Mon, Nov 23, 2015

Technology's Impact on Integrity and Business Practices

Gone are the Mad Men days of two-hour extended business lunches and clients or colleagues being perfectly content to wait for a reply to their requests or questions.

Today, business lunches, when jam-packed schedules even permit, often include iPhones and BlackBerries positioned as if part of the place setting. And if you actually end up taking a few hours—or days—to respond to a call, email or instant message, you risk being considered unprofessional, unresponsive or impolite.

Smartphones, tablets, laptops, the cloud and the like have quite literally untethered employees from their desks. However, one of the most problematic tradeoffs for this “freedom” has been employees steadily bombarded with informational data points from all sides and at all times— and always under pressure to respond at a moment’s notice. This frenetic pace and fast-flowing streams of information in a highly mobile environment have created dangerous pitfalls for companies. One of the greatest of these is when members of the C-suite are less involved with the details of the business and instead rely on lower level professionals to raise critical points to their attention.

This frenetic pace and fast-flowing streams of information in a highly mobile environment have created dangerous pitfalls for companies. One of the greatest of these is when members of the C-suite are less involved with the details of the business and instead rely on lower level professionals to raise critical points to their attention.

For example, a recent news article profiled the CEO of a major publicly traded company who said he won’t open bulky spreadsheets anymore, desiring instead a synopsis of key points. This isn’t necessarily a bad thing—the CEO is on the move visiting numerous work sites and clients, working to improve the business. For this arrangement to be successful, however, requires confidence in not only the capabilities, but also the integrity of those producing the data and creating the summaries.

But of course, there’s the rub. In this new way of doing business, largely accepted across the globe as the norm, how can companies acquire that measure of confidence needed to make this system work?

First and foremost, companies must have a strong culture of ethical behavior demonstrated at all levels, both internally and externally. Management’s tone at the top is critical to the success of implementing this culture. In word and deed, they should send a consistent message that ethical behavior is a job requirement, and unethical behavior is a career-limiting choice.

Internally, staff and professionals must be vetted not only to confirm their experience and expertise, but also for integrity issues. Companies also need to develop and adhere to a robust system of internal controls, including checks and balances, so that key details and critical information gain the attention they deserve and cannot be hidden by a rogue employee seeking to embezzle funds or steal product.

Additionally, training programs and initiatives around cyber and information security, compliance procedures and ethics must be conducted and tested on a regular basis. Losing mobile devices, not properly protecting laptops while working remotely or in public places, and not password-protecting documents and other materials have all become much more common—and dangerous— since the advent of highly mobile work environments. As a result, companies have been investing heavily in security procedures, such as dual password requirements, locking of electronic devices after a shortened period of inactivity and requiring virtual private networks (VPN) use for employees’ remote Internet access.

On the external front, proper compliance procedures should include screening suppliers, vendors and other third parties for potential red flags, such as significant litigation, regulatory actions and other adverse findings relative to how the vendor or supplier conducts business. When onboarding these vital relationships, a company should also require acknowledgement of an agreement to the company’s code of conduct. Investing in conducting these compliance-related activities upfront has time and again avoided detrimental issues later on.

Yet, despite proactive training programs and highly developed internal and external controls, problems can still arise. When they do, a company needs strong resources to obtain actionable intelligence about employees or business partners in order to make smart decisions. Some recent cases illustrate the dangers of getting it wrong and how these problems could have been avoided:

A financial services company recently lost millions of dollars when a sophisticated cyber-phishing scam targeted a mid-level financial officer while senior executives of the company were at off-site meetings or on holiday break. The fraudsters were able to convince the financial officer to make multiple wire transfers out of the company to accounts in China before senior executives questioned the daily register of cash transfers. If the proper internal controls had been in place—double signatures on wire transfers, additional coverage over holiday breaks, training on potentially questionable email correspondence—the mid-level financial officer may not have moved forward with the transaction and the company might not have lost millions of dollars.

In another case, the company hired a senior employee after an executive screening check was conducted. The senior employee then hired a consultant she knew, purportedly an expert in the field, to assist with a backlog of work. However, within months, the client learned of inappropriate activity and fired both the senior executive and the consultant. Kroll’s investigation found that the senior executive’s entire work history and most of her educational history was fake, including non-existent companies she had allegedly founded and a phony doctorate degree. In addition to properly vetting both employees before onboarding, the company should have also had consistent periodic ethics training and suitable internal processes for junior employees to report ongoing concerns about these individuals. Both may have helped the company avoid costly, post-situational litigation or prevented the problem at the outset.

As the times change, we have seen many cases where misplaced confidence in people or business systems can cause long-term damage. By reaffirming a commitment to ethical behavior and implementing comprehensive policies and procedures that continually reinforce that commitment throughout the entire organization, companies can go a long way to avoiding potential harm, internally and externally.


Forensic Investigations and Intelligence

The Kroll Investigations, Diligence and Compliance team are experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.