Saturday, December 4, 2010

WikiLeaks lesson for business: You next?

Forensic accountant says ethics hotlines a necessity

CBC News

Computer specialists have a warning for businesses after the recent release by WikiLeaks of U.S. diplomatic documents embarrassed the White House: they might be next. Shares in Bank of America fell three per cent Tuesday, the day WikiLeaks founder Julian Assange said he intended to make public information in 2011 that would sink a major U.S. bank. (Paul Sakuma/Associated Press)

The danger, Greg Draper, the Calgary-based leader of investigative and forensic services at accounting firm Meyers Norris Penny, told CBC News, is that management is seen to have covered up internal fraud or committed a breach of ethics.The sharp drop in the shares of Bank of America on Tuesday underscored the risk.The same day, WikiLeaks founder Julian Assange said he intended to make public information in 2011 that would sink a major U.S. bank.
Although Assange didn't name names, fast-spreading rumours alone were enough to carve more than three per cent off Bank of America's share price, although it had more than recovered by Friday."Just the hint of scandal in the modern internet era," Draper said, "can be hugely damaging on the basis of little or no substance."The obvious lesson, he said, is for firms to follow a code of ethics and have a hotline that whistle-blowing employees can use with confidence that management will deal with problems. "You have to make sure your organization is conducting itself with as much integrity, accountability and transparency as it can," Draper said.

10% of bankruptcies attributed to fraud

"And then, when issues do come up because of the actions of one or two individuals, an internal mechanism to report those concerns allows the company to get ahead of the curve." The cost of workplace fraud and ethical violations is considerable, according to Draper."Ten per cent of Canadian business bankruptcies are attributed to employee fraud," Draper said.

WikiLeaks' growing influence means companies have to respond, said Draper.Assange has told Forbes magazine that the number of leaks his site gets has been increasing "exponentially" as it has gotten more publicity, sometimes getting as much as thousands per day.

And it's not just WikiLeaks.

WikiLeaks founder Julian Assange, shown in November, says the number of leaks his site gets has been increasing 'exponentially' as it gets more publicity. (Valentin Flauraud/Reuters) "There's a massive uptake of social media, of Facebook and YouTube and Twitter and WikiLeaks and everything else," said Draper.

"This current generation of employees is certainly more plugged into that." "I think they're quick to take advantage of [social media] when they have a concern and there's no other mechanism to deal with it internally."

Smaller firms can be even more vulnerable.

"Bank of America can survive a three-per cent dip," he said. "Smaller companies, when margins are thin in tight economic times, just may not have that luxury."Hotlines were mandated for publicly traded companies after the Enron and WorldCom accounting scandals and Draper finds that it is "trickling down" into smaller firms, not-for-profit organizations and municipal governments.'You run the risk of creating an environment that's so rigid that people can't do their jobs.'

—Alfred Huger, vice-president, Immunet Corp.Companies create records of every decision they make — from takeovers, government lobbying or foiling rivals — which are recorded in emails, documents, databases and internal websites that they think are locked to the outside world.And many companies leave access far too open, especially as networks grow more complex as companies grow, reorganize and acquire other firms.

Hackers often have to attack personal computers at the bottom of the IT hierarchy and use guile to work their way up, but all an insider needs is access and a cheap jump drive. Alfred Huger, vice-president of engineering for security firm Immunet Corp. in Palo Alto, Calif., said companies could simply configure their email servers to restrict who certain people can send documents to.

Other measures include prohibiting certain people from copying and pasting from documents, blocking downloads to jump drives and CD-ROMs, and deploying technologies that check if executives' e-mail messages are being checked too often — a sign that an automated program is copying the contents.
But those measures can lower productivity and increase costs as technicians spend more time providing help to users who have been denied access necessary to do their work."You run the risk of creating an environment that's so rigid that people can't do their jobs," Huger said.
"You have to find that balance. Unfortunately, there's no panacea against it."

Read more: http://www.cbc.ca/technology/story/2010/12/03/f-wikileaks-business-fraud.html#ixzz179zvIsQB

No comments:

Post a Comment