Forensic Update

Reflections on information management within the legal and regulatory arena

Posts Tagged ‘fraud’

General Counsel Toolworks Forum: Data Governance & eDiscovery

Posted by Johnny Lee on December 1, 2011

Sponsored by Grant Thornton LLP’s Forensic & Litigation professionals, the Forum offers educational events and resources for today’s in-house counsel and corporate senior management. We collaborate with trial and transaction lawyers from some the nation’s leading law firms to bring you periodic complimentary webcasts addressing important financial, operational and legal issues that can impact your organization.

Each event will be supported by a customized Toolbox — documents and other resources offering guidance on the topics covered by the webcast.  The next Toolworks Forum will focus upon the state of the e-discovery marketplace; the importance of intelligent, proactive information and litigation management; and practical steps companies can take to reduce expenses and risks associated with civil litigation and government investigations.

This webinar event will be held on Thursday, January 19, 2012, and it will begin at 1:00pm Eastern time and continue for 90 minutes.  CLE credit has been applied for, and full details can be found here.  Johnny Lee, Director in Grant Thornton’s Forensic & Litigation practice, and Dante Stella, eDiscovery practice leader at Dykema Gossett, will present.

Advertisements

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment »

“Controlling your Data Avalanche” Webinar…

Posted by Johnny Lee on October 27, 2011

 

I am pleased to announce that I will join luminaries from Vedder Price, a prominent U.S. law firm, in a discussion on “Managing your Data Avalanche” on November 16, 2011.  This webinar will delve into strategies for satisfying an organization’s legal obligations associated with Records Retention, eDiscovery, Litigation Holds, and Data Privacy.

“All too often, companies approach their data management obligations reactively and in a piecemeal fashion. This need not be the case; in fact, companies can satisfy their legal obligations with greater certainty — and more economically — through comprehensive data management strategies.”

This Webinar will be of interest to General Counsel, Chief Compliance and Information Officers, and those with a key role in managing eDiscovery or litigation within an organization.  This Webinar will provide an overview of legal trends in data management, with a specific focus on social media, cloud computing, eDiscovery, litigation holds, and data breach preparedness and response.  We will discuss ways in which companies can better manage their data through proactive data-management strategies.

To register for this webinar, please click here.  (Login information and presentation materials will be sent to registrants prior to the webinar.)

Click to learn more about Grant Thornton’s Forensics, Investigations and Litigation practice.   Click to learn more about Vedder Price’s Records Management, eDiscovery and Data Privacy practice.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on “Controlling your Data Avalanche” Webinar…

Excellent Session with the IT GRC experts at annual ISACA Conference…

Posted by Johnny Lee on October 26, 2011

ISACA_ITGRC-LogoLast week, I had the pleasure of presenting to a lively audience at the world’s leading conference for IT governance, risk and compliance professionals. The event, hosted at the Ritz-Carlton Hotel in Orlando by the good folks at ISACA, brought together a panoply of experts in the auditing, compliance, privacy, and information security space.

I presented on the subject of Data Governance and Electronic Discovery, and how these concepts represent “flip sides of the same coin.” What was particularly rewarding for me was the level of interest and participation during our interactive case study. Thanks to all who attended and participated last week…I enjoyed myself immensely, and I hope that you found it a rewarding discussion.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Excellent Session with the IT GRC experts at annual ISACA Conference…

Radio Show Appearance: Guest Expert on Business Fraud Awareness

Posted by Johnny Lee on September 6, 2011

ForensicUpdate editor, Johnny Lee, hit the airwaves again with colleague Philip Ratliff.  This time our host was Alan Butler, host of Atlanta’s Premier Business Talk Show “Butler on Business.”  Alan and co-host Jason Riddle facilitated a lively discussion covering a areas of concern to business owners and managers alike.

Listen as Philip Ratliff and Johnny Lee of Grant Thornton LLP’s Atlanta Forensics & Litigation practice comment on a broad variety of fraud issues facing organizations—especially in a down economy.  Segment one of the program can be found here; segment two can be found here. Please note that the views and opinions expressed are personal views and are not necessarily those of Grant Thornton; click here for more on this.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Radio Show Appearance: Guest Expert on Business Fraud Awareness

Trick or Tweet? Radio show appearance discussing recent issues on social media…

Posted by Johnny Lee on July 27, 2011

“Social media follows you around. Unlike Vegas, what happens online stays online forever with participants, leaving behind a wake of electronic information. As millions of smart-phone, Twitter, and Facebook users take to the Internet to send messages and post updates, they may place themselves and their businesses at risk.”

ForensicUpdate editor recently hit the airwaves with colleague Philip Ratliff on San Diego’s popular legal talk radio show with Jeff Isaac, host of “The Lawyer in Blue Jeans” program, to illuminate the concerns and issues related to the risks of social media use by individuals and businesses alike.

