Archive

Posts Tagged ‘Legal’

Response to Comments from the “Dumb Auditor” Article

Old Compass
Image by Sebastian Niedlich (Grabthar) via Flickr

To all the readers who left comments regarding the “Dumb Auditor” article.   Thank you for visiting the blog and taking time to share your excellent ideas with the group.  The “Dumb Auditor” article has been read by thousands of interested people from around the world, indicating that the issues discussed are of serious importance to our profession.  Most of your comments clearly show “battle scars” resulting from real life work situations,  making them more valuable than I ever expected.

It is also clear from your comments that auditors would like some resolution to these problems. Or, at least some structural changes in the industry that lead to diminishing auditor exposures, while they do their jobs protecting shareholder interests.  Although, many in the business world share similar situations, risks and moral dilemmas, it is the auditor who is expected to uncover fraud and other illegalities with few or no legal and financial protections for themselves.    And, few are similarly bound to maintain confidentiality about their work and the very things that often get them fired.   It is not unusual to hear Internal Auditors tell of stories where they “uncovered to much” and got fired for it, but can’t talk about it!   What does this tell us from a legal, societal and ethical perspective, and where does it put the professional organizations that are supposed to provide guidance and protections for the profession?

From the more than 30 comments left in the blog by readers to date, I am particularly impressed and grateful for the following:

1) From Felix, on November 30th.

Excellent proposals with excellent potential.  Felix discusses four items that  should be considered at the highest levels.  Item # 4 on his list is something I had thought about in the past (and, I suspect other auditors have as well), dealing with Professional Liability Insurance “provided by the PCAOB (or other body holding CFO’s/auditors to ethical/moral standards) for auditors and CFO’s. If a CFO or auditor is fired due to claimed unethical reasons, they are eligible to receive 100% of what they were making.”

There are countless types of liability insurance for professionals, such as errors and omissions for attorneys and accountants and medical malpractice.  Why not develop one that insures against wrongful dismissal of auditors, specially when the dismissal involves a dispute with management due to the normal performance of the auditor’s duties, ethical or fraud related matters?

2) From Mark Pennington, on November 30th.

I was impressed with the brevity, the directness and the underlying picturesque quality of Mark’s comments.

Disregarding his tone….  I think he is correct in that there is a very large segment in management that does not care.  Why should they?  They do not perceive to be negatively affected, and their personal bank accounts keep increasing instead of decreasing with the status-quo.

3) From Rodney Kocot, on December 2nd.

I think Rodney’s comment is the most eloquent posted in terms of describing a situation where auditors get fired for trying to do the right thing.  I think that everyone who has been an auditor for several years recognizes this type of story, either from first hand experience or because it has happened to a peer.  Unfortunately, because of confidentiality agreements and fears of being black listed, these stories rarely get out to the public or beyond auditor circles.

4) From Adis Vila, on December 5th.

I appreciate the visit from Adis, a person that has done a great deal of work in the corporate governance and ethics areas, as well as in government.

The need for “Ethics Training” is clear and I am glad someone with a strong background in this area brought it up.  However, my sense is that ethics training yields future results and it’s something that impacts entrants to the business world, with limited impact on the “old dogs” running lose right now in positions of authority.  Training someone like a Bernie Madoff in “Values” and “Ethics” would be an interesting effort probably yielding few good results.  We auditors are in the trenches dealing with societal and organizational challenges as they are now, not as they should be.  Most auditors I know view compliance training as something that goes hand in hand with ethics.

I agree with Adis that we should concentrate more on a “Values-Based” ethical culture, because I believe that as a society we dropped the ball on this one a long time ago.  I will refer to a few comments posted by Felix on November 30th which reflect my views on this issue:

“What is for sure is also that some crooks would not be crooks if society would not accept as “good” many things that are NOT good. The unfortunate relativism that we live in now a days is contrary to how the United States was founded. It was founded on deep moral principles and as a result there was a key ingredient that was not there in many other countries or societies throughout history: trust. Trust can only exist when the society is a morally correct society that has not transformed values. In other words when a bad act is considered OK by many and vice versa. The problem we are facing in the United States of today runs deeper than audits and rules.

The problem goes to the core of the humanity of our country.”

5) From Ben, on December 8th.

Ben’s comments are well thought out and clearly come from experience.   His suggestion that auditors take a more careful and inquisitive approach during their job interviews in order to improve their chances of accepting jobs in organizations that more closely reflect their ethical values, is excellent.

I also agree with Ben regarding the approach with mid-level management and the need to invest time educating folks in Risk Management.  His humorous call for prayers, relaxation and meditation techniques during audits of sales functions is also unique and worth considering!

Prior to the popularity of “Social Media,” blogs, Twitter and the web, most controversial issues impacting an industry or profession remained in a semi-secret state.  Today, they can be known to thousands of people instantly.  The power of knowledge or as they used to call it, “The Pen” is stronger than the “Sword,” and in most cases it is also stronger than the “Dollar.”  Because of this, I believe that the “Dumb” auditor article will make a positive contribution to the efforts being made to resolve the issues cited in the article.  At minimum, there will be more awareness of the problems from the perspective of the auditor.

Thank you again for visiting, reading and leaving your comments.

Enhanced by Zemanta
Advertisements

Does Wikileaks Support Corporate Whistleblowers?

whistleblower-back-stabbing

Is this the norm for Whistleblowers?

For those who did not read my previous post about Wikileaks.org, here is an explanation of what Wikileaks does, copied from their website:

“Wikileaks is an uncensorable version of Wikipedia for untraceable mass document leaking and analysis. It combines the protection and anonymity of cutting-edge cryptographic technologies with the transparency and simplicity of a wiki interface.

Wikileaks looks like Wikipedia. Anybody can post comments to it. No technical knowledge is required. Whistleblowers can submit documents anonymously and untraceably. Users can publicly discuss documents and analyze their credibility and veracity. Users can discuss the latest material, read and write explanatory articles on leaks along with background material and context. The political relevance of documents and their veracity can be revealed by a cast of thousands.

Wikileaks incorporates advanced cryptographic technologies to ensure anonymity and untraceability. Those who provide leaked information may face severe risks, whether of political repercussions, legal sanctions or physical violence. Accordingly, sophisticated cryptographic and postal techniques are used to minimize the risks that anonymous sources face.”

Now that you know what they do, the excerpt below copied from the Wikileaks  “About” page at http://www.wikileaks.org provides information on Wikileaks views regarding Corporate Whistle blowers.    I believe that the work these folks are doing will likely have a far reaching impact on our professions, corporate ethics, fraud investigations and governance in general.   Read and reach your own conclusions:

“Does Wikileaks support corporate whistleblowers?

It is increasingly obvious that corporate fraud must be effectively addressed. In the US, employees account for most revelations of fraud, followed by industry regulators, media, auditors and, finally, the SEC. Whistleblowers account for around half of all exposures of fraud.

Corporate corruption comes in many forms. The number of employees and turnover of some corporations exceeds the population and GDP of some nation states. When comparing countries, after observations of population size and GDP, it is usual to compare the system of government, the major power groupings and the civic freedoms available to their populations. Such comparisons can also be illuminating in the case of corporations.

Considering the largest corporations as analogous to a nation state reveals the following properties:

1. The right to vote does not exist except for share holders (analogous to land owners) and even there voting power is in proportion to ownership.
2. All power issues from a central committee.
3. There is no balancing division of power. There is no fourth estate. There are no juries and innocence is not presumed.
4. Failure to submit to any order may result in instant exile.
5. There is no freedom of speech.
6. There is no right of association. Even romance between men and women is often forbidden without approval.
7. The economy is centrally planned.
8. There is pervasive surveillance of movement and electronic communication.
9. The society is heavily regulated, to the degree many employees are told when, where and how many times a day they can go to the toilet.
10. There is little transparency and something like the Freedom of Information Act is unimaginable.
11. Internal opposition groups, such as unions, are blackbanned, surveilled and/or marginalized whenever and wherever possible.

While having a GDP and population comparable to Belgium, Denmark or New Zealand, many of these multi-national corporations have nothing like their quality of civic freedoms and protections. This is even more striking when the regional civic laws the company operates under are weak (such as in West Papua, many African states or even South Korea); there, the character of these corporate tyrannies is unobscured by their civilizing surroundings.

Through governmental corruption, political influence, or manipulation of the judicial system, abusive corporations are able to gain control over the defining element of government — the sole right to deploy coersive force.

Wikileaks endeavors to civilize corporations by exposing uncivil plans and behavior. Just like a country, a corrupt or unethical corporation is a menace to all inside and outside it.”

I’ve heard calls for reforms in the board room, but what these folks are talking about goes a little beyond that!

Wikileaks Plans to Make the Web a Leakier Place

letters in stone
Image by myfear via Flickr

This may be one of the most revolutionary events in the history of Corporate Governance, since the SEC was established.    It will be interesting to follow how this service unfolds around the world and here at home.

Here is an excerpt of the article:

“IDG News Service – Wikileaks.org, the online clearinghouse for leaked documents, is working on a plan to make the Web leakier by enabling newspapers, human rights organizations, criminal investigators and others to embed an “upload a disclosure to me via Wikileaks” form onto their Web sites.

The upload system will give potential whistleblowers around the world the ability to leak sensitive documents to an organization or journalist they trust over a secure connection, while giving the receiver legal protection they might not otherwise enjoy.

“We will take the burden of protecting the source and the legal risks associated with publishing the document,” said Julien Assange, an advisory board member at Wikileaks, in an interview at the Hack In The Box security conference in Kuala Lumpur, Malaysia.”

To read the complete article, from CIO.com, please click the link below:

Shared via AddThis

Related article:

Enhanced by Zemanta

FTC: Bloggers must disclose material connections to endorsed products

421500_10151037534185799_731635807_n

No sneaking around now.

