IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Implementing Effective Ethics Programs

January 27th, 2008 · No Comments

The need for organizations to define and communicate effective policies and procedures resonates around the globe, and is strongly supported by such governance organizations to include the WTO, The World Bank, OCEG, and the OECD, to name but a few. A first, but essential, step to ensuring appropriate controls and operational efficiency is the defining of appropriate personnel behaviors through a developed Ethics Program. In addition to operational enhancements the organization is able to manage and minimize instances of fraud that can occur within an organization.

The application of these programs must be consistent across the entire organization’s operations. This is evidenced by the recent back room trader who lost $7,000,000,000 without the company becoming aware. It is true that certain aspects of the program may be applied based upon the risk individual functions may present to the organization (i.e. more frequent and indepth background checks are appropriate for individuals managing highly sensitive information, for instance).

Update:  2/26/08 New insight into the SocGen fraud revealed that core technology and procedural controls contributed to the success.  As a result an update highlighted that access account credentials will be restricted per user using biometrics, and improvements of alert procedure responses.

Recently conducting research on the Gramm-Leach-Bliley Act I came across FIL-105-2005 – which to the uninitiated is The Federal Deposit Insurance Corporation’s (FDIC) Guidance on Implementing an Effective Ethics Program. A short four pages, but it exacts the importance and core parts of such a program. The program components describe fourteen different regulations and laws that are supportive of the Guidance.

Additional references that are interesting include:


James DeLuccia

Tags: Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Tone at the Top

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment