Home > Financial Services Information Security Tips > Compliance and Governance Digest > Investigation management tools ease fraud pains
Financial Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE AND GOVERNANCE DIGEST

Investigation management tools ease fraud pains


Michael Rasmussen, Contributor
10.20.2008
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Financial service organizations are often in disarray when it comes to having consistent processes and technologies for managing fraud investigations and loss. The disarray is a result of:

This is cause for concern. In today's complex and distributed financial services environment, an organization, from both a compliance and operational risk perspective, needs a 360-degree view of enterprise fraud investigations and loss. Corporate governance, strategic decision-making and the protecting stakeholder value require understanding where the greatest incidents and losses have been.

Further, the over reliance on spreadsheets and homegrown databases to manage investigations should raise issues with legal and corporate compliance departments. These systems lack the robust audit trail found in commercial applications. Spreadsheets in particular should be avoided for managing investigations as they fail to demonstrate the integrity of the information and who entered it (what is referred to as non-repudiation).

Consistency is key
The first step in overhauling a financial organization's fraud investigation management approach is to think 'enterprise.' A common process for managing enterprise investigations provides for collaboration, consistency, efficiency, accountability, and transparency.

Collaboration on fraud investigations requires that the organization implement an enterprise platform for managing fraud investigations. Enterprise investigation platforms provide a common and consistent


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Compliance and Governance Digest
Social media: Risk management strategies for financial institutions
Red Flags Rule compliance
How AML compliance applies to remote deposit capture
Tokenization and PCI compliance
Data governance and classification
The PCI compliance case for source code review
Identity management for financial firms in turbulent times
PCI DSS: Best practices for compliance
Red Flag Rules compliance demands a risk-based approach
Understanding the impact of new state data protection laws

Risk assessment and management in financial institutions
Social media: Risk management strategies for financial institutions
Podcast: Fraud investigations
Download presentations from Financial Information Security Decisions 2009
Two conversations about risk assessment
An advancement in GRC
Swine flu puts spotlight on pandemic planning
Forensic accounting success depends on information security support
Advocacy group looks to foster trust in foreign service providers
Observable activities are best security metric, panel says
Protecting data in a merger and acquisition

Disaster recovery and business continuity management and planning
Swine flu puts spotlight on pandemic planning
Swine flu reveals pandemic planning shortcomings
Swine flu: Pandemic planning wake-up call
Lessons learned: The LendingTree case
Lessons learned: The Countrywide Financial breach
SIM appliance helps credit unions with compliance, incident response
Preparing for a pandemic
Disaster preparedness: Staying up while everything else is down
Worst practices for backup and disaster recovery
Disaster recovery success begins and ends with the basics

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


approach to reporting incidents (e.g., hotlines), handling escalation, managing the investigation process, and analyzing loss. The platform enables an organization to evaluate the criticality of incidents, assign investigation/response team members, monitor business impact and regulatory requirements, manage the investigation process and report on loss/impact.

An enterprise approach provides incident data across business units, processes, and relationships. It allows the organization to maintain detailed investigation history and audit trails, manage the lifecycle of investigations, link incidents to remediation procedures, and identify trends to monitor similarities and relationships in investigations. This in turn allows the organization to understand all of its mitigation and prevention requirements.

Financial organizations considering an enterprise fraud investigation platform should consider the following in their selection process:

About the author:
Michael Rasmussen (mrasmussen@corp-integrity.com) is with Corporate Integrity, LLC. Michael is the authority in understanding governance, risk and compliance (GRC). He is a sought-after keynote speaker, author and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. Corporate Integrity, LLC is a strategy & research advisory firm providing education, research and analysis on enterprise governance, risk management and compliance.


Rate this Tip
To rate tips, you must be a member of SearchFinancialSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Finance Sector Security - Anti-Phishing, Remote Access Security, Firewall Systems
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts