7 Key Components of Successful ITM Risk Mitigation

By Lowers & Associates,

ITM Risk Mitigation

Interactive Teller Machines (ITMs) offer new business opportunities to banks, and therefore to CIT carriers. A significant side benefit to the CIT carrier is the chance to take on an even bigger role in cash management in partnerships with banks. But with the larger role comes a larger responsibility to manage the risks that go with a deeper integration into the financial institution.

Here are 7 key components of a program where CIT carriers evaluate risks and then develop and implement procedures to address them.

1. Risk Assessment

The first step in ITM risk mitigation is a risk assessment. CIT carriers need to review the entire process of cash-in-transit from beginning to end to identify the places where losses might occur, estimate a likelihood for each, and determine cost-benefit priorities. Crew and bystander safety will always be of paramount importance, but many characteristics of the routes such as cash transitions, surveillance capabilities, and communication security will be analyzed.

Carriers will be familiar with many of the ITM issues because they have been servicing ATMs, but there will be differences. Evaluated risks can be addressed in a number of ways.

2. Policies and Procedures

The risk mitigation policies a carrier sets up for ATMs may serve as a template for ITM policies, with additional or different elements incorporated as needed. For instance, the over-the-road assessment and policies to manage exposure due to timing and environmental conditions will be a basis for further development for ITMs, if the machines are co-located or if the ITMs replace ATMs.

Policies will cover over-the-road exposures, procedures for handling cash (which is more complex for the ITM), handling multiple machines in a single setting (especially important if several ITMs are serviced in sequence), maintenance issues, vehicle control issues, and reporting or sign-offs. Basic controls like dual control and separation of duties will be included. These policies constitute best practices for the specific carrier to manage cash with security.

3. Internal Audits

The aim of internal audits is to implement a running account of transactions and cash balances at key points in a route to maintain control of the disposition of cash. Audits performed by the carrier may use a variety of methods and they may be scheduled and routine by design, random or intermittent. In all cases, the policy should be communicated to affected staff to set expectations that the audits will occur.

4. External Audits

Audits performed by external agencies give a strong, credible check on internal procedures, adding a strong layer of security. Insurers and other third parties may require these audits as a condition of contract. The value of an external audit is that it can find failures in the system where employees and/or accomplices have intentionally voided internal controls. Random or unannounced audits may be especially effective in detecting fraud early.

5. Personnel Screening and Testing

CIT carrier crews require a special kind of employee. They must be detail oriented, persistently thorough in performing routines, yet able to respond creatively and independently when extreme events occur—they manage risks in real time. Employees like this are rare at any event, but in a tight labor market like today’s, it’s very challenging to find them. Employers need to resist the temptation to loosen background screening and testing criteria, perhaps ramping up the level of effort in recruitment instead.

In addition, an important risk management tool is to interview and/or screen current employees on a regular basis to find changes in life circumstances or attitude that could signal a disaffected employee. Finally, training and testing are essential to help front line people recognize and cope with emergent threats.

6. Access Controls

Access controls including keys, passwords, combinations and alarms should be monitored for operational effectiveness, and changed often enough to reduce the possibility of being defeated. Again, the essential interactive capability of ITMs increases the danger of these controls being breached, so a broader view of “access” is required. Controls based on environmental design or structure are harder to change, but it may be possible to make big risk improvements with relatively small changes.

7. Physical Security

Hardening a target to protect physical security is a classical response to risk, such as in a vault or armored truck. However, it is in the spaces between these hardened targets, where cash is carried that a clever larcenist will look to find weakness. The ITM can exacerbate these weaknesses because of its relatively long service interval, putting a premium on how surveillance, environmental design, and communication can be used to supplement the physical security of the ITM.

For a more comprehensive introduction to managing risk in ITM servicing, download our latest whitepaper on the topic, A CIT Carrier’s Guide to Building Your ITM Program.

  Category: Risk Management
  Comments: Comments Off on 7 Key Components of Successful ITM Risk Mitigation

How Perception Impacts the Quality of Your Healthcare Security Efforts

By Lowers & Associates,

We’ve all heard the age-old expression: “perception is everything”, or maybe even more dramatically, “perception is reality”, the latter attributed to political consultant Lee Atwater.

