Safety In Numbers

East Coast Fraud & Risk Management Group


view:  full / summary


Posted on 7 April, 2022 at 10:25



Back in December of last year, I woke up one morning to find that I had no water because of a water main break. Without H2O it really limits your activities, you cannot shower, flush toilets, cook or get a drink of water. My water cooler in the kitchen was empty and I had forgot to fill up the water jug in the fridge. The only water I had was about 2 litres in a 4 litre bottle I use for working out. As a risk manager I had backup systems but failed to maintain them.

I decided to go out to try and get some water and was surprised to find that the grocery stores in my area were open but the restaurants and many other businesses were closed. It seems we are totally unprepared to deal with an interruption let alone a catastrophic event. While most organizations can survive a couple of days in a crisis, what would happen in an extended period of partial or a full shutdown? This got me thinking about how organizations can prepare for and manage net income loss exposures.

There are so many things going on right now in the world, we have the war in the Ukraine, Covid 19, Inflation at levels not seen in forty years, record low interest rates that are increasing, record high consumer, business and government debt levels, supply chain shocks with transportation bottle necks, lack of raw materials and finished goods, labor shortages, high oil and gas prices and the list goes on. The automobile business has been affected by a shortage of microchips and as a result there has been a substantial decrease in auto sales. It shows how the Just in Time inventory management system is risky if the risk management system does not predict and plan for high impact and low probability events such as microchip shortages.

With everything going on in the world I think Vladimir Lenin said it best “There are decades where nothing happens; and there are weeks where decades happen.”

Net Income Loss Exposures are unexpected reductions in an organizations net income, usually because of a decrease in sales or an increase in expenses. Net income could be lower than projected because of the business environment or an inadvertent event, such as a hurricane or pandemic such as Covid 19. Of course net income could also unexpectedly increase, which would be a good thing.

There are three types of Net Income Loss Exposures, Property, Liability and Personnel.

Property Loss Exposures: are damage to the organizations property that hinders or prevents the organization from operating. Such as a manufacturing plant fire that shuts down manufacturing or severally reduces the production output. It could also be damage to property owned by others such as an environmental hazard.

Liability Loss Exposures: are financial losses that result from legal action taken by someone who is claiming damages and looking for financial compensation. Examples could include product liability or negligence resulting in bodily injury.

Personnel Loss Exposures: are losses suffered through the resignation, death, disability or retirement of a key employee. Such as the death of a software engineer developing a new program or the resignation of your top salesperson who moves to your competitor.


If we consider my examples above about things going on in the world, they would reflect general business risk. Which could reduce net income or increase expenses, by creating price risk or production risk. So for this article we will focus on just General Business Risks.

The impact a Business Loss Exposure has on your organization depends on a number of factors;

1. The Duration of the Business Interruption: This is one of the most important determining factors, the longer it goes on then the greater net income decreases or the additional expenses continues to increase.

2. The Extent of the Business Interruption: While the duration deals with timeframe, the extent deals with the overall impact on the organization. Can you continue at a reduced capacity or are you totally shut down?

3. Changes in Revenues: This can be calculated based on the decline in sales and/or the net income changes.

4. Changes in Expenses: How much does the Business Loss Exposure increase expenses such as the cost of raw materials and labor?

5. Restoration to Normal Income: How long will it take to get back lost customers or restore the organizations damaged reputation? This simply means to restore net income to where it would have been if the event did not occur.

Drawing on the list I mentioned earlier of events going on in the world, we will separate them into General Business Risk and Specific Business Risk. General Business Risk affects all firms in the economy while Specific Business Risk affects one firm or a group of similar firms.


INCREASING INTEREST RATES: How does this affect your organization? Many organizations were forced to take on additional debt to get through the Covid Pandemic. What affect will increasing interest rates have on your Net Income? For every one percent increase in interest rates your payment will increase by approximately five to ten percent depending on the amortization term. Now is the time to pay down debt or lock in lower interest rates.

INFLATION: Inflation is running around seven percent right now, some experts believe it is a lot higher. The biggest affect inflation has on businesses is that it reduces both business and consumer purchasing power. This will reduce consumer demand for goods and services and increase the cost of raw materials and labour in your business. Can you pass the price increases on to your customers?

RECESSION: Nobody knows what will happen in the economy, but there is a risk that with everything going on there could be an economic slowdown. How would this affect your net income if sales dropped by 10, 20 or 30 percent? The financial industry does stress testing and develops scenarios of events to determine the likelihood of an event occurring and the impact on their business. What is your Break Even Point and how can it be lowered without impacting your firm’s ability to fully operate?


SUPPLY CHAIN DISRUPTIONS: I just read on Reuters News that in England there is a cucumber shortage, because of the high prices of natural gas the greenhouses could not afford to grow them. This illustrates the cause and effect relationship between increasing gas prices and growing cucumbers out of season. Supply chain disruptions are unique to every organization and need to be identified and managed.

CREDIT RISK: Many organizations extend credit to customers when they purchase their goods or services. If that company cannot repay the money then your organization has suffered a loss. By not being able to collect on your accounts receivable, this creates a net income loss.

INCREASED EXPENSES: Different events can cause an organizations expenses to increase that may not be able to be passed on to customers. The increased expenses create a net income loss. Such as increased food costs for a restaurant chain or higher labor costs.

INHOUSE ACTIVITIES: Poor or uninformed decisions made by management can affect net income. Such as expansion just before a recession or eliminating or adding a new product or service. Decisions should be based on up to date information.

We have discussed the types of Net Income Loss Exposures, the impact they may have on your business and looked at both General and Specific Business Risks. So what is an action plan that you can get started on for your organization?

Because of Covid 19 over the last two years, many organizations have had a rude awakening when it comes to crisis management and having to deal with Net Income Loss Exposures. The U.S. Department of Labour estimates that forty percent of Businesses do not recover from a disaster. They are referring to all types of Loss Exposures including Property and Liability, so as a reminder we are just focusing on Business Net Income Loss Exposures for this article. So how can an organization prepare for the next crisis or the next phase of the existing crisis?

You need to start by looking at your organization and identify your most important customers, your top suppliers, understand your financial situation and determine how much room you have to maneuver. Ask yourself if we lost our best customer how would that affect our Net Income and how could we mitigate the risk. Then look at your suppliers and do the same thing. Could we find another supplier for the goods or services, what would the difference in price be, is it higher, lower or the same? Will this create liability loss exposures, increase customer service or warranty costs or reduce customer satisfaction with the product or service. Get your managers or division heads involved from finance, production, sales and human resources. Ask them what they think are the greatest Net Income risks facing the organization.

To reduce the impact of Liability Net Income Loss Exposures, you start with having adequate liability insurance coverage to reduce the impact and get back to where you were before the event. Unfortunately, you cannot buy insurance coverage for most Business Related Net Income Loss Exposures. You need to identify the risks and develop risk mitigation strategies to ease the burden. Get all departments involved and if you don’t feel up to the task, hire someone to do it for you. Finally every organization has its own unique Net Income Loss Exposures, so it is imperative to start planning now before it’s too late. Remember having a plan is better than not having any plan.



Posted on 31 January, 2022 at 9:50


I’m writing this to raise a red flag to employers in regards to the amount of employee fraud occurring during the Covid 19 pandemic. Last year we worked on three large employee frauds, all well over a hundred thousand dollars (I am being vague because these are all active cases). Two were accounting frauds and one was embezzlement of an organizations assets. I am also aware of two other companies that had a large employee frauds that we were not involved in.


You’re probably thinking that three frauds do not make a pandemic, but consider we are just one local company and though we specialize in accounting and financial fraud, we normally only know about the frauds we work on or read about. I’m also not including the smaller employee frauds that we worked on such as expense account fraud, payroll fraud, and asset misappropriation fraud to just name a few.

There are also a lot of frauds that go unreported for various reasons by organizations. Research has shown that for every fraud that is discovered there are three additional frauds that go undetected. This means that based on just our own experience there are nine additional frauds out there that have not been discovered. Could your organization be one of them?



Some facts about the frauds;


• All of the frauds were perpetrated by productive and highly regarded employees that had never been in any kind of trouble before.

• One fraud was discovered by a CPA, one was discovered by an employee and one was discovered by a customer.

• The length of the frauds were three to four years.

• All employees had been with the company for at least five years.

• Two of the employees were working from home because of Covid. Although the fraud began before Covid there was increased activity while working from home.

• Two of the employees admitted that they committed the fraud because of an online gambling addiction and while we suspect that was the motive for the third employee, they never did admit it.


Just to illustrate my point further about an employee fraud pandemic, after completing this article on January 27. I checked the news sites and one of the headline is “Halifax Accountant charged in $1.5 million dollar fraud against his employer”. Of course in this great country of ours, one of the fundamental cornerstones of our legal system is you are innocent until proven guilty, but still $1.5 million.


According to the Association of Certified Fraud Examiners, organizations lose an average five percent of their assets to fraud annually, I will repeat that five percent. To put it into perspective a small business with one million dollars in sales will lose on average fifty-thousand dollars a year to all types of fraud, that includes employee, customer, vendor and external fraud such as credit card, bad cheques, online and telephone scams.


So what has changed? Personally, I think there are a number of factors. The ACFE says that there must be three things present for fraud to occur, they call it the fraud triangle; Motive + Opportunity + Justification = Fraud.





Let’s look at the fraud triangle to help answer what has changed?


MOTIVE: Is simply the reason the employee needs or wants the money. It could be financial distress because of debt or living beyond their means or it could be because of addictions such as drugs, alcohol or gambling.


OPPORTUNITY: This is a key factor, many employees have a need for money but if they feel that the internal controls are in place and they will get caught this may be a deterrence to commit the fraud. However, if the internal controls are weak or not being audited and monitored this is a strong motivator for fraud to occur?


JUSTIFICATION: Is how the employee justifies in their own mind to commit the fraud. It could be because they feel they are not being treated fairly or are underpaid. It could also be because they think the company owes them or they justify it because they say they will pay it back. I have interviewed many fraud suspects who have high moral and god fearing values. But are able to justify their own actions.


So to answer the question what has changed? I believe that there are increased pressures for people to come up with more money either to sustain their lifestyle or support an addiction such as gambling. With more people working from home this gives them more privacy or a comfort zone, to plan and execute their fraud schemes.


I also believe and this is the main point I’m trying to make with this article, is that many organizations have weak or non-existent internal controls and most important those internal controls are not being monitored and tested properly. Essentially, most frauds occur not because there is systemic failure in the internal controls system, but because two or three of the smaller systems in the larger system have failed. This is usually a human failure, as computers don’t commit fraud unless they are told to.


This is where I see the reason for many frauds, organizations have internal controls in place, but someone or several people are not doing their job in monitoring the internal control process. It could be because of too much work to do, someone on vacation or off sick, we don’t need to review them all the time or it is someone’s else’s responsibility. With many of the overseers of internal controls also working from home, this makes it more difficult to monitor them and stay in the loop. Let’s face it, sometimes the cost of monitoring internal controls can be a factor, it means for a small business or non-profit to have to hire another staff member for segregation of duties or to monitor the internal controls by hiring an external consultant such as a CPA or Certified Fraud Examiner. But what are the costs if you don’t do this?


As human beings we want to see the good in people. They start working for us and we get to know them and trust them, some become friends and we think of them like family. We give them more responsibility and because they have proven themselves trustworthy we relax a little and become complacent when it comes to enforcing controls.






Normally, at this stage I offer tips on preventing fraud, however I’m going to suggest you take the fraud risk assessment below from the Association of Certified Fraud Examiners Training Manual - Employee Risk Assessment Questions. Answer yes or no to the ten questions on your organization.




1. Does the company have a written fraud policy?

2. Are the duties related to authorization, custody of assets and recording or reporting of transactions segregated?

3. Is compliance with internal controls audited periodically?

4. Do employees have large personal debts or credit problems?

5. Do employees appear to be spending more than they are earning?

6. Do employees gamble excessively?

7. Do any employees have close associations with venders or competitors?

8. Is the company experiencing high employee turnover?

9. Are employees required to take annual vacations?

10. Is the company dominated by a small group of employees?


Depending on your answers to the above questions, your organization may be at risk for employee fraud. If you are, then my recommendation is to take a proactive approach and have a Fraud Risk Assessment done on your company. Which includes the following five steps;


1. The organization develops and communicates a Fraud Risk Management Program that demonstrates the expectations of senior management and the board of directors.

2. The organization performs detailed fraud risk assessments to identify specific fraud schemes and risks and to evaluate existing fraud control activities.

3. The organization develops and implements preventive and detective fraud control activities.

4. The organization develops a communication process to obtain information about potential fraud and investigating it.

5. The organization develops and performs ongoing evaluations to ensure the fraud risk management program is being followed.


So in closing, the one take away I want to leave you with. Is whether it’s the Accounting Department, Sales, Purchasing, Accounts Payable, Accounts Receivable, Payroll, Inventory, Expense Claims, Cash, Point of Sale, Returns, or any other department? Don’t assume that your internal controls are being followed and there are no weaknesses or gaps. Get evidence not explanations.

Remember, when it comes to small business, employee fraud is BIG BUSINESS.



Posted on 17 January, 2022 at 10:35


It’s time to review your personal security

After having discussions with some of my existing clients and receiving a number of enquiries lately from individuals and corporations about keeping people safe. I thought it was time to have a discussion on personal security.

While the risk of being a victim of crime has always been there, there are a lot of factors that have changed over the course of a few years to increase that risk. Such as civil unrest and protests, the political environment, economics, drugs, individuals with mental health issues and demographics with our population now at over a million people.


Examples include robbery, theft, assault, sexual assault, car jacking’s, home invasions, kidnapping, extortion, stalking, and the recipient of threats of bodily harm.


Here are some of the headlines for Halifax I took off the local news sites, for the last week of December 2021.


• Manitoba eyes security threats to politicians and not putting home addresses on filings.

• Optometrist fatally stabbed in his office, twenty-five year old male charged.

• Young woman followed by man in car. Fifty-six year old man charged with Criminal Harassment.

• Atlantic Canada sees a surge in spending on security systems and Closed Circuit Television Cameras by businesses and home owners.

• Man robbed in broad daylight by two suspects while using an ATM machine.


You get the point and I’m sure there are many more incidents that do not make the headlines and it’s the same where ever you live.


No one plans on being a victim of a crime. However some individuals are at higher risk because of their position or status. Such as Business Executives, Wealthy Individuals, Politicians, and anyone who has said something on social media that someone did not agree with.

This group could be targeted because of who they are, there is also the chance of just being a victim of a random crime. In other words being in the wrong place at the wrong time.


If you walk down the street in the bad part of town by yourself at 3:00am, then you are at a greater risk than someone who doesn’t.


Security awareness and keeping safe should be everyone’s concern, including V.I.P’s., fortunately, most people including V.I.P.’s do not need a bodyguard. But they do need a personal security plan to address specific risks.

The purpose of a personal security plan is threefold;


1. Is to teach you how to keep out of dangerous situations by learning situational awareness and assessing potential risks.


2. Is how to get out of situations that are or have the potential to be a security risk?


3. Is how to respond to a situation you find yourself in, where you may be in danger and have no means of escape or calling for help?


So what can you do to keep you and your family safe?


• Review your security for your home and office. Specifically do you have good locks on doors and windows, is the area around your home well lit, do you have an alarm system and security cameras? Do you have a plan in place for an intruder?

• Don’t be predictable, change your daily routine. Leave for work at different times of the day and take a different route to get there.

• Become street smart and learn situational awareness. In other words be aware of your environment. Always be aware of people around you to detect possible threats, when driving keep looking in your rear-view mirror to see if you are being followed.

• Take a preventive approach by asking yourself can this action put me in physical danger. An example would be going to the store at 1:00am to pick up something that could wait till morning or jogging alone at night.

• Have a conversation with your family and your employees about giving out personal information, such as where you are going. As an example; while conducting a Risk and Security Assessment for a corporate client we called their home to see if we could get information about their whereabouts. Their teenage daughter told us what restaurant they were at and who they were with.

• Tell someone where you are going and when you will be back.

• Take all threats and suspicious circumstance seriously. If you receive a threat on social media or by telephone document it and report it to the police. Especially if it threatens you with bodily harm or death threats.

• Take a self-defence course.


At East Coast Fraud & Risk Management Group we have many years’ experience providing VIP Security Services to Executives, Politicians and Wealthy Individuals. One of our most requested services is our Executive Risk and Security Assessment. Where we spend a week with the executive conducting covert and overt surveillance to understand their routine. We conduct a Security Risk Assessment of their home and office. We train family and staff how to deal with requests for information and dealing with problem situations, to increase their situation awareness and enhance their ability to identify personal security risks and risk mitigation strategies. Along with self-defence training, evasive driver training and how to manage stressful situations.


When I first began writing  this article I had the intentions of making it about V.I.P Security also called Executive Protection. However after thinking about some of the conversations I have had with spouses and parents. I realized that to our families we are all Very Important People. When it comes to our health we normally don’t think about it until we have a health issue, then we go to the doctor. Your personal security is also like that, we don’t give it much consideration until we become a victim or one of our family members does.

Just like any kind of a risk assessment, you identify the potential risks, analyze the risks and develop risk mitigation strategies and monitor them.

If you get one takeaway from this article is to use common sense when making decisions that affect your personal safety. Remember one of the most effective risk mitigation strategies is risk avoidance.


BACK TO THE FUTURE - How Software Enhances Risk Management

Posted on 19 November, 2021 at 13:35

BACK TO THE FUTURE – How Software Enhances Risk Management

By Darrell Smith CFE, ARM, CIM, FCSI


Back in 1985 two accountants from Bedford, Nova Scotia developed the Bedford Accounting Software program. Later, Bedford was sold and became Simply Accounting and then Sage Accounting, as it is known today.

Before computerized accounting, transactions had to be entered manually into sixteen column journals. When you made a payment on an account using the double entry system, you credited cash and debited the account payable. This was very time consuming and required a lot of manpower to process the large number of transactions. Once all transactions were posted, the information was used to produce financial statements to assist in decision making.

What the software did was streamline the accounting process, making it less labor intensive. It gave management access to profit and loss statements daily and allowed individuals who were not trained in accounting to do the work with just training on the accounting software.

Having worked in accounting using sixteen column journals, I know I can speak for every accountant when I say there is no way they would want to go back to a manual system.

Just like the accounting process, risk management involves tracking a large number of transactions and assets, with the goal of producing reports for management that inform and enhance decision making.

This begs the question, why do organizations still use manual paper and file systems in their risk management departments?

Nowadays there are Risk Management Information Systems (RMIS) available, a risk management database for claims and incident management, insurance policy management, certificate and contract tracking, asset management (buildings, equipment, vehicles), crisis management, and more. An RMIS helps ensure you are compliant with various rules and regulations and provides access to powerful analytics and management reports. RMIS systems identify trends to help reduce the frequency and severity of losses.

Let’s take a look at just one area of a Risk Management Information System, claims management. According to the American Institute for Chartered Property Casualty Underwriters, the objectives of Claims Administration is to:

1. Enforce contractual obligations,

2. Gather claims data,

3. Reduce the frequency and severity of claims,

4. Estimate the amount of the claims,

5. Promote equitable compensation.


For the benefit of readers who do not work in claims, the most common claims include:

• burglary and theft,

• water and freezing damage,

• wind and hail,

• fire,

• slips and falls,

• customer injury,

• property damage,

• workers compensation claims.

Every claim involves a large volume of paperwork, including incident reports, statements, pictures, and other supporting documents that need to be recorded and shared with all relevant parties.

Consider the number of claims an organization may have in the run of a year. For example, a company with a fleet of vehicles, could have dozens or hundreds of first-party claims (involve organizations own property), or third-party claims (losses suffered by another party). The high volume of claims alone justifies the investment in a Risk Management Information System. Now, consider compliance by tracking vehicles, insurance, drivers, and maintenance and you can see the large volume of data that needs to be documented and monitored.

A Risk Management Information System not only provides a centralized hub for document management, but also powerful data analytics and reporting functionality. Automated data entry and workflows reduce the time spent on administrative tasks by up to 85%, and insights from management reports reduce the total cost of risk by up to 50%. The system is built on cloud-based infrastructure that ensures accessibility, data security and privacy, and the flexibility to integrate with third-party systems.

The purpose of the accounting system is to provide accurate, timely, reliable and cost-effective information to help management make informed business decisions. Shouldn’t this also be the objective of your risk management program?

In closing, I choose the title “Back to the Future” not in reference to the Michael J. Fox movie, but the actual meaning of Back to the Future.

Do not dwell on the past! The past has been written in ink, the future in pencil! Worries about what cannot be changed is unnecessary, focus on what you can control and try not to make the same mistakes.



East Coast Fraud & Risk Management Group is a business partner with ClearRisk of St. John’s Newfoundland, the company behind ClearRisk risk management software solutions.



Posted on 29 April, 2021 at 9:15

Darrell Smith CFE, ARM, CIM, FCSI


There is an ongoing debate about whether an employee is an asset or a liability. Some say they are an asset because they add value, others say they are a liability because there is a cost to employing them through wages and benefits. Regardless of what position you take on this, there is one thing we all can agree on. Employees are essential for the businesses to function. So what happens when an employee’s actions or behaviours are contrary to the wellbeing of the company?

Fortunately, this is not an article to debate if an employee is an asset or liability. It is about identifying when an employee becomes a liability, the risk of that liability and what to do to manage that risk.


Before we look at when an employee becomes a liability, let’s go back to the beginning of when you hired them. Have you ever hired an employee that you wish you hadn’t? I have seen many employees hired by organizations that got the job because of a friend or family member working at the company, I have even seen an employee get hired over many other more qualified candidates because they were a great golfer. The company sponsored an annual golf tournament. When hiring new employees, you should be looking at answering three questions, 1. Can they do the job? 2. Will they do the job? 3. Will they fit into our organization? Qualifications and experience fall into these three questions and if you hire the most qualified person every time for the job. You have mitigated the risk of not only making a bad hire, but also reducing the risk of an unsuccessful candidate claiming discrimination and taking legal action. Conducting a through pre-employment screening check, will provide you with the information necessary to confirm your hire or look at the next most qualified candidate.


Because I write these articles mainly for small business and non-profits, I want to make sure that they have enough information on the whole recruitment, and selection process. As an example, some years ago I was brought in by a large national company to investigate two employees at different locations, who were suspected of theft. When we reviewed their employee file, the hiring supervisor, never checked prior work references for them as a matter of fact nothing was checked, they were just hired on the supervisors gut feeling. This company had very strict screening practices developed by their legal council, yet two locations were not following them. Turns out one of the employees was fired from his previous job because of theft. Make sure you do your due diligence on all new employee hires.


Ok so let’s get to why you clicked on this article. First of all what is the definition of a liability? According to Oxford English Dictionary “A liability is a state of being responsible for something especially by law” or “A person whose presence or behavior is likely to cause embarrassment or put one at a disadvantage.” Not only could the employee be a liability to your company, but your actions on how you deal with the wrongful behavior could also be a liability. As an example, accusing someone of theft without any evidence to back it up, can be a liability to the company. Another example would be to ignore a complaint about bullying or discrimination. Many general liability insurance policies do not cover employee law. So it is a good idea to ask yourself, can I be held liable in this employee law situation. Which is another reason to consult your legal counsel before taking action.


When does an employee go from being a Human Resources asset to a Human Resources liability? There are many reasons, they could become unproductive and their performance fall below other workers, they could also be violating company policies, become a liability by not following OH&S or environmental policies, disrupting the work place through harassment, discrimination or bullying. They could be stealing assets, committing fraud, using drugs or alcohol on the job or using company assets to post inappropriate comments on social media.

Of course not all of the above are cause for dismissal, if a good employee has suddenly become unproductive, there may be reasons for it such as physical or mental health issues or perhaps they are dealing with a traumatic event such as a divorce or the death of a family member. It is your responsibility as a small business owner or manager to identify the problem and take appropriate measures. However, some of these violations are clearly reasons for dismissal and need to be dealt with.


When you have information regarding an employee problem, you must determine the nature of the problem and decided action. As I have mentioned in a previous blog, evaluating Intelligence requires you to look at the source of the intelligence and the quality of the intelligence.


First thing is to ask why I think there is a problem?

Is it in the numbers, is productivity or sales down or is it because of another employee or customer made a complaint. How reliable is your information?


What type of violation or offense is it?

Is it a breach of Human Resources policies or procedures, is it a Code of Conduct breach. Is the behaviour a Criminal Code offense, such as theft, fraud, or assault? The type of violation is going to determine the seriousness of the complaint.


How does the violation or activity affect the company?

Does it affect employee morale, does it put an employee in danger, or will it hurt the reputation of the company? Is there a financial cost to the company?


Are people at risk of injury or physical harm?

This could be an Occupational Health and Safety issue, or it could be a physical threat or Workplace Violence.



Let’s be perfectly clear, this is not an article to provide you with Legal Advice. Its purpose is to give you guidance on identifying and analyzing potential employee problems. Every situation is unique and the only way to ensure you are taking the right course of action is to contact your legal advisor for advice. I understand that in this Covid 19 business environment that money is tight. But after you have identified the problem seek legal advice to ensure you are taking appropriate action. Finally make sure you follow the lawyer’s advice and don’t do something else.


Once you have determined that a potential violation exists, you need to act on it right away. Thinking in terms of the Who, What, Where, When Why, How and Action Taken. Will provide an investigation template to document your findings.


1. Who: Who are the victims, who are the witnesses, who is the subject of the complaint?

2. What: What is the offence,

3. Where did the offense occur? Location, department.

4. When did it occur? Time and Date.

5. Why did the offense occur? Reason for the offense being committed.

6. How did the offense occur? Lack of internal controls or something else.

7. Action Taken: After conducting your inquiry, are you referring it to a manager or the HR department for follow up and how will it be treated. Are you requesting outside help such as a Private Investigator, Lawyer, Police or another specialist.



