Early lesson from NCI breach: Double check financial oversight
NCI Inc. recently accused its controller of embezzling $18 million over the last six years, shocking the federal contracting community.
In the wake of this event, Attorney Robert Tompkins notes how important it is for a company to have a clearly defined internal investigation policy.
"In a case like [NCI’s], there are a host of different notice and reporting obligations that the company will have in addition to any internal requirements they have set," said Mr. Tompkins. "The first step is to undertake a full assessment of what happened, both to show that the company is being responsible but also to avoid further unpleasant surprises."
Attorney Timothy Belevetz provides numerous examples of ways that companies can strengthen their internal controls post-breach.
One possibility is to review and authorize expense reimbursements, said Mr. Belevetz, "There should be a requirement to provide supporting documentation."