Article:
16 May 2017
“There was always something fishy about him.” “We all knew that, but...” “I would never have thought that...” These are typical sentences heard from colleagues during coffee breaks right after misconduct comes to attention. Management is usually held responsible for dealing with an organisation’s vulnerabilities. However, you also have a duty of loyalty, just like any other employee in your organisation. Whether you are in a managerial position or not, you have a responsibility to report irregularities to those who are responsible.
An organisation can only succeed when people pull together. In extreme cases, issues that have not been reported to board or management may have crippled or even brought down the entire organisation. There are several examples of this in recent history.
Raising an issue is particularly important when it involves information security or misconduct, as these reach every corner of an organisation. In addition, legislators have tightened penalties for acts of negligence over the past few years.
How, then, can vulnerability control be implemented across the organisation? Based on our experience, we have listed five items representing typical vulnerabilities in organisations. There are also more comprehensive pieces of literature and frameworks, such as the new Fraud risk management guide. We recommend paying special attention to, at least, the following issues:
Even though every employee of an organisation has a duty of loyalty when it comes to vulnerabilities, possible liabilities for misconduct are aimed at those who are responsible for the matter at hand, and therefore organisation and allocation of responsibilities must be carried out unambiguously, in writing.
The organisation has to go through a complex, multi-phase process to get the controls running in a way that supports business operations. They may not be perfect at the first attempt – or ever, which is more likely. They need to adapt to changes in operational requirements. Plans made several years ago might no longer be suitable to meet current or future needs.
Internal resources are not enough in all situations, so it is a good idea to map potential partners in advance. With the help of a professional partner, the organisation can look into preventing misconduct and identifying problems - or start to investigate an actual or suspected case of misconduct quickly.
During the Cold War, U.S. President Ronald Reagan quoted a Russian proverb that is just as true today in preventing organisational vulnerabilities: “Trust, but verify”.
Date of Input: 26/12/2018 | Updated: 15/04/2019 | nurmiera
Tingkat 2,
Blok F, Bangunan Sekolah Perniagaan dan Ekonomi(SPE),
Jalan Persiaran Tulang Daing,
Universiti Putra Malaysia,
43400 Serdang.