Listen as Philip Ratliff and Johnny Lee of Grant Thornton LLP’s Atlanta Forensic & Litigation practice discuss social media risks that can become serious issues if not dealt with carefully. Please note that the views and opinions expressed are personal views and are not necessarily those of Grant Thornton; click here for more on this.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Investigations, Privacy, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Trick or Tweet? Radio show appearance discussing recent issues on social media…

Focus on Forensics ─ The Economist’s role in change-of-workforce discrimination cases

Posted by Johnny Lee on June 16, 2011

From Grant Thornton: “Companies involved in either reductions or expansions in force should be prepared for scrutiny over whether the composition of affected employees or job applicants is driven by business-related factors and whether there is evidence of an adverse impact on protected class members. In The role of economists in reduction (or expansion) in force discrimination cases we discuss how economists can assist a company’s legal counsel in validating or invalidating a plaintiff’s claim that the selection process has had an adverse impact on employees in a protected class.

This timely thought leadership comes from Grant Thornton’s Focus on Forensics series, a newsletter providing valuable forensic insights into some of the most complex and critical challenges facing businesses and legal counsel today.  Click here for prior online editions of this newsletter or to subscribe to upcoming editions, and click here for more information about a Grant Thornton Forensic & Litigation Services professional near you.

Posted in Announcement, Data Governance, eDiscovery, Forensic Accounting, Records Retention | Tagged: , , , , , , , , , , , , , , , , , | Comments Off on Focus on Forensics ─ The Economist’s role in change-of-workforce discrimination cases

Forensic Update editor presenting at North American ISACA conference…

Posted by Johnny Lee on May 17, 2011

The world’s leading conference for IT audit, control, security and governance professionals holds its 2011 annual conference in Las Vegas. ForensicUpdate editor, Johnny Lee, will present on the topic of “Data Governance and eDiscovery: Good Faith, Bad Actors, and Questionable Data.”  Click here for more details.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Forensic Update editor presenting at North American ISACA conference…

U.K. Bribery Act — Implications for U.S. Companies…

Posted by Johnny Lee on April 21, 2011

From Grant Thornton: GT_UK-Bribery-Act-Logo“The UK has released the long-awaited guidance regarding the Bribery Act 2010, which will come into force on July 1, 2011.  This important legislation introduces more aggressive and far-reaching penalties for noncompliance than its U.S. counterpart ─ the Foreign Corrupt Practices Act.  This alert discusses six key principles of adequacy on which companies will be evaluated, as well as additional provisions that U.S. companies should consider in preparation for the legislation’s enactment.”

Read more in Decision time:  The UK Bribery Act and what it means for U.S. companies.  This timely thought leadership comes from Grant Thornton’s Focus on Forensics series, a newsletter providing valuable forensic insights into some of the most complex and critical challenges facing businesses and legal counsel today.

Click here for prior online editions of this newsletter or to subscribe to upcoming editions, and click here for more information about a Grant Thornton Forensic & Litigation Services professional near you.

Posted in Announcement, Computer Forensics, Data Governance, Fraud, Investigations | Tagged: , , , , , , , , , , , , , , , , , , | Comments Off on U.K. Bribery Act — Implications for U.S. Companies…

Enterprise E-mail Management…Why it Matters So Much

Posted by Johnny Lee on February 21, 2011

Email Archive

Let’s face it, the thought of enterprise email management simply is not topping the list of sexy, self-evident corporate priorities these days.  Of course, there’s nothing like the negative treatment of genuinely embarrassing news coverage or court sanctions (or worse) to get organizations to revisit the necessity of this vital portion of data governance.

Simply put, it’s hard to fund (much less carry to fruition) an enterprise program that focuses on data management.  While litigation and prosecutions may make headlines, email management is not merely about avoiding culpability and other pitfalls in those arenas.  Properly done, enterprise email management can reduce IT spend, make business processes more efficient, and save hundreds of thousands (if not millions) of dollars annually for companies facing any sort of regulatory scrutiny or civil litigation.

Indeed, companies in every industry and geography are seeing an increase in the rate of litigation and regulatory scrutiny.  This increase is changing not just the way organizations handle such matters but the way in which they do business generally.

According to the latest installment of the annual Corporate Litigation Trends from international law firm Fulbright & Jaworski, many organizations are anticipating not only an increase in litigation and regulatory activity, but half believe that the “legal industry” will permanently change the way their business is conducted.  The survey also highlights the belief that legal and regulatory changes related to corruption and bribery investigations, data privacy, and social media will force organizations to think more proactively about their data governance initiatives.

