Risk Reduction Through Monitoring Non-Financial Data – September 2014

This topic concerns internal controls

Strong internal controls are crucial for a businesses to detect and prevent fraud, thereby creating a solid foundation for growth. Typically these controls are applied to structured data such as operating statistics and financial data. While this effort is enormously helpful, many businesses would benefit from monitoring unstructured data as well.

Unstructured data includes e-mail, desktop documents, internet logs, text messages, and social media posts. Understanding this data can be very helpful in understanding why a risk existed, how it developed, who was involved, and identification of additional risks that may develop. By monitoring these types of data, a business can better detect risks and prevent surprises for management.

Privacy is a tantamount concern, thus the data must be monitored and reported anonymously. That is, the user or creator of the data is not known to the monitoring parties. If a problem is discovered, then appropriate parties can be contacted so that the potential risks can be better understood. Such activities include: e-mail traffic, particularly to competitors; gaps in e-mail traffic to detect deletion of e-mails; which internet sites are accessed; and what social media sites are frequented. Again, this can be accomplished without the investigator being aware of the employee’s identity. If a red flag emerges, then additional information can be obtained from the relevant personnel, at the discretion of management.

In implementing such a program, it is important that management clearly communicate the policy to employees, emphasizing the anonymous nature of the program. Early detection of a budding risk could help save the company.

For additional information, please see the following link:

http://www.journalofaccountancy.com/Issues/2014/Jan/20126972.htm

Capitol CFO Solutions serves clients in Washington DC, Maryland, and Virginia. Please contact us for a free consultation.