Gloomy Stats on Workplace Misconduct

misconduct

Another week, another report trying to quantify the breadth and cost of workplace misconduct. This one comes from Vault Platform, an internal reporting startup; and the rather gloomy headline here is that roughly half of all office workers in Britain and the United States have experienced some form of misconduct during their careers.  Vault released…

Read More

What Makes Incident Management Tick

Last week I had the good fortune to moderate a webinar on incident management programs, and I have to admit — by the end of the hour, I had a much more nuanced appreciation for the things that make an incident management program succeed. Usually when I think about incident management, my mind immediately goes…

Read More

Penalties, Monitors, and More

penalties

Last week the head of enforcement at the Securities and Exchange Commission made notable remarks about more aggressive use of monetary penalties in SEC enforcement actions. A friend of mine then asked an excellent question: Could more aggressive use of penalties also affect how companies deal with the Justice Department?  For lots of compliance officers,…

Read More

PCAOB Alert on Audits, External Data

pcaob

The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days.  The guidance is formally titled “Evaluating Relevance and Reliability of Audit Evidence…

Read More

The Deeper Meaning in the Facebook Scandal

facebook

This week I’ve kept one semi-interested eye on Frances Haugen, more commonly known as the Facebook whistleblower. Her bombshells launched — the 60 Minutes interview, the testimony before Congress, the leaked documents — were all devastating to Facebook, but compliance professionals should look deeper. Haugen’s arrival on the scene portends something deeper, too.  By now…

Read More

Thoughts on AI From the Audit Perspective

AI

The other week I had a post about the risk management challenges corporations will face as they integrate artificial intelligence into business operations. Several days later, my friend the Cybersecurity Auditor called me. “Dude,” he said, “I have many issues with AI and I think we’re missing another important point here.” OK, I replied, and…

Read More

More ESG: Who Owns This Function?

esg

The Society of Corporate Compliance & Ethics hosted its 2021 annual conference last week, and the agenda addressed all sorts of topics relevant to corporate compliance professionals. Everywhere you turned, however, one question seemed to worm its way into the conversation. Should the compliance function also own ESG reporting?  Some people are an emphatic “no.”…

Read More

Grappling With Artificial Intelligence

AI

Later this week I’ll have the privilege to moderate a panel discussion on artificial intelligence at the Society of Corporate Compliance & Ethics’ 2021 conference — and as fate would have it, COSO published guidance last week on the risk management challenges around AI. So let’s dig into the subject, since clearly the universe is…

Read More

Corporate Culture: Speak Up vs. Listen Up

culture

The other week I had the privilege of hosting a webinar on cultivating a speakup corporate culture. Given how important that is for corporate success — and how many organizations either mishandle their speakup culture, or reject the premise that a speakup culture matters entirely — today let’s consider some of the points raised in…

Read More

Podcast: The Importance of ‘ITGCs’ 

ITGCs

Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…

Read More