I am not surprised that our political culture is beginning to address the challenges of an “un-regulated” blogosphere, especially when financial (and eventually taxable) matters are at hand.

Although, I am a technologist with a web presence going back to 2001, I did not focus time and energy to Blogging until recently.  My blogging practice is now to identify any and all endorsements or royalty agreements with vendors, whose products I review or recommend.   If I have no financial interests, my posts simply omit any mention to an agreement.

As of this writing the only commercial arrangement I keep related to this Blog is the Today’s Audit Journal Book Store, which is an affiliate program with Amazon.com.   Books and products I review on this Blog, I may also recommend for purchase by interested readers through my book store.  However, readers are free to purchase said products anywhere else on the web.

In terms of syndicated news articles posted in this Blog; all article sources are properly cited for copyright protection, and if the article at its source (other Blog, publication, etc…) promotes a product or service, I am not compensated, unless disclosed.   The use of syndicated news in this Blog is for the purpose of helping readers to stay informed of subjects I consider worthy to our profession, and as a means to maintain a consistent flow of posts, especially when I am unable to write/post due to professional/family demands.

The above mentioned practice and anything else presented in the “Legal” page of this blog shall constitute my official policy towards disclosures relating to endorsements or payments from third parties or vendors.

To read the entire article on the new FTC regulations, from the Tech Policy & Law News – Betanews website, please click the link below:

Shared via AddThis

Enhanced by Zemanta

Small Public Companies Have Six More Months to Meet SOX Internal Controls Requirement

New York Stock Exchange, New York City.
Image via Wikipedia

If you work for or consult with small public companies with floats under $75 million dollars, then this article from the Journal of Accountancy is important.   Below is an excerpt.  You can read the entire article by following the link at the bottom of the post:

“The SEC on Friday announced that the smallest public companies have six more months to provide audited assessments on the effectiveness of their internal control over financial reporting.

Under section 404 of the Sarbanes-Oxley Act, public companies and their independent auditors are each required to report to the public on the effectiveness of a company’s internal controls. The smallest public companies with a public float below $75 million have been given extra time to design, implement and document these internal controls before their auditors are required to attest to the effectiveness of these controls.

The extension will expire beginning with the annual reports of companies with fiscal years ending on or after June 15, 2010. The expiration date previously had been for fiscal years ending on or after Dec. 15, 2009.”

To read the entire article, from the Journal of Accountancy, please click the link below:

Shared via AddThis

Enhanced by Zemanta

Help Wanted: Homeland Security Seeks Cybersecurity Pros

Reenactment of a Roman legion attack.
Image via Wikipedia

I think everyone agrees that America’s IT Security posture needs improvement.  This initiative from the Obama administration, in my opinion will help us harden our vital communications infrastructure making life harder for future Cyber attackers.  It is also a great way to stimulate the economy by spending money on hiring some of the young sharp CISSP’s I see loitering around in NYC IT Security conferences.    Below is the excerpt from InformationWeek.com:

“The Obama administration has given Department of Homeland Security the go-ahead to hire up to 1,000 new cybersecurity pros over the next three years, secretary Janet Napolitano said today.

The new hiring authority will let DHS, a key agency in the nation’s cybersecurity strategy, fill positions in risk and strategic analysis, incident response, vulnerability detection, intelligence, investigation, and network and systems engineering.”

To read the rest of the report follow the link below:

Shared via AddThis

The guys in the photo above are CISSP candidates in training, at a state of the art training facility on 34th Street in NYC.

Enhanced by Zemanta

Bernanke Lends Support to Obama Regulatory Reforms

The House Financial Services committee meets. ...
Image via Wikipedia

Did this event actually catch anyone by surprise?   For the last year and a half everyone in America with an education beyond the 7th grade knows that a revamp of the regulatory system in the financial industry is needed and will come in one way or the other.    And, an increased need for “Risk Assessments” by financial regulators?   Well this is outright revolutionary!   The excerpt below is from Directorship.com – to read the entire article click on the link below my additional comments, at the bottom of this post:

“In a speech before the House Financial Services Committee today, Federal Reserve Chairman Ben Bernanke threw his support behind President Obama’s proposals to reform the financial regulatory system, according to CNNMoney. Bernanke spoke on the value of risk assessment for financial regulators, saying, “To further encourage a more comprehensive and holistic approach to financial oversight, all federal financial supervisors and regulators – not just the Federal Reserve –  should be directed and empowered to take account of risks to the broader financial system.”

I hope legislation is passed soon getting everyone on the same page regarding Risk Assessments. This way we can get some serious ERM frameworks in place at most organizations. The days of the “I don’t like that kind of risk assessment, therefore we will decide what the real risks are…” should end.  But, without a clear mandate from the Fed’s it will not.

To read the full article from Directorship.com please click below:

Shared via AddThis

Enhanced by Zemanta