Risk Management

...would assume that organizations would be far along with implementing their comprehensive fraud risk management (FRM) strategies. However, research by Protiviti reveals that a surprisingly high number of companies still have much room for improvement when it comes to evaluating, mitigating and monitoring fraud risk. Executives at Fortune 1000 companies and large, not-for-profit organizations were asked a range of questions designed to gauge how they're addressing FRM and the maturity of related efforts. ...

...decision-making process, and that would include the three lines of defense when it comes to risk - at the business unit level, at the central risk management level, and at the internal audit level. ...

...of environmental issues on the part of staff, and a greater awareness of how to identify and manage risk - in large part by reducing the number of non-conformances to the IMS. ...

...just as they would financial performance is driving world-class organizations to build integrated management systems (IMS) to support consistent, predictable behavior, processes, and compliance across divisions and around the world. ...

...between two different sets of legal principles, such as the U.S. or Swiss law. Employees and senior management need to have an understanding of both areas and how to balance the response to both. ...

...can be burdensome. Therefore companies are advised as part of their records and information management strategy to include provisions for policy-based document expiration. ...

...which they have been copied, in one form or another, in many other major markets. The SEC's recent management guidance regarding Section 404 of the Sarbanes-Oxley Act benefited greatly from what we observed in other jurisdictions that have implemented issuer internal control standards." (www.sec.gov/news/speech/2007/spch012407cc.htm) Sarbanes-Oxley style legislation is not being considered in the UK, as opposed to, for example, Japan and Canada. ...

...use and personal property taxes, and general contracting with third parties, such as aircraft management companies and charter operators. Accordingly, some important questions need to be asked during corporate transactions that involve aircraft. How is the Company's aircraft owned and operated? The Company's aircraft is likely owned and operated in a separate entity, ostensibly to minimize liability exposure from aircraft operations. ...

...which may include customers, investors, politicians, and employees. After all, "[c]risis management is storytelling." Eric Dezenhall, Damage Control: ...

...what portion of that company's value should accrue to the common stock holders (often company management and employees - those most affected by IRC Section 409A) versus the company's preferred stock holders (often venture capital firms or other investors)? It is worth reviewing IRC Section 409A. ...

...markets, and doing it from the best possible locations. Cross-border supply chain management, product and service quality issues, intellectual property protection, corruption and ethics risks, and the ultimate integration of the many players in a process can be daunting for a middle market company. ...

...and procedures. Editor: Now that Sarbanes-Oxley has been on the books and shaping management's approach to fraud for more than five years, what new developments and risks are affecting legal departments today? Wu: ...

...our practice operates. Editor: With respect to the implementation of IT governance and the management of IT risk, what are the major challenges facing general counsel and the members of corporate legal departments today? Joma : ...

...leading edge advanced analytic systems. Together, we are able to offer an integrated discovery management approach with end-to-end services that simplifies EDD management and makes its cost predictable. ...

...has been a fundamental shift in the recognition of the need for good governance, proactive risk management, and the creation of compliance programs to achieve those goals. ...

...ces and resources; 2. Educate, cross-functionally and internationally, the following areas: risk management, compliance, information governance, the attorneys, litigation support, IT and records management; 3. Make sure the content map and discovery response plan take into account the international aspects; 4. Make sure the technology acquisition, information governance, compliance and risk management functions incorporate the international e-discovery compliance requirements; 5. Assess and engage the appropriate law firms and service providers that possess the legal, technical and cultural understanding of international e-discovery best practices before they are needed (providers should be "Safe Harbor Certified"). Editor: ...

...it offers its clients? Carpenter: Recommind is an enterprise search, e-discovery and e-mail management software company. All of our products use the same core platform, which is essentially a series of statistical algorithms that handle conceptual search and auto-categorization. ...

...result, every legal solution we offer corporate legal departments, from CSC Dashboard to CSC Matter Management to CSC RecordsCenter, is a combination of up-to-the-minute access to the critical corporate data and information we already manage for them delivered through flexible and highly secure web-based technology. ...

...employees know what is confidential and to be vigilant in maintaining it that way. As an example, management may want to claim that its customer list is a trade secret, but it will not be able to do so if its sales force is touting that same list to potential customers. ...

...applying legal resources to help assemble an integrated information system that will allow company management to better "guide" change rather than merely accommodating it. ...

...OIN or similar efforts - e.g., OSS insurance provided by organizations like Open Source Risk Management ("OSRM")19 - may limit certain OSS risks, they are not an adequate substitute for end-user IP indemnification that protects companies and their customers against a much wider set of contingencies and risks. ...

...at Sidley Austin LLP and serve as chair of the Executive Committee and I am also a member of the Management Committee. My connection with GE goes back to the day Ben Heineman called to tell me that he was leaving the firm, which is now a long time ago. ...

...I am a Managing Director at Duff & Phelps' Chicago office and serve as head of the Legal Management Consulting practice. Editor: You've all had considerable experience. ...

...nothing to do with the behavior being investigated who have a clear set of reporting lines and a management structure to oversee the investigation. If it is a very large investigation, there must be clear lines of reporting to the board. ...

...and a cost-effective discovery plan. A second area where we help is electronic discovery and data management. Key to conducting that successfully is to put in place measures to help assess the completeness of the discovery and the understanding of business practices in information technology systems. ...

...place an enormous priority on a thorough review of overall practices involving SSNs. Vendor Management In addition to your own practices, all companies need to include in their assessment an identification of vendors who receive personal information, including what they receive, why they receive it, and what controls are placed upon them. ...

...and describe your function within the firm. Tollin: Aon Risk Services provides risk management and brokerage services to commercial clients. I work in the Environmental Services Group and assist Aon clients with identifying their environmental exposures and provide alternative strategies for transferring risk. ...

...This discussion is about three areas of intellectual property (IP) risk management: the IP itself, employment and labor, and insurance. Regarding IP, you only have to worry about your own IP and the IP of everyone else. ...

...by a private equity firm or a significant investment that allows the firm to have a major say in management. So there will be a role for private equity in the future. ...

...in-house clients and to stay sufficiently in touch with company plans to head off compliance or risk management failures? Do you feel that you may be unable to head off a major compliance or risk management failure because budget constraints prevent you from hiring successful partners of good law firms with the necessary expertise? Are your company's quality controls such that defective or unsafe products might find themselves in the hands of consumers? Is your company jeopardizing its large investment in a foreign country because it is not taking care to build its reputation in that country? The Integrity Of Business Is Under Attack As Never Before All of the above questions raise issues of integrity. ...

...meeting. I attend most committee meetings, except that I don't attempt regularly to attend the Management Development Committee, which John Lynch regularly attends. ...

...a strong and independent review of the product by DHS. The SAFETY Act is a unique liability management tool, and should be carefully considered by any provider or user of security-related products or services. ...

...the context of an Internal Revenue Service or Department of Labor audit, nor will it placate senior management should penalties be imposed against the company. Also noteworthy is that many operational compliance failures are eligible for "self-correction" without governmental notice, intervention or sanctions; ...

...in CheckFree warned that the financial advisor had interviewed members of the target corporation's management team in order to understand the risk factors that threatened the accuracy of the projections. ...

...treatment. Neither defense lawyers in those cases nor any of the litigants have appealed any case management orders or raised any issues about fairness in the process. ...

... their place in the supply chain) should make insurance a key component of their compliance and risk management program by following these initial ground rules: 1. ...

...Putting well-designed privacy policies and procedures in place is not just good risk management; it empowers an organization to create a trusting relationship with its customers, and guides employees on how to handle information. ...

...and why is this important to today's corporate law departments? Schad: Legal operations management refers to the operational, administrative and financial functions related to the practice of law and the software used to achieve optimal efficiencies in these areas. ...

...a significant premium on knowledge and preparation. Principles of basic fairness, good records management, an understanding of your data and devices, and professional guidance will likely be the hallmarks in these changing times. ...

...As presented by the financial press, these deal with the risk management practices of financial institutions, lending practice disclosure, dealings with credit rating agencies, and the like. ...

...owned by a foreign bank. The other was as the AML compliance officer for a well known wealth management and private banking firm. Editor: What statutes triggered current AML efforts and what industries are affected? Goecks: ...

...for those persons who oversee the contracting process? Kendall: In my experience, a project management skill set is needed to keep sight of the big picture but also of all the moving pieces - who is doing what, and when it needs to be done. ...

...decision-making process, and that would include the three lines of defense when it comes to risk - at the business unit level, at the central risk management level, and at the internal audit level. ...

...a ready market for LPO services at the pre-petition stage. LPO can play a key document and contract management support role for debtors going the pre-pack bankruptcy route and for those opting to avoid a formal Chapter 11 altogether with an out-of-court restructuring. ...

...functional responsibilities at Duff & Phelps? Ewing: I am in the Dispute and Legal Management Consulting group, focusing on providing advice and consulting services to general counsel and chief compliance officers, primarily in the areas of strategy and appropriate organizational design. Warren: ...

...treatment. Neither defense lawyers in those cases nor any of the litigants have appealed any case management orders or raised any issues about fairness in the process. ...

...urance and self-insurance programs. Gillston: For 13 years I have held various insurance and risk management underwriting positions and for the past eight years I've been with ACE. ...

... The best way Fortune 500 corporations can bring cost down is to outsource litigation risk and management. Transferring risk requires a portfolio approach. By combining fixed fees and results compensation for a portfolio of cases, eLawForum transfers a substantial amount of risk to outside counsel. ...

...fraud? Pagano: In our experience, we found that corporate fraud is generally committed by management or employees. Third parties sometimes contribute as well. ...