Tag Archives: PwC

BSI publishes BS ISO 37500: Guidance on Outsourcing

BSI – the business standards company – has published BS ISO 37500: Guidance on Outsourcing, the first overarching ISO standard to set out the generic principles and procedures of outsourcing and assist businesses in accessing a common vocabulary on which to base their communications.

The value of outsourcing has already been noted by those organisations who want to increase efficiencies and reduce costs by contracting work to external third parties. This practice – which encourages mutually beneficial collaborative working relationships – has grown over the past 20 years and is estimated to generate revenues in the region of trillions of US dollars per annum.

Nevertheless, there are challenges and hazards to be encountered. Not all outsourcing deals are a success. Some can fail dramatically – and publicly – while others simply fail to perform well.

BSI ISO 37500 can help organisations boost their business efficiency, gain better value and help avoid costly mishaps. It can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing.

In particular, it will help organisations to identify the business case for outsourcing, select the most appropriate customer or provider partner, transition to the new operating model and deliver value through the relationship.

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BSI ISO 37500 is relevant to all markets including manufacturing, retail, financial services, the public sector and facilities management.

Dan Palmer, head of market development for manufacturing and services at BSI, explained: “Outsourcing can apply to any business in any industry and in any location. By providing common practices, concepts and procedures that can be used to manage the outsourcing life cycle, BS ISO 37500 will improve the understanding of everyone involved in the process and lead to greater success.”

Benefits of BS ISO 37500

• Improved operability by harmonising communications between organisations engaged in – or in the process of engaging in – outsourcing in national and international markets
• Includes the terminology, concepts and procedures to improve the understanding of all parties involved in outsourcing
• Uses a common vocabulary for outsourcing communications, avoiding misunderstandings and incorrect and/or unrealistic expectations and reducing transaction costs
• Boosts business efficiency which will benefit everyone involved in the process

The international standard was developed by experts from countries including Canada, Germany, India, Malaysia, Netherlands and the UK. Additional UK input came from organisations including AEGON, BP, CapitalOne, DWF, Gartners, IBM, the National Outsourcing Association and PwC.

Adrian Quayle, chairman of the ISO Committee which developed the standard, added: “The benefits of using a standard such as BS ISO 37500 are clear. It provides the cornerstones of what businesses need to get right when they’re outsourcing. The application of this guidance provides all parties involved in outsourcing activities across the life-cycle with the assurance that business objectives can be achieved by using common governance and processes.”

Advertisements

Leave a comment

Filed under Risk UK News

PwC: ‘Businesses must wake up to global risks in order to maximise competitive advantage’

New and emerging operational threats to business will challenge an organisation’s existing risk management, business continuity, IT crisis management and information security processes.

Business leaders are not doing enough to prepare for the risks that arise from an increasingly inter-connected world, such as social instability, debt crises and extreme weather events.

The warning was issued by industry experts from PwC, the Institute of Directors, Airmic, Marsh and Zurich in advance of the ‘Responding to Global Risks’ panel event taking place next week.

Simon Walker, director general of the IoD, will participate in the debate alongside industry experts including James Crask, business resilience specialist at PwC. The discussion will examine the ‘Responding to Global Risks’ report, which was written by industry experts from the IoD, Airmic, Marsh, PwC and Zurich. The survey builds on the World Economic Forum’s Global Risk 2014 report, giving company directors tools to manage risk not only in order to avoid disasters, but also to identify opportunities that will help gain a competitive advantage.

Businesses must wake up to global risks in order to maximise competitive advantage

Businesses must wake up to global risks in order to maximise competitive advantage

James Crask, senior manager at PwC, explained: “Enterprise resilience is not just about surviving in the present. It’s about having the foresight, capability and agility to adapt and evolve. The relentless pressure on businesses to cut costs while enhancing their long-term prospects of survival means that agility can sometimes be at odds with the requirement for robust protection mechanisms. For many, this can result in poorly considered investments in resilience. The ‘buffers’ that contribute to resilience are increasingly seen as an unnecessary expense and are removed to reduce costs.”

Businesses could be harming their longevity

Organisations failing to consider the wider factors that contribute towards resilience could be harming their longevity. A mature business will generally mix operational activities (which aim to address shorter-term risks and impacts) with a consideration of a wider range of resilience factors that draw on the characteristics defining the business and which can guide its decision-making.

However, few businesses have identified these wider elements clearly and consistently in every department and at every level. By way of an example, creating a code of values is useless, state PwC experts, if only half of the workforce identify with it.

Richard Sykes – head of governance, risk and compliance at PwC – stated: “While very important, simply delivering robust risk management activities such as business continuity or IT resilience will not be enough to safeguard a sustainable future and enhance reputations. An organisation’s resilience is about much more than good risk management. It’s dependent on a wide variety of factors that can be measured and leveraged to enhance responsiveness and agility in the wake of upheaval.”

Sykes went on to state: “The most resilient organisations are likely to combine these attributes with a commonly shared set of corporate values aligned with behaviours. They will harness a strong understanding of their business and its context, possess the ability to innovate and also maintain high levels of trust and loyalty from customers and staff.”

In conclusion, Sykes explained: “Leadership also plays a critical role in building resilience, but this can only have maximum impact if it’s allied with the empowerment of those on the ‘shop floor’. Trusting workers to make the right decisions and exhibit Best Practice behaviours also helps to enhance resilience and prevent reputational damage.”

For more information visit: http://www.director.co.uk/Content/PDFs/Responding-to-global-risks-web-edition.pdf

Leave a comment

Filed under Uncategorized

Financial services firms plan to increase cyber spending, states CBI/PwC survey

Almost two-fifths (38%) of financial services firms plan to boost spending to combat cyber crime over the next 12 months, according to the latest CBI/PwC survey.

The biggest increase in spend will be seen in sectors that reported low growth six months ago, including Investment Management which plans to increase spending by 76%.

Richard Horne, cyber security partner at PwC, stated: “Cyber crime is a major threat to the UK’s financial services sector, as fraudsters increasingly turn to technology as their main crime tool. These figures show that an increasing number of UK financial services companies are taking cyber security seriously.”

Non-banking companies are sharply increasing their spend, and banks which have invested heavily for years in cyber defences are continuing their level of spend. According to Horne, this demonstrates that even companies with mature cyber security capability need to continue to invest as the threat is so dynamic.

Almost two-fifths (38%) of financial services firms plan to boost spending to combat cyber crime over the next 12 months

Almost two-fifths (38%) of financial services firms plan to boost spending to combat cyber crime over the next 12 months

“The recent Waking Shark 2 exercise in the City showed that the financial services industry and its regulators have made progress in beginning to pull together a co-ordinated response to the cyber threat,” continued Horne. “It also makes evident that all companies need a clear understanding of the cyber threats and the measures they need to take to be confident in their ability to manage the risk.”

In conclusion, Horne explained: “Spending on cyber security needs to carefully targeted but also evaluated to ensure that funds are being spent where they can be most powerful. Financial services companies are becoming more dependent on digital processes, and therefore more vulnerable to cyber attack. In addition, the threat is incredibly dynamic so defence strategies need to be constantly evaluated and refined.”

Leave a comment

Filed under IFSECGlobal.com News

PwC: ‘Economic crime against financial services organisations rising globally’

Economic crime against financial services organisations continues to rise around the world. Some 45% of financial services respondents to PwC’s 2014 Global Economic Crime Survey* say they have been victims of economic crime while 39% say they have been victims of cyber crime as fraudsters increasingly turn towards technology as their main crime tool.

Around half who have experienced economic crime during the survey period report an increase in the number of occurrences and the financial value of economic crime during the period (more so than other industries’ respondents).

The Global Economic Crime Survey includes 1,330 responses from the financial services sector across 79 countries, and finds that theft remains the most common form of economic crime for financial services firms (as reported by 67% of respondents). This is followed by cyber crime (39%), money laundering (24%), accounting fraud (21%) and bribery and corruption (20%).

Respondents reported significant collateral damage of economic crime to their reputation, with 29% of respondents citing this as the most severe impact of money laundering.

Andrew Clark, partner in PwC’s forensics practice, said: “Financial services organisations are finding that economic crime persists despite ongoing efforts to combat it. No organisation of any size anywhere in the world is immune to the impact of fraud and other crimes. The direct financial impact of economic crime harms organisations but such crimes also damage internal processes, eroding the integrity of employees and tarnishing reputations.”

