Search results for: policies and procedures
Smithfield Foods and Covid-19 Controls
Businesses still struggle every day to maintain some semblance of successful operations during the Covid-19 crisis, and that struggle is about to get more challenging as countries around the world begin lifting lockdowns and re-opening economic activity as soon as this week. So what does that mean for corporate compliance programs? What are the policy…
Read MoreInternal Control and Reg FD Fails
The Securities and Exchange Commission has fined a Florida pharmaceutical firm $200,000 for violating Regulation Fair Disclosure — an offense we don’t see too often in compliance land, and therefore offers a good glimpse into the control failures that might lead to this sort of trouble. The company, TherapeuticsMD, develops hormone therapies to help with…
Read MoreDealers, Drugs, and FCPA Insight
I always welcome questions from compliance and audit professionals, and the following came to me last week: “What type of third party falls under ‘dealer’ for FCPA purposes?” The compliance officer who posed this question works at a company under settlement with the Justice Department for overseas bribery. He’s building up the company’s third-party oversight…
Read MoreSurvey, Good and Bad, on Compliance
LRN has published a new survey of ethics and compliance professionals that says employees are still fearful to report ethics violations, and that too many senior executives still aren’t promoting ethical behavior in their organizations. On the flip side, LRN also identified several characteristics of high-performance organizations that echo other industry surveys about training and…
Read MoreWhen Sanctions and Cybersecurity Collide
Compliance professionals talk constantly these days about cybersecurity, third-party risk, and sanctions compliance. Now we have an example from the news that is one headache-inducing brew of all three — and also, I fear, a harbinger of compliance and risk challenges to come. The company in question is Hikvision, a Chinese maker of security cameras.…
Read MoreOf Blown Calls and Internal Control
Effective internal control can be a difficult subject to understand, so ethics and compliance officers who hail from the legal world should be delighted right now. A great example of internal control issues gone awry fell into our laps this week from the world of sports. I speak, of course, of the blown referee call…
Read MoreThoughts on IoT and Cybersecurity Risk
This week I attended the AuditWorld 2018 conference in Las Vegas, a gathering of several hundred audit and IT security executives to swap insights about cybersecurity and internal control. I wandered into a session about cybersecurity concerns for “the Internet of Things” — and wouldn’t you know it, a conversation about policy and vendor risk…
Read MoreSEC Dings Firm on Poor Cybersecurity Policies
The Securities and Exchange Commission just hit an Iowa financial firm for poor cybersecurity, giving us another example of the policies and procedures firms should be implementing if they want to stay on the right side of this risk. The firm, Voya Financial Advisors, agreed to pay a $1 million penalty (without admitting any wrongdoing,…
Read MoreStarbucks and Policy Management Perils
Compliance officers live for policy and procedure most days. So as we study the regrettable incident of Starbucks and the Philadelphia police rousting two black men for sitting in one of the company’s coffee shops, compliance professionals should consider this point: at large organizations, a little bit of procedure can brew up lots of trouble.…
Read MoreMicrochip Meltdowns and Vendor Risk
Last week I cited the rising importance of vendor risk management as one of the big compliance events to watch in 2018. One week into the year, we have a great example of just how slippery this challenge can be. The example comes from Meltdown and Spectre, security flaws announced last week that exist in…
Read More