Most, if not all, business transactions executed today touch the information technology (IT) environment at some point in their lifecycle. As organizations plan for the next calendar year, it’s logical to regard the IT risk assessment as a critical component that should be reviewed through the internal audit function.
Globalization, increased transparency of business activity, pervasive media coverage, and the growing complexity of business and business relationships have increased the ethics and compliance risks for organizations. There is greater likelihood of wrongdoing being exposed by the media, watchdog groups or government agencies or through a firm's internal systems. Illegal or unethical acts can be done intentionally by people of bad character or unintentionally by people who made decisions without full knowledge of what they were doing. The damage to a firm's reputation and the huge costs associated with fines and litigation can destroy a company. Therefore, managing for legal and ethical excellence has emerged as a critical as well as morally imperative function for all organizations.
Key Performance Measures Improving the Process
An effective business process is built on a set of well-defined and clearly-stated business objectives. These key objectives articulate the ideal performance results that the company expects from that process. To monitor a business process so that it stays focused on reaching the key objectives, the company chooses appropriate performance measures. In fact, careful selection of the performance measures takes a company a long way toward improving a business process. Thus, to build and then continually improve an effective business process, a company establishes:
“All of the blame and none of the praise”
This was how one Human Resource professional described their job in a forum on tech recruiting recently. Human Resources (HR) can be a bit of a mine field full of potential hazards and risks while searching for that perfect candidate to fill a company’s needs.
Electronic discovery (eDiscovery) refers to the process of searching, locating and securing electronic data for the purpose of using it as evidence in a legal case.
Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational oversight, increased regulatory scrutiny, and the need for an adequate control framework to guarantee proper risk management.
In November 2012, the criminal division of the U.S. Department of Justice (DOJ) and the enforcement division of the U.S. Securities and Exchange Commission (SEC) jointly released A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”). While the 130-page guide is packed with useful information and written in an approachable style free from legalese, it provides perhaps its best and most useful information beginning on page 57 in the section titled, “Hallmarks of an Effective Compliance Program.” In the in introduction to this section, the authors note that there is no such thing as a one-size-fits-all compliance program, and that it is expected that small to midsize companies’ compliance programs will very likely differ from those in place at much larger organizations. They also point out that companies may consider a variety of factors in tailoring a compliance program to their specific organizations.
Add a Comment: