Investigation management tools ease fraud pains

This is cause for concern. In today's complex and distributed financial services environment, an organization, from both a compliance and operational risk perspective, needs a 360-degree view of enterprise fraud investigations and loss. Corporate governance, strategic decision-making and the protecting stakeholder value require understanding where the greatest incidents and losses have been.

Further, the over reliance on spreadsheets and homegrown databases to manage investigations should raise issues with legal and corporate compliance departments. These systems lack the robust audit trail found in commercial applications. Spreadsheets in particular should be avoided for managing investigations as they fail to demonstrate the integrity of the information and who entered it (what is referred to as non-repudiation).

Consistency is key
The first step in overhauling a financial organization's fraud investigation management approach is to think 'enterprise.' A common process for managing enterprise investigations provides for collaboration, consistency, efficiency, accountability, and transparency.

Collaboration on fraud investigations requires that the organization implement an enterprise platform for managing fraud investigations. Enterprise investigation platforms provide a common and consistent

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance and Governance Digest Social media: Risk management strategies for financial institutions Red Flags Rule compliance How AML compliance applies to remote deposit capture Tokenization and PCI compliance Data governance and classification The PCI compliance case for source code review Identity management for financial firms in turbulent times PCI DSS: Best practices for compliance Red Flag Rules compliance demands a risk-based approach Understanding the impact of new state data protection laws Risk assessment and management in financial institutions Social media: Risk management strategies for financial institutions Podcast: Fraud investigations Download presentations from Financial Information Security Decisions 2009 Two conversations about risk assessment An advancement in GRC Swine flu puts spotlight on pandemic planning Forensic accounting success depends on information security support Advocacy group looks to foster trust in foreign service providers Observable activities are best security metric, panel says Protecting data in a merger and acquisition Disaster recovery and business continuity management and planning Swine flu puts spotlight on pandemic planning Swine flu reveals pandemic planning shortcomings Swine flu: Pandemic planning wake-up call Lessons learned: The LendingTree case Lessons learned: The Countrywide Financial breach SIM appliance helps credit unions with compliance, incident response Preparing for a pandemic Disaster preparedness: Staying up while everything else is down Worst practices for backup and disaster recovery Disaster recovery success begins and ends with the basics

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

approach to reporting incidents (e.g., hotlines), handling escalation, managing the investigation process, and analyzing loss. The platform enables an organization to evaluate the criticality of incidents, assign investigation/response team members, monitor business impact and regulatory requirements, manage the investigation process and report on loss/impact.

An enterprise approach provides incident data across business units, processes, and relationships. It allows the organization to maintain detailed investigation history and audit trails, manage the lifecycle of investigations, link incidents to remediation procedures, and identify trends to monitor similarities and relationships in investigations. This in turn allows the organization to understand all of its mitigation and prevention requirements.

Financial organizations considering an enterprise fraud investigation platform should consider the following in their selection process:

About the author:
Michael Rasmussen (mrasmussen@corp-integrity.com) is with Corporate Integrity, LLC. Michael is the authority in understanding governance, risk and compliance (GRC). He is a sought-after keynote speaker, author and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. Corporate Integrity, LLC is a strategy & research advisory firm providing education, research and analysis on enterprise governance, risk management and compliance.