17 Folgen

Let us dive into the world of corporate integrity, ethical leadership, and its success factors.

Without being sensitised, we quickly find ourselves surrounded by different patterns of white-collar crime, non-compliance, and cyber-crime.
Compressed knowledge in easily digestible doses to protect your company, your employees, your customers, and yourself - as a business leader or entrepreneur.

Are you a decision-maker? A game changer towards corporate integrity and ethical leadership?

The podcast The Human Factor - Corporate Integrity Matters is an extract of the three decades of experience earned by Sonja Stirnimann, a certified public accountant with an international Executive MBA in Financial Services and Insurance, a Certified Fraud Examiner, a business mediator, and executive coach.

As a globally active entrepreneur, founder of Structuuland Corporate Integrity Concepts™, independent board member of various organisations and expert in her field, she knows the challenges.

Sonja shares her knowledge because she is convinced that raising awareness is the most effective preventive measure to protect individuals and organisations asset and reputation.

No matter whether we talk about accounting scandals, insider trading, Ponzi schemes, investment fraud, compliance breaches, tax evasion, data theft, extortion, allegations of corruption and bribery, cyber-attacks, or a combination thereof. They all have in common that the successful implementation of the organisation’s strategy, the asset and reputation protection as well as the ability to act in crises is put at risk.

Let yourself be inspired by insights, interviews, and use cases in corporate integrity with its various factors impacting human behaviour.

The Human Factor Sonja Stirnimann

    • Management
    • 5.0 • 3 Bewertungen

Let us dive into the world of corporate integrity, ethical leadership, and its success factors.

Without being sensitised, we quickly find ourselves surrounded by different patterns of white-collar crime, non-compliance, and cyber-crime.
Compressed knowledge in easily digestible doses to protect your company, your employees, your customers, and yourself - as a business leader or entrepreneur.

Are you a decision-maker? A game changer towards corporate integrity and ethical leadership?

The podcast The Human Factor - Corporate Integrity Matters is an extract of the three decades of experience earned by Sonja Stirnimann, a certified public accountant with an international Executive MBA in Financial Services and Insurance, a Certified Fraud Examiner, a business mediator, and executive coach.

As a globally active entrepreneur, founder of Structuuland Corporate Integrity Concepts™, independent board member of various organisations and expert in her field, she knows the challenges.

Sonja shares her knowledge because she is convinced that raising awareness is the most effective preventive measure to protect individuals and organisations asset and reputation.

No matter whether we talk about accounting scandals, insider trading, Ponzi schemes, investment fraud, compliance breaches, tax evasion, data theft, extortion, allegations of corruption and bribery, cyber-attacks, or a combination thereof. They all have in common that the successful implementation of the organisation’s strategy, the asset and reputation protection as well as the ability to act in crises is put at risk.

Let yourself be inspired by insights, interviews, and use cases in corporate integrity with its various factors impacting human behaviour.

    016 - Check your security in the cyber territory

    016 - Check your security in the cyber territory

    When we talk about cyber security, this includes protection in the social structures of the Internet.
    It is about protecting people from the violation of physical or mental integrity. Accordingly, security is a broader view than crime. Cybersecurity encompasses more than cybercrime.
    “The absence of security begins where an individual suffers harm or is likely to suffer harm.”
    Violation of physical or mental integrity
    The interpretation of the violation of physical or mental integrity of individuals requires a more flexible approach.
    If we focus exclusively on individuals, we miss out on those behaviours that are directed against organizations, companies, or society.
    My clients are, of course, individuals and usually part of an organization or company. Always also a member of society.
    Examples of these are
    illegal transactions and
    the creation of criminal structures involving the underworld and legitimate economic activity (money laundering via activities on the Internet).
    These are the so-called victimless offences.
    Which is indirectly not true as the price and impact of money laundering is high – for the entire world and that is going to be another story and episode of the future.
    I also recognise that the terms cyber security and cyber crime needs more focus when it comes to the terms and definitions.
    Cyber security versus cyber crime
    Although cyber security encompasses more than cybercrime, the latter plays an important role in cyber security.
    There are various definitions of cybercrime in circulation, but no single one which all agree on. Nor is there an official conceptual framework for this type of crime.
    Because the pattern of cyber crime are key to be understood like we do with the patterns of other fraud cases.  
    Terminologies and categorizations
    We also work with different terminologies and categorizations, with the following features becoming apparent:
    There are offences with which ICT (Information and Communication Technology)
    a) constitutes the end and tools (hacking, spreading viruses)
    b) is executive but not the aim (e-fraud, distribution of forbidden content)
    In conclusion, cybercrime can be understood as an overarching concept for offences in which ICT plays an essential role.
    The two subcategories to be derived are cybercrime in the
    – in the narrower sense, using ICT as an end and means
    – other senses, with which ICT is responsible for the execution but is not the goal
    What is the difference between the responsibility of ICT in the execution or the use of ICT as a tool?
    When ICT is used exclusively as a tool, we are not usually talking about cybercrime.
    For example, when a criminal uses Google Map (or other electronical provider of maps) to find the petrol station for his next robbery.
    The term cybercrime is used for those crimes that use ICT as a target and a means.
    Cybercrime in the broader sense will disappear to exist over time, as it is only the modus operandi of how an offence has been committed. The term cybercrime is neither used to explain a criminological classification of the field of study nor to define the technical procedures for committing the offence.
    Even criminal prosecution does not need this term for the punishment of the offences, despite the Internet age. In this respect, the term “cybercrime” does not clarify anything - officially.
    Offences should not be named according to the territory used (in our case here: cyber).
    This would otherwise mean that with every new technology or the use of tools to commit a crime, the taxonomy of crime would change.
    This means that we should understand the social relevance of information technology not from the technology itself, but from the social processes on which the technology is based on.
    Even if computers are used – an (economic) crime is an (economic) crime. The focus from

    • 17 Min.
    015 - The overseen (fraud) vulnerability

    015 - The overseen (fraud) vulnerability

    Raising awareness – also when it comes to topics like biases – is where everything starts. Without being aware of xyz no transformation can happen.
    Therefore, I am convinced that with your personal awareness of being biased the protection already starts.
    And if you extend it to your team, your organisation, you have a powerful tool at hand which is understood and supported. That is what you need to secure your most precious assets.
    When it comes to social engineering there is that common myth of putting the term to the tech side and forget.
    But it is everything else than tech. It is just us. Our human being!
    Crisis shifts priorities
    A shift in priorities during times of crisis is necessary. We all agree on that!
    Reassessments must be made, and the focus is on the ability to act. While those responsible are organising themselves, others are doing the same on organizational level.
    Especially in the area of fraud and cyber risks, adaptation to new circumstances rarely takes long. Often too long in my opinion and the reasons are manifold.
    On the contrary. And that is the most important part of us to protect our most precious assets.
    The scheming of the malicious social engineers does not stop at global crises but discover them as an entry point to prey that was often not on the agenda before.
    I mentioned at the very beginning: Social Engineers love crises! Of course especially the malicious.
    Fact is when a crisis hits: Either there were already prevention measurements in place or nothing will happen during the ongoing crisis.
    During the crises, the resources will be allocated to Business Continuity Management which means, managing the impact of the crisis as such.
    While the responsible – Board of Directors included – focus on the above-mentioned duties, the vulnerability of non-compliance, economic- and cybercrime increases. Silently.
    When it comes to the fraud risk assessment we have to keep in mind and refresh, that there are different stages organisations are related to a fraud risk assessment:
    Either it is
    Missing
    Not effective anymore
    Or Biased
    You will know mention that there is a fourth category missing, the one which has a perfect implemented fraud-risk-assessment in place. Yes, you are right.
    The experience taught me that in crisis these “well matured” fraud-risk-assessments immediately shift to No. 3 and I will tell you more about it in a few minutes.
    None of the three categories will succeed against fraudulent behaviours but due to different reasons.
    Let me give you as an overview and especially more beef to what these three categories means:
    Three Categories of Fraud Risk Assessment Status when we hit a crisis
    The first one is obvious:
    Category 1: A Fraud Risk Assessment is missing
    Without having a Fraud Risk Assessment in place, the potential risk is not identified at all. As the responsible know about the circumstance and do not trust on an existing assessment.
    The vulnerability is very high or low – we just do not know about it. Impact and Likelihood of fraud is not assessed nor under control. Not managed at all
    Category 2: The existing Fraud Risk assessment was made more than 5 years ago
    With having a Fraud Risk Assessment done – even a long time ago – responsible feel safe.
    Unfortunately, what I see in discussion with my clients – too safe. Wrongfully. There is hardly safety in an old risk landscape nor in in an old Fraud Risk Assessment.
    Understanding how technology and business models changed over the last years and months, it is obvious that also the risks changed dramatically.
    An not updated Fraud Risk Assessment provides a false security.
    Category 3: The Fraud Risk Assessment is less than 12 months old
    Talking to the last category of organisations might be the hardest because they have a brand new – in their mind – Fraud Risk Assess

    • 20 Min.
    014 - How to conduct fraud investigations in a remote environment

    014 - How to conduct fraud investigations in a remote environment

    We cannot deny the changes and additional requirements. Therefore, I am convinced that it needs some reflection and review of the investigations process too.
    The use cases and examples of the last few months demonstrated a wide variety of maturity level of the teams conducting investigations.
    And by saying that, these different set-ups and processes were raised by one of the peers of the Corporate Integrity Circle a few weeks ago.
    It became obvious how different the maturity levels are in terms of
    Team set up
    Investments done or especially hold back (in the ongoing financial year)
    Missing budgets for the future
    Lack of training opportunities
    With the knowledge we all earned – which is supported by different studies – it is crucial that the have process and tools in place which supports us on our mission of fighting against fraud and bringing facts to the table.
    Professional and adapted to the individual investigation processes are much more effective for all involved parties than ad-hoc. And that is, was we need to have for our internal and external clients.
    Therefore, we need a high maturity level of adaptability – also when it comes to our own investigation processes.
    And here I come back what I have prayed for so many years and still believe in: Internal Investigations need a sponsor!
    This does not mean that the sponsor must be directly involved but should understand the importance and stand in for it.
    If you reflect your situation
    Are you a sponsor when it comes to internal investigations?
    Or if you are the one responsible for the investigations:
    Do you have a sponsor? And if so: how effective is it and what could be improved?
    Especially during crises which are not inherently fraud or non-compliance incidents it is even more important to have such a sponsorship on top level.
    Because, as we have learned, with an external crisis like the pandemic, the focus shifts away. The additional risks based on the new situation are often overseen.
    Planning
    With the Investigation planning we have the two level
    Strategical
    Operational
    Switching to a complete remote planning process will need additional time spent on the set-up as such.
    Some of the most important aspects are:
    Information and Data channels
    How can we ensure that the entire team are informed?
    What is the internal protected and secured platform to share internal information?
    Do we have a project management tool in place – of course protected and secured – which fulfils the needs of the remote work?
    I would expect that most of the global investigation teams already have most of the above tools in place.
    What it often needs is to really use it. This means, everybody has to commit to use the identified and implemented tools with the dedicated functionalities. With incomplete information an effective investigation management is not possible.
    Setting up the workflows for remote team need even more discipline from all the involved parties.
    Investigation teams:
    are they already used to work remotely?
    Do we have new members or ones not used to work remotly? How can we integrate them?
    Goal must be, that the teaming receives most attention – especially in this kick-off and planning phase
    Technology and infrastructure:
    How is the actual set-up?
    The highest security level is not discussable at all and for the teams already working remotely “state of the art”.
    What is needed in addition and how fast could that be delivered?
    I know the time of ordering and receiving hard - and software was not an issue up to March 2020. But these days it could be crucial
    Data collection:
    We all know that there are certain data we must collect during an investigation which are not all just electronically available. I am talking about the images we need to have from specific devices. Like notebooks, desktops and mobile devices.

    • 18 Min.
    013 - What changed in the fraud industry since the crisis?

    013 - What changed in the fraud industry since the crisis?

    I would like to focus on three aspects how the fraud industry was and is affected by the pandemic
    Fraud Risks
    Anti-Fraud Programs
    Investigations
    Fraud Risks
    When it comes to the question how the pandemic affected the different risks of becoming a victim there were different areas to be taken up
    How was the risk landscape and risk management setup “before”?
    How did the landscape change?
    Where do we expect the journey to go?
    If there is no existing risk mapping the change can not be measured. We then only talk about the gut feeling but have no evidence.
    What I have seen at my clients cases is that not only the cases of social engineering in the territory of cyber increases, but also in the non-digital world. On an overall basis the risk of becoming a victim of social engineering increased significantly.
    And compared to the study from the ACFE it is exactly what also my colleagues experienced. The overall fraud level increased and will also increase within the next 12 months, that is what we all expect.
    In addition to that 50% of the participants already see that cyber fraud increased and the expectations go into the same direction.
    Cyber fraud will not remain the only fraud pattern.
    Identity theft
    Payment fraud
    Bankruptcy and Unemployment fraud (and here we talk about the social insurance fraud, credit fraud, etc.)
    Fraud by vendors and sellers
    As well as
    Health care fraud
    Insurance Fraud
    Loan and bank fraud
    Plus the evergreen: Bribery and corruption
    will affect our organisations more in the future than ever in the past.
    So, what does that mean to us? I am convinced, if you are listening to this podcast, you have a high maturity level of integrity.
    Important is, that you are not the only lone enthusiast doing so in your organisation.
    You will have much more power if corporate integrity is a strategic priority and not just a “compliance task”.
    Summarizing how Covid-19 has impacted the fraud patterns we in our industry experienced and expect additional increases.
    With that knowledge I would expect from the decision-makers that actions and measurements are set up….
    Anti-fraud programs
    The normal process of preventing, detecting and responding to fraud does in real life not start with preventing in a way which could be called “effective prevention”.
    More often it starts with responding as a victim.
    With the evidence gained in the industry and published we would know that the fraud cases increased and increase. Wouldn’t we expect to have an increase in the anti-fraud program resources too?
    Less than 15% will significantly increase their overall investment into the anti-fraud resources. Less than 30% will slightly increase the spending.
    With these two first areas I would like to give you the food for thought of the take home assignment. The following two questions should challenge either your clients or your companies actual set up
    How does our risk landscape look like since the pandemic started with regard to the above mentioned fraud risks of
    Cyber fraud
    Identity theft
    Payment fraud
    Bankruptcy
    Unemployment fraud
    Fraud by vendors and sellers
    Health care fraud
    Insurance Fraud
    Loan and bank fraud
    Bribery and Corruption
    How are the investments in our anti-fraud program reflect the answer of the first question?
    Having an answer on these two questions will give a good understanding of what you can expect from the near future related to your fraud risk…
    Last but not least I would like to share with you the
    Challenges as an investigator
    It is not a secret that the work – not only in the fraud industry – changed. Also for the one which have to conduct investigations.
    During an investigation we have several different phases but there a quite a few where – in the past – physical meetings were required. Especially when we think about our global case

    • 23 Min.
    012 - Three perspectives to identify risks

    012 - Three perspectives to identify risks

    The ability to change perspectives – not only when it comes to risk – is crucial for business leaders.
    As initially mentioned, I will introduce three perspectives to identify risks.
    This means only three and not all the six we have for example in our toolbox called “Personal Risk Area Identifier”
    Starting with three will give you - and hopefully also your team – enough food for thought in a first step.
    I prefer getting things implemented and done versus teaching and preaching complex frameworks which nobody ever want to have implemented in the organisation.
    This means for today, that we immediately start with the work on the different perspectives and elaborate from there.
    Let us choose the three perspectives to start with
    1. Having you here in my business podcast I assume you all have a professional role on a certain level. Either you are an employee, manager, executive or board member. If you have several roles: choose one. That is your Individual Business Role
    2. As second perspective I would like you to choose on your role you have withing “friends and family”. You may be a parent, a child, a friend, a sibling, etc.
    3. And as the third role you closely stay with you as an individual. Not in the roles we described above, not as part of another system, just you.
    These three perspectives are always within us. No matter with whom you are working in teams.
    It remains unspoken which of the perspective is taking the lead in the decision-making process. Depending on the setting you provide, it is possible to lead it.
    As an example, I have prepared a few questions which should be answered from different perspectives.
    The situation I want you to be taken is Cyber Attack as the overall risk.
    With the three perspectives in mind, you can for each answering the following questions:
    1) What are the planned activities which could be harmed?
    2) What would be biggest risks derived from the answer before?
    3) Which are the effective scenarios to mitigate the risk?
    4) By when are measurements effective?
    With these four questions about activities, risks, scenarios, and measurements you immediately identify the risks for each perspective.
    EPISODES' REFLECTIONRemember the three roles
    - Professional
    - Friends and Family
    - And individual
    And then keep at least two of the following four questions in mind
    - Activities planned
    - Biggest risk
    - Scenarios to mitigate
    - Measurements implemented by when

