Question

1. In thinking about overcoming the negative publicity and securities fraud fines related to revenue fraud, some companies succeed and move on, while others fail following the fraud. What forces might influence corporate “survivability” in the face of financial reporting fraud related to revenue?

Answer 1

Corporate Directors are ultimately responsible for Continuous Continuity (C²) of the Enterprise

The modern enterprise that effectively manages the myriad of potential threats to its people, processes, systems and critical infrastructures stands to be better equipped for sustained continuity. A Business Crisis and Continuity Management (BCCM) program is a dynamic change management initiative that requires dedicated resources, funding and auditing. Corporate Directors must scrutinize organizational survivability on a global basis.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or "Continuous Continuity". A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare. These nightmares are "Loss Events" that could have been prevented or mitigated all together.

According to the risk management best practices from sources such as the Turnbull Report¹ and specifically Principle 13 of the Basel II Capital Accord, the Board of Directors and corporate management are responsible for the effectiveness of the Business Crisis and Continuity Management of an organization. The following testing techniques must be used to ensure the continuity plan can be executed in a real-life emergency²:

Table-top testing: Discussing how business recovery arrangements would react by using example interruptions

Simulations: Training individuals by simulating a crisis and rehearsing their post-incident/crisis management roles

Technical recovery testing: Testing to ensure information systems can be restored effectively

Testing recovery at an alternate site: Running business processes in parallel with recovery operations at an off-site location

Test of supplier facilities and services: Ensuring externally provided services and products will meet the contract requirements in the case of interruptions

Complete rehearsals: Testing to ensure the organization, employees, equipment, facilities and processes can cope with interruptions

Many of these best practices talk about a BCCM that will be periodically updated. Periodic is not continuous. Change is the key factor here