Ideas on Auditing Organizational Culture


This week I attended another meeting of the Chief Audit Executive Leadership Forum, where the subject was auditing organizational culture. The conversation brimmed with useful ideas on how to audit and monitor this particularly intangible thing, and we’ve seen plenty of examples this year of culture gone awry. So let’s get into it. Consider Where…

Read More

Compliance Lessons: Credit Suisse vs. Wells Fargo


One big lesson for compliance and audit executives this year will be the risks that swirl around compensation and incentives. Wells Fargo will be Exhibit A in that discussion, and rightly so. Still, the more I look at the SEC’s enforcement action against Credit Suisse last week, where it fined the bank $90 million for…

Read More

10 Quick Tips on Cybersecurity, Privacy


The Society of Corporate Compliance & Ethics annual conference always provides a torrent of useful ideas and advice. I spent the first day attending several sessions on cybersecurity risks and privacy compliance. Without further delay, here is a collection of random observations I jotted down, in no particular order… Remember that one weak spot in…

Read More

Another Governance Problem Mylan Calls Out

For corporate governance and compliance thinkers, Mylan Labs is the gift that keeps on giving. Earlier this week we looked at the compensation incentives Mylan designed for senior executives—incentives that drove them to raise the price of EpiPens to punishing levels for consumers. Let’s keep pulling on that thread. It leads to some excellent questions…

Read More

More Risks With Decentralized Business: IT Projects, Culture

Last week we had a post about managing third-party risks at decentralized organizations. Today I want to revisit that subject and look at two specific issues that arise from a business structure like that—IT projects, and fostering a strong culture. Let’s begin by repeating the theme of last week’s article: decentralized organizations challenge the notion…

Read More

How to Complement Compliance Training Efforts


The other day I was talking with a compliance officer at a global pharmaceutical company, responsible for training employees from Morocco to Australia and all points in between. So, he asked, did I have any thoughts about what makes for effective compliance training? I loved his question because the compliance community talks all the time…

Read More

So You Wanna Do Compliance Analytics…


Earlier this week I eavesdropped on a webcast hosted by Financial Executives International, talking about how data analytics continues to march its way into the heart of auditing. Almost every compliance officer would say that analytics is marching its way into corporate compliance as well, but let’s be honest—the audit world is ahead of the…

Read More

Keeping Your Audit Committee Current on Risks

internal audit

I spent a lot of time these days reading audit committee charters, to see how boards address risk management. I’ll be giving a talk on that subject later this year at the Society of Corporate Compliance & Ethics annual conference, and what better way to prepare than to go straight to the raw material? How…

Read More

More on Internal Investigations, Yates Memo

Last week we looked at a recent federal appeals court ruling, Gilman v. Marsh McLennan, that affirms a considerable amount of power for compliance and legal officers conducting internal investigations. The decision has enough potential implications to warrant a follow-up post, so let’s keep going. I won’t rehash my earlier post here. Suffice to say…

Read More

In-Depth Report: A Look at Non-GAAP Metrics


One of the big messages from regulators this year has been concern about companies’ use of non-GAAP financial metrics. Well, I’m happy to say that Radical Compliance has just released one of the first in-depth reports on the subject, trying to understand how widespread use of non-GAAP metrics really is and what drives companies to…

Read More