Once you have conducted your initial fact finding and have determined that there is cause for concern. You then have to decide a course of action. Is there enough evidence or cause for concern that it requires immediate attention?

Two of the biggest mistakes I see when it comes to employers investigating complaints and violations is:


A. That the employer fails to act on the information immediately. This delay can increase the seriousness of the violation, causing it to escalate and create greater liability to the organization or increase its financial losses.

B. Owners and Managers fail to document the complaint and information gathered at the beginning and during the course of the investigation. This is critical for evidence purposes and to show you took action right away. Your personal notes may even be allowed as evidence in the court room, if you had to testify.


Some helpful Prevention Tips:


1. Have a code of conduct and ethics that lays out the expected behaviors of employees and the consequences for breaching those rules.

2. Have a Whistleblower Hotline so employees can report wrongdoing anonymously. Such as our

3. Pre-screen all employee before hiring.

4. When it comes to investigating complaints get evidence not explanations.

5. Don’t hesitate to get outside help if needed. Such as Lawyer or Private Investigator. Hiring a third party can ensure an unbiased investigation.

6. Only share the information with other managers on a need to now basis. This is not to only protect the investigation, (Loose Lips Sink Ships) but also to protect the employee’s privacy. If an employee is doing something wrong and they learn they are being investigated, it could escalate their behaviour putting people in danger or destroying evidence.

In closing, Covid 19 has changed the way we work, with more people working from home. But this will not change human behaviour, some employees will cross the line. Be vigilant and diligent, manage your assets and reduce your liabilities.




Posted on 5 March, 2021 at 9:55


Darrell Smith CFE, ARM, CIM, FCSI


In November of 2019, we ran a digital ad “How to Prepare Your Business for the Coming Recession”. While a number of people who responded to the ad had genuine concerns, the interesting thing was a lot of business owners said that their business was doing the best ever and that their company was sound and the economy was great. Five months later everything has changed. It’s not that I had a crystal ball and knew things were going to get bad. There were signs that the economy was slowing down, with record low interest rates and record high corporate and consumer debt. I mention this to illustrate how quickly the business environment can change and the importance of strategic and risk management planning. Business need to have a strategic plan, with the flexibility to identify the risks it faces and to react accordingly.


A strategic plan establishes where your organization is going and how it will get there. It is essentially a blue print for your organizations success. It is developed by Senior Management and the Board of Directors. It consists of a Vision Statement; where is the company going, A Mission Statement; why does our organization exist, Strategy Statement; what will we do to get there and a Strategic Plan; how will we do it.


Strategic risk management is a process of identifying, analyzing and managing risks that could prevent your organization from achieving its strategic goals. It could be either internal or external risks and its goal is to protect shareholder value and is part of the Enterprise Risk Management (ERM) process. An example would be Project Failure, where new software is installed, only to have it become obsolete or not do what it was intended to do.


So let’s look specifically at the main strategic risks your company will face and can prepare for:


1. You Lose Customers: Customers have ever changing tastes, needs and preferences. Losing customers reduces sales and profits. Losing too many customers to quickly can result in the business shutting down. Staying connected with your customers and understanding their changing needs will help you prevent surprises. Working with them will help you understand their business and make you more valuable to them.


2. Your Brand Loses Its Customer Appeal: While many brands retain their customer appeal for ever (Think Coke) others lose the appeal over a period of time (Think Blackberry). Brand erosion occurs over time because of changing customers. Some reasons for brands losing their power are; poor or declining product or service quality and poor customer service. Brands can also become boring and uninteresting to the customer.


3. Your Big Project Fails: According to the PMI, more than 14% of all projects fail. With 37% of the reason for failure was a lack of clear vision and goals. A PWC study of over 10,640 projects found that only 2.5% of companies complete their projects 100% successfully. The rest either failed to meet their original target or missed their original budget or deadline. Think about the financial cost of time and materials that go into a failed project and the opportunity cost. Ask how is this project going to help us achieve our strategic goals? What are our chances of success? How can we increase those odds?



4. Your Company Sales Stop Growing: When sales stop growing, it affects cash flow and profits to the shareholders. You start losing key employees and may have to pass on other opportunities. How do you keep sales growing without creating more risk?


5. Your Business or Industry Becomes a No Profit Zone: Many industries are losing their ability to generate a profit such as retail or manufacturing. This can be because of increased competition or customer power that demands lower and lower prices. Is your industry heading this way? What opportunities are available to counteract the process?


6. An Unstoppable Competitor Enters Your Market: Think of an owner of a small town grocery store, where a Wal Mart opens up down the road. They have vast financial resources, purchasing power with suppliers, top notch Management Information Systems and a world renowned brand. How do you compete with them? You can and businesses have done it.


7. Your Industry Reaches a Fork in the Road: Technology, Customers, Economics, Regulatory or Political events can be the reason for having to choose between two possibilities. An example would be an armoured car company, assessing the fact that cash transactions will soon become obsolete. Do they move into other markets or focus on getting new customers. When an industry is transformed up to 80% of businesses fail to adapt and make the transition, (Think Blockbuster).



So as a business owner or manager, how do you assess your strategic risk? Start by identifying and quantifying your risks by going through each one of the seven types of Strategic Risks I outlined above. As an example using number 1. Ask yourself are you losing customers? What is our customer turnover ratio? Why are we losing customers? If you are increasing your customer base, then why? Track your work by putting it into a simple Strategic Risk Chart.

Risk Odds of Occurrence in% Impact in$ Action/Countermeasure % Complete

Lose 15% of 75% 30% of Sales Reduce Expenses by 10% 40%

Customer’s $300,000 Hire customer service staff

So now you have analyzed the seven strategic risks, next you need to take the top three to five risks with the highest impact on your business and develop your action plan to mitigate the risks.

Two of the goals of strategic risk management is to deflect the smaller day to day risks and to mitigate the larger risks you cannot avoid. There is a whole list of risk avoidance and risk management techniques that companies can use. Everything from reducing your fixed costs, have effective business intelligence systems to gather information that affects your customers and competitors, have early warning systems on customers’ needs and changing tastes and a whole list of other techniques.



Statistically, 20% of new businesses will close in the first year and 50% of business will have closed by their fifth year. So the odds of surviving your first year is 80% and your fifth year 50%. So from a Strategic Risk Management perspective Covid 19 has increased the odds of business failures. The Restaurant Association of Nova Scotia completed a study and said that 10% of restaurants in Nova Scotia closed this year so far and another 40% could close by March 2021.

Companies that are highly leveraged will not be able to service their debt, consumers will spend less because of higher unemployment. Yet some companies will survive and prosper and other companies will start up and beat the odds. Luck may play a part but eventually your luck runs out, that’s why you need to ensure that your Strategic Plan Is sound and you identify the risks that can get in your way.


I have simplified the process a little to make it easy to understand and to keep it short. I find the most effective way of doing a Strategic Risk Assessment is through a company workshop. I offer half day workshops on Strategic Risk Management to companies involving their executives and senior managers. They are fun to do and there is always a number of key takeaways that help the client right away.


Feel free to reach out to me if you have any questions about how to get started.



Posted on 5 March, 2021 at 9:50


Darrell Smith CFE, ARM, CIM, FCSI

Most small businesses are run by one or two entrepreneurial owners, with most day to day business decisions being made by the owners and senior managers. The external stakeholders, do not have an active role in the decision making process.

The stakeholders are, shareholders, lenders including banks and family, employees, suppliers, contractors regulatory agencies, government, customers and the general public. Many decisions made by organizations have consequences beyond the organization itself. Therefor in decision making a small business must take into account how it affects all its stakeholders. This approach is called social responsibility.


When we look at the definition of Governance, I like Ray Dalio’s definition from the Bridgewater Group. “Governance is the process that checks and balances power to assure that the principles and interests of the community as a whole are always placed above the interests and power of any individual or faction.”


Compliance is the process of making sure your company and employees follow the laws, regulations, standards and ethical procedures that apply to your organization.


Compliance does not constitute risk management, however the risks of non-compliance is countless. An organizations social license to operate requires more than just following the laws and rules of their environment. Risk Management is an essential part of the program, because not knowing the risks faced by the organization and the cost of those risks, make a Compliance program less effective.

Implementing Compliance and Governance with Risk Management, provides for a better understanding of threats and opportunities.


So in a small business or start up, many decisions are made daily, including decisions that affect all stakeholders. So it is important to have a decision making process that incorporates having adequate information to make the decision and implement it.


Good Governance provides a structure to protect the interests of shareholders and stakeholders, because they are not actively involved in running the company.


The advantages of having a Governance, Risk Management and Compliance Program (GRC) is not just following regulatory and legal conditions, related to your business and industry. But developing a strategic plan to achieve your business objectives, ensuring that your business goals do not exceed your risk appetite, developing a culture of accountability and transparency and having a reporting structure that designates responsibilities for compliance issues to the most qualified persons.


To build a Compliance Program, the first thing you need to do is set up an independent board of directors. I know what you’re probably thinking, I’m a small business or start up barely able to pay my bills. How can I afford a Board of Directors? The great thing is that there are many experienced business people, accountants, lawyers or retired professionals that would be happy to serve on your board. Not only do they bring valuable experience to your company, but they also have business contacts. The key is to have an independent board of directors.


Once you have selected your Board and have called your first board meeting. The first order of business is to develop a strategic plan of what your goals and objectives are for the company and then communicate it to all employees.


My experience working with and sitting on a number of boards is that management has great vision and strategy for their organization. However they have not put it into writing, what their goals are and how they will achieve them. Don’t confuse a strategic plan with a business plan. A business plan lays out the financial, marketing and operational goals of your business, a strategic plan states what your goals are for the business and how you’re going to get there. A business plan is usually developed by the owner, their accountant and perhaps several key employees. The strategic plan is developed by the board of directors. A strategic plan is an essential part of your overall business plan. Not having a strategic plan is like hiking in the woods without a compass or a map. After a very short time hiking, you get disorientated and you cannot tell what direction you are going, where you are or how to get back on the trail. A strategic plan maps out your objectives and the activities needed to get you there and provides you with the checks and balances to keep you on track.


Develop a Code of Conduct and Ethics: Whether you have been in business for 20 years or you are the only person in your start-up. Having a code of conduct and ethics is essential. A code of conduct governs decision making and how its employees and management should behave. A code of ethics governs actions and have five key areas, Integrity, Objectivity, Professional Competence, Confidentiality and Professional Behaviour. Typically they would be two separate documents, but many organizations do combine them.

I am a big believer in all firms having a code of conduct and ethics, regardless of their size and how long they have been in business. I have worked for companies where problems were identified and after implementing a Code of Conduct, communicating it to all employees and having them sign off on it annually. Behaviours such as theft, harassment, discriminations, and unproductive employees were reduced significantly. As a start-up it gives you a guide to good decision making by following the companies values.


Document all Job Descriptions, Processes, Policies and Procedures: Everything should be included, such as HR policies, financial, marketing and operations. The employees doing these jobs should be part of this documentation process. They can add valuable input, because they are the ones doing the job. The advantages of having everything documented are; Sets a standard for quality control, everyone is following the same procedures. Makes it easy for new employees or new locations to understand and follow company procedures. Provides an audit trail, as part of a risk assessment review. Are company policies being followed? As the business grows it maintains a level of consistency, reducing liability and financial issues, makes change management a lot smoother.


Have an Employee Handbook: Including the company history, mission, vision and the company goals. Your core values and culture, employee benefits and all policies and procedures. You should also have an orientation session with each new employee, to go over the items in the handbook and give examples of actual occurrences of how the policies apply to them. This step is extremely important as it helps to shape your corporate culture.



Perform Regular Risk Assessments: Conducting regular risk assessments will help you identify risks to your organization that can have negative consequences. By identifying them early, you can develop a risk mitigation plan to manage the risk. Traditional risk management looks at property, liability, and net income and people risks. Conducting regular risk assessments will also allow you to identify potential opportunities. Ask yourself, what are the three greatest risks facing my company? Ask your managers what are the three greatest risks facing their department?


Review Internal Controls: Internal controls are the guardians of your business. They are the methods, rules, and procedures used to maintain the integrity of the financial and accounting information. For any size business, the financial information is critical to managing the business. Protecting that information from fraud and theft, is essential to not just managing the business but the survival of the business. In my experience as a Certified Fraud Examiner, the number one reason that the perpetrator was able to commit the fraud. Was the complete lack of, or a breakdown in internal controls. Keep in mind that individuals who steal and commit fraud, are spending a lot of time on how to do it and not to get caught. They are looking for weaknesses or a lapse in the controls.

So it is essential that you spend enough time reviewing and testing your internal controls.


