Ideas for Corporations and Their Professional Advisors

Casualties, injuries, fraud, theft and regulatory violation can reduce and, in extreme cases, destroy shareholder value.

The six ideas below are designed to position your organization to achieve immediate and lasting impact avoiding security, integrity and emergency incidents and effectively responding to what cannot be avoided.

1)  Determine WHAT “security” means in your organization, WHO is responsible for it and HOW you are organized and equipped to protect lives, assets and reputations.

Do you have a “Security Director” / “Chief Security Officer”? Do they have responsibility, authority and budget to work with facilities? legal? IT? risk management? executive management? the board of directors? What do they do “in house” and what do they “outsource” to specialists and advisors? What concerns do your employees have for their own protection and protecting your organization’s bottom line? When and where are you responsible for the safety and actions of your employees and when and where are you not? Do levels of security – and perception of same – effect morale and productivity within your organization? with your customers?

2) Determine how easy or difficult it is for an employee, authorized visitor or intruder to cause deaths and injuries at your facilities.

Do your employees know what to do if they identify a person or circumstance that could cause death or injury? When is security and/or “management” made aware of an internal or domestic conflict that could cause an incident at the workplace? What, if anything, makes the people in your facilities attractive targets to third parties who would do physical harm? How is physical access to your facilities managed?  Do you know who is in your facilities and why they are there? Do your employees know what to do – and what not to do – during a violent incident? How does your organization best recover from an incident that causes deaths or injuries?

3) Determine how easy or difficult it is for an employee, contractor or third party to steal, defraud or otherwise cause economic harm to your organization.

Do your employees know what to do if they identify a person or circumstance that could cause economic harm to the company? When are “management” and Boards made aware of both weakness/potential incidents and actual incidents of fraud, theft, and other economic malfeasance? What, if anything, makes the people, assets and systems in your organization attractive targets to third parties who would do economic harm? How do you best protect your brand – both from those who would literally infringe your trademarks, patents and copyrights and from those who would otherwise undermine your reputation? How does your organization best recover from an incident that causes economic harm?

4) Determine how effective or ineffective your organization is in discovering, analyzing and presenting facts for litigation, regulatory review and core business decision-making.

What factual data, information and intelligence does your company maintain on employees? customers? vendors? partners? competitors? How does your company collect, store, analyze and utilize such data, information and intelligence? Does your company maintain an effective document retention policy? What happens to work product and other corporate information when an employee involved in its creation and/or maintenance leaves the company? If and when you change IT and/or systems vendors? What actions has your organization taken to maintain the security, confidentiality and/or attorney-client privileged nature of proprietary data, information and intelligence? Have you considered the total cost of E-discovery and strategically planned accordingly to save money and time? To include how relevant Electronically Stored Information (ESI) is created and maintained in your organization both before, during and after its use in legal proceedings? How do you learn about new and foreign markets?

5) Know who you are doing business with.

Is your organization fully compliant with legal requirements such as the Foreign Corrupt Practices Act (FCPA), Know Your Customer (KYC) and Anti-Money Laundering rules and regulations? What substantive due diligence do you perform on prospective and current employees? vendors? partners? companies that you acquire, merge with or invest in? What due diligence information helps your organization substantively reduce risk and identify opportunities and what due diligence information merely “checks a box”?  Do you keep your due diligence knowledge of employees, vendors and partners current? Do you know what to do if an employee, vendor or partner commits a crime?

6) Determine how prepared and capable your organization is to continue operating during and after a natural disaster or large scale industrial accident

Does your company have a clear policy covering when operations stay open or close before, during and after a natural disaster or large scale industrial accident?  Where employees go? How their responsibilities and duties may or may not change? Who’s in charge of the evacuation? the recovery? Is your company capable of communicating effectively if it loses its primary telephone, email, public address and other communication systems? Do you know what critical company assets are physically located, accessed or controlled by the compromised facility(ies)? How about critical customer or third-party assets? Do you have backup center(s) to effectively accommodate assets, networks and employees? Do your contracts with employees, customers, vendors and partners specify what happens during and after a natural disaster or large scale industrial accident?

To learn more about how VRI can help your organization effectively address the questions and capitalize on the ideas above, please contact Adam Safir @ (212) 537-5048 or