Category Archives: Governance, Risk & Compliance

Companies Ignore Whistle-blower Protections

Posted on by

Whistle-blowers are in the news more and more, but some organizations don’t seem to have caught up with the trend, or the fact that retaliation is illegal. They don’t seem to realize that negative reactions to a whistle-blower can make them look petty—and guilty.

Take two front page stories in our area newspaper on the same day this week. Both were about whistle-blowers who put their jobs on the line to come forward. One was fired, the other was suspended and later resigned.

In one case, The Journal News reported, a member of a New York town’s financial staff, the supervisor of fiscal services for more than 10 years, testified at a hearing that she notified several of her superiors that the town’s revenue projections were overestimated—on a financial statement needed for a bond application. She also reported improper money transfers—one made to the town supervisor. The woman was ignored, told to keep quiet, and eventually fired.

Not only did the town officials make no move to right the wrongs she reported to them, one official denied ever being told of potential corruption or fraud. Meanwhile, the town, which is also being investigated by the FBI, has filed perjury and other charges against this former employee.

The second newspaper article is about a former security expert at the Indian Point nuclear power plant in New York. Because he feared the plant was vulnerable to a terrorist attack, he voiced his concerns to supervisors. In June he was suspended.

He filed a 76-page lawsuit in the U.S. District Court alleging misconduct and retaliation against him. The Indian Point employee alleged that security was inadequate and that documents and internal reports were falsified.

Unfortunately these sound like other stories in the news over the past few years following the financial crisis. At Lehman Brothers, the company’s chief risk officer, Madelyn Antoncic warned Dick Fuld, the CEO, that their risk in mortgage-backed security bets was too great. Her warnings were ignored. Her reward was to be fired.

The knee-jerk reaction of many organizations seems to be; get rid of the employee, blame the employee and then go to court. It appears that the whistle-blower protections under the Dodd-Frank Act, such as prohibiting retaliation against whistle-blowers, is still a mystery to some organizations.

Fraud experts contend that the burden is on the organization to see that employees are comfortable in coming forward and that their concerns are addressed. They advise companies to have hotlines available for employees to provide whistle-blower tips—and to act on those tips.

Whether or not a company is guilty of fraud, firing an employee for coming forward can make the organization look guilty and cause a whole host of other problems, including risk to the company’s reputation. Public entities and corporations would do well to study Dodd-Frank and put a plan in place before an employee does come forward. Have organizations learned nothing from Watergate? The cover-up always leads to exposure of the crime.

RMORSA: Risk Culture and Governance

Posted on by

The National Association of Insurance Commissioners adoption of the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requires insurance organizations to take a broader approach to risk management. As U.S. insurers begin to mobilize their efforts to comply with the regulation by the 2015 deadline, it’s important for them to take a step back, leverage their existing risk management operations, and develop their RMORSA efforts with a mind to the future.

The groundwork for RMORSA was laid with International Association of Insurance Supervisors’ (IAIS) Core Principle 16 – Enterprise Risk Management – and much of the ORSA requirements can be fulfilled with the adoption of an ERM framework that addresses:

• Risk culture and governance

• Risk identification and prioritization

• Risk appetite and tolerances

• Risk management and controls

• Risk reporting and communication

Before you scoff at the scope of these requirements, consider that the ORSA Guidance Manual stipulates that insurers with appropriately developed ERM frameworks “may not require the same scope or depth of review” as organizations with less defined processes.

As defined by the NAIC, risk culture and governance defines roles, responsibilities, and accountability in risk-based decision making. In effect, the principle builds off of a 2010 SEC mandate requiring corporate boards to document their role overseeing enterprise risk. This rule extends the board’s role in risk oversight from C-level risks, activities and decisions to now having accountability at the business process level. Boards are explicitly given a choice between either having effective risk management, or disclosing their ineffectiveness to the public. Doing neither is considered fraud or negligence. Enforcement actions by the SEC have doubled in recent years, so it’s likely your board has already established risk management as a priority, but what does this mean for your organization?

The first practical issue is that it is no longer sufficient to rely on the audit function as a hub for risk management. Risk responsibility has always been the responsibility of process owners, and ORSA is now mandating better oversight under the guidance of a risk management function. For many organizations, the critical first step has been taken by establishing executive responsibility in a chief risk officer (a CRO is actually required to sign off on the ORSA assessment), but without the appropriate tools to make risk management actionable, accountability beyond the CRO is never properly defined. Front line managers hear “risk responsibility” and take the same action they would for other lofty strategic initiatives—that is to say, they take no action at all.

To engage process owners in a risk culture, each business area must take ownership for a subset of the enterprise risks.

online pharmacy singulair with best prices today in the USA

Risk managers, in effect, do not own the risks to the organization; on the contrary, they own the ERM process. Their primary role is to lay the groundwork for risk assessments, aggregate risk intelligence for board reports and create actionable initiatives for business areas in need of oversight.

