IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Login | Free Registration 
Archive  | Papers  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
7th February - Android: Ice Cream Sandwich Accessibliity
David NorfolkThe Norfolk Punt
David Norfolk
7th February - BCS CMSG Conference 2012
Neil Ward-DuttonMWD Advisors
Neil Ward-Dutton
3rd February - Developing process applications: a place for everything, and everything in its place
Fern HalperFern Halper
Dr Fern Halper
31st January - Four Vendor Views on Big Data and Big Data Analytics: IBM
Fran HowarthBloor Security Blog
Fran Howarth
30th January - Getting ahead in the cloud
Philip HowardBloor IM Blog
Philip Howard
25th January - Cassandra and Hadoop
Blogs > Bloor IM Blog
Bribery
Philip Howard By: Philip Howard, Research Director - Data Management, Bloor Research
Published: 8th February 2010
Copyright Bloor Research © 2010
 Logo for Bloor Research

You often hear security officers, not to mention vendors, talk about fraud detection and prevention but you seldom (never in my experience) hear anyone talking about Bribery. However, in the wake of BAE Systems settlement with the both the UK and US authorities, it is worth paying a little more attention to it. In particular, in the UK there is a bribery bill currently passing through parliament, and it is expected to be passed before the next general election: in other words in the next few months.

One of the provisions of the bill is that companies can be held accountable for the actions of their employees. In order to defend themselves against such charges companies will need to be able to prove that they have suitable provisions and processes in place to prevent bribery in the first instance and, in the second, to detect it when it does happen.

Well, that sounds a lot like fraud prevention and detection. But it also sounds a lot like Sarbanes-Oxley or other compliance requirements. Fraud is something you would like to prevent for obvious business reasons, however there are not, typically, any regulations that require you to have anti-fraud processes in place. You might argue that PCI-DSS falls into that category but that is a special case.

Of course, while bribery is a crime in terms of offering inducements to other people it is also a crime to accept such inducements. In the UK we tend to think of bribery as being something that is only done in foreign countries but that's certainly not the case: I did some consulting for a UK-based public company a few years ago looking into its supply chain and during the course of that work the manufacturing director was suspiciously unenthusiastic about rationalising the company's suppliers and what it bought from whom. Indeed, so suspicious that the CEO and CFO started to look into it and discovered that he was taking backhanders. So there is no place for complacency.

Until the bill is passed, assuming that it is, we won't know the full extent of the regulation and what will be required of companies but it seems likely that appropriate compliance monitoring will be required, along with forensics. If this is the case then those forensics will need to be run on a regular basis. However, whatever is required this looks another opportunity for SIEM (security information and event management) and log management vendors.

Reader Comments

We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Advertisement


Analysts
Bloor Research Hurwitz & Associates Hydrasight Interarbor Solutions MWD Advisors Quocirca Sageza Group, Inc. The Information Difference
Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)190 888 0760
Fax: +44 (0)190 888 0761

Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: