Developing a Service Catalogue for fraud, security and integrity teams

Author: Paul Curwell

What is a Service Catalogue and why is it important?

Service Catalogues are receiving increased attention from Chief Operating Officers and business managers as organisations continue the digital transformation journey for internally-facing shared services teams. A Service Catalogue comprises the list of the service offerings (the ‘services menu’) for a functional team, making it easy for internal customers (stakeholders) to understand and access the team’s services.

Service Catalogues also create boundaries that define what a functional team will and will not do, particularly when developed in consultation with, and approved by, senior management. Optional or ‘nice to have’ services may simply not be feasible or affordable at a point in time – the service catalogue process provides a mechanism to agree these offerings and then align them with performance scorecards, resource availability, corporate strategy and internal policies.

Illustrative Service Catalogue
Illustrative Service Catalogue (Curwell, 2003)

How do you build one?

Building a Service Catalogue is a relatively straight forward process involving data collection and interviews or workshops. I typically use Microsoft Excel as my tool of choice for building the initial service catalogue. Once built, I may move this to Microsoft Sharepoint, JIRA or other solutions (see below) depending on the client’s strategy. There are six main steps involved in building a Service Catalogue:

  • Step 1 – Review the organisational chart and position descriptions: Organisational charts usually show the functions within a Business Unit (BU) or team which typically align to the main categories of service offering.
  • Step 2 – identify the main service offerings within each service category: this typically involves interviews or workshops with people in the respective team. The aim here is to understand everything team members do on a day to day basis, and to try and categorise these into distinct services.
  • Step 3 – populate the Service Catalogue template: based on responses gathered from Step 2.
  • Step 4 – remove duplications and deconflict services: sometimes there is a tendancy for team members to view a service as being completely distinct, when it is actually a variation of another service. Ideally, variation should be avoided where possible as this generates waste and errors (in lean six sigma language). If variations are required,
  • Step 5 – process map each service and prepare SOPs: Once each service has been identified, the business process should be mapped and any opportunities to streamline or increase process efficiency implemented. Standard Operating Procedures (SOPs) should be prepared for each service offering which align to the process map.
  • Step 6 – align the Service Catalogue with performance metrics, team resourcing and HR position profiles: Once developed, it is important to assign performance metrics to the team, such as the turnaround time (SLA) which an internal customer has to wait for a process to be completed (e.g. building passes for new hires will be issued within 24 business hours of lodging a request form). Team metrics, tracked through tools like Kanban boards, allow team leaders to implement daily standups with their team to focus effort on the highest priority tasks and remediate delayed or overdue tasks.
An example of a Service Catalogue template
An example of a Service Catalogue template (Curwell, 2023)

As illustrated by the six step methodology above, building a Service Catalogue is a relatively straightforward process that helps focus the attention of internal teams on core business.

A basis for improving governance, performance and team resourcing

Service Catalogues contribute to better governance and performance outcomes, enabling functional team leaders to clearly define what they do, how they do it, and the value it contributes to the business. Non-customer facing support functions are always under cost and resource pressure in any business: Service Catalogues should also align with performance scorecards to track service delivery against agreed KPIs.

white shirt sitting behind counter under television
Photo by PhotoMIX Company on

Employee position descriptions should align with the Service Catalogue, ensuring staff holding those roles are able to effectively perform the required functions without being over or under qualified. Capturing service delivery performance metrics, including time taken to execute each service and the number of requests for that service over a defined period of time also provides the data required to ‘right size’ the team headcount to suit business requirements, required service levels, and risk appetite.

