This case involves a large computer software company accused of violating the Foreign Corrupt Practices Act (FCPA). It was alleged that the company in question restructured its cybersecurity systems to prevent the detection of questionable payments. A group of employees came forward about this alleged misconduct and were immediately terminated. An expert in cybersecurity and corporate risk management was sought to review the systems and determine whether or not the employees’ claims were true.
Question(s) For Expert Witness
- 1. Please describe your experience in corporate risk management, specifically with corporate incident reports for employees.
Expert Witness Response E-188551
I hold a Ph.D. in criminal justice and serve as a senior criminal justice faculty member at a university. I also serve as a director and manager for a cybersecurity lab. I am a trained mediator and serve as such for the human resources department at the university where I am employed. I have made risk-related recommendations to university administration. In the private sector, I owned and operated a private investigations firm that was hired by companies to assess risk and make recommendations to ownership and/or management. I also investigated complaints in the public and private sectors. In the past, companies hired me to investigate risk issues within their organizations. I have investigated employees for theft, embezzlement, and misconduct as defined by the policies and procedures for each company that retained me. I was consulted to determine if employees were causing or involved in risky situations and make recommendations for appropriate action to the company leaders. I also ran my own private investigations firm and had to be familiar with policies and procedures for dealing with risk issues as governed by a state private security act. Currently, I train police officers and correctional personnel in ethical-related decision making, and I have authored a textbook on ethics in the criminal justice system. In both the private and public sectors, I have dealt with staff violating policies and procedures, as well as state law, to investigate incidents of risk and make recommendations to the agency. The employer should thoroughly investigate the incident, document the findings, and be prepared to contact law enforcement. Should it be necessary, the company should also provide law enforcement with the results and documentation from their investigation. The report must contain thorough documentation of the facts, including from witnesses and additional parties as necessary, to determine whether the matter will be pursued further within the company or within the criminal justice system.