Archive for the ‘Technology and Tools’ Category

Does Wikileaks Support Corporate Whistleblowers?


Is this the norm for Whistleblowers?

For those who did not read my previous post about, here is an explanation of what Wikileaks does, copied from their website:

“Wikileaks is an uncensorable version of Wikipedia for untraceable mass document leaking and analysis. It combines the protection and anonymity of cutting-edge cryptographic technologies with the transparency and simplicity of a wiki interface.

Wikileaks looks like Wikipedia. Anybody can post comments to it. No technical knowledge is required. Whistleblowers can submit documents anonymously and untraceably. Users can publicly discuss documents and analyze their credibility and veracity. Users can discuss the latest material, read and write explanatory articles on leaks along with background material and context. The political relevance of documents and their veracity can be revealed by a cast of thousands.

Wikileaks incorporates advanced cryptographic technologies to ensure anonymity and untraceability. Those who provide leaked information may face severe risks, whether of political repercussions, legal sanctions or physical violence. Accordingly, sophisticated cryptographic and postal techniques are used to minimize the risks that anonymous sources face.”

Now that you know what they do, the excerpt below copied from the Wikileaks  “About” page at provides information on Wikileaks views regarding Corporate Whistle blowers.    I believe that the work these folks are doing will likely have a far reaching impact on our professions, corporate ethics, fraud investigations and governance in general.   Read and reach your own conclusions:

“Does Wikileaks support corporate whistleblowers?

It is increasingly obvious that corporate fraud must be effectively addressed. In the US, employees account for most revelations of fraud, followed by industry regulators, media, auditors and, finally, the SEC. Whistleblowers account for around half of all exposures of fraud.

Corporate corruption comes in many forms. The number of employees and turnover of some corporations exceeds the population and GDP of some nation states. When comparing countries, after observations of population size and GDP, it is usual to compare the system of government, the major power groupings and the civic freedoms available to their populations. Such comparisons can also be illuminating in the case of corporations.

Considering the largest corporations as analogous to a nation state reveals the following properties:

1. The right to vote does not exist except for share holders (analogous to land owners) and even there voting power is in proportion to ownership.
2. All power issues from a central committee.
3. There is no balancing division of power. There is no fourth estate. There are no juries and innocence is not presumed.
4. Failure to submit to any order may result in instant exile.
5. There is no freedom of speech.
6. There is no right of association. Even romance between men and women is often forbidden without approval.
7. The economy is centrally planned.
8. There is pervasive surveillance of movement and electronic communication.
9. The society is heavily regulated, to the degree many employees are told when, where and how many times a day they can go to the toilet.
10. There is little transparency and something like the Freedom of Information Act is unimaginable.
11. Internal opposition groups, such as unions, are blackbanned, surveilled and/or marginalized whenever and wherever possible.

While having a GDP and population comparable to Belgium, Denmark or New Zealand, many of these multi-national corporations have nothing like their quality of civic freedoms and protections. This is even more striking when the regional civic laws the company operates under are weak (such as in West Papua, many African states or even South Korea); there, the character of these corporate tyrannies is unobscured by their civilizing surroundings.

Through governmental corruption, political influence, or manipulation of the judicial system, abusive corporations are able to gain control over the defining element of government — the sole right to deploy coersive force.

Wikileaks endeavors to civilize corporations by exposing uncivil plans and behavior. Just like a country, a corrupt or unethical corporation is a menace to all inside and outside it.”

I’ve heard calls for reforms in the board room, but what these folks are talking about goes a little beyond that!


Wikileaks Plans to Make the Web a Leakier Place

letters in stone
Image by myfear via Flickr

This may be one of the most revolutionary events in the history of Corporate Governance, since the SEC was established.    It will be interesting to follow how this service unfolds around the world and here at home.

Here is an excerpt of the article:

“IDG News Service –, the online clearinghouse for leaked documents, is working on a plan to make the Web leakier by enabling newspapers, human rights organizations, criminal investigators and others to embed an “upload a disclosure to me via Wikileaks” form onto their Web sites.

The upload system will give potential whistleblowers around the world the ability to leak sensitive documents to an organization or journalist they trust over a secure connection, while giving the receiver legal protection they might not otherwise enjoy.

“We will take the burden of protecting the source and the legal risks associated with publishing the document,” said Julien Assange, an advisory board member at Wikileaks, in an interview at the Hack In The Box security conference in Kuala Lumpur, Malaysia.”

