Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Leadership & ManagementSecurity Leadership and Management

Keep Security Current with Audits, Analysis and Updates

Previously in this series we have addressed leading by understanding and embracing ERM.

sec feat
June 1, 2013

 

Previously in this series we have addressed leading by understanding and embracing ERM.  We also covered establishing polices, procedures and processes as the foundation of implementing the core values, operating philosophy and compliance requirements necessary to survive as a viable entity. Last month we focused on the importance of effective and recurring training and awareness programs to ensure that all stakeholders and partners have a solid understanding of expectations. 

As the old saying goes, “People really only pay attention to those things that they think someone is going to check up on (and of course things that are important to their boss)!” There is more truth to that statement than fiction! The importance of audit reviews validating compliance, business reviews of operational effectiveness and efficiency, root cause analysis of compliance failures and investigations of egregious violations of policies, procedures and processes cannot be over emphasized.

Assessing and validating compliance with policies, procedures and processes is at the heart of most internal audit programs.  Compliance failures not only can adversely affect the quality of product and services, but can result in regulatory, civil and criminal actions against the enterprise. In worst case scenarios, the resulting fall-out of these actions can negatively impact the brand, reputation, valuation and the survivability of the entity. In severe cases, those in charge may end up facing personal financial ruin or wearing brightly colored jumpsuits provided by a state or federal penitentiary’s haberdashery. 

Routine evaluations of policies, procedures and processes are important to ensure that they remain current with regulatory and business requirements. It is also critical that these reviews ensure that management systems and controls remain efficient and effective. The world is constantly changing, and the focus and scope of regulatory requirements and the manner in which things are done also evolves rapidly. An enterprise’s policies, procedures and processes must remain up-to-date with its environment.

When something egregious occurs, (for example, potential acts and regulatory violations), an investigation is typically conducted. The goal of an investigation is to determine the routine who, what, where, when, how and why of what happened. It also examines the exposure of the entity (and individuals involved or in charge) to regulatory actions and fines, as well as civil or criminal prosecution.

Due to potential civil, criminal or regulatory action exposure, many times investigations are conducted by an outside law firm engaged by the general counsel of the entity to protect the entity under “attorney client privilege” as the facts of the case are discovered. Lawyers inside the legal department may also conduct investigations under attorney client privilege. In certain circumstances, an entity’s general counsel also has the ability to engage other internal functions of the entity to conduct an investigation under the same privilege.  

Many jump to a conclusion that protecting an investigation under attorney client privilege is done to facilitate a cover-up. While that may be the perception of some, in reality, attorney client privilege allows the general counsel to have time to assess all of the facts and advise the entity on the proper course of action. Many regulatory requirements establish obligations and timeframes for disclosure. Navigating the regulatory landscape demands a high level of knowledge, experience and finesse.

Investigations are an area where many security executives and members of their staff unwittingly perpetuate the label of “Corporate Cop.” One of the best ways to avoid this label and inherent risk is to form a “Business Practices Review Team” (BPRT) within the entity to investigate incidents that are deemed egregious violations of company controls, as well as issues that have the potential of resulting in civil, criminal or regulatory actions against the entity or individuals. Members of the core BPRT typically include HR, Internal Audit, Legal and Security. When establishing a BPRT, the charter should not only establish the authority of the BPRT and its ability to enlist the engagement of any function in the investigative process, but should also establish the obligation of personnel within the enterprise to cooperate fully with the BPRT and the investigative process.

Finally, conducting a root cause analysis is a critical step in determining what changes are necessary to policies, procedures or processes to prevent a compliance failure or a control weakness from reoccurring. 

 

About the Authors:

Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Prior to founding SMR in 1997, Brennan enjoyed a 26-year career in domestic and international enterprise risk and security roles. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. He has more than 35 years of experience heading these programs at the executive level of three major multinational corporations and one mid-cap company in diverse industries.

KEYWORDS: policy review root cause analysis security leadership skills security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • critical-infrastructure-freepik1170x658 (1).jpg

    Industrial security posturers are improving – but still struggle to keep up with growing threats

    See More
  • police siren

    Temple University adds safety app, audits campus security

    See More
  • SEC column

    How to Keep Up with Emerging Technologies and Risks

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • contemporary.jpg

    Contemporary Security Management, 4th Edition

See More Products

Events

View AllSubmit An Event
  • November 17, 2025

    SECURITY 500 Conference

    This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing