Safety In Numbers
|Posted on 29 April, 2021 at 9:15||comments (0)|
Darrell Smith CFE, ARM, CIM, FCSI
WHEN DOES AN EMPLOYEE GO FROM BEING A HUMAN RESOURCES ASSET TO A HUMAN RESOURCES LIABILITY?
There is an ongoing debate about whether an employee is an asset or a liability. Some say they are an asset because they add value, others say they are a liability because there is a cost to employing them through wages and benefits. Regardless of what position you take on this, there is one thing we all can agree on. Employees are essential for the ...Read Full Post »
|Posted on 5 March, 2021 at 9:55||comments (0)|
BECAUSE OF COVID 19, IT’S TIME FOR A STRATEGIC MANAGEMENT RISK ASSESSMANT!
Darrell Smith CFE, ARM, CIM, FCSI
In November of 2019, we ran a digital ad “How to Prepare Your Business for the Coming Recession”. While a number of people who responded to the ad had genuine concerns, the interesting thing was a lot of business owners said that their business was doing the best ever and that their company was sound and the economy was great. Five month...Read Full Post »
|Posted on 5 March, 2021 at 9:50||comments (0)|
WHY SMALL BUSINESS AND START UPS NEED A GOVERNANCE AND COMPLIANCE PROGRAM.
Darrell Smith CFE, ARM, CIM, FCSI
Most small businesses are run by one or two entrepreneurial owners, with most day to day business decisions being made by the owners and senior managers. The external stakeholders, do not have an active role in the decision making process.
The stakeholders are, shareholders, lenders including banks and family, employees, suppliers, contractors regula...Read Full Post »
|Posted on 5 March, 2021 at 9:45||comments (0)|
NOT HAVING A WHISTLE BLOWER HOTLINE IS LIKE GOING HOME AND LEAVING THE DOORS UNLOCKED AT NIGHT.
Darrell Smith CFE, ARM, CIM, FCSI
You wouldn’t finish your work day and then go home and leave the doors unlocked to your business. Of course you wouldn’t. Not only would the unlocked door create an enormous security risk, you probably wouldn’t sleep that well. So not having an employee reporting hotline is like leaving the doors unlocked and hoping that you’...Read Full Post »
|Posted on 4 February, 2020 at 11:25||comments (4)|
HOW TO PREVENT AND DETECT EXPENSE ACCOUNT FRAUD
Darrell Smith CFE, ARM, CIM, FCSI
It’s hard not to have noticed all the corporate executives and politicians who have been accused of expense account fraud. With executive salaries, do they do it because they have financial problems? Probably not, they could be living beyond their means, but a more reasonable explanation is greed. That they felt they were entitled to fudge their expenses and they could get away with it. They have justified it by thinking this is acceptable behaviour or rationalizing everybody is doing it so why not me.
It has been estimated that 21% of all fraud committed in organizations is expense account fraud, costing millions of dollars a year. Small businesses suffer greater losses mainly because they don’t have such elaborate expense tracking systems.
There are basically four types of expense account fraud;
1. Mischaracterized Expense Reimbursement: This is when an employee uses a personal expense and claims it is business related. EG: Employee claims office supplies for a home business they have.
2. Overstated Expense Reimbursement: The employee overstates the amount of an expense, such as taking a $10 cab fare and claiming $20.
3. Fictitious Expenses: This is when they create a fake expense that does not exist and a fake expense form. An example is claiming a lunch with a client that did not occur.
4. Multiple Reimbursements: This is when the employee submits the same expense several times. Such as an airline ticket, where they put it on their credit card and get reimbursed and then they submit the airline ticket for a second reimbursement.
1. Historical Comparisons: Compare employee’s expense reports for the last 3 years and compare it with other employee expense reports. It helps to see each employee’s expenses in a graph and then to graph all employees’ expenses combined.
If total company employee expenses have increased by 3% but one employees expenses have increased by 20%. That is something to look at and determine why.
2. Detailed Review of Expense Reports: This is the most effective method where the employee’s expense account is audited, with all expenses being matched by receipts. Using the employee’s digital calendar and schedule allow cross reference between where they were, who they met with and what expenses were incurred.
Expenses Account Fraud Prevention:
1. Have a company Expense Policy outlining what expenses can be reimbursed, what is required to get them reimbursed and what are the consequences of submitting fraudulent claims. The employee should then have to sign it and be given a copy. This could be part of the Code of Conduct or a separate policy.
2. Ensure that only expenses with an attached receipt along with the explanation for that expense will be reimbursed. For entertainment an explanation of the receipt should include business purpose, and who the customer was. Also date and time when incurred, the place and the amount. This is a common theme I see in expense reimbursements. Where an employee submits an expense without the receipt and have an excuse for not having one. They get reimbursed and that sets the tone for submitting a similar expense without a receipt.
3. The person who approves the expense claims, give them the power and authority to question any expense even senior management and give them a clear chain of command to take the discrepancy to a higher authority. Encourage the employee and praise them when they detect a discrepancy.
4. Company Credit Cards issued to employees for expenses, the statement should go directly to the accounting department.
5. Conduct regular audits to ensure the company policy is being followed and to detect any discrepancies. The audits could be on a monthly or quarterly basis and any discrepancies should be brought directly to the employee who submitted the expense. For smaller organizations who do not necessarily have the time or expertise to do audits, it could be contracted out to an outside firm. Regardless the audits must be done.
Kilometers reimbursement is an area of abuse. The employee travels and total kilometers is actually 165, yet they submit 221. At $0.45 per kilometer, that’s an additional $25 the company has to pay out in fraudulent reimbursements. This can add up very quickly if you have numerous employees submitting expenses. An easy way to check is to just use Google Maps by entering the starting point and then choose destination and see how many kilometers it is.
I once audited a sales person at a Pharmaceutical company who had claimed over 90,000 kms in mileage, when we checked his vehicle, it had 22,000 kms on it. (The vehicle was company owned). This was over 68,000 kms at $0.45 per kilometer for over $30,600 in fraudulent mileage claims. The employee was fired, because when we checked, not only was he submitting false expenses but he was also submitting false customer sales calls. Some clients had not seen him in over 2 years.
6. Understand your corporate culture. In some organizations there is a culture of everybody is doing it, the company doesn’t mind. So why shouldn’t I do it? To manage this you have to have clear policies and procedures, educate the staff that this is wrong and is considered fraud, and how it affects the company’s bottom line. Also ensure management and executives are leading by example.
7. Have a whistle blower hotline to make it easy and anonymous for employees to report wrongdoing. Such as our www.workplaceviolationshotline.ca.
In summary, have an expense account policy, only reimburse expenses that have a legitimate receipt, with an explanation for the expense and make sure to conduct regular audits. You may not eliminate all expenses account fraud, but with proactive policies you will reduce the frequency and severity of losses.
|Posted on 24 October, 2016 at 10:20||comments (5)|
Darrell Smith CFE, ARM, CIM, FCSI
Whether you are in manufacturing, retail or a service industry. Your employees steal from you for all the same reasons. Criminologists state that three elements must be present in order for employee theft to occur,
1. Motive: Employees may have financial, gambling, substance abuse problems, or may just feel they are unappreciated or under paid at work.
2. Opportunity: The lack of security control systems and clear cut policies and procedures. Make it easier to steal from you.
3. Justification: Is simply the employee justifying his actions by saying I will put it back, it's not really stealing or they want me to take it.
Once all three elements are in place you have employee theft. The 10-10-80 rule states that;
- 10% of your employees will steal from you at each and every opportunity.
- 10% of your employees will never steal from you at any opportunity.
- 80% of your employees may or may not steal from you based on motive, opportunity, and justification.
As employers we have no control of an employee's motive or justification, but we can do something about opportunity. Being pro-active to prevent employee theft is more effective, and costs a lot less than being reactive. An effective employee theft prevention program should include the following preventative measures.
In conclusion a proactive approach to employee theft will be more cost effective, providing a greater Return on Investment.
|Posted on 17 October, 2016 at 21:55||comments (6)|
Darrell Smith CFE, ARM, CIM, FCSI
Shoplifters- The National Retail Federation reports that one out of every ten shoppers attempts to shoplift. There are three categories of shoplifters:
1. The average amateur shoplifter who accounts for 75% of the arrests.
2. The full-time amateur shoplifter who accounts for 20% of the arrests.
3. The professional shoplifter who accounts for 5% of the arrests.
Common Characteristics of a shoplifter:
The Amateur Shoplifter: The amateur usually prefers the busier times when the store is full, and customers and employees are occupied. Many amateurs prefer the seclusion of fitting rooms or corners of the store. The amateur's actions are not premeditated, but if an opportunity presents itself, the shopper succumbs to the temptation. This is called "impulse stealing". Since they don't know themselves that they may steal, neither will you and so this makes them difficult to catch.
The Full-time Amateur Shoplifter: These are the people that your employees say, "We know these people steal". These people have a prior history of shoplifting convictions, and account for 20% of those apprehended. They're typically a well-dresses young adult. The difference between these people and the everyday citizen shoplifter is the motive.
The Professional Shoplifter: These are the real "pro's" that make up a small 5% of those that are arrested for stealing. They steal for one reason only, and that's money. The professional likes to work when employees are least alert, and are early bird, lunchtime, shift change, or last minute shoppers. Most of these people work in pairs and are well dressed and, needless to say, well trained. They are also often habitual drug users who support their habit from shoplifting your merchandise.
Shoplifting Prevention Pointers:
The best thing you and your employees can do to prevent theft, is provide exceptional customer service to customers. When shoplifters enter your store, they want privacy. When you acknowledge them and continue to monitor them. They have lost their privacy and will go somewhere else where the staff is not as alert.
|Posted on 9 May, 2014 at 21:45||comments (11)|
MANAGING BUSINESS REPUTATION RISK
Darrell Smith CFE, ARM, CIM, FCSI
East Coast Fraud & Risk Management Group - www.eastcoastfraud.ca
Most organizations don’t give much thought to their business reputation until something goes wrong. One of the reasons is that a business’s reputation is difficult to identify, analyze and put a value on. It is an intangible asset that does not show up on the balance sheet, except perhaps as Goodwill when one company buys another company. Your reputation is what brings customers to you, keeps your customers coming back, and why existing customers will refer friends and family to your business. Your business reputation is one of your greatest assets and if not managed it could be a liability or it could also mean missed opportunities.
According to the Insurance Institute of America, the definition of Reputation Risk is;
“An intangible Asset that relates to an organization’s goals and values, results from behaviors and opinions of its stakeholders and grows over time. It is the comparison between stakeholder’s experiences and their expectations and is the pillar of the organization’s legitimacy or social license to operate. An organization maintains a good reputation when it meets or exceeds stakeholder expectations.
PUTTING A VALUE ON REPUTATION
The first thing you must do is recognize the value of your reputation. Intangible assets in some organizations can represent 50% or more of a company’s total value. While there are several ways of valuing reputation risk, such as the Fair Market Value approach, which would assign a value if put on the market and the Cost Approach which is the amount the organization invested to acquire their reputation. Risk Managers prefer the Income Approach which puts a current value based on discounted cash flows, the reputation would earn in a given period of time. By recognizing the value of your reputation, it allows you to think of it as an asset. If damaged it can cause a loss of key stakeholders, but there is also an upside that you can take advantage of opportunities to add value to your reputation. As an example the tainted Tylenol crisis in 1982, had Johnson & Johnson develop tamper proof pill bottles that are now used globally.
IDENTIFY KEY STAKEHOLDERS
You should identify your key stakeholders and rate them based on importance, because each stakeholder’s expectations may be different. I use a rating system with a base of 100 and assign each stakeholder points based on their importance. Stakeholders can be classified as external and internal. Internal could be management, employees, and Board Members, while external could be customers, suppliers, shareholders, and government regulators.