Of course, there is no shortage of literature detailing why data governance is a good idea.  Despite this, few organizations get this right.  The profound disconnect between stakeholders within IT, Legal, HR, and Finance seems to be the principal explanation for why more organizations are not successful in these programs.  Historically, most companies launch an earnest (though myopic and frequently doomed) effort from the IT group.  When this effort failed for lack of consensus or effectiveness, organizations would effectively shelve effort for another year, chalking it up to insurmountable obstacles.  For a long time, this “charmed life” syndrome was permitted because companies so rarely faced a bet-the-company proposition that hinged on something as mundane as records management.  Today’s legal and regulatory arena makes this attitude a substantial gamble, and fewer executives, boards of directors, and audit committees are willing to tolerate it any longer.

More and more organizations are taking a proactive stance, and they seem to start with what is typically the most substantial data repository: electronic mail.  This is probably a wise gambit, though it should be tackled circumspectly.  While true that corporate users exchanged over 60 billion e-mails daily in 2009, it is sheer folly to consider this issue as strictly a technological headache.

The failure to integrate policy, training, monitoring, and PROCESS is the chief reason cited by courts and regulators for sanctions—not the breakdown of a given technology.  Accordingly, if you are in an organization that is finally seeing the light and embracing data governance, learn from the missteps of your colleagues: treat the enterprise initiative of data governance like…well, an enterprise initiative.  Lead with the notion of a “program” (not a project) and manage change from the top down (i.e., establish policy stances that extend to everyone; design process that aligns with policy; then select technology that aligns with these processes).  Finally, don’t forget about training, custodian acknowledgements, and monitoring controls.

Posted in Data Governance, ECM, eDiscovery, Litigation Hold, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Enterprise E-mail Management…Why it Matters So Much

Trade Secrets and Departing Employees…A Cautionary Tale

Posted by Johnny Lee on February 14, 2011

Employers would be wise to review the fact pattern from a Columbus manufacturing company which was involved in a federal investigation related to the theft of trade secrets from a departing employee.  The former employee, Kevin Crow, admitted to stealing highly confidential information from Turbine Engines Components Technologies Corporation (“TECT”) in violation of the Economic Espionage Act.

Crow’s plea deal with the government resulted in a three-year jail sentence, another three years of “supervised release,” and a $10,000 fine.  The deal details Crow’s misbehavior from 1979 until 2007 (when he was laid off), at which time Crow joined a competitor.

Crow admits to walking out the door with close to one hundred (100!) compact discs containing top secret informationincluding blueprints as well as cost and pricing information.  Both TECT and Crow’s newest employer are in the business of “manufacturing and selling engine blades for military aircrafts.”

According to a press release from the United State Attorney’s Office in the Middle District of Georgia, “As an employee of TECT, Crow continually provided policy statements with explicit direction on identifying trade secrets within the company and how to protect those trade secrets. During Crow’s exit interview he signed a document stating that he had returned all documents containing any trade secret information to TECT, when in fact, he had taken approximately 100 computer discs containing multiple pieces of information considered trade secrets from TECT.

Crow was later employed by Precision Components International (PCI) in Columbus, Georgia, a competitor of TECT…After being employed with PCI, Crow made numerous contacts with employees of TECT requesting forging price sheets containing vendor and customer information. He also requested copies of TECT’s 2007 and 2008 contract reviews that contained trade secret information.  Crow admitted in a conversation with a TECT employee that he took computer discs, blueprints, and cost and pricing information belonging to TECT, and admitted that providing the information could be considered industrial espionage.”

United States Attorney Michael Moore said, “This type of industrial espionage is a serious matter, especially when it involves the production of parts for our military aircraft.  The damages alone to TECT and its employees might be calculated in dollars, but the potential harm to our military equipment readiness is still unknown.”  The parties involved in the plea agreement stipulated that TECT suffered losses of up to $14 million.

So, how can companies protect themselves from employees as unscrupulous as Crow?  The above fact pattern makes it clear that this is no easy proposition, but a robust data governance program seems like the most reasonable first step.  When considering the nature and sensitivity of the information used and protected by TECT (and similar firms), it strikes this editor as quite odd that more advanced data leakage and information security protocols were not employed at TECT.

The FBI employs highly competent investigators, and I have little doubt that Crow might have evaded detection for quite some time but for this fact.  Likewise, Crow might not have been caught if he were less overt in his attempts to obtain sensitive information (not to mention his rather myopic and incriminating admissions to former co-workers).  The take-away here is that the technology exists to send up flares long before a problem surfaces, as it did here, “procedurally” (as opposed to tripping a wire via one or more monitoring controls).  But for Crow’s brazen missteps, this theft of information might have gone undetected for a long, long time.

 

 

See also: Microsoft accuses former manager of stealing 600MB of confidential docs

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Information Security, Investigations, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , | Comments Off on Trade Secrets and Departing Employees…A Cautionary Tale

 
%d bloggers like this: