Don't Let Fraud Take
Your Company Down
comes in many shapes and sizes, but the outcome is
always the same. It is extremely damaging to a company’s reputation and
Most studies have
found that fraud is more likely to be
committed by a single individual who has no prior history of fraud. It is
often discovered when that person is living beyond their means or
financial difficulties. Further, smaller companies can be more
susceptible to fraud, since they lack the level of anti-fraud internal
controls that their
larger counterparts have in place.
What’s especially alarming is that it is high-level
perpetrators — owners/executives —who cause the greatest damage to their
organizations. Frauds committed by employees in the “executive suite” are
far more costly as compared to those committed by managers, which in turn
are more costly than frauds perpetrated by lower-level employees.
frauds also take the longest to detect.
to most studies on the topic, the majority of
fraud perpetrators are first-timers, having never before been charged or
convicted for a fraud-related offense. And most fraud is committed by
individuals in one of six departments: accounting, operations, sales,
executive/upper management, customer service or purchasing.
The “fraud triangle”
combat fraud you must first understand the “fraud
model developed by Dr. Donald Cressey, a sociologist whose research
focused on embezzlers. According to Dr. Cressey, three factors must be
present in order
for an ordinary person to commit fraud: opportunity, pressure and
rationalization. Fraud perpetrators usually are under some kind of
pressure, they recognize a perceived opportunity and they rationalize their
actions. Embezzlers do not see themselves as criminals, but rather as
honest people who
are caught in an unfair set of circumstances.
a zero-tolerance policy
are encouraged by weak or non-existent internal
controls, lack of oversight by supervisors, lack of an audit trail and
failure to punish past perpetrators. If your organization has any of these
weaknesses, they are a risk of being exploited to the hilt.
best way to discourage fraud in the first place is to
adopt a zero-tolerance policy regarding fraud and corruption. Make it
clear that all matters raised by any individual within the company will be
seriously and thoroughly investigated.
it comes to fighting fraud in your organization, an
invaluable resource is your own workforce. Fraud is far more likely to be
discovered by tips than the collective total of management review,
audit and external audit. That’s why it’s so important to encourage
employees to report fraud.
lot cheaper, and far more effective, to prevent fraud
from happening in the first place than it is to try to uncover the crime
later. By the time the fraud is discovered, chances are slim to none that
stolen will be recovered, and investigating the fraud can be expensive and
conjunction with a whistleblower hotline, consider
developing a zero-tolerance fraud policy statement that should be
communicated to all employees, contractors and suppliers. A fraud policy
statement should be
simple, focused and easily understood.
sample fraud policy, click here.
Promoting Positive Ethics in the Workplace
Honesty. Dependability. Punctuality. Good work habits. Initiative. Solid teamwork. Those are some of the qualities most prized by employers today. But positive ethics should rank just as high.
Companies worldwide are challenged with ensuring their employees are performing their jobs in an ethical manner and are in compliance with ever-changing laws and regulations. In tough economic times, organizations that maintain a culture of integrity have a greater chance to survive — and prosper.
Owning up to mistakes, avoiding the “blame game,” discouraging scapegoating, encouraging open and consistent communication, going “by the book” in terms of company rules to discourage white lies, and following chains of command are all things employees should do and employers should encourage to promote positive ethics in the workplace.
Develop a code of ethics.
Lapses in workplace ethics occur every day. They occur at all levels — from entry-level cubicles to the executive suite. In 2010, Hewlett-Packard CEO Mark Hurd retired from HP after an internal investigation revealed expense-account irregularities. A code of ethics should include a code of conduct, respect for others, personal and professional responsibility and more. A workplace code of ethics makes employees more aware of common ethical challenges and useful distinctions, helps teach them skills for dealing with them and explains how to apply those skills to improve their ethical behavior.
Your code of ethics should outline the type of behavior you want to promote as well as the type you want to prevent. Click here for examples of codes of ethics.
Support and reward ethical behavior. Disciplining employees for not doing “the right thing” is a start. However, it’s easier to motivate workers by offering incentives for ethical behavior — and it creates “feel good” element that can lift employee morale. When conducting performance reviews, include ethics and compliance as a metric. A spot reward or incentive for outstanding performance in these areas is a great way to motivate workers to support the company’s values, adhere to its standards of conduct and to comply with laws and regulations that govern your operations. When doing so, be sure to publicize the reward so that other employees understand how good ethics improve overall business results.
Design an ethics training program. Training in ethics helps build strong teams throughout the organization. You can start small with a mandatory, introductory ethics training workshop for all employees. In the initial workshop, you can communicate the company’s code of ethics, discuss applicable federal and state compliance rules and regulations, present a system or model for ethical decision making, and introduce real-world ethical dilemmas in which employees actively participate through role-playing. An important tip is to include employees at all levels in each ethics training group, which will bring home the point that no one, no matter what their job title, is excused from ethics training or immune to unethical behavior.
Workshops should include a copy of your code of ethics, a discussion of relevant compliance laws and an ethical decision-making model, which presents questions workers can ask themselves to help them make ethical decisions. In addition to our anonymous compliance and reporting hotline, the ethics training programs such as those offered by Lighthouse can provide you with an affordable comprehensive training solution.
With ethics training as a foundation, and by promoting positive ethics in the workplace, issues can be dealt with before they become serious concerns.
For a list of the World’s Most Ethical Companies in 2011, click here.
Identity Theft in the Workplace
may be a case of feeling too comfortable, but the cost can be high.
Workers constantly leave personal information lying around on their
desks, at office printers and fax machines. They put their bags,
briefcases and wallets — containing checks, Social Security cards,
credit cards and other information used to commit fraud — in the same
place every day. It’s a field day for an identity thief, and a
headache for employers.
to Judith M. Collins, author of the book Preventing Identity Theft
in Your Business: How to Protect Your Business, Customers, and
Employees, at least 50% of
all identity theft cases can be traced back to the workplace.
cost to employers
employers are being held liable for identity theft that occurs in the
workplace. The Fair
and Accurate Transaction Act of 2003 (FACTA) requires employers to protect employee information. Under FACTA
provisions, any employer whose action or inaction results in the loss
of employee information can be fined by both state and federal
governments — and be sued in civil court.
An employee is entitled to recover either actual damages sustained or
statutory damages up to $1,000. In addition, employees may bring class
action suits against employers for actual or punitive damages. Federal
fines of up to $2,500 per employee and state fines of up to $1,000 per
employee may also be levied.
often inadvertently aid identity thieves by making common mistakes.
Here are a few ways you can eliminate the latter and minimize the
thread of theft and liability:
- Encourage employees
to keep personal items under lock and key whenever they leave
their desks. An identity thief can rifle through a wallet in seconds, obtaining
credit card numbers and more.
- Don’t put social
security numbers on public display.
Some employers put them on paychecks, purchase receipts, timecards
and more. Keep the numbers confidential, or identify employees by
the last four digits of their number. Avoid
using them as health plan policy reference numbers.
- Discourage employees from leaving
personal documents overnight. Even if they’re locked in a desk drawer, the paperwork could be
accessed by security guards, janitors or coworkers.
- Don’t let strangers
walk around unescorted on your premises. Ask
any unfamiliar face for an ID other proof that they have a business
purpose in your office. If they cannot supply it, call the company
they claim to be working for.
- Consider encrypting any electronic
files that contain personal employee information. There
are several relatively inexpensive software solutions that
in this type of data security.
- Properly dispose of
sensitive personal information.
Do not allow documents containing such information to be thrown in
dumpsters; shred them before disposal.
- Discourage “Out of Office” email replies to people outside the
organization. Such automatic
e-mail replies inform anyone sending an employee a message that they
are away from the office. It also
alerts them to the fact that the worker’s house may be empty.
its worst, identity theft — and any breach in information security —
can severely damage both your reputation and your bottom line. Is your
organization at risk? Take this quiz to find out.
