The ultimate goal of any security program is to manage and mitigate risks. What do we mean by risk? In its broadest sense, risk can be defined as the likelihood of loss of anything having value, including people, facilities, information, equipment, and reputation. In a sense specific to security and loss prevention, risk is the probability that a particular threat will exploit a given vulnerability, leading to an unwanted result.
Knowing your risks is the obvious first step. But what is the best approach? And where do you go from there? Here are some key considerations:
First and foremost, identifying the threats to your business is instrumental. It is likely that your institution already has experience with a number of risk factors, but it is important to understand the rate in which new threats arise. It is crucial, therefore, to monitor emergent threats targeting your industry. This can often be accomplished by reading trade publications, engaging in discussions at industry conferences and loss prevention forums, and by obtaining case studies. Also, a number of sources provide crime metrics, some of which are industry specific, and can be very beneficial in identifying threats. … Continue reading
We’re pleased to kick off the new year by sharing our most-read blog posts from the Risk Management Blog in 2014.
Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.
Read full post >
In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.
Read full post > … Continue reading
Organizational fraud is a hidden crime. But when it is detected, it is often by a colleague or employee of the perpetrator who happens to discover the fraud – over 40% of the initial detection of a fraud is through a tip, most often from an employee. That’s why the ACFE Fraud Prevention Checkup highlights the necessity of a fraud reporting mechanism, in other words, a whistle-blower program.
An effective whistle-blower program has to both encourage the person who discovers the crime to report it and give him the means to do so. A potential whistle-blower may be someone who works closely with the perpetrator, with bonds of friendship or fears of retribution. The program needs to overcome these barriers to be effective.
In fact, research by the law firm Labaton Sucharow reported in Security Magazine in an article by Jim Ratley found that 34% of employees have learned about “workplace misconduct” and that most of them would report it if they could. The factors that could encourage them to report the issues included remaining anonymous, avoiding retaliation, and getting a reward. … Continue reading
Most managers, and in fact employees at all levels, assume their co-workers are honest and working to do their best for the organization. Unless they are the one who is perpetrating a fraud.
Unfortunately, occupational fraud is a lot more common than most people think. The Association of Certified Fraud Examiners (ACFE) has published a series of reports based on fraud examiners’ actual cases that document the pervasiveness of these hidden crimes. The 2014 edition of the Report to the Nations on Occupational Fraud and Abuse confirms that fraudsters steal 5% of top line revenue every year, which amounts to over $650 billion per year in the U.S. alone, and an astonishing $3.7 trillion worldwide. … Continue reading
If you are like many business owners and managers, you are certain there are no fraud problems in your organization. Are you really sure?
Every two years, the Association of Certified Fraud Examiners (ACFE) publishes a new version of their “Report to the Nations” (here’s the 2014 version) on the incidence and costs of organizational fraud. In every report they find that about 5% of top line revenue is lost worldwide to thefts by employees, owners, or partners with access to an organization’s resources.
The aggregate monetary cost of these losses is staggering, and does not even estimate the on-going costs of damages to reputation. ALL types of organization are vulnerable, and ALL types of employees and owners perpetrate these thefts. The only distinctive pattern in the data year after year is that fraud is a ubiquitous problem.
And yet, we often find organizations that have no preventative measures in place against fraud, and take no effective actions to detect it. This complacency is a common human trait: if nothing has happened in the past, nothing is going to happen in the future. Predicting the future based on historic patterns is a powerful tool, and it is often accurate. … Continue reading