Registered North Carolina CPAs (Approx. 19500)
advertisement
2014 Professional Ethics & Conduct Are you a robot? Are you a robot? Levels of Ethical Maturity • Self-Actualization • Societal Influence • Comparative Authority • Exclusive Authority Ethical Issues Will we agree?? Ethical Theories Utilitarianism: Promotion of the best long-term interest of everyone should be the moral standard Maximize good over harm Consequences of acts are moral justification Rights and duties have no independent standing Benefits can be defined and measured and added Ethical Theories Deontology: Consequences are not the only criteria for determining the morality of the action. Act is what matters Emphasizes maxims, rules, principles Morals are based on fundamental principles not upon mere results Kant’s imperative - one should take that action that he/she would wish everyone to take in all circumstances, irrespective of the consequences of the single action Example of Conflict Eight hostages are about to be executed for no significant crime. You are given the opportunity to shoot and kill one of the hostages and the rest will be freed. If you do not take this action all will be killed. What will you do? What would a utilitarian do? What would a deontologist do? ETHICAL DILEMMAS INDIVIDUAL CORPORATE SOCIETAL Ethical Drift organizations suffer from ethical drift – a gradual, unconscious lowering of moral standards. While businesses compete for profit, the boundaries between right and wrong become blurred and people’s ethical frame of reference shifts. Human biases like being unrealistically optimistic about an outcome, believing ourselves to be all-powerful, all-knowing and invincible, and the tendency to justify our own behavior no matter how morally hollow Sternberg Silent Saboteurs Spectacular scandals account for only about 10% of the business losses attributable to poor ethical behavior. The other 90% accounts for billions of dollars annually across the U.S. and appear in the way we treat each other when we try to protect our own turf, or get ahead at the expense of others, or do the wrong thing because we believe that is what our company wants us to do Silent Saboteurs Scapegoating Abdicating Budget Games Overpromising Turf-guarding Endless meetings and memos Under delivering Risk aversion Sharp penciling Frank Navran, Training and Development Magazine More “Silent Saboteurs” I’ve Got a Secret Credit Taking Lack of Recognition Attention to Detail Let People Know Nursing a Grievance Smoke, but No Fire Emergency, or Just Poor Planning Robin Hood Pushing the Limits Frank Navran, Training and Development Magazine Sweat the Small Stuff A recent company shared from their ethics compliance office that the most complaints result from an employee observing another employee’s improper use of the company’s assets. The thoughts are: It’s only a pen Nobody will care Everybody does it It doesn’t belong to anybody Nobody will find out Ethical issues that should concern us the most are the ones we face everyday. Wall Street Ethics 52% felt it likely their competitors had engaged in unethical acts. 24% felt it likely their company co-workers had engaged in unethical acts. 24% said they would engage in insider trading to make $10 million if they could get away with it. 28% felt the financial services industry does not put the interests of clients first. 29% believe financial services professionals may need to engage in unethical or illegal activity in order to be successful. Online survey of 250 financial professionals conducted by Labaton Sucharow, a New York City law firm in USA Today July 16, 2013 The Ultimatum Game Is it ever OK to lie? If you were interviewing someone for a job and it was brought up that he lied to his current employer about where he was, would it affect your views on his trustworthiness? “When all else fails, tell the truth.'' — Donald T. Regan What time is it? To contact: N.C. State Board of Certified Public Accountant Examiners www.nccpaboard.gov Hierarchy of Ethical Behavior Character and Courage –Doing the Right Thing Moral Right and Wrong Personal Integrity N.C. Code of Professional Ethics and Conduct Professional Regulation/ Accounting Standards Legal Regulation The Oath of a CPA I Will Support the Laws And Regulations of the State of North Carolina and the United States. I Will Perform my Professional Duties to the Best of my Ability and Abide by The Rules Of Professional Conduct; and I Will Uphold the Honor And Dignity of the Accounting Profession by Serving with Integrity, Objectivity, and Competence. Registered North Carolina CPA’s (approx. 19,500) 2% 6% Public - 39% 7% 6% Industry (accounting)- 40% 39% Industry (non-accounting)- 6% Other - 7% Education - 2% 40% Government - 6% NC CPAs Residing in NC – approx. 16,000 NC CPAs Residing in other States – approx. 3,500 CPAs Nationwide – Approx. 600,000 Numbers taken from October Activity Review 2013 State Board Activity 400 350 300 250 200 2012 2013 150 100 50 0 Matters Opened Cases Unauthorized CPA Use Disciplinary Orders Disciplinary Orders CPE Peer Review Firm Registration 941 Nonpayment 2012 2013 Tax Shelters Substandard Audits Others 0 5 10 15 20 25 30 35 2014 Changes NC Rules and Regulations Active and Inactive status only – there is no longer a retired status Certificate applicants are required to disclose any arrests, charges, convictions, PFJs, continuations, or nolo contendere pleas to any criminal offense. Previously, this was only done at the Exam Application. Reporting to the Board – notify the Board within 30 days of any settlements, investigations or liens; Notification required regardless of any confidentiality clause in the settlement CPE – Professional Ethics Annual ethics course – 2 hour group study or self study; NEW: The ethics course must be presented by an approved NASBA sponsor The course must provide you with a certificate of completion. Any ethics hours in excess of 2 hours can be carried over, but cannot be used for the annual ethics requirement in succeeding years. So this happened… NEW: Qualifications of CPE Sponsors The Board does not register sponsors of CPE courses. The Board does not register CPE courses. CPE sponsors in good standing with NASBA shall be in compliance with CPE requirements. Qualifications of CPE Sponsors CPE that is not a NASBA sponsor must: Have an individual that did not prepare the course review the course; Provide documentation that states: The general content of the course and skill level taught, Any prerequisites or preparation required, The level of the course (basic, intermediate, etc.), The teaching methods used, The amount of recommended CPE credit, and The date the course is offered. Time for an obvious question Is CPE important? Is CPE Important? Frequent Answers An integral part of professional development Does little to improve professional competency Too expensive Doesn’t apply to my job Not enough time to meet the requirement each year The requirements are too confusing CPE Requirements 40 hours each calendar year Up to 20 hours of CPE can be carried over Up to 10 hours for publications and 20 hours for teaching; Prorated based on date of approval of application (30, 20, or 10 hours) A course must increase your professional competency You must maintain records substantiating CPE credits for five years (includes current year) No CPE requirement for inactive You must have a certificate of completion for each course Do you take CPE seriously? Reading the paper Texting Checking email Facebook Shopping online Playing games Preparing a tax return Reviewing workpapers Knitting Taking online CPE during live class CPEasy? 184 licensees admitted they completed some of their 2012 calendar year CPE between 1/1/13 and 6/30/13. What’s the fate of these 184? In accordance with 21 NCAC 08G .0406, each was issued a Letter of Warning from the Board. CPEasy? 3-5% of the 1,000-1,200 licensees audited are unable to provide certificates of completion. How long are CPA’s required to maintain their CPE records for purposes of a CPE audit? In accordance with 21 NCAC 08G .0401(i), it is the CPA’s responsibility to maintain records substantiating the CPE credits claimed for the current year and for each of the four calendar years prior to the current year. 08N - Professional Ethics & Conduct Rules For All CPAs (Section 200) Rules For All CPAs Using the CPA Title (Section 300) Rules for All CPAS Performing Attest and Assurance Services (Section 400) Rules for All CPAs (Section 200) Integrity Deceptive Conduct Prohibited Discreditable Conduct Prohibited Discipline by Federal/State Authorities30 days Cooperation with Board Inquiry - 21 days to respond Confidentiality Violation of tax laws Reporting Convictions and Judgments Accounting Principles Responsibilities in Tax Practice Competence Outsourcing to third parties IFRS North Carolina Code - Integrity The reliance of the public and the business community on sound financial reporting and advice on business affairs imposes on the accounting profession an obligation to maintain high standards of technical competence, morality, and integrity. To this end, a CPA shall at all times maintain independence of thought and action, hold the affairs of clients in strict confidence, strive continuously to improve professional skills, observe generally accepted accounting principles and standards, promote sound and informative financial reporting, uphold the dignity and honor of the accounting profession, and maintain high standards of personal conduct. Discreditable Conduct Prohibited A CPA shall not engage in conduct discreditable to the accounting profession: Acts that reflect adversely on the CPA’s honesty, integrity, trustworthiness, or good moral character Stating or implying an ability to improperly influence a governmental agency or official Failing to comply with any order issued by the Board; or Failing to fulfill the terms of a peer review engagement contract Deceptive Conduct Prohibited A CPA shall not engage in deceptive conduct. Deception includes fraud or misrepresentation and representations or omissions which a CPA either knows or should know have a capacity or tendency to deceive. Deceptive conduct is prohibited whether or not anyone has been actually deceived. Reporting Convictions, Judgments & Disciplinary Actions Criminal Actions - A CPA shall notify the Board within 30 days of any conviction or finding of guilt of, pleading of nolo contendere, or receiving a prayer for judgment continued to any criminal offense. Civil Actions - A CPA shall notify the Board within 30 days of any judgment or settlement in a civil suit, bankruptcy action, administrative proceeding, or binding arbitration, the basis of which is grounded upon an allegation of professional negligence, gross negligence, dishonesty, fraud, misrepresentation, incompetence, or violation of any federal or state tax law and which was brought against either the CPA or a North Carolina office of a CPA firm of which the CPA was a managing partner. Reporting Convictions, Judgments & Disciplinary Actions Settlements - Notify within 30 days of any settlement in lieu of a civil suit or criminal charge grounded upon an allegation of professional negligence; gross negligence; dishonesty; fraud; misrepresentation; incompetence; or violation of any federal, state, or local law. Notification is required regardless of any confidentiality clause in the settlement. Investigations - Notify within 30 days of any inquiry or investigation by the IRS or any state DOR criminal investigation divisions pertaining to any personal or business tax matters. Liens - Notify within 30 days of the filing of any liens by the IRS or any state DOR regarding the failure to pay or apparent failure to pay for any amounts due any tax matters. Advertising vs. Networking Volunteer Opportunities David is a CPA and the Controller for a retail company. He and his family are very involved in local church activities and he was recently asked to be chair of the finance committee. He thought this would be a good way to serve the church and agreed to take the position. The minister had been at the church for 12 years and was highly respected member of the community. The finance committee worked closely with the church bookkeeper, a part-time position held by a long-time member of the congregation and a close friend of the minister. She prepared a monthly report of collections and expenses for the finance committee and everything seemed to run smoothly. Three months after accepting the chair position Anne, the church secretary asked for a private meeting with David. She reluctantly began her story of how she believed the minister was embezzling church funds with the assistance of the church bookkeeper. Anne’s husband was head usher and although not required, he often counted the collections before locking them in the church safe On Monday the book-keeper would count the collections, report totals to the minister and one of them would take the deposit to the bank. The past two Monday’s the bookkeeper was ill so the minister asked Mary to take the deposit to the bank. She noticed the amount was less than her husband told her was collected. She initially thought her husband made a mistake, but then got curious and looked at past deposits. Most were less than what her husband counted. Serving on a Board of Directors What are the duties? Are the Duties Heightened for CPAs? Typical Claims Brought against Board Members What are the Risks? How Can the Risks be Mitigated? What are the Key Steps to Consider before Accepting? 2013 National Business Ethics Survey KPMG Integrity Survey 2013 Observed Misconduct is in Decline Ethics Resource Center 2013 Ethics Culture Has Strengthened Ethics Resource Center 2013 Misconduct Declines as Ethics Culture Improves Ethics Resource Center 2013 Who Commits Misconduct? In Strong Ethics Cultures,Vast Majority of Misconduct Done by Individual Employees Ethics Resource Center 2013 Tone at the Top is Bottoming Out – Who Commits Misconduct Ethics Resource Center 2013 Moving Up the Ranks You are a CPA and have been with a mid-size company for 7 years and moved up the ranks now supervising 12 employees. Your company has just announced a merger with a larger company. Some layoffs in your department are inevitable.Your supervisor Mary, asks you to rank your 12 employees and turn in the list in a week. Mary and her husband are close family friends and her husband is your regular Saturday golf partner. After wrestling with the list all week by using performance metrics, former evaluations, observation and input from peers and clients, you turn the list in to Mary. After looking at the list, Mary says it looks good, but to switch #3 (Corey) and #12 (John). Mary hired John, 2 years ago. He works closely with both you and Mary. In your department his work is sub-standard and he struggles with the responsibilities and has an attitude problem with other employees. You are perplexed by Mary’s suggestion. As you are leaving Mary’s office her administrative assistant follows you out and says, “I overheard your conversation with Mary and I want you to know the reason for her suggestion. Mary and John have been having an affair since he was hired. I overhear their conversations and he travels with her to business meetings that he has no reason to attend. I know, I do the expense reports for both of them.” What do you do? The Most Common Company-wide Misconduct Offering something of value (e.g., cash, gifts, entertainment) to customers/clients 24% Health/safety violations 22% Offering something of value to public officials 20% Violating employee benefits, wage, or overtime rules 20% Violating Internet policies 20% KPMG Integrity Survey 2013 73% of employees reported that they had observed misconduct within their organizations in the previous 12 months More than half of employees reported that what they observed could potentially cause a significant loss of public trust if discovered KPMG Integrity Survey 2013 Nearly half of employees were uncertain that they would be protected from retaliation if they reported concerns to management more than half suggested a lack of confidence that they would be satisfied with the outcome Ethics and compliance programs continue to have a favorable impact on employee perceptions and behaviors Root Causes of Misconduct 64% Feel pressure to do “whatever it takes” to meet business targets 60% Believe the code of conduct is not taken seriously 59% Believe they will be rewarded for results, not the means used to achieve them 59% Fear losing their jobs if they do not meet targets otherwise 59% Lack understanding of the standards hat apply to their jobs 57% Lack resources to get the job done without cutting corners 57% Believe polices or procedures are easy to bypass or override 49% Are seeking to bend the rules or steal for their own personal gain Prevalence of Misconduct KPMG % Employees 2013 2009 2005 2000 Observed Misconduct in prior 12 months 73% 74% 74% 76% Believed observations could cause “a significant loss of public trust if discovered” 56% 46% 50% 49% Misconduct in Accounting and Finance Observations 2013 2009 Breaching computer, networks or database controls 34% 22% Entering customer contracts without proper terms, contracts, or approvals 35% 18% Stealing or misappropriating assets 30% 17% 29% 13% Falsifying or manipulating financial reporting information Prevalence of Misconduct -Could cause Significant loss of Public Trust – Significant Industry Increases Industry % Indicating Significant Misconduct % Increase from 2009 Electronics, Software & Services 63% 26% Aerospace & Defense 59% 19% Consumer Markets 56% 20% Chemicals & Diversified Industrials 54% 20% Real Estate & Construction 54% 15% Misconduct in Sales and Marketing Observations 2013 47% 2009 27% Improperly gathering competitor confidential information 34% 20% Violating contract terms with customers 29% 14% Engaging in anticompetitive practices 32% 12% Submitting false or misleading invoices to customers 30% 9% Engaging in false or deceptive sales practice Propensity to Report Misconduct KPMG % Employees 2013 2009 2005 2000 Notify Supervisor or another manager 78% 81% 81% 63% Try resolving directly 54% 52% 53% 40% Call hotline 53% 44% 38% 21% Notify someone outside the organization 26% 10% 10% 4% 23% 6% 6% 5% Look the other way or do nothing Reporting & Retaliation Ethics Resource Center 2013 Making the Whistle Louder Ethics Resource Center 2013 Is it Unethical of Fraud? The Shades of Gray Quadrant I Ethical and Legal Ethical Quadrant II Ethical and Illegal Financial Reporting Rules Legal Professional Corporateand Financial Decisions Decisions Illegal Quadrant IV Unethical and Illegal Quadrant III Unethical and Legal Unethical Accounts Payable? Steve is in the accounting department at a regional branch of the bank. He opens and books bills from suppliers and sends them accounts payable for payment. Everything under $500 is paid directly with no further authorization needed. Steve’s wife died from cancer last year after an extended illness and he is raising their three children on his own. He is still trying to pay off huge medical bills from his wife’s illness. The bill collectors are getting very aggressive and he doesn’t know how he will make the payments, pay the day care bills and buy groceries. This week he has to pay $400 in past due day care or the children will be expelled. He goes home and decides to print a fake invoice for office supplies under a reasonable sounding supply company name using his PO Box as an address for the $400 and mails it to the bank. He opens it and sends it through for payment as usual and within a week receives $400 payment. He vows to himself that he will never do this again and will pay it back, but next month the same issues happen so he repeats his billing. Will Steve get caught? Accounting Former KPMG Partner Scott London Sentenced to 14 Months for Insider Trading (April, 2014) Provided inside information to Mr. Shaw, jewelry store owner London said, he had been driven by wanting to help out Mr. Shaw, whose jewelry business was struggling. After receiving payments from Mr. Shaw, he said in that interview, “I’d feel like I just robbed somebody and I’d feel totally guilty.” But “unfortunately those feelings weren’t enough to keep me from doing it.” He called it a “slippery slope.” Pleaded guilty “it wasn’t inadvertent,” the judge said Remember Madoff Madoff is serving a 150-year prison sentence after pleading guilty in 2009 $65 billion Ponzi scheme March, 2014 Verdict on 5 ex-Madoff employees: Guilty of fraud "These defendants each played an important role in carrying out the charade, propping it up and concealing it from regulators, auditors, taxing authorities, lenders and investors. The scheme these defendants helped perpetrate cost innumerable investors their life savings. Now it likely will cost the defendants their freedom," said Manhattan U.S. Attorney Preet Bharara in a statement. Guilty on charges they aided and profited from the decades-long fraud Not Just the Executives! GUILTY Daniel Bonventre, 67, Madoff's ex-director of operations; Annette Bongiorno, 65, a former executive assistant who managed the firm's longest-standing clients; JoAnn Crupi, 52, who oversaw the company's bank account; Former Madoff computer programmers Jerome O'Hara, 50, and George Perez, 48. Brothers Sentenced for Health Care Fraud March 19, 2014 Charleston, S.C., Truman Lewis, of Charlotte, and his brother Norman Lewis, of Georgetown, were sentenced for participating in a conspiracy to commit health care fraud and money laundering. Truman Lewis was sentenced to 120 months in prison and Norman Lewis was sentenced to 90 months in prison. Both were ordered to pay $3,307,967 in restitution to Medicaid. Truman and Norman Lewis billed Medicaid for almost $9 million in a 22month period, with much of the billing being fraudulent. The defendants ran a for-profit youth mentoring service called Helping Hands Youth and Family Services, which had offices in Georgetown, Conway, Rock Hill, and Columbia. The defendants billed for weekends when children were not seen, for periods of time before children were in the program, for periods of time after the children had left the program, and for children who had no diagnosis to justify billing. Georgia Man Sentenced for Filing False Claims January 10, 2014, in Augusta, Ga., Jeffrey Sponseller was sentenced to 33 months in prison, three years of supervised release and ordered to pay $441,729 in restitution. Sponseller previously pleaded guilty to one count of false claims. According to court documents, Sponseller was an optometrist and owner of Eye Care One, a medical company which purportedly specialized in comprehensive vision care at nursing home facilities. On July 27, 2009 Sponseller visited a nursing facility and later submitted claims to Medicare for over $30,000 for 177 patients. From January 1, 2008 through February 24, 2011, Sponseller billed Medicare for more than $800,000. Many of these claims were false and fraudulent in that the specific health care services were not provided. Owner of Tax Return Preparation Franchise and Health Provider Business Sentenced To Prison Sept. 11, 2014, in Greensboro, North Carolina, Claude Arthur Verbal II, was sentenced to 135 months in prison for tax fraud, healthcare fraud and money laundering crimes in two separate cases.Verbal was also ordered to serve three years of supervised release and to pay restitution of $4,078,584 to the Internal Revenue Service (IRS) and $2,382,378 to the North Carolina Department of Health and Human Services. Verbal was the owner of Nothing But Taxes (NBT), that operated from 2005 to at least 2012.Verbal personally prepared false tax returns for clients and taught and encouraged his employees to do so as well. Verbal and employees frequently offered clients a dramatically larger tax refund if the client agreed to make a cash payment to their tax preparer over and above the flat return preparation fee that NBT charged every client, whether or not their return was falsified. In a separate case,Verbal was the owner and operator of Infinite Wellness Concepts (IWC), a Medicaid behavioral health provider with several locations in North Carolina. IWC was contracted to provide group therapy, intensive in-home services, and enhanced mental health and substance abuse services. Verbal acquired at least $1 million in fraudulently obtained funds from the Medicaid program. The money laundering charge to which Verbal pleaded guilty relates to the purchase of a $52,000 diamond ring with the proceeds of healthcare fraud. Cost of Medicare Fraud 2012 report, FBI report said, “The United States spends more than $2.5 trillion on health care annually, and rough estimates indicate that anywhere from 3 (percent) to 10 percent of all health care expenditures are attributed to fraud.“ Annual cost of fraud ranges from $75 billion to $250 billion. Government Accounting Office doesn't think this estimate is far wrong. It reported that in 2011, Medicare and Medicaid paid an annual $65 billion in "improper payments." It defines "improper" to include payments that are made in error -- not fraud, but wrong just the same. Dodd Frank & Consumer Protection Act SEC law providing whistleblowers with “monetary rewards”. Information must lead to recovery of $1 million or more. Reward is between 10-30% of monetary sanction. Must be securities fraud against a public company False Claims Act & The Qui Tam Whistleblower Reward False Claims Act is intended to encourage people to come forward with information and assist the government in stopping Medicare fraud, defense contractor fraud and other kinds of federal fraud. The qui tam reward for the whistleblower ranges from 15% to 30%, depending on the extent to which the whistleblower and his counsel contribute to the prosecution of the case. In addition, the False Claims Act provides for the recovery of attorney fees and expenses. These two provisions combine to encourage whistleblowers to come forward Generational Differences in the Workplace ETHICS, VALUES AND AGE Ethics Resource Center Which one are you? 2013 NBES How Do the Generations Compare on Misconduct? Overall Traditionalists Boomers Gen X Millennials 13% Felt Pressure 22% 9% 13% 15% 45% Observed Misconduct 36% 44% 45% 49% 65% Reported Misconduct 39% 64% 69% 67% 22% Perceived Retaliation 16% 18% 21% 29% Ends and Means % of workers who agree to look the other way if the company did something questionable 2013 NBES Recommendations Best way to address challenges of a workplace spanning multiple generations is… Implement effective ethics and compliance program Build strong ethics culture that encourages employees to do right thing Do this in a way that reaches and influences each generation Case Study John Green is a fourth year CPA in a large firm on an IT consulting engagement at a major power company’s nuclear facility. His assignment was expected to end in one week, but he just received word they would like him to stay an additional two weeks due to a serious unplanned outage at the facility which slowed down the consulting engagement. He is disappointed because he will not be able to attend a class reunion. He posts on Facebook and the Class Reunion website that delays in the outage will prevent him from being back in town to attend the reunion. Is there a problem? Social Networks - CPA’s are doing it, though they probably don’t know why SocialCPAs 2012 Social Media Survey It’s Not Just Facebook & YouTube Significant missteps are happening in HR and recruiting: Profiling Third party recruitment practices LinkedIn New connections = leak of confidential information Endorsements = job search Endorsements destroy your reference policy Email notices continue long after you have left your company Resume fraud and material misrepresentations 2012 NBES-SN Frequency of Social Networking at Work 2012 NBES-SN Training Best Practices Select the right method (Live, eLearning, blended) Make it continuous Refresher training Burst Training (periodic 5-7 minute reminders) Compliance communication materials Company intranets Redistribute key policies via training program Make it engaging Scenario-based Realistic (contemporary) issues and stories Focus on behaviors not the law Not overly legalistic – make the content accessible 2012 NBES-SN How Can We Use Social Media to Our Advantage? Companies can learn from social networking employees to get a better picture of what employees do and how they communicate. Engaging social networkers will ultimately help: Enhance the company’s reputation Strengthen employees’ ethical performance Create a closer relationship between company and employees 2012 NBES-SN The Future Ethical/Fraud Issues: What’s Coming IT Security Cybercrime Fraud in Cyberspace JPMorgan Chase Hacking Affects 76 Million A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses Began in June but was not discovered until July Operating overseas, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. In its regulatory filing on Thursday, JPMorgan said that there was no evidence that account information, including passwords or Social Security numbers, had been taken Home Depot – 56 million card numbers stolen Home Depot, Sept. 18, says that to evade detection, the criminals involved in the cyber-attack against it used custom-built malware, which has not been used in other attacks. Home Depot estimates it will spend $62 million in 2014 for breach-related costs Home Depot Fraud Home Depot fraud has started to trigger fraudulent transactions across financial institutions and, in some cases, draining cash from customer bank accounts, The fraudulent transactions are showing up across the U.S. as criminals use stolen card information to buy prepaid cards, electronics and even groceries, these people said. In some cases, the fraudulent transactions have been tracked to batches of cardholder accounts that are tied to specific ZIP Codes 98 Methods of Attack – Verizon 2012 Study of Data Thefts Error Misuse Social Data Theft Physical Malware Hacking 0% 10% 20% 30% 40% 50% 60% Time from initial compromising to discovery – Verizon 2012 Minutes Hours Days Weeks Years Months PWC 2013 State of Cybercrime Survey 1. Leaders do not know who is responsible for their organization’s cybersecurity, nor are security experts effectively communicating on cyberthreats, cyberattacks, and defensive technologies. 2. Leaders underestimate their cyber-adversaries’ capabilities and the strategic financial, reputational, and regulatory risks they pose. PWC 2013 State of Cybercrime Survey 3. Leaders are unknowingly increasing their digital attack vulnerabilities by adopting social collaboration, expanding the use of mobile devices, moving the storage of information to the cloud, digitizing sensitive information, moving to smart grid technologies, and embracing workforce mobility alternatives—without first considering the impact these technological innovations have on their cybersecurity profiles. Medical Records Are a Gold Mine for Cybercrime Report security firms Norse and SANS found nearly 50,000 instances of malicious attacks on health care institutions, including 375 cases where the network was breached . Last year the health care industry suffered more cyberattacks than any other industry in the US, including, for the first time, the business sector. "The report is a snapshot of what’s happening throughout the industry," researchers wrote. “No health care organization is immune. Reports of breaches against health care organizations, large and small, continue to rise.” HP & Ponemon Institute 2013 Cost of Cyber Crime Study HP & Ponemon Institute 2013 Cost of Cyber Crime Study Average annualized cost of cybercrime incurred per organization was $11.56 million, with a range of $1.3 million to $58 million. an increase of 26%, or $2.6 million, over the average cost reported in 2012.(3) Organizations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.(4) The average time to resolve a cyberattack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day 55% increase over 2012’s estimated average cost of $591,780 for a 24-day period.(1) HP & Ponemon Institute 2013 Cost of Cyber Crime Study Most costly cybercrimes are caused by denial-of-service, malicious-insider and web-based attacks, together accounting for more than 55% of all cybercrime costs per organization on an annual basis.(5) Information theft continues to represent the highest external costs, with business disruption a close second.(6) On an annual basis, information loss accounts for 43% of total external costs, down 2 percent from 2012. Business disruption or lost productivity accounts for 36% of external costs, an increase of 18% from 2012. (1) HP & Ponemon Institute 2013 Cost of Cyber Crime Study Recovery and detection are the most costly internal activities. For the past year, recovery and detection combined accounted for 49% of the total internal activity cost, with cash outlays and labor representing the majority of these costs. Cybercrime cost varies by company size, but smaller organizations incur a significantly higher per-capita cost than larger organizations. Organizations in financial services, defense, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products. Decision Model for Resolving Ethical Issues DETERMINE THE FACTS IDENTIFY ALL STAKEHOLDERS DEFINE ETHICAL ISSUES AND MAJOR PRINCIPLES, RULES, VALUES SPECIFY ALTERNATIVE COURSES OF ACTION COMPARE ETHICAL PRINCIPLES WITH ALTERNATIVES TO SEE IF CLEAR DECISION ASSESS CONSEQUENCES OF EACH ALTERNATIVE DISCUSS THE ISSUE WITH SOMEONE MAKE YOUR DECISION @Rockness Education Services 2005 I-Tunes APP http://www.scu.edu/ethics/ethical-decision/ Three Questions Ask yourself when you are faced with an ethical dilemma: Is it legal? Will you be violating any criminal laws, civil laws, or company policies by engaging in this activity? Is it balanced? Is it fair to all parties concerned both in the short-term as well as the long-term? Is it right? You know the difference between right and wrong…how does this decision make you feel about yourself? Are you proud of yourself for making this decision? Would you like others to know you made the decision you did? Kenneth Blanchard and Norman Vincent Peale, authors of The Power of Ethical Management “When you come close to selling out, reconsider” From I Hope you Dance, Lee Ann Womack “Ethical errors end careers more quickly and more definitively than any other mistake in judgment or accounting” Solomon, 1994 People often over-estimate the cost of doing the right thing and under-estimate the cost of not doing the right thing! @Rockness Education Services 2005 “To see what is right and not to do it is want of courage.” (Confucius) Cal Christian christianj@ecu.edu Jonathan Kraftchick jkraftchick@cbh.com Melissa Critcher mcritcher@carolina.rr.com Joanne Rockness jrockness@nc.rr.com
