From a risk management standpoint, assuming the person is stable, it would be advisable to keep a relatively close...
eye on what they are doing for a period of time. Again, desperate times tend to result in desperate measures. You never want to assume that people (especially senior people) are going to do the wrong thing, but you need to be cautious and have checks and balances to rule out any foul play.
What should be done exactly? Examine the Sarbanes-Oxley Act, which focuses on strong financial controls. Now, I'm not saying go and get fully SOX compliant when there may be no need to do so, but make sure you have adequate controls in place and a proper separation of duties. It's also a good idea to close the books for a period of time every month to make sure you don't have disappearing assets. Doing an off-cycle audit is another precaution that can prove to be beneficial. Maybe some of these things are overkill, but the point is to make sure you have the proper instrumentation in place to know when there's a problem.
From a policies standpoint, it's about communicating company expectations to employees. I don't see any need for action here, since your employee handbook and other policies should spell out acceptable behavior and ramifications for violations.
What can't be minimized are the softer issues of employee support. A personal bankruptcy is one of the most stressful things that can happen to a person. If you can head off any issues at the pass by proactively offering support and counsel, small costs now will pay huge dividends later as these kinds of actions really engender a lot of loyalty on the employee base.
For more information:
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ...continue reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.