The way a program or organization is perceived by its customers, employees, and even the public at large triggers an emotional response that determines how people engage with it. Ultimately, these perceptions can influence the success (or failure) of that program or organization over time.

If the perception is one of trust and value, customers interact favorably (even generously) with engagement, with their dollars, and with word of mouth referrals. If perception is negative, the impact can be devastating. For as much as someone may respond generously after a positive experience, people are even more likely (up to 50%) to respond negatively and even give negative feedback when they have a bad experience.[1]

… Continue reading

Fraud Week 2016: 6 Top Fraud Prevention Resources

By Lowers & Associates,

fraud prevention resources

This week is International Fraud Week, an annual awareness effort organized by the Association of Certified Fraud Examiners (ACFE) to shine a spotlight on fraud. It is estimated that fraud costs approximately 5 percent of annual revenue for organizations worldwide. The seriousness of the global fraud problem is why, throughout the year, we provide our clients and other organizations with tips and information to fight fraud and safeguard businesses and investments from the growing fraud problem.

Here we share 6 of our most-read fraud-related resources:


Whitepaper: Occupational Fraud – A Hidden Killer of Organizational Performance

Our latest whitepaper, Occupational Fraud: A Hidden Killer of Organizational Performance, provides an in-depth look at the complexities of occupational fraud, so you can prevent, detect, minimize, and/or recover from it.

Get your copy of Occupational Fraud: A Hidden Killer of Organizational Performance>


Infographic: Fraud Triangle

The value of the fraud triangle is that it helps us to look at the objective factors that must be present for fraud to occur. Recognizing these objective factors helps to define actions you can take to help prevent fraud, partly through organizational policy controls and partly through managing the relationship with employees to encourage openness and trust.

View the Fraud Triangle infographic>

… Continue reading

The Essential Role of Internal Audits in Fraud Control

By Mark Lowers,

Given the high prevalence of organizational fraud, as reported by the Association of Certified Fraud Examiners (ACFE), companies have strong incentives to invest in fraud auditing capabilities—both internal and independent (external) audits. While both are extremely effective, this article is focused on internal audits.

It turns out, companies with properly-structured internal audit systems are less likely to experience severe losses due to internal fraud. Further, we find the existence of a strong internal audit capability is of significant interest to underwriters when reviewing applications for crime and fidelity insurance coverage.

All companies can benefit from an internal audit system. When properly structured it provides a layer of protection and sends a strong message to both company vendors and employees that fraud will be detected quickly and won’t be tolerated. Continued monitoring leads to ever changing processes and controls that provide corrective measures designed to deter and detect fraudulent activity.

However, the likelihood of a company having an internal audit unit varies with the size of the company. Small companies are more often found without the internal audit departments, largely based on cost. These firms utilize the services of an independent audit firm to minimize exposure to fraud. This will be the topic of our next article.

7 Best Practices for Internal Audit

The internal audit, like any audit, requires sufficient autonomy, resources, skills, and access to relevant records to produce reliable results. It should operate according to a plan created and/or approved by the Board of Directors, with transparency in its functions that communicates its purpose to all vendors and employees. Communicating a strong message of zero tolerance on fraud and abuse is essential. The internal audit committee has an obligation to report the self-identified audit issue to the Audit Committee or the Board of Directors itself, if possible. … Continue reading

The Benefits of Outsourcing Internal Auditing

By Lowers & Associates,

As a result of the numerous corporate and accounting scandals, the financial crisis, and other similar events that have occurred in the first part of the 21st century, numerous regulatory and protection acts have been enacted to provide assurance to individuals, investors, and the boards and management of organizations regarding the financial and operational integrity of these companies.

Given the heightened awareness and requirements of the regulatory environment, many people hear the term ‘audit’ and immediately relate it to the ‘external audit’ teams of Certified Public Accountants tasked to review the accounting of organizations to assure the accuracy of the financial information.

An ‘internal audit’ can be critical to the successful operation and growth of any organization before the external audit team even begins to add their value. According to The Institute of Internal Auditors “internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” … Continue reading