SOURCES OF RISK TO REPUTATION
Sources of risk to reputation can include the following;
1. Deliver on Customer Promises: Is the company (non-profit or government entity) delivering high-quality, competitively priced goods and services?
2. Regulatory and Legal Compliance: Is the company seen by its stakeholders and the public as law abiding and comply with all laws and regulations?
3. Communication and Crisis Management: Does the company have an effective communications plan to manage stakeholder expectations? Are they transparent in their business dealings?
4. Financial Performance and Long-Term Investment Value: Does the company have a steady record of financial performance and are they a good long-term investment?
5. Corporate Governance and Leadership: Does senior management and the Board of Directors lead by example and set an appropriate tone at the top.
6. Corporate Social Responsibility: Is the company considered by its stakeholders a good corporate citizen and does the company minimize the negative impact and maximize the positive impact of its activities on the environment and society as a whole?
7. Workplace Talent and Culture: Does the company recruit high quality employees and treat them well? Does the corporate culture motivate employees to take pride in their work?
IMPLEMENTING A RISK MANAGEMENT PLAN FOR REPUTATION RISK
Identify, Analyze and Prioritize Reputation Risks: Identify the key drivers of risk by reviewing past incidents and future risks. Analyze those risks based on tangible losses or gains to reputation and put a priority on each one. As an example an investment firm that has numerous compliance issues with advisors recommending high risk investments, could result in loss of clients and assets, regulatory fines, a criminal investigation or class action lawsuit.
Develop and Implement a Risk Response: To implement a risk response to a specific reputation risk, it depends on the source of the risk, whether the risk is a threat or an opportunity, the risk appetite of the organization and whether the risk can be mitigated and the total cost of mitigating the risk (ROI).
Monitor the Results: After the risks have been identified, analyzed and prioritized and risk responses have been developed and implemented. The risks should be monitored by management for any changes in the risk frequency or severity and take appropriate action. The objective is early detection and immediate treatment.
To effectively manage your reputation, recognize reputation as an asset, that like any other asset there are risks that may affect it and there are also opportunities that allow you to improve your reputation. Many companies actually seek out risk to maximize profits and gain a competitive advantage over their competitors.
|Posted on 14 April, 2014 at 20:00||comments (3)|
How to Use Corporate Culture to Prevent Fraud
Darrell Smith CFE, ARM, CIM, FCSI
Corporate Culture can be described as “The beliefs and values which are understood by employees.” Culture is like an invisible energy field that surrounds your organization and determines how people think, act and see the world around them.
Some facts about corporate culture include;
1. Culture determines the “way of life” for employees who often take its influence for granted.
2. Over time culture is fairly stable and resistant to quick changes. Once a culture is ingrained into the organization, it can resist change even with high employee turnover. 3. Culture involves both internal and external characteristics.
4. Employee’s know what the culture is and can describe its characteristics. You can measure, evaluate and perfect it.
5. Culture will develop in a random fashion, or you can manage it if a firm has incorporated it into their strategic plan that identifies specific properties and goals.
So how can a company reduce fraud in their organization by managing corporate culture? By aligning the organizations goals with the socialization process. The socialization process is what passes an organization’s culture from one generation of employees to next.
According to Dictionary.com the definition of the socialization process is; the continuing process whereby an individual acquires a personal identity and learns the norms, values behaviors and social skills appropriate to his or her social position.
The three stages of the socialization process are;
1. Anticipatory Socialization and the Hiring Process: Begins when the employee simply considers working for a company and continues through the hiring process, where the interviewer will communicate the norms and values of the company and determine if the candidate is a good fit.
2. Formal Socialization: Can be in the form of orientation and training programs for new employees and also through a mentoring process where values, skills and habits are communicated to the new hire.
3. Informal Socialization: Occur through many informal channels, through interaction with fellow employees and informal interactions with management. This is where the most effective and lasting socialization takes place.
