Q

Do personal issues within a company pose a risk to the enterprise?

In this SearchSecurity.com Q&A, security management expert Mike Rothman unveils how to manage and address a potential risk within your corporation.

Does a personal bankruptcy of a member of the senior financial staff pose a significant risk to the enterprise? What policies should be in place to deal with such a scenario?
Any personal issues create potential risks in an enterprise. The employee could be distraught; he/she could be in desperate financial straits and do things to endanger your enterprise. This isn't as much of a security issue as it is an HR issue. Let's discuss the HR issues first. Consider getting the employee counseling. Of course, you don't have to, but you should. In fact, unless you are small corporation of less then 25 employees, an employee assistance program should be a standard benefit. Employees are the lifeblood of a business, and the enterprise needs to support them -- especially in times of need.

From a risk management standpoint, assuming the person is stable, it would be advisable to keep a relatively close

eye on what they are doing for a period of time. Again, desperate times tend to result in desperate measures. You never want to assume that people (especially senior people) are going to do the wrong thing, but you need to be cautious and have checks and balances to rule out any foul play.

What should be done exactly? Examine the Sarbanes-Oxley Act, which focuses on strong financial controls. Now, I'm not saying go and get fully SOX compliant when there may be no need to do so, but make sure you have adequate controls in place and a proper separation of duties. It's also a good idea to close the books for a period of time every month to make sure you don't have disappearing assets. Doing an off-cycle audit is another precaution that can prove to be beneficial. Maybe some of these things are overkill, but the point is to make sure you have the proper instrumentation in place to know when there's a problem.

From a policies standpoint, it's about communicating company expectations to employees. I don't see any need for action here, since your employee handbook and other policies should spell out acceptable behavior and ramifications for violations.

What can't be minimized are the softer issues of employee support. A personal bankruptcy is one of the most stressful things that can happen to a person. If you can head off any issues at the pass by proactively offering support and counsel, small costs now will pay huge dividends later as these kinds of actions really engender a lot of loyalty on the employee base.

For more information:

  • Improve your ability to measure information systems risk with these three techniques.
  • Learn why metrics are the key to measuring security.
  • This was first published in June 2007

    Dig deeper on Enterprise Risk Management: Metrics and Assessments

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close