To read the complete article, from, please click the link below:

Shared via AddThis

Related article:

Enhanced by Zemanta

Book Review: “Excel for Auditors” by Bill Jelen & Dwayne K. Dowell

Calle Fuencarral, Madrid, España
Image by via Flickr

There are still a good number of Auditors in the field who are technologically challenged.    These folks may even be unfamiliar with the ACL product and cringe at the idea of having to analyze AP or AR tables when provided in database or spreadsheet format.   I have met a good number of these people and found that in many cases their “analytics phobia” is due to poor or non-existing training in basic Auditor analytical skills.   However, these folks almost all have some basic to intermediate level Excel spreadsheet capabilities which can be used as the basis for training them in more sophisticated analytical methods.   The Excel for Auditors book, from Holy Macro! Books, provides a perfect tool to teach new auditors and technologically challenged ones, some key high value Excel functions.

Using the book as a training outline, accompanied by a PowerPoint presentation, I developed an intermediate level training class of two two hour sessions, which successfully helped many new auditors break their fears of spreadsheet analytics and taught a few old dogs new tricks.

Ofcourse, most of the Excel functions presented in the book are found in ACL’s integrated environment, and those who have ACL should instead focus on using that product, but for those who do not have ACL, the best option is to use a spreadsheet like Excel (and develop good analytical skills in it).

Excel for Auditors is 212 pages and contains the following chapters:

  • Copying a Worksheet
  • Showing Numbers in Thousands
  • Quickly Seeing Sum or Average
  • Adding Subtotals
  • Quickly Filling a Series
  • Using a Fixed Value in your Formula
  • Replacing a THousand Formulas with One
  • Highlighting Outliers
  • Turning your Data on its Side with Transpose
  • Joining Text
  • Looking up Data
  • Sorting your Data
  • Dealing with Dates
  • Analyzing Data with Pivot Tables
  • Analyzing Results by Date
  • Creating a Random Sample from a Datasheet
  • Finding and Analyzing Records Using AutoFilter
  • Formula Auditing
  • Matching Two Lists
  • Finding Duplicates or Unique Values
  • Finding Missing Dates in Data
  • Automating Excel with VBA

I recommend the book as a training tool and as a reference to keep in an audit library.  If used properly, it can help the technologically challenged auditor to overcome some of his/her fears of Excel analytics and that by itself is an extremely valuable thing.

Excel for Auditors is not intended to be a power user’s book.   If you are a user who enjoys writing Visual Basic scripts well past midnight, if you’re a Nerd or a tinkerer/techie, then this book is not for you.   Excel power users are usually insulted by books under 300 pages and do not consider an application “well covered” unless the book is at least 974 pages long!  Most auditors I know are not Nerds, tinkerers or techies and simply need a quick and to the point aid on how to achieve results, and this book does that well.

The book can be purchased from the Today’s Audit Journal bookstore for under $20.00.

Enhanced by Zemanta

White Paper: A Wiki-Induced Stimulus for Knowledge Management

La Fée Electricité
Image by Feuillu via Flickr

One of the most difficult problems faced by organizations and Internal Audit departments (especially those with a geographically dispersed staff) is poor communications and a lack of knowledge transfers. The silo problem adds to this, where some groups or individuals adopt ownership of critical knowledge and “unofficially” hold the department hostage by not sharing information, or not doing it in a “timely manner.” This culture also encourages informal communications, where instructions and/or directives are verbally passed, resulting in high rates of forgetfulness, especially in times when the validity of the directive is in question.

In an Internal Audit scenario, the challenge in solving these problems lies heavily with Chief Audit Officers, and those they report to.  This is so mostly because these folks are not technologically savvy, and are inexperienced in the deployment, use and maintenance of enterprise solutions. Although, Internal Audit is often at the forefront of advocacy towards the adoption of improved technologies in the organization as a whole, more often than not it is one of the most antiquated and inefficient departments, with little understanding of the very things they advocate for. If you add to this the traditional clashes that take place between the typical IT Department and Internal Audit, you quickly realize that rolling out anything beyond a complex Excel application for the field auditors is a real challenge.

So, how do you begin to solve the problem of poor communications and information silos? A Wiki is in my opinion a good starting point. If you do not know what a Wiki is, then go to and play around with it…. its the highest profile Wiki in the world, one maintained by thousands of non-technical users every day.

The idea of the Wiki is akin to a sponge. It absorbs user information which can then be squeezed out at any time by anyone with access to the application. It is not a database, because it can be free-form, and it is usually learned in less than 30 minutes. Because of this ease of use, Wiki’s are now becoming the main internal repositories of knowledge at many universities and research centers. They are replacing traditional archives and document warehouses.