Service Catalogues – an enabler of digital transformation

Every manager knows that resources are always limited – there is always more you should, could, or would like to be doing but time, cost and quality is a handbrake. Digital transformation is increasingly being adopted by internally facing services teams such as security, fraud, HR, finance, legal and others. The adoption of digital transformation tools, such as case management solutions, workflow management tools and process automation offers the chance to minimise manual handling and allow users to self-service, reducing demands on support staff.

lens display business market
Photo by RODNAE Productions on

Having done a few of these activities before, I often find that the Office of the CIO has procured an IT Service Management tool which can be easily adapted and redeployed for other non-IT Service Management tasks with an incremental increase in spend (typically licensing and configuration). Once developed, Service Catalogues are increasingly being implemented in online tools such as:

  • Atlassian JIRA – extremely popular and easy to use, Australian company Atlassian’s web-based JIRA solution makes it easy to track tasks and integrate workflows and decisioning for service requests.
  • ServiceNow IT Service Management – An increasingly popular and common option, ServiceNow is being rolled out as part of enterprise implementations to transform internal operations.
  • Microsoft SharePoint – One of the more enduring and common corporate intranet solutions, SharePoint can help streamline processes and workflows using a combination of SharePoint lists and tools such as Power Automate and Power Apps from a web browser.

These solutions provide simple opportunities to streamline and enhance service delivery and performance of internal services teams, and can form the basis for digital transformation across all shared services teams in any business. In a future article, I will provide a guide on implementing your Service Catalogue in JIRA.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Building your supplier integrity framework

What is Supplier Integrity ?

The Cambridge Dictionary defines integrity as “the quality of being honest and having strong moral principles that you refuse to change”. Increasingly the term ‘business integrity‘ is being used to reflect the way companies manage compliance risks and regulatory obligations. More recently, the term ‘supplier integrity’ is also starting to arise.

Photo by ThisIsEngineering on

Supplier Integrity is a logical extension of the concept of ‘business integrity’ (see below – note that some authors use ‘business integrity’ specifically to refer to anti-bribery and corruption). Before diving into the concept in more detail, it is worth setting some boundaries for what constitutes ‘supplier integrity’.

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

Despite searching, at the time of writing I was unable to locate a standard or guideline on supplier integrity. However, the OECD Due Diligence Guidance for Responsible Business Conduct provides a useful set of guardrails for what might be included within a supplier integrity framework:

  • Human Rights
  • Environmental Protection
  • Employment and Industrial Relations
  • Financial Crime, specifically:
    • Anti-Bribery & Corruption
    • Economic and Trade Sanctions
    • Fraud
    • Money Laundering & Terrorist Financing
    • Tax Crime
  • Consumer Protection
  • Competition & Anti-Competitive Practices

In my opinion, one of the other fundamental elements to Supplier Integrity is Beneficial Ownership, or the identify of the natural person(s) who actually own the supplier. Whilst determination of beneficial ownership is likely to occur during Supplier Due Diligence, understanding who you are actually proposing to do business with – what the World Bank refers to as the “corporate veil” – is essential and should not be overlooked (refer this related post).

Why is Supplier Integrity important?

There are at least two main reasons why Supplier Integrity is important in business today: the first is legal, whilst the second is more a reflection of ethics and values. One of the primary legal reasons for needing a robust supplier integrity program is Principal-Agent Theory which holds that the company contracting the third party (‘principal’) is generally responsible for actions taken on its behalf by that third party (‘agent’), making it essential that companies have the right programs in place to select, onboard, oversee and terminate their supplier arrangements.

  • Under this legal doctrine, if a supplier does something illegal there is generally a degree of civil and / or criminal liability for that conduct which can fall on the principal.
  • Whilst activities such as Supplier Integrity and associated supplier compliance programs can help mitigate this liability in the event of something going wrong, it generally does not absolve the principal completely.
  • One example of this in practice is a principals’ liability for bribery and corruption performed on its behalf by a supplier under the U.S. Foreign and Corrupt Practices Act (FCPA) (FCPA Guide, p136).
Photo by Pixabay on

In relation to ethics and values, there are four key drivers which underscore the importance of a robust Supplier Integrity Framework:

  • ESG and shareholders – the Environmental Social Governance (ESG) investment movement is becoming increasingly important globally as we recognise the value and importance of sustainable business practices, as well as the importance of integrity and transparency in business generally. According to McKinsey, companies demonstrate a strong ESG proposition correlate with higher equity returns.
  • OECD Guidelines for Responsible Business Conduct (RBC) – these Guidelines cover covering environmental, industrial relations, financial crime, competition, human rights, and consumer protection and are the OECD’s most comprehensive international standard on Responsible Business Conduct. The Australian Government is committed to promoting the use of the Guidelines and their effective and consistent implementation. Companies operating in Australia and Australian companies operating overseas are expected to act in accordance with the principles set out in the Guidelines and to perform to the standards they suggest. The Guidelines are supplemental to Australian law and are not legally binding (AusNCP).
  • Consumer expectations and social licence to operate – this driver is much more fluid and reflects the will and appetite of the local community and populace to allow a company to operate. Companies which do more respect the communities or environment in which they operate are being identified and actively targeted by global consumers for socially unacceptable behaviour, potentially impacting sales, employee attraction and retention, and political support.
  • Reflection of the company’s values and ethics – perhaps the most important of all, a companies suppliers are a reflection of its brand. Poor choices in suppliers can manifest in quality and reputation risks impacting factors such as profitability down stream.
Photo by Akil Mazumder on

What would you expect to see in a Supplier Integrity Framework?

A Supplier Integrity Framework fulfils and specific purpose – ensuring that the principal’s suppliers conform with its ethics and values as well as comply with applicable legislation. There are six components I would expect to see in any Supplier Integrity Framework:

  1. Supplier Code of Conduct – reflects the principal’s ethics and values to ensure these are demonstrated by its suppliers
  2. Supplier Integrity Policy –
    • Outlines roles and responsibilities, acceptable behaviours or expected practices (see Supplier Code of Conduct);
    • Aligns with compliance obligations and the principal’s broader policies and frameworks (eg risk and compliance frameworks, procurement policy, supplier management framework),
    • Outlines the ongoing monitoring and due diligence practices and the supplier compliance program; and,
    • Sets out how incidents are to be reported and managed.
  3. Risk Assessment – identifies the main supplier integrity risks and where they may manifest in the supply chain (geographical, spend category, etc), as well as associated controls and risk treatment plans
  4. Supplier Due Diligence and Ongoing Monitoring Program – conduct due diligence and continous monitoring on a supplier’s integrity throughout the supplier lifecycle (i.e. selection, contracting, contract management, termination)
  5. Supplier Compliance Program (aka Supplier Assurance Program or Vendor Assurance) – documents how and what the principal will do to ensure compliance with its Supplier Integrity Framework as well as other aspects of contractual compliance. This should also include appropriate incident management, audit and investigation provisions.
  6. Performance and reporting – details how compliance with the policy will be tracked and reported with appropriate levels of governance and oversight.

Relationship between Supplier Integrity, Procurement and Supplier Management Frameworks

The Supplier Integrity Framework is likely to be one element of a principal’s broader suite of corporate governance artefacts. Ordinarily this framework will be subordinate to other frameworks in the organisation such as the principal’s Code of Conduct and other business integrity policies and practices which apply to all employees.

The Supplier Integrity Framework is likely to be subordinate to the Procurement and Sourcing Policy, which likely sets out how the principal performs these functions, as well as other Supplier Relationship Management (SRM) and Supply Chain Management (SCM) frameworks.

Each of the above policies and frameworks performs and important role in the overall supply chain of third party management ecosystem. Importantly, a well-designed supplier integrity framework compliments other governance and risk-related concepts, such as those outlined in the Australian Government’s Critical Technology and Supply Chain Principles (’10 Agreed Principles’, see previous post), as well as providing a solid foundation from which to address a range of other supply chain threats and risks.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Third parties defined – what are they exactly, and how should these risks be managed?

Defining third parties

I frequently use the term ‘third party’ throughout my blog and in the course of my day to day consulting work. Most often, when we talk about third parties we are referring to suppliers, vendors or service providers, but there is a whole ecosystem of third parties present in business today – particularly applicable to those businesses that operate overseas.

