360 likes | 483 Views
Training Gap Analysis PEP lists. Periodic Audits Risk Assessments. Catelas 360 Relationship Compliance. On-boarding & Due Diligence. Rapid Event Response Investigations. Fully Automated, Real-Time Visualization of your entire 3 rd party Operations.
E N D
Training Gap Analysis PEP lists Periodic Audits Risk Assessments Catelas 360 Relationship Compliance On-boarding & Due Diligence Rapid Event Response Investigations Fully Automated, Real-Time Visualization of your entire 3rd party Operations
3rd Party Compliance & Risk Oversight Session III Event Response & Remediation when bad things happen, what should you do?
Session III: Agenda Panel Introductions • Bill Hardin, Managing Director, Navigant Consulting • Paul Zikmund, Director Global Integrity and Forensic Audit, Bunge Limited • Eddie Cogan, Founder & CEO, Catelas, Inc. • Panel Debate & Discussion • When incidents occur, what should you do? “Incident Response Plans” • How do you quickly understand if this event is serious “Triage Plan” • If it is how should you respond? What’s the process? What are the ‘common mistakes’? • When should you involve outside support? Legal counsel or consultancy services? • How should you go about remediating the issue? • Can technology help? What tech is available today? • How do you ensure you are prepared to respond to a DOJ / SEC enquiry? • Questions • Email them to me at eddie.cogan@catelas.com • Or simply use the chat facility on the webinar.
Compliance Burden Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks: • Anti-Trust , anti-competitive business practices and Cartel • FCPA & UK Bribery Act • Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties) • Partner On-boarding and Due Diligence • Code of Conduct, Sales and Marketing Policy • Supply Chain risk: vendor kick back, conflicts of interest • Data Theft, Intellectual Property and Privacy • Information Barriers and Employees with access to sensitive data • New and Departing Employees "Demonstrating Compliance Effectiveness is Critical:[Regulators] want proof that the programs are actually working." - Steve McGraw, from Compliance & Ethics Professional Magazine
Investigating Fraud Paul E. Zikmund, Director Global Integrity and Forensic Audit, Bunge Limited
Reasons to Investigate • External/Internal Audit findings • Employee allegation(s) of fraudulent conduct • Management reviews • Vendor/Customer complaints • Government subpoena • Other anomalies – data analyses
Inherent Risk of Investigations • Expensive and uncertain results • Legal liability – • Failure to protect privilege • Discrimination (employer did not conduct an investigation) • Defamation ($11 million award for disclosure of info) • Violation of privacy (Video surveillance, • False imprisonment (detain against a person’s free will) • Weingarten rules • Uncover significant information • Stimulate disgruntled employees & angst • Adverse publicity • Preoccupied resources • Business disruptions
What is the Goal? • Reveal employee conduct that violates corporate policy • Reveal employee conduct that violates the law • Curtailing adverse publicity • Avoiding cost of litigation • Limiting corporate liability • Minimizing officer or director liability
Presenter Information Bill Hardin is a Director in the Disputes and Investigations practice at Navigant. • Advises audit committees, boards, counsel and management in business issues pertaining to dispute resolution, financial statement fraud, white collar crime, anti-corruption investigations, workplace misconduct, and forensic accounting matters. • Helps companies and counsel with emerging issues related to enterprise risk management, data incident response, and theft of trade secrets. • Performs strategy/operational consulting for clients and serves in interim senior management positions. • Bill is a CPA/CFF, CFE, PMP, and has an MBA from the University of Chicago Booth School of Business. • He can be reached directly at bill.hardin@navigant.com
Looking Into the Matter Investigations can take many different paths
What is Catelas & Relationship Forensics • Import : • Email log files: providing visibility across 100 % of organization without collecting a single email • Company & employee attributes from external databases • Deployed in a week with little IT, accessed from HQ • Act: • Reduce on-boarding risk: uncover conflicts, key people & relationship history • Ensure policy enforcement : identify ‘bad actors’ • Alert Compliance to changesin risks: what’s changed, training ‘gaps’, inappropriate relationships • Respond to events quickly: fast internal Investigations • Reduce Legal Costs: review less & uncover production risk • Report: • Reports: On-boarding, Training Gaps, Interview preparation, Risk Alerts, Risk Assessments, Audits, Internal Investigations, Legal risk • Fast, comprehensive, always up-to-date, from the browser HR Compliance Log files Lists Finance CRM Attributes Relationships
Relationship Compliance Partners grouped by Region & Relationship Strength Every partner, globally, automatically ranked View Relationship History: What is being said? What work are they doing? Who is key? In your company ? At the partner?
