‘Master of Kickbacks’ and Credit Suisse

Credit Suisse

Compliance professionals have another large FCPA enforcement action to pore over this week, thanks to the perpetually struggling Credit Suisse and several economic development loans for the country of Mozambique that were, quite literally, soaked in corruption.  The headline, announced on Tuesday, is that Credit Suisse will pay $475 million to regulators in the United…

Read More

Food for Thought From Kraft Heinz

Kraft

We have a fascinating enforcement action from the Securities and Exchange Commission to study, this time against Kraft Heinz Co., which is paying $62 million to settle charges that it committed accounting fraud with a bogus cost-savings scheme. The case is a glimpse into how strategic imperatives can pressure internal controls — and at least…

Read More

Firm Fined on Loss Contingency Failures

contingency

The Securities and Exchange Commission has fined a Pennsylvania healthcare services firm $6 million for poor internal controls that allowed the company to keep looming lawsuit costs out of the financial statements, which in turn helped the company to meet Wall Street earnings expectations. The firm in question is Healthcare Services Group ($HCSG), which provides…

Read More

Podcast: The Importance of ‘ITGCs’ 

ITGCs

Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…

Read More

Another Look at Cybersecurity Shortcomings

cybersecurity

The other week the Biden Administration issued an executive order to improve cybersecurity across the federal government. Now we have a peek at just how bad numerous government agencies are at the task — and what steps they’re likely to take to improve the situation, which could affect government contractors providing IT services. Said peek…

Read More

More on Cybersecurity, Compliance Risk

cybersecurity

We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…

Read More

Lessons Ever Given on Risk, Control 

For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it.  My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…

Read More

Lessons on Algorithms, Ethics, and Equity

algorithms

Compliance professionals searching for cutting-edge policy management mishaps, turn your gaze toward Stanford University. The mess that the medical school endured last week with its bungled distribution of covid vaccines to employees offers lessons to us all.  What happened? According to press reports and many unhappy people on Twitter, Stanford Medicine started rolling out its…

Read More

More on Goodwill, Internal Controls

goodwill

Today I want to circle back to that lawsuit the SEC filed last week against Sequential Brands for failing to impair its goodwill assets in a timely manner. It’s a glimpse of poor internal control that raises an intriguing question: How many other companies might be in a similarly precarious position?  After all, goodwill has…

Read More

A Tale: Audit vs. Compliance

My phone rang the other day; it was the U.S. compliance officer at a large global business whom I know quite well. “Hey,” he said, “you know the statistic that more than half of internal audit people have felt pressure to cover up awkward findings in their work? I have a complaint about that.” I…

Read More