General
A Thought on Whistleblower Programs
Last week the Securities and Exchange Commission doled out a $50 million whistleblower award, the second-largest award given in the award program’s 10-year history. The money, however, isn’t the telling detail in this case. The telling detail is that the award went to two whistleblowers, who worked together to bring a misconduct case to the…
Read MoreCorporate Ethics and Voter Suppression Laws
I’ve long said that the standard corporate response to looming new legislation or regulatory moves is first to do nothing; then scramble and panic once the legislation or regulation comes to pass. Now we see Corporate America has held true to that strategy yet again, in response to Georgia’s voter suppression law. By now you…
Read MoreLessons Ever Given on Risk, Control
For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it. My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…
Read MoreThoughts From the CEOs
Gorgeous spring weather finally arrived in Boston this weekend, so like any sensible compliance enthusiast I spent that time indoors reading the 2021 PwC Global CEO Survey. We have some findings about digital transformation of business processes and risk management to discuss. For those unfamiliar with the PwC Global CEO survey, it’s an annual report…
Read MoreEthics Survey, Part II: Management Problems
Today I want to return to the 2021 Global Business Ethics Survey, released last week by the Ethics & Compliance Initiative. There’s another theme in the data that we should explore, since it has significant implications for your compliance program’s risk assessment, training, and policies. That theme: managers are more pessimistic about compliance and ethics…
Read MoreA Bright Take on FCPA Compliance
Here’s a splendid bit of research for all you FCPA aficionados: Business professors at the University of Chicago have quantified the economic benefit of corporate anti-corruption programs — by measuring, of all things, the nighttime use of electric lights in African villages near mining businesses subject to the law. The findings come from Hans Christensen,…
Read MoreWhen Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreA Hair-Raising Ransomware Story
Anyone interested in a sobering example of cybersecurity risk management and disaster recovery planning gone wrong? Because we have a doozie, courtesy of Washington’s top cybersecurity preparedness agency. CISA, the Cybersecurity & Infrastructure Security Agency, released a bulletin last Friday warning corporate organizations about the threat of ransomware. The bulletin wasn’t much (two pages long)…
Read MoreRandom Thoughts on Ethics & Compliance
Radical Compliance is taking a few days of personal leave. We’ll still have the Jobs Report and the newsletter on Friday as usual, and will be back next week. To keep you occupied until our return, we have another round of random thoughts on ethics, compliance, audit, and whatever else comes to mind. Read on……
Read MoreHeadaches on ICFR and Better Tech
My phone rang the other day, and on the line was my friend the tech vendor. He was calling to tell me about new whiz-bang software his firm is developing to identify internal control issues — and within a few minutes, we stumbled into a dilemma about effective internal controls that needs attention. Hear me…
Read More