escalate. In the Bre-X case, regular audits of geological sample reporting and financial disclosures could have flagged discrepancies early on. Compliance teams today should implement robust monitoring programs that examine critical areas like financial performance, regulatory adherence, and ethical behavior. Routine audits of key operational processes, especially in high-risk industries, can prevent fraudulent behavior from going undetected.
  • Use of Technology. The rise of data analytics and artificial intelligence (AI) has transformed the compliance landscape. In 2024, compliance professionals must embrace technology that enhances real-time monitoring capabilities. By leveraging AI and big data, companies can detect anomalies or suspicious activities before they evolve into significant problems. For example, automated systems can track financial reporting patterns or identify irregular resource estimates, helping compliance teams intervene before major fraud occurs.

Global Considerations and Jurisdictional Awareness

In today’s globalized business environment, companies often operate in multiple countries, each with its regulatory requirements. Compliance professionals must stay abreast of international standards and ensure the organization complies with all regions.

  • Navigating International Regulations. The Bre-X scandal highlighted the complexities of operating in different jurisdictions. While Bre-X was a Canadian company, much of its fraudulent activities occurred in Indonesia, and the regulatory landscape vastly differed between the two countries. In 2024, compliance officers must develop an in-depth understanding of the regulatory environments in each jurisdiction where their company operates. This includes legal compliance and cultural and business norms that could impact operations and risk management strategies.
  • Cross-Border Cooperation. In an interconnected world, no company is an island. Regulatory bodies across countries are increasingly cooperating on compliance and enforcement efforts, especially in mining, finance, and pharmaceuticals. Building relationships with regulatory agencies in different jurisdictions is vital for compliance professionals. These partnerships can help organizations navigate complex international regulations and stay on top of emerging global compliance trends.

The Bre-X scandal was a watershed moment for the mining industry and for compliance professionals across sectors. The lessons from this case are invaluable in shaping how compliance is approached in 2024. Compliance officers can safeguard their organizations from the devastating consequences of fraud by encouraging a culture of whistleblowing, implementing comprehensive risk management practices, leveraging technology for continuous monitoring, and understanding global regulatory landscapes.

Fraud prevention is a continuous journey that requires vigilance, transparency, and a proactive mindset. Today’s compliance professional’s responsibility is not just to respond to incidents but to anticipate them, fostering a corporate culture prioritizing ethics and accountability at every level. This concludes our series on the Bre-X scandal. By learning from the past, compliance professionals can build a more resilient, transparent future for their organizations.