cybersecurity

Well this is sobering stuff for internal auditors and SOX compliance professionals: a cybersecurity firm is raising alarms about flaws in the Oracle business software that countless companies use to manage their finances, which lets hackers steal or alter financial data — all undetectable by standard internal controls or GRC technology. Be warned, this is…

Read More
fraud

Compliance and audit executives looking to justify all the steps you take to fight fraud, break out your reading glasses! The Association of Certified Fraud Examiners just released a sweeping analysis of corporate fraud that suggests those measures really do pay off.  The ACFE’s 2020 Report to the Nations studied more than 2,500 cases of…

Read More
internal control

Talk about going on a bender: the SEC just fined spirits maker Diageo $5 million for forcing its distributors to buy more liquor than they needed, and then neglecting to tell investors that Diageo’s inflated sales numbers would eventually dry out.  In the world of funny numbers, what Diageo did is known as channel stuffing,…

Read More
ericsson

As everyone in the corporate compliance world knows by now, Ericsson settled its long-running FCPA case last week with $1.06 billion in disgorgement and penalties plus a compliance monitor to boot. This is a sprawling case, full of lessons for the rest of us, so let’s start with the internal controls issues enforced by the…

Read More
management override

Keeping pace with all the ethics and compliance lessons one can learn from the Trump Administration is no easy task. Nevertheless, we have yet another one: the perils of management override, as demonstrated by President Trump’s determination to keep a disgraced Navy SEAL in military service. The story evolved quickly over the weekend. It begins…

Read More
internal audit

Earlier this fall large corporations started to file annual reports that, for the first time ever, included “critical audit matters” identified by their audit firms. CAMs have been a controversial idea for quite some time, but they’re here — and now we have some early research on which subjects audit firms are flagging for CAM…

Read More
lessons

You may have seen news last week that a Swiss bank, LLB Verwaltung, paid $10.7 million to the Justice Department to settle charges of tax evasion. The deal is notable because the bank’s compliance officer had warned senior executives about the risks they were taking — warnings that senior bank executives chose to ignore. So…

Read More
lease

Confession: I love the new accounting standard for companies to report their costs for leases. Not so much because I applaud what the standard tries to accomplish (although I support that too) but rather, because implementation of the standard demonstrates so many compliance and internal control headaches today. Hear me out. The new standard —…

Read More

Microsoft has agreed to pay $25.3 million to settle FCPA charges against subsidiaries in Hungary, Saudi Arabia, Thailand, and Turkey — the latest in a long line of cases where poor procedures to document sales discounts offered by local resellers paved the way for bribery of foreign government officials.  Microsoft will pay $16.5 million to…

Read More
controls

Last week I had a post about an SEC enforcement action against rent-to-own retailer Conn’s, where the SEC dinged Conn’s for using manually updated forecasting tools to estimate customer credit risk. Executives had low-balled their estimates for years, until that short-sighted maneuver finally forced the company to cut earnings and the share price tanked. Today…

Read More