Policy Enforcement & Monitoring Rules focusing on specific behaviors Policies focusing on specific risks Results captured for Review with severity level Risk broken down by time periods of interest Advanced Analytics on identified risk
Early Case Intelligence & Investigation Catelas Identification Report Catelas Early Case Intelligence Report Answer 3 Questions: Who are the ‘hot people’? What are the ‘hot documents’? What should we review first? • Exhaustive list for preservation • Justification to limit scope for collection • Defensible
Identification (a) Identification: who interacts with external entities? • Identify External Relationships • Which ones are key? • Timeframes (b) Hot Network: uncovering how business gets done internally…. • Identify Internal Relationships • How are people connected • Focus collection & Review
Litigation Investigations Internal Investigations WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships Only review what's relevant. The key relationships lead us to the most relevant keyword-based documents Deliverables: Impact Report within a single day • Identification: Identify key players before collection • Intelligent Collection: of communications between key people • Priority Review of most relevant (< 1%) data within 1st day • Uncover ‘hot docs ’ for senior review within 1st day • Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc..
Poll Question 1 • How many incidents occur per year? • <pick one answer> • Less than 10 • Between 10 & 50 • Between 50 & 100 • Over 100
Topic 1 Incident’s occur – now what? • What do you do first? • How can you quickly assess the risk?
Early Stages • Engagement letter • Background and understanding • Gathering information • Preserving evidence • Coordinating team responsibilities • Identify a project manager – team leader • Communication protocol • Activate fraud response plan • Attorney client privilege ? (yes or no) • Company policies • Related laws and regulations
Standing at the Cross Roads INTERVIEW ANALYSIS
Interview Listing? Informal Org Chart Formal Org Chart
Poll Question 2 • Do you see the need for a way to better assess events & understand risk as events come in? • Early Case Intelligence • <pick one answer> • Not really • Yes, but that’s not top priority for us right now • Yes, this is seen as a key area that needs improvement
Topic 2 The Incident Response Plan • What does a good ‘Incident Response plan’ look like? • What common mistakes are made and which ones are serious?
Investigative Process • Allegation • Evaluation • Predication • Investigation • Document Review • Interviews • Analytical Procedures • Evidence Collection • Reporting • Recommendations • Loss Calculations • IC Failures • Final Disposition • Loss Recovery • Prosecution • Disciplinary Action
Vulnerability Charts • missing assets • possible suspects and witnesses • methods of concealment or conversion opportunities • available evidence or observations • potential rationalizations for committing fraud • key internal control failures Helps to coordinate various elements of fraud to identity:
Poll Question 3 • Is there a driver to cut costs and gain better control around the investigative process? • <pick one answer> • Not really, we are satisfied with how our process works • Yes, but we have bigger fish to fry • Yes, this is seen as a key area that needs improvement
Topic 3 When do you ask for help? • When is outside counsel needed? • What are outside consultancies appropriate?
This just in from the Wall Street Journal The Federal Bureau of Investigation could make some arrests in the next several months, said one person who spoke on the condition of anonymity because the inquiry was ongoing. The phone recordings, which were turned over to authorities by COMPANY X, have helped focus the investigation, the officials said. Authorities are poring over thousands of conversations, in English and French. They are also relying on notes that employees took during staff meetings, instant messagescirculated among traders and e-mailssent within the group. Phone Records Notes IM Email
Topic 4 Fixing the problem • How do you remediate? • How do you do it in a way that will satisfy any potential future inquiry from the DOJ or SEC?
Session I How much risk are you on-boarding with each new partner or acquisition?
Session II Your on-boarding process works, so now what?
Real Time Control Reduce Costs Catelas 360 Relationship Compliance Respond to events Fast Puts Compliance in Control Low cost, deep visibility from HQ For Legal, Compliance & Security
Thank You Eddie Cogan 617 407 2967 eddie.cogan@catelas.com www.catelas.com