At the anticipatory and hiring stage, the first step is to communicate the company’s norms and values through the web site to potential and current employees, that your organization puts a high value on honesty and integrity. Then during the interview process, the interviewer will reinforce the values by making it part of the interview process by asking open ended questions and reinforcing the company values.
The formal socialization stage is an excellent opportunity to begin the education process by making it part of the training program, through codes of conduct statements, and company policies and procedures. It is also very important to match the new hire with a mentor who will reinforce the company values in a positive reinforcing way. Use real examples of how real employees made contributions to preventing fraud. I am a big believer in positive reinforcement and not using negative reinforcement, such as discussing how this employee was caught committing fraud. This sets a negative tone for the new hire.
Finally the informal socialization process is where the employee will develop their values and ethics system by interacting with other employees and various levels of management. It is essential that management lead by example and follow the same rules as expected from the employees. Employees that are role models and set a good example should be given more exposure to the new employees.
I have worked with clients who accepted that employee fraud and theft was part of their culture, and spent large amounts of money on security, CCTV, and audit programs, focused on catching and prosecuting the dishonest employee. This is really just dealing with the effect and not the cause. I have also worked with companies who tried to change the culture of fraud and theft, by managing the corporate culture. The return on investment is much higher.
While every organization is unique, here are some helpful hints to get started;
- Survey your employees to understand their thoughts on fraud and theft in the workplace.
- Develop a vision statement that reflects the vision of the company on fraud and employee dishonesty. I had the privilege of doing some work for a contact center and the VP came into the class of new trainees and said I only ask two things of you; 1. Don’t use violence against each other 2. Don’t steal from the company or commit illegal acts against us. They have never had a workplace violence incident or fraud committed against them. Don’t underestimate the power of vision.
- Ensure senior management is on board and make sure they give a reason why the change is occurring.
- Establish a team to guide the change process.
- Set short-term wins, rather than one or two big goals. This will keep employees engaged and focused. Failing to meet a big goal or milestone will discourage employees and may mean the end of the program.
We have discussed corporate culture and the role it plays in shaping employees thoughts and behaviors. We also discussed how the culture can be managed with the socialization process. To change your culture takes time and a lot of energy, however the end result is worth it.
At East Coast Fraud & Risk Management Group we have worked with many organizations and developed several employee surveys, you can use to survey your employees on corporate culture as it relates to fraud and employee dishonesty. Drop us a line if you would like a copy of one at www.eastcoastfraud.ca
|Posted on 5 March, 2014 at 10:35||comments (5)|
REDUCING THE RISK OF BUSINESS IDENTITY THEFT
Darrell Smith CFE, ARM, CIM, FCSI
Most of us are familiar with personal identity theft, where an individual has their identity stolen, but business owners may not be as familiar with Business Identity Theft. Business Identity Theft is not the theft of customer’s personal information, but is someone assuming the identity of the business, that has no right to, for illegal purposes. The purpose is to gather information on the company and then submit fraudulent business records and tax filings, causing significant financial losses to the company and defrauding their creditors, suppliers and financial institutions.
Corporate Identity Theft is not just about corporations, but include non-profits, government, small & medium enterprises, partnerships and sole proprietorships.
Businesses are targeted for many reasons, including;
- More complex financial affairs than an individual, numerous people involved and less chance of being discovered.
- Businesses have large cash balances in the bank, making it more profitable for the fraudster.
- Easier to open up a business bank account and get credit, than opening an individual account.
- Higher credit limits and less collateral required.
- A lot of business information is public such as HST tax numbers on invoices, licensing, permits, and loans secured by assets through Personal Property Security Searches. Also anyone can request a credit report from the credit agencies on a company.
In a 2012 survey by Javelin Strategy Research Report, 75% of data breach reports took place in businesses with fewer than 100 employees…
While there are numerous scams involving Business Identity Theft, the following are some of the most common;
1. Fraudulently Change Your Business Registration Information: All business registrations in Nova Scotia are filed with the Registry Of Joint Stocks and when a company wants to submit a change to their registration, they fill out a form with the changes, sign it and send it either by mail or electronically. The Registry updates the information without verifying the changes, and most Provinces and States do the same. This allows a fraudster to change your corporate information, such as adding a new director, changing the corporate mail address or designating another name as the corporate secretary/treasurer. Then all they have to do is print off a copy and take it to the bank and open an account with the information or have mail delivered to the changed address.
Changing the business registration information could allow them to purchase assets in the company name, sell company assets, get access to bank accounts and credit lines, and get credit cards issued.
2. Cyber Crime: The main technique here is Phishing, which is when the cyber criminals send out thousands of emails that look like they are from a legitimate financial institution. It is usually an urgent message saying something like “we have detected unauthorized use of your account,” “detected a security breach,” or “too many log in attempts,” or some other reason. The web site looks legitimate and the email address is usually very close to the actual financial institutions address. The email instructs you to click on the link which will take you to the site and get you to reset your password and or enter your account number. No financial institution will ever send you an email saying there is a problem with your account.
3. Obtain Loans and Credit using the business owner’s personal information. Just like personal identity theft, the purpose here is to obtain the owners personal information and then either conduct business in the business name or to obtain credit and other assets or open bank accounts by using the owner’s information. Think about how easy it would be for someone to walk into a bank, with your full name, address, date of birth, Social Insurance Number, employer and open up an account or to apply for a credit card on line.
Here are some TIPS to help you prevent Business Identity Theft;
Ø Review you banking agreement. Before you are a victim of Business Identity Theft, know your banks policies on liability for fraud on your bank accounts. Ø Reconcile your bank account daily. By using online banking you can log onto your account and review balances and transactions. Report any discrepancies to your bank immediately.
Ø Use a secure computer, that only you have access to, for your business banking. The computer must have anti virus and anti spy ware software protection. Use passwords that are at least eight characters long and change them monthly. Do not access your bank accounts through public internet or Wi-Fi spots and don’t use your smart phones to log onto your business bank accounts.
Ø Educate all your staff on Phishing scams on line, and by telephone calls requesting information over the phone. I know of a situation where the administrative assistant gave out information over the phone, to what they thought was a legitimate call, by a vendor wanting to deposit the funds electronically. Resulting in losses to the company.
Ø Protect all your business documents and information. Keep all financial and confidential information locked up and in a secure location. I worked on an investigation where the cleaners would come in at night and one of them would go to the receptionist computer, log on and down load confidential information and sell it to their competitor.
Ø Shred all unneeded documents that have confidential or financial information on them. I prefer a shred company that supplies the onsite shred boxes and empties them on a regular basis.
Ø Check your business registration information regularly. This can easily be done by going to Registry of Joint Stocks website www.rjsc.gov.ns.ca and entering your business name.
Ø Check your business credit reports at least once a year and more frequently if you suspect something. Reports can be obtained from Trans Union and Equifax and Dunn & Bradstreet.
Ø Have high quality computer virus and spy ware software.
Ø Train all your employees on Business Identity Theft prevention. This should be part of new employee training and orientation and make it a topic at staff meetings. Ø Be aware of large orders from new customers or a new company. Do your due diligence by asking. Does the order make sense? Does the order information raise a red flag? Such as overseas address or a PO Box. If you are not sure call the customer or email for additional information.
If in doubt, hold the order back. It is better to delay an order from a new customer than to ship goods and not get paid for them. One results in a potential loss of a customer the other is a loss of inventory or cash.
In closing keep in mind that cyber crime operates anonymously, the fraudsters don’t wear masks and rob banks. They conduct their crimes from the comfort of their own homes, they are very good with computers and many are well educated, they know the chances of getting caught are slim. All organizations should make Business Identity Theft part of their risk management program. Talk to your insurance broker to see if you have coverage for Business Identity Theft.
Visit our site for additional blogs at: www.eastcoastfraud.ca