Have a Reporting Mechanism: As I have written about before, I am a big believer in having an anonymous reporting hotline. Where your employees, customers and suppliers can report potential wrongdoing to your company. See our Blog: “Not Having A Whistle Blower Hotline Is Like Leaving The Doors Unlocked At Night.” Having a reporting mechanism will result in wrongdoing being reported sooner, saving you time and money. It also sends a message that the company is serious about promoting moral and ethical behaviour in the company.


As a small business or start-up, here are some of the common issues that I have seen. Paying Income, Sales or other taxes, making payroll remittances, use of government funds and grants, Occupational Health & Safety, product and service liability, legal liabilities including discrimination and harassment, regulatory issues unique to your own industry, Anti Money Laundering regulations, conflicts of interest, protecting confidential customer and employee information.


So let’s look at the reasons why small businesses and start-ups need a compliance and governance program.


1. Having a CRG program provides the information necessary for management to make good business decisions and to be better leaders.

2. Better mechanisms in place to monitor and manage risk and identify potential opportunities.

3. Stakeholders will have more confidence in the owner and the business, by knowing that the business is being run in a responsible and ethical manner. If you’re looking for bank financing or to secure your first round in seed capital, and you have a GRC plan in place. This is going to probably work in your favor, compared to a company that does not.

4. It allows management to stay on track, because they have a plan to follow. If they lose their way the just go back to their strategic plan, values and mission statement.

5. It provides the framework for an organization to expand rapidly. By having a strategic plan, and all processes documented. If you open another branch or hire a lot of new employees, you have everything documented for them to follow. Allowing you to focus more on growth and less concern for compliance.

6. Reduced legal liability, by knowing what your greatest risks are and managing them.

7. Enhanced reputation in the business community, this is an advantage to getting customers, employees and financing.


I hate to use the old cliché, “they didn’t plan to fail they just failed to plan.” But when it comes to managing your small business or start-up effectively, growing sales and making a profit, you need to have a plan. Especially now with Covid 19 changing the way we work and do business.


While getting started may seem a little overwhelming, it’s not. Start with little steps, make a list of people you would like to have on your Board of Directors, review other companies Codes of Conduct, and think about what challenges and opportunities are ahead for your organization. The great thing with all of this is it doesn’t costs any money, unless you contract some of the work out. It just takes time, that will be well spent.



Posted on 5 March, 2021 at 9:45


Darrell Smith CFE, ARM, CIM, FCSI

You wouldn’t finish your work day and then go home and leave the doors unlocked to your business. Of course you wouldn’t. Not only would the unlocked door create an enormous security risk, you probably wouldn’t sleep that well. So not having an employee reporting hotline is like leaving the doors unlocked and hoping that you’re lucky enough that no one comes by and finds it open. Because if they get inside your business it could be very costly.

Even with modern security technologies, your first and most important line of defense is your locked doors. Alarm systems, and Closed Circuit Television Systems are just part of your overall security program.

My point is that even with modern security technology there are shortcomings that do not identify what I will refer to as the “intangible” occurrences of a criminal, regulatory, and human resources nature. What I mean by intangible occurrences are activities that are not apparent in the day to day operations of the organization. Such as an employee claiming expenses that they are not entitled to, an employee being discriminated against, an employee dumping toxic waste into the sewer system or a buyer taking kickbacks from the supplier. These events would probably not show up on a security camera, however your employees and even sometimes your customers may have evidence of these violations.

Employees who work in the specific area may have knowledge of such incidents, either through direct or circumstantial evidence. Yet they may hesitate to report the incident because of fear of reprisal or not knowing how or to who to report it too.


Organizations that do not have a reporting mechanism, have higher dollar losses because it takes longer for the event to be discovered, run the risk of legal, regulatory and criminal actions, have lower employee morale and risk damaging their reputation.


So What Is A Whistle Blower Hotline?


A Whistle Blower Hotline is an anonymous means for employees to report wrongdoing, knowing the report will be taken seriously and investigated. It is not for employees to report disagreements between themselves and their bosses or fellow employees.

Some hotlines are to just report fraud or environmental issues, while others allow any kind of violation to be reported, such as Fraud, Theft, Discrimination, Harassment, Bullying, Corruption, Sexual Harassment and any other violation.

Reports can be made by telephone 24/7 or online.


Why Is a Hotline So Important?


Studies have shown that if employees do not have an anonymous means of reporting workplace violations, they will either not report the violation, quit, go to the media or go to the police. By not reporting it, this causes additional financial losses to the company, can result in legal or criminal charges, and can cause unrepairable harm to the reputation of the business.

According to the Association of Certified Fraud Examiners 2020 Report to the Nations; The Duration of a Fraud Scheme, has a direct bearing on the median loss an organization incurs. The median loss is $50,000 for a fraud that lasts for 6 months and $740,000 for a fraud that lasts 60 months. It’s clear that the longer a fraud goes undetected the higher the losses. While this is just for fraud, I’m certain that this would be the same for any other kind of a violation. Whether it’s a criminal, regulatory or human resources in nature.


What is the Value of the Information Received from a Hotline?


Considering that all of your employees have knowledge of your operations and can see, hear or have physical evidence of potential violations. Why wouldn’t you want to make every employee an intelligence operative for your company? If you have 100 employees, that’s one hundred sets of eyes and ears gathering information, looking out for the companies best interests.

In the intelligence community, when evaluating intelligence information. You look at the source of the information and the quality of the information. So it makes sense that an employee would be in a position to have knowledge of violations. Even your customers and subcontractors would be in a position to have important information.


So Why Do So Many Businesses Not Have A Hotline?


In my experience with our in house hotline, I have heard many reasons for not having one. We are too small, the unions don’t want us to have one, the bosses don’t want any more headaches or we have a reporting mechanism already. This is my favorite because, they think that having a policy where information is to be reported to their immediate supervisor will work. The problem with this is that the employee cannot remain anonymous, they fear repercussions from the individual they are reporting or their employer. The one thing that all organizations can rule out for not having a whistleblower hotline is cost. The cost can be as little as a dollar per employee per year, with usually a minimum subscription. So a small business with 100 employees would pay $1000 per year, for a hotline service. I have just quoted a price for our Workplace Violations Hotline, other hotline prices may vary.


As Part of a Compliance Program.


A whistleblower hotline forms the basis of a compliance program, along with a Code of Conduct and Ethics and the ability to investigate all complaints in a timely manner, the tracking of all complaints to determine trends and for additional follow up. So every business regardless of size or financial condition can have the three cornerstones of a Compliance Program. By having a Hotline it tells all your employees that you take all violations seriously, and by creating a culture of “it’s the right thing to do” by reporting wrongdoing in your organization.