Photo by Oleg Magni on

As you can see from the table below, third parties also encompass contractors (often we forget about this category and may even consider them like employees, especially when evaluating insider threats, but this oversight can create downstream problems from a fraud, integrity and security perspective if not managed properly):

Third PartyDefinition
Joint Venture PartnerAn individual or organisation which has entered into a business agreement with another individual or organisation (and possibly other parties) to establish a new business entity and to manage its assets.
Consortium PartnerAn individual or organisation which is pooling its resources with another organisation (and possibly other parties) for achieving a common goal. In a consortium, each participant retains its separate legal status.
AgentAn individual or organisation authorised to act for or on behalf of, or to otherwise represent, another organisation in furtherance of its business interests. Agents may be categorised into the following two types:
– Sales agents (i.e. those needed to win a contract)
– Process agents (e.g. visa permits agents).
AdviserAn individual or organisation providing service and advice by representing an organisation towards another person, business and/or government official. Examples include legal, tax, financial adviser, consultants and lobbyists.
Contractor A non-controlled individual or organisation that provides goods or services to an organisation under a contract.
Sub-ContractorAn individual or organisation that is hired by a contractor to perform a specific task as part of the overall project.
Supplier / VendorAn individual or organisation that supplies parts or services to another organisation.
Service ProviderAn individual or organisation that provides another organisation with functional support (e.g. communications, logistics, storage, processing services).
DistributorAn individual or organisation that buys products from another organisation, warehouses them and resells them to retailers or directly to end-users.
CustomerThe recipient of a product, service or idea purchased from an organisation. Customers are generally categorised into two types:
– Intermediate customer: A dealer that purchases goods for resale.
– Utimate customer: One who does not in turn resell the goods purchased but is the end user.
World Economic Forum (2013) Conducting Third Party Due Diligence Guidelines

Distributors can be particularly challenging for product-based supply chains, especially if distributors have poor processes and controls in place to manage processes like large discounts to end users, poor end user verification, and poor inventory management controls (both stock on hand, obsolete or discontinued stock marked for discount, and stock marked for write-off). These distributors can be vulnerable to product diversion schemes.

How are companies responsible for the actions of their third parties?

It’s all to easy to forget that under legal ‘Principal-Agent theory’, the company contracting the third party (principal) is generally responsible for actions taken on its behalf by that third party (‘agent’), making it essential that companies have the right programs in place to select, onboard, oversee and terminate their third party arrangements.

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

Third party risk is an area receiving increased attention from company executives and regulators world-wide, particularly in a the following risk categories:

  • Reputation risks (including political donations)
  • Modern slavery risks
  • Bribery and corruption risks
  • Sanctions risks
  • Fraud & integrity risks (both vendor fraud and against the end user)
  • Security risks (including insider threats and product diversion schemes)

Increasingly, Environmental Social Governance (ESG) or sustainability considerations are also playing a role in third party and supply chain decisions based on preferences and / or pressure from shareholders, employees and customers.

All companies – large and small – are responsible for the actions of their third parties, and may find themselves the subject of reputation and brand damage as well as litigation, financial losses, and regulatory enforcement action if these risks are improperly managed. Additionally, small and medium sized companies are not immune to regulatory enforcement action simply because of their size.

Photo by Pixabay on

What should companies do to manage their third party risks?

There are a number of actions that can and should be taken to mitigate third party risks such as those listed above. Whilst no program is ever able to completely mitigate the risk of something happening either now or at any point in the future, implementing steps to try to manage these risks does go a long way.

For offences involving bribery and corruption and breach of international sanctions regulations, regulators such as the United States Department of Justice (Foreign Corrupt Practices Act) and United States Treasury Office of Foreign Assets Control (sanctions regulations) provide pathways for principals to mitigate penalties for misconduct and illegality arising from the conduct of their third parties, but only where the principal has an appropriate compliance program in place to manage these risks.

Any program to properly manage third party risks must follow the third party lifecycle, which may include some or all of the following management actions:

Lifecycle StageIllustrative Management Actions
Third Party program setup and governance1. Setting the ‘tone from the top’
2. Develop the Compliance Obligations Register
3. Determine risk appetite
4. Develop policies and frameworks
5. Undertake risk assessments
6. Develop a risk management plan, including risk treatment strategies
7. Training and awareness programs
8. Develop due diligence frameworks and programs
9. Develop ongoing monitoring and evaluation frameworks
Third Party Selection1. Document the principal’s specific requirements
2. Perform due diligence
3. Identify the third party’s material risks, process or capability gaps
4. Identify potential treatments for these gaps
Third Party Onboarding1. Develop risk-based contract schedules which are practical, auditable and enforceable by the principal
2. Agree contracting and legal agreements
3. Agree third party audit or contract compliance arrangements
Third Party Operations1. Perform Quality Assurance
2. Manage the third party relationship
3. Provide regular oversight and direction
4. Undertake periodic audits or contractual compliance reviews
5. Periodically review and update Compliance Obligation Registers and Risk Assessments
6. Undertake periodic due diligence throughout the term of the contract with review frequency based on the assessed risk
Third Party Offboarding1. Execute termination protocols as agreed in the contract
2. Collect all principal documentation, Intellectual Property, equipment and other assets
3. Supervise the destruction of data, assets (e.g. molds, prototypes) or equipment where not easily transferred
4. Periodically review the footprint of the third party’s operations for a period after termination to ensure all IP has been returned and monitor for competitor relationships
Paul Curwell (2022) – illustrative actions to manage third party risks

All businesses today need third party relationships, and whilst they do present risks they also present tremendous opportunity. Further, most businesses today would not be able to thrive without access to their third party ecosystem. Whilst there are risks inherent with third parties, these can be managed effectively and appropriately via a risk-based approach that both considers the context and materiality of the risk and implements practical, effective treatments that work for both the principal and the third party. After all, any party can walk away if contracting becomes too onerous, which may not be a good outcome for either party. Treading this fine line is one of balance and mutual agreement.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

What is an ‘IP Audit’ anyway?

Intangible Assets – easily overlooked

I still remember performing my first ever Intellectual Property (IP) audit on my consulting journey. I had just graduated from business school which had opened my eyes to the world of commercialisation and IP assets, and how they could be exploited or misplaced. My client was a large player in global airport infrastructure services, and as part of their work the Executive Officer to the CEO thought it was important to identify and map their IP asset holdings. As I worked my way through the organisation, interviewing staff and cataloguing their IP, I still remember stumbling across the engineering laboratory hidden in one corner of a floor, out of sight.

As I spoke to the team members there, I discovered not only did they maintain specialised electronic components for equipment used in delivery of their services, but in their spare time and with discretionary budget the team of engineers worked to invent their own solutions to airport infrastructure problems. This activity flew completely under the radar of the organisation’s executive, meaning not only did their work potentially miss out on dedicated funding which might generate a revenue stream or licensing opportunity for the organisation, but the IP was not properly protected – including from theft should those employees decide to resign and move to a competitor or start their own business.

This type of situation is encountered time and time again in Australian businesses. Our level of awareness and maturity in relation to IP is relatively low in most sectors, and my experience has been that in sectors which are aware of the fundamental concepts, IP assets are either managed very selectively or in many cases not at all. As an advanced economy with a strong STEM-based population and research capability, we need to get better at protecting our IP if we are to compete and thrive as a nation in a knowledge-driven world. Completing an IP Audit is one of the first steps to doing this.

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

What are intellectual assets?

Intellectual Assets are intangibles that have value to an enterprise including but not limited to “information, intellectual property, credibility and reputation, and brand identity”. Whilst the term ‘intellectual property’ is often used to commonly refer to sensitive information, six types of IP are recognised by the World Intellectual Property Organisation (WIPO):

  • Patents
  • Trade Marks
  • Copyright
  • Industrial designs
  • Geographical Indicators (e.g. ‘champagne’)
  • Trade Secrets

In Australia, we have another category of IP called ‘Plant Breeders Rights‘, and Geographical Indicators are registered under our ‘Certification Trade Mark system‘. Unlike other jurisdictions such as the U.S., Australian law does not explicitly recognise ‘trade secrets’ as a category of IP – instead, ‘trade secrets’ are considered a category of ‘Confidential Information’ (Dighe & Lewis, 2020, More on this in a future post.

