Report to help companies measure up in corporate compliance

Dec 22, 2006 11:18 AM

It is an issue that senior management is taking very seriously -- and it can have both direct and indirect impacts on security. The rise of Sarbanes-Oxley and other federal laws has brought corporate compliance to the forefront of corporate risk.

The CSO Executive Council and The Network Inc., a provider of ethics and compliance hotline programs, have released the 2006 Corporate Governance and Compliance Hotline Benchmarking Report -- the first of its kind -- to help corporate and security executives measure compliance risk to their companies.

"When you are looking at security as prevention, this is a huge issue," says Bob Hayes, managing director of the CSO Executive Council. "Every report represents a potential security issue."

The report presents a variety of findings:

* 65% of reports received are considered serious enough to warrant an investigation;
* 46% of reports resulted in an investigation with some corrective action taken;
* 10% of reports received relate to corruption and fraud issues;
* 54% of individuals reporting through the hotline preferred to remain anonymous; and
* Only 29% of reports state that they had previously notified management of the issue.

The report can assist organizations in measuring how their hotline program compares with similar organizations according to specific variables, such as size, industry type and reported issues. The data provides statistics to help executives understand how their organizations compare and identify areas that need improvement.

"This allows security to evaluate its company's business units vs. the rest of the industry," Hayes says. "If there is a discrepancy in a company's reporting that is too big or small for the industry norm, then executives can identify how their compliance reporting is better or worse."

The report includes aggregate data from nearly 200,000 reports received over a four-year period from more than 500 client organizations of The Network. The report analyzes the impact of a variety of factors, including anonymity, means of awareness, incident category and investigation outcome. Data analysis was conducted by the CSO Executive Council, while the Association of Certified Fraud Examiners (ACFE) provided guidance in the evaluation of the data and creation of the report.

"This is all about risk and potential loss to a company," Hayes says. "Illegal and inappropriate behavior in the workplace -- including HR and safety -- is a huge security issue."

For more information, visit csoexecutivecouncil.com or contact The Network at benchmarking@reportline.net

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue