How Do You Build a Culture of Preparedness? Ris k M i t i g a t i o n Despite well laid out security policies IT executives are always constantly trying to create a more effective security culture. Sneha Jha spoke to your peers to find out how. Here's what they said:
“Organizations should begin with risk analysis and then identify the risk parameters and their impact on business. Creating awareness and ownership is also essential.” trendlines
Dhiren Savla CIO, Kuoni Travels
“Ensuring enterprise security is a continuous improvement initiative. Regular communication with the user base and a complete classification of information assets. is a must.” Gopal Rangaraj VP-IT, Reliance Life Sciences
“Security is everyone's responsibility. Security awareness training helps users develop secure habits, which leads to a secure environment. Great security measures are those that control mishaps before they occur.” Virender Pal
Voice
Write to editor@cio.in
Trendlines.indd 10
Ris k M a n a g e m e n t The global economic crisis will lead to more cases of large-scale business fraud and corruption as the situation continues to unfold, according to a new report from Control Risks, an international business risk consultancy. Control Risks released Corruption, Compliance and Change: Responding to Greater Scrutiny in Challenging Times, a report examining the trends of corruption as a result of the global financial meltdown. The report predicts as a consequence of increased fraud, businesses will be subject to even tighter regulation complicated by inconsistent enforcement that will vary from region to region. The inconsistency of enforcement will be the greatest challenge for mainstream international companies, the report states. "Countries that have never done so before, such as China and Japan, have begun enforcing corruption laws while those who have been enforcing regulations are now seeking steeper fines and, in some cases, lengthy prison sentences," said John Bray, director, analysis for Control Risks. The report also points to an increased number of Foreign Corrupt Practices Act (FCPA) cases initiated by the Department of Justice and the Securities Exchange Commission. They initiated 38 FCPA matters in 2007 followed by 25 in 2008, said Control Risks' report. In late May 2009, Mark Mendelsohn, the deputy chief of the DoJ Fraud Section, reported that as many as 120 companies were currently under investigation on suspicion of FCPA violations, compared with 100 at the end of the previous year, the report noted. To mitigate risk of fraud, the consultancy advises businesses to: Develop and communicate an effective compliance and regualtions program Secure the CEO and management teams commitment to high standards of integrity Rely on good business intelligence: choose the best people and partners Cultivate diplomatic skills and cultural sensitivity Be prepared for setbacks "Fraud will continue to be a serious issue," states Elaine Carey, national director of investigations. "There is no doubt that the organizations maintain the strictest regulations and enforcement for violations, which is precisely why companies need to take a serious look at safeguarding their operations.
Lend Your
CTO, Spicejet
10
Bad Times Good for Fraud
a u g u s t 1 5 , 2 0 0 9 | REAL CIO WORLD
—By Joan Goodchild
Vol/4 | ISSUE/19
8/14/2009 11:45:11 AM