Because of the simplicity of the Wiki, most IT Departments have few problems implementing them, and because they are normally maintained by non-technical users, there is little need for a dedicated technical staff to support them. Wiki’s are also inexpensive, run over SSL on the web for security and most support RSS, Twitter and other communication services. This should ease the “tensions” normally put up by IT departments when new deployments are proposed.

As we see the unfolding of new Enterprise Risk Management (ERM) requirements from the US Congress, and the increasing need for cooperation among Internal Audit, Risk Management, Legal, Compliance and Governance, it is clear that those organizations with entrenched silos and internal communication problems will have very difficult times transitioning and keeping controls over the new ERM processes. Emails, memos and endless meetings (the traditional approaches)do not have the “stickiness” to sustain and encapsulate the types of information and data needed to keep an effective ERM program moving forward from year to year.   A Wiki does.

My advice to those organizations and Internal Audit departments experiencing communication problems, and preparing for an increased role in ERM is to consider a Wiki as soon as possible.

The link below will take you to a White Paper posted by eTouch, in the site, which provides a good discussion on how to use their Wiki:

To experiment with a free (ad supported) Wiki you can visit the site.   They are one of the largest free Wiki providers.

There are many commercial Wiki vendors aside from eTouch.  One that has obtained a lot of recent publicity is which offers a variety of packages for businesses of all sizes.

Shared via AddThis

If you look closely at the photo above you will be able to tell its a photo of a managing director from one of the Big Four accounting firms.   She is surrounded by visual stimuli in a Carlos Castaneda type trance, asking the motherly spirits to explain why she makes so much money while hardly working and being a complete &%$#@ to everyone around her.  Any resemblance to anyone you may know is completely unintended.

Enhanced by Zemanta

Independent Tester: Microsoft’s Security Essentials ‘Very Good’

Mainframe computer
Image by scriptingnews via Flickr

Sometimes when people read about Microsoft products being “independently tested” there is a funny feeling that perhaps Microsoft owns the testing company or somehow “helped” the testers reach the favorable results.    My simple investigation of the website for this German testing company did not indicate any links to Microsoft, and the test results cited seem impressive.   As with all Microsoft products, versions 1 and 2 are always buggy, but this thing is free for goodness sake!   The excerpt below from gives a decent idea of the product.  To read the entire article click on the link at the bottom of the post:

“Germany-based tested Security Essentials, the free software Microsoft shipped Tuesday, on Windows XP Service Pack 3 (SP3), Vista SP2 and the final code of Windows 7, against two different collections of malware, said Andreas Marx, one of the firm’s two managers.

The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. “All samples were successfully detected and blocked during our on-demand and on-access tests,” Marx said in an e-mail today.

The second test sicced Security Essentials on a much larger set of malware. Of the 545,3444 malware samples in that collection, Microsoft’s software nailed 536,535, resulting in what Marx characterized as a “very good detection score” of 98.4%.

In a follow-up test of adware and spyware detection — Security Essentials also includes anti-spyware scanning — Microsoft’s software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.

This is the second time that has run Security Essentials through the mill; when Microsoft launched a limited preview in June, the group tested the beta. Then, the free software also breezed through the WildList , spotting every sample in the 3,200-plus set.

Security Essential’s final version also successfully identified and deleted all 25 rootkits threw against it, Marx said.

But there were some things that Microsoft’s program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don’t rely on specific “fingerprint” signatures to match against a potential threat. Security Essentials lacks any such technology….”

For the full article from click the link below:

Shared via AddThis

The photo above shows one of the controlled tests done at a secret laboratory, which confirmed for ever, that free software costs more than the expensive packages sold by the major vendors.   But, they often have equal or better features.   Thank goodness these laboratories are around to help us understand such complex things!

Enhanced by Zemanta

Governance, Risk, and Compliance |


A well trained GRC Professional is always in demand.

If you are not familiar with the Brighttalk service, you are missing out on a great source of video and multimedia materials on the web.  It is a good training tool and visual information site for staying on top of industry changes.  Go to the link listed below and open up an account, then subscribe to the “Channel” of your choice. Mine of course, is the Governance, Risk and Compliance channel.

Shared via AddThis

Enhanced by Zemanta – Research Tool

SC_Zodiac Disk (Circling Lantern at Freer)
Image by catface3 via Flickr may be a good link to have handy when researching public companies.  But, before relying on their research, become familiar with their methodology…

Enhanced by Zemanta