Last Week’s Cybersecurity Disasters

cybersecurity

There are decades when nothing happens, and weeks when decades happen. Last week was definitely one of those latter periods for CISOs, internal auditors, compliance officers, and anyone else charged with worrying about cybersecurity. Just consider what happened last week: On Tuesday, UnitedHealth reported spending nearly $1 billion on recovery costs from a ransomware attack…

Read More

Archives, 2017: Mittens and Manual Controls

Radical Compliance is taking an off-the-grid vacation for the next 10 days, so we are reprinting some of readers’ favorite posts from the archives. The following ran in November 2017. Here at the Radical Compliance home office, every morning my job is to rouse my toddler son from bed, make him breakfast, and take him…

Read More

Notes on Effective Internal Controls

control environment

Last week I had the chance to moderate a webinar on an issue eternally flummoxing to compliance officers: building effective systems of internal control. We had great speakers who gave great advice, so as usual I took lots of notes to pass along to the rest of you here.  Let’s first appreciate why internal controls…

Read More

Lessons From Citigroup’s Fat Finger

citigroup

This week Citigroup agreed to pay $78 million to settle charges that its internal controls failed to catch a so-called “fat finger error” in 2022, when a Citigroup trader placed a gigantic sell order by mistake and sent European stock markets plunging. Compliance officers should pull up a chair; we have several lessons to learn…

Read More

Guidance on Root Cause Analysis

root cause analysis

The Public Company Accounting Oversight Board has published fresh guidance on how to perform a root cause analysis, for anyone out there who wants to understand the root of your problems.  The guidance, published Tuesday, is geared toward audit firms rather than corporate businesses, so not all the advice in its nine pages will be…

Read More

Internal Controls Come for Trump

trump

At long last, we have an internal controls and compliance angle on Donald Trump’s courtroom drama! When Trump was ordered last week to pay $355 million in damages for his civil fraud trial in New York, the judge in the case also ordered the Trump Organization to hire a director of financial compliance.  This person,…

Read More

Another Lesson on Accounting Controls

rbc

Royal Bank of Canada has settled charges with the Securities and Exchange Commission over poor accounting controls for software development, which might sound super nerdy — because it is, really — but the case also lets us ponder yet again the importance of a strong control environment. The SEC announced the case late last week.…

Read More

Is AI Leaving Your Internal Controls Behind?

AI

So everyone is freaking about artificial intelligence and its rapid deployment throughout the corporate enterprise. That brings up an important question: are companies updating their internal controls fast enough to keep pace with that AI adoption? This is on my mind because the other week Deloitte released the results of a survey that suggests no,…

Read More

Breaking Down 3M’s FCPA Case

3M

Manufacturing giant 3M Corp. is our latest addition to the annals of FCPA enforcement, agreeing last week to pay $6.5 million to resolve civil charges from the Securities and Exchange Commission that the company’s China subsidiary wined and dined government officials with tourism junkets. By now it’s an old story to compliance professionals: U.S. company…

Read More

An Internal Governance Basket Case

governance

Talk about the gang that couldn’t shoot straight: One of the largest online gun marketplaces in the United States just filed its latest annual report, and the thing is an internal controls and corporate governance catastrophe. If you’ve ever needed an example of how not to manage your governance operations, read onward. The company in…

Read More