General
Gloomy Stats on Workplace Misconduct
Another week, another report trying to quantify the breadth and cost of workplace misconduct. This one comes from Vault Platform, an internal reporting startup; and the rather gloomy headline here is that roughly half of all office workers in Britain and the United States have experienced some form of misconduct during their careers. Vault released…
Read MoreWhat Makes Incident Management Tick
Last week I had the good fortune to moderate a webinar on incident management programs, and I have to admit — by the end of the hour, I had a much more nuanced appreciation for the things that make an incident management program succeed. Usually when I think about incident management, my mind immediately goes…
Read MorePenalties, Monitors, and More
Last week the head of enforcement at the Securities and Exchange Commission made notable remarks about more aggressive use of monetary penalties in SEC enforcement actions. A friend of mine then asked an excellent question: Could more aggressive use of penalties also affect how companies deal with the Justice Department? For lots of compliance officers,…
Read MorePCAOB Alert on Audits, External Data
The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days. The guidance is formally titled “Evaluating Relevance and Reliability of Audit Evidence…
Read MoreThe Deeper Meaning in the Facebook Scandal
This week I’ve kept one semi-interested eye on Frances Haugen, more commonly known as the Facebook whistleblower. Her bombshells launched — the 60 Minutes interview, the testimony before Congress, the leaked documents — were all devastating to Facebook, but compliance professionals should look deeper. Haugen’s arrival on the scene portends something deeper, too. By now…
Read MoreThoughts on AI From the Audit Perspective
The other week I had a post about the risk management challenges corporations will face as they integrate artificial intelligence into business operations. Several days later, my friend the Cybersecurity Auditor called me. “Dude,” he said, “I have many issues with AI and I think we’re missing another important point here.” OK, I replied, and…
Read MoreMore ESG: Who Owns This Function?
The Society of Corporate Compliance & Ethics hosted its 2021 annual conference last week, and the agenda addressed all sorts of topics relevant to corporate compliance professionals. Everywhere you turned, however, one question seemed to worm its way into the conversation. Should the compliance function also own ESG reporting? Some people are an emphatic “no.”…
Read MoreGrappling With Artificial Intelligence
Later this week I’ll have the privilege to moderate a panel discussion on artificial intelligence at the Society of Corporate Compliance & Ethics’ 2021 conference — and as fate would have it, COSO published guidance last week on the risk management challenges around AI. So let’s dig into the subject, since clearly the universe is…
Read MoreCorporate Culture: Speak Up vs. Listen Up
The other week I had the privilege of hosting a webinar on cultivating a speakup corporate culture. Given how important that is for corporate success — and how many organizations either mishandle their speakup culture, or reject the premise that a speakup culture matters entirely — today let’s consider some of the points raised in…
Read MorePodcast: The Importance of ‘ITGCs’
Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…
Read More