Donna Boehme gets it right when she says every company has the exact compliance program it wants (or deserves). Donna is particularly critical of those for whom the “Rogue Employee” is the standard reason for a corporate scandal. I agree with Donna when she says, “In 99.97 percent of the cases, the real reason for misconduct is the series of choices that leadership and management have made that allowed or encouraged the “rogue” actor to commit the bad act, undetected, in the first place. The Rogue Employee myth is also dangerous, because it allows management to avoid the more difficult questions about compliance and culture they should be asking and answering. “
Companies without automated monitoring and analysis systems run huge risks for allowing “rogue” actors to commit bad acts that go undetected. Controls are considered effective as long as they work 95% of the time, and samples are generally the method used to test the effectiveness of controls. My colleagues and I who have backgrounds in information security have contended for years that there are far more “business hackers” than computer hackers. “Business hackers” only need to know where the soft underbelly resides in the company’s business processes. Business hackers know exactly which questions to ask: which errors go undetected and which abuses go unchecked? How do I make my theft look like an error in case I’m caught?
The reality is that it takes inspecting what is expected in order to in order to prevent the “rogue” actor, identify the soft underbelly (root cause), and prevent the conditions that lead to problems going unnoticed. The way to achieve this is by leveraging automated monitoring and analysis systems like Oversight Insights On Demand. By analyzing 100% of the transactions instead of a sample, Insights On Demand identifies not only the unexpected outcomes and the riskiest entities involved (employees, merchants, items, etc.), but also the underlying causes. It is important to stop dangerous activities in progress, but it’s also important to take the steps necessary to keep those same activities from recurring.