4 Ways Healthcare Security is Changing with the Times

By Lowers & Associates,

No doubt, times are changing. The U.S. is in the midst of a historic presidential transition. Economic pressures and complexities continue to squeeze the purse strings of many businesses and workers. Technology evolves more quickly than we can adopt and adapt. Communication continues to speed up and diverge in myriad directions. Volatility and violence in our social fabric continues to create tension, leaving us on the edge of our seats curious about what is going to help.

One solution that is relevant across all aspects of our life today is security. Promoting ways to feel safe and secure helps everyone relax into whatever actions are needed to continue to move us in a productive direction. This applies to us as individuals, in our homes, in our businesses, cities, airports, and other dimensions of daily life. Security is an important element to promote productivity.
… Continue reading

  Category: Healthcare Security
  Comments: Comments Off on 4 Ways Healthcare Security is Changing with the Times

Human Capital Risk Series: The Employer’s Role in Negligent Hiring and Retention

By Lowers & Associates,

negligent hiring and retention

Demonstrated due diligence is your first line of defense against negligent hiring and retention lawsuits. Sometimes this is easier said than done, especially if you are trying to fill positions for which there is a lack of talent.

Be aware that dialing down the due diligence in making a hiring decision can backfire with exorbitant cost. In one case, a jury awarded $7 million to the family of a truck driver who was killed in an accident caused by a second truck driver. The second driver, who was hired without a background check, had been on the job only 19 days when the accident happened. The plaintiff was able to show that a background check would have revealed that the second driver had had his license revoked twice for driving infractions.

In another more recent case, a hospital in Denver was sued for negligent hiring in a class action suit because it had hired a surgical technician with a record of having been fired from four previous positions, and who also had a Navy court martial for the theft of the powerful synthetic opioid, fentanyl. After being caught again stealing a syringe of fentanyl, the defendant tested positive for a blood-borne disease, making him an infection risk to the 2,900 surgical patients the hospital had during his tenure. Plaintiffs counsel argued that the terminations and court martial were easily discovered with a background check. All 2,900 patients are part of the class action lawsuit.

… Continue reading

Top 10 Risk Management Articles from 2014

By Lowers & Associates,

risk management articles

We’re pleased to kick off the new year by sharing our most-read blog posts from the Risk Management Blog in 2014.

1. Protecting Against Ghost Employee Fraud

Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.

Read full post >

2. Key Components of a Fraud Risk Prevention Policy

In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.

Read full post > … Continue reading

Summarizing the OCC Risk Management Framework for Banks

By Mark Lowers,

The on-going regulatory response to the 2008 financial crisis includes the Office of the Comptroller of the Currency (OCC) Risk Management Guidance on third-party relationships, issued in October 2013. The bulletin states that the OCC expects a bank to practice effective risk management regardless of whether the bank performs the activity internally or through a third party.

“A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws.”

In a recent speech before the Risk Management Association, Thomas J. Curry, Comptroller of the Currency, emphasized the importance of managing the risks “associated with bank systems and processes” even above credit risk. He noted banks’ “increasing reliance on third parties” and the systemic risks they impose. … Continue reading

How Does a Finance Director Steal $800K?

By Mark Lowers,

stolen funds

The short answer is that it is much too easy if basic controls are missing.

Cincinnati.com summarizes the missing controls in the case of Covington, Kentucky’s former Finance Director Bob Due in the lead paragraph of the story:

The city of Covington gave complete control over millions of taxpayers’ dollars to one man for more than a decade – an “inexcusable” error that resulted in nearly $800,000 embezzled, the Kentucky auditor said.

This is a classic story about an opportunist who defrauded his employer of almost a million dollars, yet avoided detection for years until he made a mistake in the summer of 2013. All of this loss could have been prevented with standard controls.

Going Solo

For 13 years, Bob Due was able to take money from the city right under the noses of four different mayors and four city managers. All told, he wrote 68 checks to himself, relatives, or fake vendors. In the aftermath, the audit revealed a slew of red flags that should have signaled danger:

  • Mr. Due was the IT system administrator with control of financial software, with no oversight.
  • General IT security was inadequate, with Due as system administrator.
  • Payables procedures were lax, such as the lack of a check register to compare beginning and ending check numbers.
  • The Finance Department had no written policies for revenue and collection.
  • The city did not have a credit card policy or track issued cards.

As Auditor Edelen put it, “What we have here is a breakdown in oversight. Mr. Due did not have a boss.” … Continue reading