Engaging process owners has the dual effect of permeating an enterprise-wide risk culture, while also creating a sense of shared responsibility. The structure defined above also creates three levels of defense, a concept adopted and well-articulated by the Institute of Internal Auditors. The operational risks are owned by the process owners. The risk management function provides guidance and strategic alignment.

online pharmacy spiriva with best prices today in the USA

And finally, internal audit ensures adherence to the proper policies and regulatory standards.

Risk culture and governance cannot be accomplished overnight, but significant progress can be made by adopting and articulating the best practices outlined above.

online pharmacy elavil with best prices today in the USA

For more information on engaging process owners, implementing a standardized risk assessment process, and reporting this information to the board, download LogicManager’s complimentary eBook, Presenting Risk Management to the Board.

When Your Commute Becomes Derailed

Posted on by

Just yesterday I remarked to my husband that my train, the Hudson line, has been amazingly stable and almost always on time. Especially when you consider that there have been major derailments of the Connecticut (May 17) and the Long Island (June 17) lines of the Metropolitan Transit Authority (MTA).

I should have known better. Just when you think you can take a breather, something is bound to happen, as it did this morning. Normally I would have been listening to the news and traffic report, but I was spending some time with my puppy before rushing to the ferry station. Once there I waited, but no ferry, and the few people who were there didn’t seem to know why. Annoying.

I called my husband and asked him to drop me off at the train station across the Hudson (parking is impossible there). On the train platform, however, I quickly learned that there was a big problem—the derailment of 10 CSX garbage train cars on a narrow portion of track used by the Hudson line. There were no injuries, but that is a whole lot of cleanup, not to mention the two tracks that need to be replaced, according to the conductor I talked to. He estimated it would take at least the weekend to repair the damage.

I have to say that I was impressed with the MTA’s contingency planning. The MTA gets a lot of flack, but it’s worth mentioning that they did get it right this time. What I expected to be a nightmare of delays and standing around waiting—on one of the hottest days of the year—wasn’t bad at all. The MTA train took us to Yonkers, just north of the derailment area, where we were quickly led to waiting busses. The busses transported the train’s passengers to a large subway station where we were ushered through a special turnstile, and our train passes were honored. The subway ride took a while, since it was a local covering more than 200 blocks. But a fellow passenger gave me an idea of the subway route and at what stop I should get off. Happily, I had only a block to walk to work.

Research shows that the MTA has an enterprise risk management plan in place. I found a 93-page document online that outlines significant business processes for the MTA bus company, bridges and tunnels, individual train lines and much more. It also notes which business processes have been reviewed. Under the listing of Maintenance of Equipment for the Long Island Railroad, for example, items that have been reviewed include locomotive daily inspection and diesel locomotive periodic inspection, rolling stock inspections and equipment surveys.

From what I have read, however, some passengers last night weren’t as lucky. They were told to wait for busses which didn’t arrive. That was right after the derailment, however, and it takes some time to put a major plan into action.

So, lessons learned:

• Listen to the traffic announcements on the radio every morning

• Don’t be too complacent when things go well

• Roll with the punches, occasionally things do work out

• Take time to play with the puppy, no matter what, even if you’re a little late for work

Taking Action in Washington

Posted on by

Recently, RIMS political action committee, RiskPAC, hosted a breakfast for Rep. Peter Welch (D-VT) in Washington, D.

buy reglan online www.arborvita.com/wp-content/uploads/2023/10/jpg/reglan.html no prescription pharmacy

C. RIMS was represented by Terry Fleming, a member of the RiskPAC board of directors and by Jim McIntyre, RIMS Washington D.C. Counsel. Representatives of other groups were also in attendance.

Fleming, a former RIMS president in 2010, expressed gratitude to Rep.

buy cellcept online www.arborvita.com/wp-content/uploads/2023/10/jpg/cellcept.html no prescription pharmacy

Welch for the meeting that lasted over an hour. “In all my years attending RIMS on the Hill, I met with a House or Senate member only once. Meeting face-to-face at a table with only four other attendees gave us the chance to express our views on our issues unburdened by interruptions. Rep. Welch showed keen interest in our issues and indicated that he would consider signing on as a sponsor of the bills that will come forward on our issues, as well as discussing the issues with other members of his committee.” Rep. Welch is a member of the Committee on Energy and Commerce and has historically shown interest in the issues that RIMS supports – reauthorization of the Terrorism Risk Insurance legislation that is set to expire in 2014, and amending the Risk Retention Act to allow those groups to offer commercial property insurance coverage in addition to the current automobile and general liability coverage that they offer to their members.

This meeting is another example of the importance in having a political action committee in place.

buy keflex online www.arborvita.com/wp-content/uploads/2023/10/jpg/keflex.html no prescription pharmacy

One of the reasons RiskPAC was created was to provide RIMS a seat at the table. Because of RIMS’ contribution to Rep. Welch, Fleming was able to get critical one-on-one time with the Representative and his chief of staff to discuss issues of great importance to the organization and to the risk management community as a whole. This is access that would be nearly impossible to get without a PAC in place.