Archive for the ‘Beyond Fraud’ Category

« Older Entries
2
Feb/120

Cold Case and Forensic Accounting: Awesome Exposure For Our Field!

Cold Case – my favorite show (not that I watch much television)

Tonight’s episode – The team probes the death of a woman whose dot.com company crashed.

Sitting around the table, reviewing a table covered in financial documents relating to potential insider trading (short selling) of the victim company’s stock

Investigator Danny Pino (Scotty Valens) says, “can’t we call some forensic accountants to read this stuff?’  The other investigator Thom Barry (Will Jeffries) replies (moaning), “these are worse than those poems last year.”

Great stuff – for us forensic accountants.  Job security.

Here’s a link to the show’s website:  http://www.cbs.com/primetime/cold_case/recaps/

Tags: , , , ,

Filed under Beyond Fraud No Comments »

20
Jan/120

Cloud Computing: Serious Considerations In Externalizing Your Data

Access and security – two major considerations when contemplating moving your systems and information from internally-maintained systems onto platforms and solutions hosted through the Internet.  Company files, patents, trademarks, proposals, customer lists, vendor lists, price and cost arrangements – this type of data arguably comprises the most valuable components of any business or organization.  How and where this critically sensitive information is accessed and stored is vital to ensuring their value.  Prior to “cloud”computing, the migration to Internet-based systems and storage of information, every company internalized their systems and data.  Access, security, safeguarding… were all directly addressed by the business mainly through in-house systems and solutions.  Physical safeguards could be as simple as maintaining a secure area within one of your own buildings.  In the end each business had a direct connection to their systems and information, housed mainly in-house.  Fortunately or unfortunately, more and more IT has been, and continues to be, shifted to external on-line solutions, relying on the controls, policies and procedures of other third-party outside entities established by contract to ensure the security and safeguarding of your information.

Access – allowing those authorized to have access, anytime, anywhere, and even more importantly, keeping those who are not authorized from accessing it.  The safeguards (both systemic system controls and manual-based policies and procedures) will dictate how strong the system will be, but how these controls, policies and procedures are maintained on an ongoing basis is potentially even more important.  Systems change, personnel change, and non-compliance to any safeguard could result in best case scenario, unauthorized access to your systems and data, and worst case scenario, the compromise and theft of key valuable proprietary information.

Security – how secure is your data, the systems, and the uninterrupted continuity of both?  How are the systems and data secured both physically and electronically?  As with access, the system and manual controls implemented will dictate how strong security is over your information, but ongoing compliance (and assurance that compliance continues) are also critical.

Some issues I have yet to overcome to allow me to support the “Cloud” movement – 1) what happens if a dispute develops between the contracting business using cloud services, and the cloud provider?    Under the old in-house configuration, the business simply withheld payment to the outside IT folks, and found new IT solutions while the differences were resolved / litigated.  Under cloud-based solutions, the cloud provider could simply turn off access to their cloud-based systems (and data), holding all the leverage towards resolving the dispute.  Relationship good – switched on, and relationship goes sour – switched off (no one has access to anything).

2) Today’s denial of service attacks on websites in response to the US Government’s abrupt shutting down and taking over www.megaupload’s website identify two genuine risks to access and security of your on-line systems and information. First, what if your business relied heavily on moving files back and forth between locations, sites, countries… using www.megaupload’s site.  The government’s decision to abruptly shut-down the company’s website service and business directly impacted your access to the files stored, or in transition, let alone having you find another solution to continue running your business.  Could the government do something similar to any web-based giant many businesses rely upon, sites like Google?  Who knows?  The fact is, abruptly today, with no notice for planning, the government shut the site and business down, ending all communications with it, resulting in holding all the leverage in resolving any issues the government had with the organization or its practices.  All the while, the megaupload’s business will remain closed, and any business or individual who used it will be left out, looking in from the outside.  It is similar to when the FDIC abruptly takes control over a financial institution – an abrupt closing, with no notice, leaving banking customers looking in through the doors wondering how and when they will ever gain access again to their funds.  One major difference history has shown is the banks tend to re-opened shortly after take-over, and the denial of access to funds is short lived.  When and if websites and internet-based solutions that are shut down will ever be open for access again is anyone’s guess.

3) Notwithstanding the government’s take-over, individuals and organizations with ill-will can also interfere with access and security to your systems and information.  Today’s denial of servcie attacks caused shut-downs of systems, preventing any access until the attacks were addressed.  How could a denial of access attack to your cloud provider’s system impact your access, your employee’s access, your customers’ and vendors’ access?  How much business would be lost if access to your systems and data was lost for even one business day?  The scenarios are not hard to imagine.  One cloud provider seeking more business could orchestrate a denial of access attack on a competitor’s cloud system, with the goal of luring the competitor’s customers over to their systems.  This type of “competitive” activity has always existed.  Why would anyone believe it wouldn’t within the electronic world?

Perhaps I am less open-minded to expanding into “cloud” solutions based on my experiences in forensic and litigation matters, where loyalties, contracts, duties, services, systems and data have been routinely violated regardless of the safeguards, controls, laws, regulations and consequences that existed.  In the end, today’s attacks continue to show me just how vulnerable businesses and individuals alike are, if they are heavily vested and reliant on solutions outside of their control for accessing and utilizing their systems and information.

Here’s an article relating to today’s attacks:

Go to cnn.com

Tags: , , , , ,

Filed under Beyond Fraud No Comments »

2
Dec/1110

Debit Card Monthly Fee – Reversal of Plans To Charge $5 Monthly

A little late with my post, but passing along the news story that Bank of America, the first to publicly announce plans to charge debit card users a monthly fee of $5, decided November 1st to reverse its decision.  One compelling reason may have had something to do with the over 300,000 signatures obtained on a petition protesting Bank of America’s decision to start charging.

Although banks may have changed their business strategy, and reversed their plans to charge monthly fees for use of a debit card, coupled with at least one posted response citing Mastercard and Visa setting low to no liability limits due to fraudulent activity on a debit card account, my position on debit cards remains unchanged.

Loose them!

You have to experience debit card fraud for yourself personally, or in my case three times, to appreciate that while you may not have ultimate liability for the illegal activity and unlawful withdrawals from your account, you will still be out of your funds and at the mercy of the financial institution to put them back.

If during the time funds were inappropriately taken and the time the bank puts your funds back into your account other bills such as your mortgage and credit cards were due, you may not be able to pay those bills timely, which could have a negative impact on your credit score and history.

In one actual case with a client, the unlawful withdrawal from the company account occurred in February.  They are still waiting for the bank to put their funds back, some nine months later.  They have, however, been told by the bank that they won;t be responsible for the fraudulent activity – lot’s of help that has been without use of their funds for so ling.

It there any reason why you can’t abandon your debit card, return to a traditional credit card, and pay the balance off each month?

Here’s the link to an article:

http://abcnews.go.com/Business/bank-america-drops-plan-debit-card-fee/story?id=14857970

Tags: , ,

Filed under Beyond Fraud 10 Comments »

« Older Entries