So in this post Covid 19 environment, where revenues and profits are down and many employees are working from home. Implementing a hotline is not only a prudent move, but will provide an excellent Return on Investment and peace of mind.



Posted on 4 February, 2020 at 11:25

Darrell Smith CFE, ARM, CIM, FCSI

It’s hard not to have noticed all the corporate executives and politicians who have been accused of expense account fraud. With executive salaries, do they do it because they have financial problems? Probably not, they could be living beyond their means, but a more reasonable explanation is greed. That they felt they were entitled to fudge their expenses and they could get away with it. They have justified it by thinking this is acceptable behaviour or rationalizing everybody is doing it so why not me.
It has been estimated that 21% of all fraud committed in organizations is expense account fraud, costing millions of dollars a year. Small businesses suffer greater losses mainly because they don’t have such elaborate expense tracking systems.
There are basically four types of expense account fraud;

1.       Mischaracterized Expense Reimbursement: This is when an employee uses a personal expense and claims it is business related. EG: Employee claims office supplies for a home business they have.
2.       Overstated Expense Reimbursement: The employee overstates the amount of an expense, such as taking a $10 cab fare and claiming $20.
3.       Fictitious Expenses: This is when they create a fake expense that does not exist and a fake expense form. An example is claiming a lunch with a client that did not occur.
4.       Multiple Reimbursements: This is when the employee submits the same expense several times. Such as an airline ticket, where they put it on their credit card and get reimbursed and then they submit the airline ticket for a second reimbursement.  
1.       Historical Comparisons: Compare employee’s expense reports for the last 3 years and compare it with other employee expense reports. It helps to see each employee’s expenses in a graph and then to graph all employees’ expenses combined.
If total company employee expenses have increased by 3% but one employees expenses have increased by 20%. That is something to look at and determine why.
2.       Detailed Review of Expense Reports: This is the most effective method where the employee’s expense account is audited, with all expenses being matched by receipts. Using the employee’s digital calendar and schedule allow cross reference between where they were, who they met with and what expenses were incurred.
Expenses Account Fraud Prevention:
1.       Have a company Expense Policy outlining what expenses can be reimbursed, what is required to get them reimbursed and what are the consequences of submitting fraudulent claims. The employee should then have to sign it and be given a copy. This could be part of the Code of Conduct or a separate policy.

2.       Ensure that only expenses with an attached receipt along with the explanation for that expense will be reimbursed. For entertainment an explanation of the receipt should include business purpose, and who the customer was. Also date and time when incurred, the place and the amount. This is a common theme I see in expense reimbursements. Where an employee submits an expense without the receipt and have an excuse for not having one. They get reimbursed and that sets the tone for submitting a similar expense without a receipt.

3. The person who approves the expense claims, give them the power and authority to question any expense even senior management and give them a clear chain of command to take the discrepancy to a higher authority. Encourage the employee and praise them when they detect a discrepancy.

4. Company Credit Cards issued to employees for expenses, the statement should go directly to the accounting department.

5. Conduct regular audits to ensure the company policy is being followed and to detect any discrepancies. The audits could be on a monthly or quarterly basis and any discrepancies should be brought directly to the employee who submitted the expense. For smaller organizations who do not necessarily have the time or expertise to do audits, it could be contracted out to an outside firm. Regardless the audits must be done.

Kilometers reimbursement is an area of abuse. The employee travels and total kilometers is actually 165, yet they submit 221. At $0.45 per kilometer, that’s an additional $25 the company has to pay out in fraudulent reimbursements. This can add up very quickly if you have numerous employees submitting expenses. An easy way to check is to just use Google Maps by entering the starting point and then choose destination and see how many kilometers it is.

I once audited a sales person at a Pharmaceutical company who had claimed over 90,000 kms in mileage, when we checked his vehicle, it had 22,000 kms on it. (The vehicle was company owned). This was over 68,000 kms at $0.45 per kilometer for over   $30,600 in fraudulent mileage claims. The employee was fired, because when we checked, not only was he submitting false expenses but he was also submitting false customer sales calls. Some clients had not seen him in over 2 years. 

6. Understand your corporate culture. In some organizations there is a culture of everybody is doing it, the company doesn’t mind. So why shouldn’t I do it? To manage this you have to have clear policies and procedures, educate the staff that this is wrong and is considered fraud, and how it affects the company’s bottom line. Also ensure management and executives are leading by example.

7. Have a whistle blower hotline to make it easy and anonymous for employees to report wrongdoing. Such as our
In summary, have an expense account policy, only reimburse expenses that have a legitimate receipt, with an explanation for the expense and make sure to conduct regular audits. You may not eliminate all expenses account fraud, but with proactive policies you will reduce the frequency and severity of losses.  


Posted on 24 October, 2016 at 10:20

Darrell Smith CFE, ARM, CIM, FCSI

Whether you are in manufacturing, retail or a service industry. Your employees steal from you for all the same reasons. Criminologists state that three elements must be present in order for employee theft to occur,

1. Motive: Employees may have financial, gambling, substance abuse problems, or may just feel they are unappreciated or under paid at work.

2. Opportunity: The lack of security control systems and clear cut policies and procedures. Make it easier to steal from you.

3. Justification: Is simply the employee justifying his actions by saying I will put it back, it's not really stealing or they want me to take it.

Once all three elements are in place you have employee theft. The 10-10-80 rule states that;
- 10% of your employees will steal from you at each and every opportunity.
- 10% of your employees will never steal from you at any opportunity.
- 80% of your employees may or may not steal from you based on motive, opportunity, and justification.

As employers we have no control of an employee's motive or justification, but we can do something about opportunity. Being pro-active to prevent employee theft is more effective, and costs a lot less than being reactive. An effective employee theft prevention program should include the following preventative measures.

  • Conduct pre-employment screening checks to eliminate potential employees with motive and justification.
  • Have a clear and concise corporate code of conduct outlining what behaviour is expected of your employees, and what course of action will be taken in the event of a violation.
  • Have a Whistle blower Hotline to allow employees to report wrong doing anonymously. Studies have shown that  having a whistle blower hotline, will reduce the severity of losses by catching the theft sooner. Many whisltleblower hotlines; such as our own allow all types of workplace violations to be reported.
  • Communicate this code of conduct to all new and existing employees, suppliers and contractors. Have them sign off on it every year.
  • Be consistent with enforcing policies. Treat every violator the same.
  • For younger workers with less time on the job, have employee appreciation and recognition programs. Such as a $10.00 gift certificate to a coffee shop or movie theatre.

In conclusion a proactive approach to employee theft will be more cost effective, providing a greater Return on Investment.