Economic crime against financial services organisations continues to rise around the world

Economic crime against financial services organisations continues to rise around the world

Clark continued: “While the financial services sector may be ahead of many industries in terms of the prevention and detection of economic crime, more can be done. Of particular concern are the clear weaknesses in some organisations’ fraud risk assessments, whistle-blowing mechanisms and awareness of the pervasive and sustained threat of cyber crime.”

Cybercrime: what’s the risk?

The survey shows that cyber crime is still the second most common type of economic crime reported by financial services respondents (after asset misappropriation) – 39% in 2014 (this compares to only 17% in other industries).

However, this percentage of respondents is alarmingly low. PwC’s experience has shown that a clear majority of financial services organisations (especially retail banks) suffered cyber crime events during the survey period.

Similarly, only 41% believe it’s likely that they will experience cyber crime in the next 24 months (45% in Africa and 36% in Asia Pacific). A further 19% are unsure whether they are likely or unlikely to experience cyber crime.

Financial services respondents perceive a greater increase in the risk of cyber crime compared to counterparts in other industries (57% compared with 45% in other industries). Clearly, financial services organisations believe that cyber crime is becoming a greater threat than ever before, yet many do not believe that it will actually happen to them.

Financial services organisations are finding that economic crime persists despite ongoing efforts to combat it and no organisation of any size anywhere in the world is immune to the impact of fraud and other crimes

Financial services organisations are finding that economic crime persists despite ongoing efforts to combat it and no organisation of any size anywhere in the world is immune to the impact of fraud and other crimes

“The financial services sector was one of the first to be targeted by cybercrime,” explained Andrew Clark. “Little wonder, as there has always been significant potential financial gains to be had from subverting computerised processes and corporate controls in banks.”

Clark added: “Less than 40% of economic crime in the financial services sector was reported as cyber crime in our survey. In our experience, financial services organisations do not always identify and log the cyber element of economic crime experienced. This leaves them exposed to cyber threats in spite of any existing cyber defence. If cyber crime is not being accurately tracked, the true risk cannot be fully grasped and understood.”

“Cybercrime is growing and the methods are constantly evolving – we see no abatement in attacks on banks’ infrastructure. So it is concerning that 40% of all financial services respondents believe that it is unlikely their organisations will experience cybercrime in the next 24 months. Financial services organisations need to recognise cybercrime as a risk type and establish proper cybercrime reporting.”

Where does economic crime occur?

Economic crime is a pervasive global threat to financial services organisations, but there are regional variations. In the Asia Pacific region, at least half of financial services respondents reported an increase. By contrast, nearly 40% of respondents from South and Central America reported a decrease.

Certain cyber threats ebb and flow. For instance, the Middle Eastern cyber attacks that targeted several large US banks in 2012 and 2013 appear to have receded. The US has seen dramatic increases in financial services economic crime, from outages created by Distributed Denial of Service (DDoS) attacks to massive ATM withdrawals by organised criminal groups.

Andrew Clark of PwC

Andrew Clark of PwC

Credit card fraud has become more pervasive as the US has yet to embrace the Chip and PIN system.

In Japan, phishing scams have targeted bank customers’ personal computers via virus, using fake pop-up windows or e-mails masquerading as legitimate Internet banking interfaces to trick customers into inputting their personal information.

PwC cyber security experts have also perceived a rise in cyber crime from Africa, which correlates with big Government initiatives to roll out broadband in that region.

Industry sources also indicate that cyber criminals are relocating to South Africa from Europe due to increased co-operation between law enforcement agencies in the EU.

Who commits fraud?

External fraudsters are still the main perpetrators of economic crime for the majority of financial services organisations (57%).

Most internal frauds are committed by junior staff (39%) and middle managers (39%), with a fifth of internal economic crime committed by those in senior management.

The profile of the typical financial services internal fraudster is a male between 31-50 years old with a university level education.

Andrew Clark explained: “Typically, economic crime is committed when three conditions are present: life pressure, opportunity and personal rationalisation for the crime. Financial services organisations are prime targets for external fraud given the amount of money fraudsters could potentially obtain and also the importance and sensitivity of data held by organisations. The latter might include credit card and personal identity details. Cyber crime is most often externally perpetrated, and not just for monetary gain but also for valuable information about individuals.”

Continuing this theme, Clark outlined: “Internal fraudsters in financial services are more likely to hold at least a university degree qualification than in other sectors – a reflection of the entry requirements of recruitment in the sector. Our survey results suggest that the average financial services internal fraudster is able to carry out fraud from quite a junior level in the organisation. This may be due to the fact that financial services products can be complex by design and function and, consequently, more difficult to ‘police’ despite internal controls.”

How is fraud found?

The financial services sector tends to be more strictly regulated. As a result, many business processes and functions have corporate controls in place. This makes it more difficult for frauds to be internally perpetrated without discovery.

Of the financial services respondents who knew how the economic crime in their organisation had been detected, 61% attributed the detection to having corporate controls in place compared to 56% in other industries.

*The 2014 Global Economic Crime Survey was completed by 5,128 respondents from 95 countries between August and October 2013. Of the respondents, 50% were senior executives, 35% represented publicly listed companies and 54% were from organisations with more than 1,000 employees. The responses included 1,330 responses from financial services organisations across 79 countries

For more information on the 2014 Global Economic Crime Survey visit: http://www.pwc.com/economiccrime

Leave a comment

Filed under IFSECGlobal.com News

PwC Global Economic Crime Survey 2014: ‘Staff frauds on the rise’

PwC’s Global Economic Crime Survey 2014 states that the number of frauds committed by staff as opposed to those outside of an organisation has risen from 34% in 2011 to 41% in 2013.

The survey also shows that the profile of the typical fraudster is changing. Previous surveys found that middle management were often behind economic crimes. Now, the findings reveal that most economic crimes carried out by someone inside an organisation are by junior members of staff.

According to the survey of over 5,000 businesses (including nearly 400 from the UK), internal fraudsters are most likely to have been with a company less than five years.

Ian Elliott, PwC’s forensic services partner and author of the new report, commented: “Our survey shows the changing face of white collar crime in Britain today. More and more companies are feeling the pain as economic crime continues, despite ongoing attempts to tackle it. Organisations need to be ever-vigilant for suspicious transactions.”

UK businesses continue to suffer financially from fraud

UK businesses continue to suffer financially from fraud

Elliott added: “People may be feeling the effects of increases in the cost of living, giving them more incentives to turn to crime. As such, employers need to make it difficult for their staff to commit crimes. They cannot afford to be complacent.”

Watch a video of PwC’s Ian Elliott outlining key points uncovered by the survey

Type of fraud is changing

The survey findings record a fall in the number of UK organisations reporting economic crime, from 51% in 2011 down to 44% in 2013. However, fraud in Britain is still higher than the global average of 37%.

The type of fraud is also changing, with less accounting fraud as fraudsters turn to high-tech ways of committing economic crime. At the same time, companies have improved their internal controls and, as such, have made life more difficult for potential fraudsters.

Infographic showing key findings of the latest PwC research

There has been a small drop in the reported level of cyber crime which, at 24%, is down from 26% in 2011. Cyber crime was also responsible for 24% of all reported frauds.

UK businesses are more aware of the risks than ever – and more aware than their global counterparts (63% compared to 48% globally).

“Many people may not be reporting cyber crime simply because they don’t know it has happened, or because they want to keep it contained,” explained Elliott. “They are concerned about what effect it has on their reputation. It’s also important to remember that it’s not a technology problem. It’s a human problem, and the internal threat needs to be taken as seriously as the threat from outside an organisation.”

Less than a third of Board members (32%) reported fraud in their organisations, but below Board level this climbed to 63%.

For the purposes of the PwC survey, economic crime is described as: “The intentional use of deceit to deprive another of money, property or legal right”

For the purposes of the PwC survey, economic crime is described as: “The intentional use of deceit to deprive another of money, property or legal right”

“Increasingly,” continued Elliott, “we’re seeing fraud on the Board’s agenda but there is still a gap between what is being reported by the Board and the reality of what is taking place in British business today.”

Changes to policies and procedures

UK businesses continue to suffer financially from fraud. 52% felt the financial impact had increased in the last two years compared to 42% globally, but high value financial losses in the UK were lower than on the global stage (at 15% compared with 20% suffering losses in excess of $1 million).

As a result of the Bribery Act, which came into force in 2011, 87% of British organisations have made changes to policies and procedures and 37% have had a major overhaul of their anti-bribery policies.

“With little or no growth in the UK in the last few years, many British companies have looked overseas to some high risk markets,” outlined Elliott, “but they need to be on the alert for the potential bribery risks they may face when operating in these markets.”

UK businesses take a dim view of fraud and, in 88% of cases, it leads to dismissal compared to 79% globally. The police were called in to companies in 63% of cases compared to just 49% of frauds around the world.

In conclusion, Elliott explained: “When employees just receive a warning, or are transferred to another department, it sends out a message: the business tolerates fraud. However, UK bosses have taken a stand. They will not let employees get away with defrauding them, even if it means negative publicity for them as a result.”

About the survey

For the purposes of the survey, economic crime is described as follows: “The intentional use of deceit to deprive another of money, property or legal right”

In the UK, 372 people responded to the online survey. Respondents are from a mix of different sectors and represent listed, private and public sector organisations

60% of respondents to the PwC survey were senior executives

For the full UK and global report visit: http://www.pwc.co.uk/crimesurvey

To watch the live webcast at 11.00 am on Wednesday 19 February go to: http://www.pwcplayer.com/webcasts/2014_02_global_economic_crime_survey

Leave a comment

Filed under IFSECGlobal.com News

NAO publishes Memorandum for Parliament on electronic monitoring contracts

The National Audit Office has published a Memorandum for Parliament setting out the events surrounding the Ministry of Justice’s process in 2013 to retender its electronic monitoring contracts, currently with private contractors G4S and Serco, and its subsequent decision to commission a forensic audit of the contracts by PricewaterhouseCoopers (PwC). Today’s report also covers the main findings of that audit.

Following completion of the PwC forensic audit, the Department is in dispute with G4S and Serco over the amount of money by which the Department may have been overcharged for electronic monitoring services under the current contracts.

Both contractors are also now subject to a criminal investigation by the Serious Fraud Office.

The National Audit Office has published a memorandum for Parliament setting out the events surrounding the Ministry of Justice’s process in 2013 to retender its electronic monitoring contracts

The National Audit Office has published a Memorandum for Parliament setting out the events surrounding the Ministry of Justice’s process in 2013 to retender its electronic monitoring contracts

The Department believes that both providers charged for work that had not taken place in a way that was outside what was set out in the contracts for the electronic monitoring of offenders.

PwC’s estimate is that the potential overcharge by both providers in total may amount to tens of millions of pounds.

Examples of disputed billing practices

The NAO’s report includes examples of disputed billing practices which show that, in some instances, both contractors were charging the Department for monitoring fees for months or years after electronic monitoring activity had ceased, over similar timescales where electronic monitoring never occurred and multiple times for the same individual if that person was subject to more than one electronic monitoring order concurrently.

Both contractors have said that, in their view, such charging was in line with the terms of the contract.

G4S has since stated, however, that it now views that interpretation as inappropriate. The company has said that it intends to offer the Ministry £23.3 million in credit notes in respect of issues it has identified to date.

Serco has stated that it will refund any amounts that it agrees represents overcharging.

The Department has not currently agreed to any refund offers made by the providers.

The NAO does not draw any conclusions on contractual interpretation.

Read the full report issued by the National Audit Office

About the National Audit Office

The National Audit Office scrutinises public spending for Parliament and is independent of Government.

The Comptroller and Auditor General (C&AG), Amyas Morse, is an Officer of the House of Commons and leads the NAO, which employs some 860 staff.

The C&AG certifies the accounts of all Government departments and many other public sector bodies. He has statutory authority to examine and report to Parliament on whether departments and the bodies they fund have used their resources efficiently, effectively and with economy.

Its studies evaluate the value for money of public spending, nationally and locally. The NAO’s recommendations and reports on good practice help Government improve public services, while its work led to audited savings of almost £1.2 billion in 2012.

Leave a comment

Filed under IFSECGlobal.com News