Office Hours is a work of passion to share strategies, technology ideas, and real-world stories that inspire governance, risk management, compliance, and audit professionals to live their biggest impact! Our channel is dedicated to delivering the best stories and strategies in developing GRC programs we've seen across 7,000 organizations in 140 countries around the world. In every episode we'll drill down on a topic that can help you level up - risk management, compliance automation, data analytics, next-generation auditing, robotic process automation, artificial intelligence, etc.
This week on Office Hours (https://officehou.rs), hosts Kevin Legere and Dan Zitting discuss third party risk management by looking at a situation where contract risk/vendor risk led to several very large organizations being substantially over-billed and the vendor itself having to restate its financial statements after rectifying the issue. We'll dig into how it happened and using "big data" to identify and resolve the issue.
This week on Office Hours, hosts Kevin Legere and Dan Zitting discuss their experiences identify ghost employees, ghost beneficiaries, and other related cases where large organizations are being defrauded through the identify theft of dead people. Kevin describes a large company where identified a high ranking executive had used the identity of a dead person to get hired, Dan describes a state government paying benefits (food stamps, veteran benefits, etc.) to people who were actually dead, and we show how to identify and monitor these issues. Enjoy!
This week on Office Hours, our first guest host, the mad genius Phil Lim, joins Dan Zitting to talk about the Paradise Papers... what they mean and how an organization he worked with was interested in using the data compiled from them to look at potential risk indicators fraud or corruption. Phil actually uses the real data with real US government spending data to show how the process looks to evaluate red flags.
This week on Office Hours, our hosts, Dan Zitting and Kevin Legere, talk about managing risk events. What are risk events? They could be anything from an ethics hotline reports, conflict disclosures, security incidents, sexual harassment incidents, unexpected financial instrument value fluctuations, physical security breaches, vendor failures, etc., etc. No matter which function you're in or the risk you're responsible, it is surely possible to centralize the capture, review, and remediate these events in a way that maximizes assurance of appropriate follow-up while creating insightful reporting and automating much of the process. In this episodes we share examples of how to do so in ACL software, bu the principles apply regardless.