According to IP Australia, “a trade secret can be any confidential information of value. Unlike other IP rights, trade secrets are protected by keeping them a secret, and are not registered with IP offices. The protection of a trade secret will cease if the information is made public, and trade secrets do not prevent other people from independently inventing and commercialising the same product or process”.

What is an IP audit?

According to the Queensland Government, “an IP audit is a review of the IP owned, used or acquired by an organisation. It aims to find out what IP is within an organisation, who owns it, the value of that IP, its legal status, and what to do with it“. Once identified, in addition to focusing on the legal status of your IP, you also need to understand whether it is adequately protected. For example:

  • Which threat actors might seek to steal or sabotage your intellectual assets? Employees, competitors, nation states (‘economic espionage’) or someone else?
  • What are the actual risks posed by these threat actors? Examples include theft, sabotage and IP infringement.
  • What internal controls do you have in place in terms of your holistic security programs to address the identified threats and risks? These may need to address insider threats, supply chain threats, and external threats (e.g. competitors).
Photo by Mark Stebnicki on

How are IP audits performed?

Once you have decided to undertake an IP audit, you need to develop your scope and methodology. This starts with developing your audit plan and audit team. I find its easier to divide the audit into two or three parts, as follows:

  • Step1 – data collection: systematically catalogue confirmed or potential IP and confidential information in a register. I use the organisation chart as a starting point for this.
    • Tip: its easy to get bogged down and start to catalogue every document. Instead, focus on categories of information (e.g. financials) and then narrow down in key areas.
  • Step 2 – initial assessment: once you’ve compiled your initial register, assess it to remove all unnecessary content by ensuring each entry meets the criteria for an asset. If not relevant, delete it. Hopefully you’re left with a relatively small number of manageable entries, the output of which is your register of ‘critical information assets’.
  • Step 3 – commercial evaluation: use your register of ‘critical information assets’ to review potential commerical opportunities (e.g. licensing), develop monitoring programs for infringement, or even sell the IP Rights to another party if no longer used or relevant to your strategy.
  • Step 4 – risk management: review your register of critical assets to ensure the information is adequately protected. This includes legal provisions (e.g. patents), employment contracts (e.g. non-disclosure and IP assignment clauses), information security programs, and supply chain or third party risk programs. Make sure your critical information assets are appropriately marked, secured (e.g. encrypted), access is controlled, and unauthorised dissemination is limited.
Photo by on

Using the findings of your IP audit to better protect these assets

All to often, businesses take a purely legalistic approach to protecting their IP and Confidential Information assets. It is important to remember that just because your research is patented or because you have a non-disclosure agreement in place with your suppliers or employees it is not completely protected. Particularly in the case of confidential information, courts expect businesses to have implemented appropriate security programs to safeguard their information – it is not sufficient to rely purely on legal protections in the courts if something happens. Further, this sort of reactive response is not productive, is very expensive, and consumes substantial amounts of time from your board, executives and senior staff – time that could be more productively spent elsewhere.

Prevention and early detection is the key, but to do this you need to understand what your IP assets are (such as via the IP audit process), work out where their associated vulnerabilities or exposures lie (are they limited to your employees or do you divulge this information to your third parties too? if so, who has access…). Then you can wrap a combination of cybersecurity (e.g. networks, systems, encryption) and what I refer to as ‘non-cyber information security’ programs around this to build your protective bubble. These relationships are illustrated below:

As you can see, there is more to protecting your IP and Confidential Information than patents, copyright and design rights. If you’re unfamiliar with how to build a program to protect your confidential information, take a look at my previous post here.

Further reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.