Despite the wealth of well-publicized information about the high prevalence of organizational fraud and the high costs of fraud, it is always surprising to learn that so many companies operate without systematic fraud prevention programs, or fail to review their programs on a regular basis.
In fact, there are very important reasons fraud prevention is worth the effort. Here are some of them: … Continue reading
In general, compliance is conforming to particular expectations, standards, or behaviors, where risk is an exposure to potential loss or injury. When we think of compliance in the security arena, it often means that you are following prescribed standards, which could be regulatory, industry best practices, or standards that are otherwise customized or company specific.
While compliance and risk often follow the same path, a compliance audit or survey is often performed with a one-size-fits-all “compliance only” approach, as opposed to one that requires more complex reasoning.
Some may question the rationale of compliance if risk is not a constant consideration. Lack of experience, industry knowledge, or even simply lack of time can hinder the ability to take a more risk-based direction. After all, taking a compliance only approach simplifies the security audit process by allowing for uniform application, reduced subjectivity and error in assessment, and strong performance metrics capability.
Is the added complexity of a risk-based approach worth the effort? … Continue reading
Occupational fraud is a huge drain on organizations’ resources, costing an estimated global loss of $3.7 trillion dollars annually. And according to the Association of Certified Fraud Examiner’s (ACFE) 2014 study, just 14% of defrauded organizations are able to fully recover their losses.
Fraud is a very real threat to the bottom line of almost every organization in our economy. But it can be prevented, or at least mitigated.
There are 3 steps in setting up a fraud prevention program in your organization:
Ultimately, a healthy anti-fraud corporate culture that permeates from the top down will make your organization more crime resistant. This will take time to nurture, and it will take continuous effort to sustain, but in the end you can make occupational fraud an extinct disease in your workplace.
What do NSA and Target Corporation have in common? They both have enormous databases of sensitive information about individuals that have been penetrated by the likes of Snowden, Wikileaks, and worse criminal conspiracies. According to James D. Ratley, President and CEO of the Association of Certified Fraud Examiners, cybercrime is one of the biggest emerging fraud threats in 2014.
Ratley mentions hacking schemes like the one that shocked Target, as well as other malicious activities like malware and phishing schemes. He rightly says that these schemes can be foisted on individuals, small or large businesses, or any type of organization.
But we think there is a very good reason why cybercrime could be the biggest emerging fraud threat for years to come. It is rooted in the fact that organizations will not forego the tremendous power of networked computers and huge databases, and these are rapidly evolving. Every innovation in automated business processes creates new opportunities for hackers. The prize at stake is huge. … Continue reading
All organizations are vulnerable to occupational fraud, and that fraud costs an enormous amount of money ($652 billion a year in the US according to ACFE research as summarized in this occupational fraud infographic). As a result, a comprehensive fraud risk management policy is an essential component of an overarching enterprise risk management plan.
Your fraud risk management policy stems from the risk analysis that must underlie the policy. That is, identifying the concrete organization-specific fraud risks that must be mitigated.
Systematic planning and implementation across these five basic areas will put your fraud risk management program on the path to success.
Upper management must be engaged in policies aimed to mitigate risk. Part of this is that responsibility has to be clear – wishful groupthink won’t cut it. With respect to fraud risks in particular, a member of upper management should be charged to organize and carry out the risk analysis, including how identified risks should be managed. As with every important management function, this function will include process definition, goal setting, measurement, and reporting on a timely basis. … Continue reading