Hard, soft or situational controls? Bridging the gap between security, compliance and internal control
- PDF / 821,517 Bytes
- 21 Pages / 439.37 x 666.142 pts Page_size
- 99 Downloads / 262 Views
Hard, soft or situational controls? Bridging the gap between security, compliance and internal control Harald Haelterman1
© Springer Nature Limited 2019
Abstract A historic focus on preventing losses from crime and a growing demand for compliance and internal control have placed the risk of employee crime and misconduct high on the corporate risk map. Its potential impact has become increasingly evident and operational management supported by various functional teams are being held accountable for establishing and implementing effective risk mitigating strategies and controls. The need for these teams to work together in a concerted manner is an obvious one, as a lack of alignment may result in inefficiencies and control deficiencies. In this paper it is argued that cross-functional collaboration can potentially be established or improved if practitioners come to realize that the measures and controls developed and introduced to mitigate the risk of employee crime and misconduct are very much alike. Following an exploratory review of the types of controls referred to in literature, it borrows from environmental criminology to demonstrate that similarity. Keywords Employee crime and misconduct · Cross-functional collaboration · Hard controls · Soft controls · Situational measures
Introduction While Security has traditionally been considered the key department dealing with crime in a workplace environment, several developments have shaped a landscape in which other departments have equally become engaged in managing the risk of employee crime and misconduct. Discourses about risk and risk management have shaped new visions on the way in which organizations should be governed and constituted, and a variety of managerial and administrative practices have been organized for the explicit purpose of representing and handling risk (Power 2007, pp. * Harald Haelterman [email protected] 1
Department of Criminology, Criminal Law and Social Law, Faculty of Law and Criminology, Ghent University, Universiteitstraat 4, 9000 Ghent, Belgium Vol.:(0123456789)
H. Haelterman
3–4). As indicated in a 2013 position paper by The Institute of Internal Auditors (IIA 2013, p. 1), it is not uncommon in twenty-first century business ‘to find diverse teams of internal auditors, enterprise risk management specialists, compliance officers, internal control specialists, quality inspectors, fraud investigators, and other risk and control professionals working together to help their organizations manage risk’. In that same position paper, it is argued that because duties related to risk management and control are increasingly being split across multiple so-called ‘second line of defense’ departments and divisions, there is a clear need for coordination (Ibid.). This paper focusses on the activities of a security, compliance and internal control department in large organizations and multinationals. Whereas the specific tactics, methods and scope of work of these departments may vary; and while they often report into different work
Data Loading...
