My phone rang the other day; it was the U.S. compliance officer at a large global business whom I know quite well. “Hey,” he said, “you know the statistic that more than half of internal audit people have felt pressure to cover up awkward findings in their work? I have a complaint about that.” I…

Read More
internal control

Now that we’ve all had the weekend to contemplate the massive Goldman Sachs FCPA enforcement action from last week (because that’s how we all spend our free time, right?), let’s return to an issue that’s been on my mind since the settlement was announced.  How does a company strengthen an internal control, when that control…

Read More
goldman

All right compliance professionals, it’s here: Goldman Sachs has agreed to pay $4.3 billion to settle corruption charges for its role in the 1MDB scandal — making Wall Street’s premier investment bank responsible for the largest criminal penalty in FCPA history.  U.S. regulators announced the news today, although rumors of a settlement had been swirling…

Read More
internal control

For years regulators have talked about the importance of data analytics in enforcement actions. Now the SEC has demonstrated that point with two enforcement actions for poor internal control and earnings manipulation, driven by the agency’s in-house analytics team. So we can’t say nobody warned us.  The enforcement actions were announced Monday, against a carpet…

Read More
fcpa

Some days the WTF-o-meter just doesn’t go high enough, and such is the case with the latest FCPA enforcement action from the Securities and Exchange Commission. Fellow compliance travelers, prepare yourselves.  The SEC dinged World Acceptance Corp., a consumer loan business based in South Carolina, for a bribery operation the company’s Mexico subsidiary ran in…

Read More
Mr. Potato Head

Here’s one way to convey the importance of software patch management: a bunch of Canadian Tire retail stores had to close last week because “a downloading error” caused all purchases to be scanned at the checkout register as Mr. Potato Head.  The Toronto Star dug up this story last week. Five Canadian Tire stores in…

Read More
cybersecurity

Well this is sobering stuff for internal auditors and SOX compliance professionals: a cybersecurity firm is raising alarms about flaws in the Oracle business software that countless companies use to manage their finances, which lets hackers steal or alter financial data — all undetectable by standard internal controls or GRC technology. Be warned, this is…

Read More
fraud

Compliance and audit executives looking to justify all the steps you take to fight fraud, break out your reading glasses! The Association of Certified Fraud Examiners just released a sweeping analysis of corporate fraud that suggests those measures really do pay off.  The ACFE’s 2020 Report to the Nations studied more than 2,500 cases of…

Read More
internal control

Talk about going on a bender: the SEC just fined spirits maker Diageo $5 million for forcing its distributors to buy more liquor than they needed, and then neglecting to tell investors that Diageo’s inflated sales numbers would eventually dry out.  In the world of funny numbers, what Diageo did is known as channel stuffing,…

Read More
ericsson

As everyone in the corporate compliance world knows by now, Ericsson settled its long-running FCPA case last week with $1.06 billion in disgorgement and penalties plus a compliance monitor to boot. This is a sprawling case, full of lessons for the rest of us, so let’s start with the internal controls issues enforced by the…

Read More