“I knew him for years. He was like family. How could he do this to me and my business?”
It’s an all-too-familiar question after a long-term or trusted employee is caught or suspected of stealing from a company. So, what happens that makes it all go so wrong?
Simply put, cash is the great attractor – while we all interpret that lure differently, its visceral, kindly promise of freedom occasionally becomes too irresistible for human nature to ignore. Many businesses are not aware of, or at least, are not able to consistently identify, hire, educate and train around this fact. In CIT and Security, the breakdown is most often in one or more of The Three P’s (Policy, Process, and Procedure), but it’s certainly not an isolated phenomenon. Retail establishments, financial institutions and more all struggle with it.
The Three P’s are designed to reduce and control both the likelihood (risk probability) and severity (risk impact) of loss relating to risk; in this example, employee theft. For context:
- Policy is a rule or set of guidelines;
- Process is a high-level set of criteria that must happen in order to ensure compliance with a policy; and
- Procedure is a specific, detailed series of actions that staff members must take in order to implement a process and comply with a policy.
With the recent COVID-19 pandemic, business transactions and revenues are down, and we have seen a surge in employee terminations, furloughs and the like. As a result, many businesses are operating with lean staffing, which can cause breakdowns in segregation of duties, intentional or not. Where two persons may have been required by policy pre-COVID to perform an action, e.g. accessing the safe or vault, conducting physical inventory audits or daily cash reconciliation and balancing, the reduction in staff has caused those policies to become lax in order to continue operations. In doing so, many dual control and custody procedures have led businesses to allocate more access control capabilities to those “long-term” or “trusted” employees. Which can lead to situations like the ‘Not him!’ referenced above.
So, what can be done with limited staffing during these times to protect people, brands, and profits? Below are a few best practices that can be applied across any business, large or small:
- Review your internal policies and processes and provide management oversight to ensure that procedures are being adhered to per company policy and that no one person has too much access to a particular asset or function, including:
- Access device (key, card, combination, code) controls .
- Dual control/custody system of checks and balances.
- Ex: verification of deposit preparation, either 2nd person or virtual (FaceTime, CCTV, Zoom, etc.), bank pick-ups and deposits in person (no night drops if only one person can perform) and confirm deposit or examine credibility of tamper proof deposit bag before leaving (bringing back deposit slip for verification and documentation).
- Utilize both Employment Background Screening, regardless of the relationship or previous work history, and a true continuous court records monitoring solution to get the whole picture.
- Require job-specific training that is documented and acknowledged via signature of the trainer and trainee to ensure adequacy, accuracy and completeness.
- Incorporate random and unannounced internal and external audits, testing the aforementioned policy, process, and procedure with staff. Examples may include:
- Cash drawer audits, to be performed by employee and management at the beginning and end of shift; cash drawers should be assigned to one user only.
- Cash drawer documentation, in the event more cash is needed or removed a verifying document should be signed by two people, i.e. employee and management.
These best practices are intended to provide some potential resolutions to but a fraction of the challenges that businesses face in fighting theft. By improving potential vulnerabilities and understanding the importance of applying essential policies, processes, and procedures, businesses can – and do! – reduce the likelihood and severity of loss relating to employee theft.
Remember, cash may be king, but it’s still your kingdom.