    THANK YOU FOR SHARING, SUBSCRIBING AND REVIEWINGThank you for joining me on this episode of THE HUMAN FACTOR – Corporate Integrity Matters.
    If you enjoyed this episode, please share, subscribe and review on Apple Podcasts or Google Play Music so more people can enjoy the upcoming episodes.
    Don’t forget to follow and connect with me on https://ch.linkedin.com/in/sonjastirnimann (Linkedin), https://twitter.com/stirnimannsonja?lang=de (Twitter) and https://www.instagram.com/sonja.stirnimann/?hl=de (Instagram). I am looking forward meeting you there.
    YOU ARE IMPORTANTLet me know what topic you would like to have on spot – via contact@structuul.ch
    Further information about Corporate Integrity can be found on www.coporateintegrityconcepts.com
    And if you are interested in becoming part of the amazing movement, join us on www.corporateintegrityacademy.com

    • 15 Min.
    011 - There is no vaccination to the risk of fraud

    011 - There is no vaccination to the risk of fraud

    Risks are managed differently. Some of them can be managed by a vaccination. Others not.
    Fraud, economic crime, cyber-attacks, and non-compliance are risks which are not possible to be managed by a vaccination.
    For the time being….
    Board of directors are not only responsible for overseeing management strategy, but also, for their risks management which is significant in these fast-evolving times – especially under the actual circumstances of the global crisis.
    The Pharma industry produces the vaccination against COVID-19.
    All great. For cyber-, non-compliance and fraud-risks there will never be a vaccination.
    Nor are we ever becoming immune to these risks! And that needs to be considered in our responsibilities. Immunity will never be achieved.
    Keep your own risk-intelligence in mind when I lead you through the following different key areas to focus on
    - Risk DNA
    - Competition
    - Expectation
    Combining the understanding of
    - the Risk DNA with
    - the potential competitive advantage and
    - fulfilling the expectation of the shareholdings and stakeholders
    might sounds to be a huge challenge but can be started with the three questions for reflection
    - How are we internally categorize the different risk to ensure specific risk DNA?
    - What are the competition drivers within our organisation and how do they impact the risk landscape?
    - How do fulfil the expectations regarding the mentioned risk?
    EPISODES' REFLECTIONHow could the governance look like taking the critical risk of fraud, non-compliance and cyber at a level higher and treat it more strategically?
    Business models change rapidly and the pressure to keep up to speed increases too.
    THANK YOU FOR SHARING, SUBSCRIBING AND REVIEWINGThank you for joining me on this episode of THE HUMAN FACTOR – Corporate Integrity Matters.
    If you enjoyed this episode, please share, subscribe and review on Apple Podcasts or Google Play Music so more people can enjoy the upcoming episodes.
    Don’t forget to follow and connect with me on https://ch.linkedin.com/in/sonjastirnimann (Linkedin), https://twitter.com/stirnimannsonja?lang=de (Twitter) and https://www.instagram.com/sonja.stirnimann/?hl=de (Instagram). I am looking forward meeting you there.
    YOU ARE IMPORTANTLet me know what topic you would like to have on spot – via contact@structuul.ch
    Further information about Corporate Integrity can be found on www.coporateintegrityconcepts.com
    And if you are interested in becoming part of the amazing movement, join us on www.corporateintegrityacademy.com

    • 15 Min.

Kundenrezensionen

5.0 von 5
3 Bewertungen

3 Bewertungen