Responding to a cyber incident isn’t just about getting the systems back up and running (very important) but rather performing in sequence a set of mechanisms that improve the overall cyber incident response effectiveness. The set of sequences or as they are known in the sporting world, the follow through, is key to the most successful incident response and might not be as straightforward as you assume. Read on for a follow-through formula designed for efficient incident response here.
If you get an email or a business card from a forensic accounting professional, you might see a bunch of credentials behind their name. But what do they all mean? Here is a brief description for some of the most common forensic accounting related professional credentials:
- Certified Fraud Examiner (CFE) – CFEs resolve allegations of fraud, obtain evidence, conduct interviews, write reports, testify to findings and assist in the prevention and detection of fraud.
- Certified Public Accountant (CPA) – CPAs are accounting professionals who have passed the CPA examination and have also met additional state certification and experience requirements.
- Certified in Financial Forensics (CFF) – CFF is a specialty credential in financial forensics issued by the American Institute of Certified Public Accountants (AICPA).
- Certified Forensic Interviewer (CFI) – CFIs conduct a variety of investigative interviews with victims, witnesses, suspects or other sources to determine the facts regarding suspicions, allegations or specific incidents.
Additional certifications that are common for forensic specialists include the following:
- Certified Financial Crimes Investigator
- Accredited in Business Valuation (ABV)
- Certified Valuation Analyst (CVA)
- Private Investigator
- MBA in Fraud Management and Economic Crime
- Seized Computer Evidence Recovery Specialist
- Certified Handheld Forensic Examiner
- Certified E-Discovery Specialist (CEDS)
- Encase Certified Forensic Examiner (EnCE)
- AccessData Certified Examiner (ACE)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information System Security Professional (CISSP)
- Certified Information System Manager (CISM)
What’s to Report? Financial fraud isn’t the only concern for businesses. Ethical violations of every sort imaginable can take place at any organization and within any department. According to a 2013 National Business Ethics Survey (NEBS) conducted by the Ethics Resource Center, 41 percent of the respondents indicated they witnessed some form of workplace misconduct, including conflicts of interest, discrimination and violations of health and safety regulations. With an anonymous whistleblower hotline in place for employees, tips can be submitted safely and securely for all manner of wrongdoing:
Financial: Every business is at risk of financial abuses and errors. From inadequate accounting procedures to audit issues and simple billing errors, there are a plethora of opportunities for mistakes to be made or criminal activity to take place.
Ethical: Some business practices may not necessarily break any laws, but they would still be considered unethical if utilized improperly. Ethical breaches can include anything from code of conduct violations to outright theft, including intellectual property theft.
Privacy: In today’s digital world where everyone and everything is connected and online, privacy concerns have never been more pronounced. Identity theft can happen to anyone, and breaches can occur anywhere personal information is stored. The health care industry is particularly at risk for inadvertent confidentiality breaches.
Security: Security goes hand-in-hand with privacy. Securing both physical and digital property is becoming harder and harder with the advancement of technology. Hackers target everything from electronic door locks to customer databases.
Safety: Businesses that don’t take safety seriously put their workers in jeopardy, as well as their customers. OSHA violations aside, an unsafe work environment is neither efficient nor profitable.
HR Violations: No department benefits more directly from the implementation of a reporting hotline than human resources. HR professionals constantly deal with ethical and workplace safety issues, from employee handbook violations to harassment and discrimination.
With an anonymous, easy-to-use reporting system, employees feel much more comfortable reporting wrongdoing. They know their name won’t be attached to the tip. They won’t fear retaliation. But they WILL report the issue that could end up saving the organization money and even lives thanks to early detection and correction. Having adequate controls that seek out fraud, rather than relying on external or passive detection methods, can dramatically reduce the cost and duration of illicit activity. Such controls also allow for more information to be gathered up front.