IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Login | Free Registration 
Archive  | Papers  | Events  | Newswire  | Blogs  | Find a Technology Supplier  Contact IT-Analysis.com 
Module Header
Clive LongbottomQuocirca
Clive Longbottom
18th March - Mixing water and electricity - Cool!
Fern HalperFern Halper
Dr Fern Halper
17th March - The Importance of multi-language support in advanced search and text analytics
Laurie McCabeLaurie McCabe
Laurie McCabe
16th March - SAP Aims for SME
David TebbuttTeblog
David Tebbutt
15th March - If 'semantic web' annoys you, read on...
Neil Ward-DuttonMWD Advisors
Neil Ward-Dutton
9th March - Keynoting at CloudSlam '10
Laurie McCabeLaurie McCabe
Laurie McCabe
9th March - What is Social Media Management, and Why Should You Care?
Module Header
Q. What features do you want to see on this site?
 
Blogs > Bloor IM Blog
Bribery
Philip Howard By: Philip Howard, Research Director - Data Management, Bloor Research
Published: 8th February 2010
Copyright Bloor Research © 2010
 Logo for Bloor Research

You often hear security officers, not to mention vendors, talk about fraud detection and prevention but you seldom (never in my experience) hear anyone talking about Bribery. However, in the wake of BAE Systems settlement with the both the UK and US authorities, it is worth paying a little more attention to it. In particular, in the UK there is a bribery bill currently passing through parliament, and it is expected to be passed before the next general election: in other words in the next few months.

One of the provisions of the bill is that companies can be held accountable for the actions of their employees. In order to defend themselves against such charges companies will need to be able to prove that they have suitable provisions and processes in place to prevent bribery in the first instance and, in the second, to detect it when it does happen.

Well, that sounds a lot like fraud prevention and detection. But it also sounds a lot like Sarbanes-Oxley or other compliance requirements. Fraud is something you would like to prevent for obvious business reasons, however there are not, typically, any regulations that require you to have anti-fraud processes in place. You might argue that PCI-DSS falls into that category but that is a special case.

Of course, while bribery is a crime in terms of offering inducements to other people it is also a crime to accept such inducements. In the UK we tend to think of bribery as being something that is only done in foreign countries but that's certainly not the case: I did some consulting for a UK-based public company a few years ago looking into its supply chain and during the course of that work the manufacturing director was suspiciously unenthusiastic about rationalising the company's suppliers and what it bought from whom. Indeed, so suspicious that the CEO and CFO started to look into it and discovered that he was taking backhanders. So there is no place for complacency.

Until the bill is passed, assuming that it is, we won't know the full extent of the regulation and what will be required of companies but it seems likely that appropriate compliance monitoring will be required, along with forensics. If this is the case then those forensics will need to be run on a regular basis. However, whatever is required this looks another opportunity for SIEM (security information and event management) and log management vendors.

Reader Comments

Do you agree with what Philip Howard, Research Director - Data Management, Bloor Research is saying? Perhaps you feel, or even know, different? Why not post your opinion on this issue?
Advertisement


Analysts
Bloor Research Hurwitz & Associates Hydrasight Interarbor Solutions MWD Advisors Quocirca Sageza Group, Inc. The Information Difference
Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)190 888 0760
Fax: +44 (0)190 888 0761

Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: