Why don't CIOs turn in more insider criminals? No one suggests that CIOs routinely cover up corporate crime, but management pressures may inhibit CIOs and IT managers from acting on their suspicions early in a fraud scheme.
It's rare to happen upon a digital smoking gun that incontrovertibly proves a corporate crime. It's later, during a formal investigation once auditors know what they're looking for, that the obviously damning evidence is uncovered. Early on, though, a CIO might notice something amiss. Perhaps a network activity log shows unusual patterns or some entries in the general ledger look off. CIOs may hesitate to step forward, feeling they don't know enough about the intimate workings of finance, according to Jim Anderson, a management consultant at Blue Elephant Consulting.
"They think, 'I'm probably wrong. I probably just don't understand it'," Anderson said. He adds that such self-doubt may be more common in CIOs who report to CFOs, which is about 23% according to an American survey of CIOs.
Also, bringing up vague concerns could mar the relationship between the CIO and whomever he tells - and certainly whomever he accuses, Anderson said. To avoid that, the CIO might sweep aside his ideas and assume, like so many professionals do, that internal and external auditors will catch anything untoward.
Finally, many companies lack a clear process for reporting suspected wrongdoing. It may seem obvious that someone should go to a manager or the human resources department, even the CEO. But Anderson said that without a well-known policy for how to handle the situation, some employees - even CIOs - will do nothing. If someone is busy with everyday work and unsure of himself already, he said, "the issue just dies."