employee embezzlement and fraud - cbia · association of certified fraud examiners ... ©2010...
TRANSCRIPT
Employee Embezzlement and Fraud
Defending Against Insider Threats
Today’s Approach
• An open dialogue and sharing of information regarding a common threat of internal losses.
• There is no guarantee that any or all of the measures discussed will eliminate fraud.
• The goal is to provide information that will assist in increasing the level of awareness that is necessary to reduce exposure to employee embezzlement and fraud.
Agenda
• Who and what is at risk?
• Who are the suspects?
• What methods are used?
• What is the average loss experience?
• How is fraud/embezzlement detected?
• What can be done to prevent it?
• Establishing and/or enhancing a “Secure Business Culture” within your organization.
Who is at risk?
• According to the latest study published by the Association of Certified Fraud Examiners (ACFE) in 2010, the most common victims of fraud were the banking/financial services, manufacturing and government/public administration sectors.
• Small businesses were more vulnerable due to a lack of anti-fraud controls.
What is at risk?
• Assets
– Cash, equipment, supplies, services, resources, personal property, etc.
– Information Networks & Data
– Intellectual property
– Company reputation & profitability.
Who are the suspects?
• Occupational Fraud is defined by the Association of Certified Fraud Examiners (ACFE) as:
– “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.”
Who are the suspects?
• According to the ACFE study, more than 80% of the frauds in their study were committed by individuals in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing.
• In reality, fraud is committed by someone who has motive, means and opportunity.
What methods are used?
• Asset Misappropriation is the most common.
– Skimming cash.
– Falsifying expense reports.
– Forging company checks.
• Financial Statement Fraud is less common.
– Recording fictitious revenues.
– Concealing liabilities or expenses.
– Artificially inflating reported assets.
What methods are used?
• Corruption falls somewhere in the middle.
– Bribery
– Extortion
– Conflict of interest
Occupational Fraud and Abuse Classification System
©2010 Association of Certified Fraud Examiners, Inc.
10
Average Loss Experience
• The ACFE fraud study included dollar loss and frequency numbers. The following two charts are based on 1,843 fraud reports that were received in connection with the study and of those, 1,822 included dollar amounts.
Occupational Frauds by Category (U.S. only) — Frequency4
©2010 Association of Certified Fraud Examiners, Inc.
12
4The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Occupational Frauds by Category (U.S. only) — Median Loss
©2010 Association of Certified Fraud Examiners, Inc.
How is fraud detected?
• Tips were the most common method of detection. Information came from employees, customers, vendors and competitors.
• Hotlines that offer anonymous reporting are considered one of the best options for tips.
• Internal and/or external audits, management review and account reconciliation.
• Accidentally
What can be done?
• Policies & Procedures
– Create and/or maintain clear standards regarding confidentiality and accountability.
– Obtain written acknowledgements of receipt and understanding .
– Clear up any questions or confusion before rather than after an incident.
– “I didn’t know that was against the rules.”
– “I didn’t know we couldn’t do that.”
What can be done?
• Fraud Awareness Training for Everyone
– New hires and existing employees must be educated and made aware of the importance of working together to combat potential fraud.
– They must be told what to be on the look out for and how to report any suspicions , observations or concerns.
– They should be made aware of the consequences for those who commit fraud or steal from the company.
What can be done?
• Fraud Training for Managers
– Establish baselines and exceptions and ensure they are maintained.
– Be observant and question anomalies.
– Investigate, document and report any violations or
incidents promptly to the appropriate individuals.
• Create /Maintain an Anti-Fraud Environment
– Encourage and promote honesty and integrity among employees, customers, vendors, etc.
– Set positive examples of the “right way” to do things at all levels of the organization.
What can be done?
• Create /Maintain an Anti-Fraud Environment
– Encourage and promote honesty and integrity among employees, customers, vendors, etc.
– Set positive examples of the “right way” to do things at all levels of the organization.
– Don’t allow or take short cuts to avoid the “right way”.
– Don’t accept “everybody else does it” as an excuse.
What can be done?
– Regularly conduct meetings with employees and encourage open communication with management about concerns or issues.
– Consider a hotline for anonymous reporting.
– If available, promote Employee Assistance Programs (EAP).
– Use bulletin boards, e-mail and/or corporate intranet to send out important reminders.
What can be done?
• Background Checks
– First line of defense
• Physical Security
– Controlled access to facilities and sensitive areas.
– Consider CCTV monitoring .
– Intrusion detection with quick response to violations.
– Ensure there is adequate lighting around the facility.
What can be done?• Information Security
– Establish and maintain specific polices with regard to access and use of corporate network and company issued equipment. Require sign-offs from all employees with regard to these policies.
– Conduct the same level of background checks on independent contractors or agency employees having similar access to your network. They should also adhere to and acknowledge policies as described above.
– Investigate and resolve immediately any reported or discovered violations or intrusions.
What can be done?
• Review & Audit– The effectiveness of policies and procedures
should be measured before an incident occurs.– Some form of ongoing monitoring should be in
place to ensure that employees are adhering to these policies.
– Periodic and/or random internal and/or external audits should be conducted.
– Any violations found should be documented and corrected immediately and must include appropriate disciplinary action if warranted.
What can be done?
• In order to establish and/or maintain an anti-fraud program which includes employee participation at all levels, it must considered an integral component of the workplace environment.
• Some suggestions to help establish a “secure business culture” in support of this goal :– Promote adherence to existing policies that work
and fix the ones that don’t.
Secure Business Culture
– If your office door and filing cabinets have locks, use them.
– Don’t share your passwords or access cards/keys.
– Be careful not to leave papers or other identifying information in automobiles in plain view .
– Never leave personal property unattended in a public place or in vehicles even when locked.
– Keep confidential information confidential.
Secure Business Culture
– When it comes to concerns about an employee who is exhibiting unusual behavior or there are signs of wrongdoing , trust your instincts and don’t second guess yourself.
– Don’t look the other way.
– Don’t intervene unless it is your responsibility to do so.
– Question and/or report things that don’t look right no matter how trivial you may think it is.
– Encourage others to do the same.
Summary
• Preventing fraud and embezzlement is a process not a product.
• Effective security requires:– Partnership, collaboration and cooperation
– All parties are serving a common interest
• Ineffective security results from:– Resistance, disagreement, disapproval , disregard
and disinterest which in most cases leads to program failure.
Thank YouQuestions or Comments?
Alexander C. Sparaco CPP
Baker St. Associates
P.O. Box 5091
67 Federal Road
Brookfield, CT 06804
203-775-1200