The Importance of Online Ethics Ethics is the cornerstone of good decisions. Long before you nabbed a managerial position or might have filed the LLC paperwork to start your own business, you definitely knew that much. Your parents probably reminded you as a preschooler telling you not to take what wasn’t yours. You got the message again as a student when the teacher remarked that cheating was frowned upon. And now as you oversee a business you want to ensure that you and your co-workers are doing what’s right and honest by your customers.
It’s surprising, then, how many people sit down in front of a computer and forgot those seemingly instilled life lessons. As an individual ethics have an important place online. As the face of a business, it’s critical. What you do, say, promote, and share is directly related to your company, and one misstep can cause cracks in your reputation forever.
Hiding behind a computer screen is no reason to take a chance. In fact, in today’s environment of lightening-quick social media sharing, a mistake can become local or even national news in minutes. Approach online dealings with as much care, if not more, than you would a face-to-face conversation.
Some topics to consider as you operate in a digital world:
Your Website Your website is essentially your modern day business card and corporate brochure. It’s a living, breathing source of information that is typically the first destination potential clients head to when they are considering your services or products. It shouldn’t only be inviting, it should be accurate. Misinformation or false promises on a company’s webpage are akin to false advertising, and while they may not be held to the same rules and penalties as a TV ad, in the eyes of your client base they are just as egregious.
While this might seem obvious advice, the content of your website may already be in violation of these tenets. Even using terms like “the best” can be construed as a false promise since opinions are not fact-based. TripAdvisor was just ordered by the Advertising Standards Authority to take such information off their website. Phrases such as “Read real reviews from real travelers.” and ““Reviews you can trust.” must now be changed since reviewers undergo no verification or background check and might be sharing misleading information.
Search Engine Optimization (SEO)
As you know, every company wants to be first on the search results page when a potential client searches for their category of product or service on the internet, and SEO is the way to enhance your chances. But trying to trick search engines and their algorithms does more than create an unreadable website. It sends a red flag to visitors that you may not be an ethical organization. And it may even hurt your page rank; Google and others have programmed their spiders -- the computer programs that scan pages for keywords and other information -- to detect tricks and unconventional meta data and actually demote these sites on search result pages for such behavior.
Love it or leave it, social media is an essential part of many business’ marketing strategy. But it’s casual tone and close contact with the marketplace can quickly spell problems when left in incapable hands. Make sure whomever is running your social media campaign knows when to respond, when not to, and what information to provide, not to mention how to behave when being the face of your company. Last year Chrysler suffered damage to its reputation and an employee was terminated after sending out a negative and profanity-laced tweet through the company’s official Twitter handle. Social media can catch unethical acts from your brick-and-mortar locations, too: recently an employee at Papa John’s was outed when a customer tweeted a photo of her pizza receipt and the racial slur the crew had used to identify her. One tweet can spread instantaneously and either give a healthy boost to your brand or significantly tarnish your image.
Email MarketingSome may consider it the digital version of a take-out menu slid underneath your windshield wiper, with the major difference being agreement of acceptance. While you cannot guard your car 24 hours a day, the government has allowed users to protect their inboxes with spam laws. Do not send newsletters, coupons, or other communications to an email list unless those addresses were procured properly. And be sure that every communication you do send has a unsubscribe link included; it’s the law. The Bureau of Consumer Protection has a check-list to review before you hit the next Send button.
As more of us move our business dealings online, there is more to consider than ever. Check back next issue for the second part of this three-article series: Ethical & Legal Issues in E-Business.
Insider Information Theft Is On the Rise
Information is your company’s most valuable asset. It is the lifeblood of your business. If it is stolen or misused, it can be devastating to your bottom line. Yet while most organizations are proactive about protecting cash, assets and inventory from employee theft, many still do not have procedures in place to safeguard information.
An inside jobA full 60% of frauds are committed by senior managers, junior employees or third-party agents or intermediaries, according to Kroll’s 2011/2012 Global Fraud Survey — up from 55% in the 2010/2011 survey.
There are many reasons why employees steal information. They may be planning to start their own business or jump ship to a competitor. They could be under financial duress. They might have a major beef against a supervisor or the CEO. Or perhaps they simply feel entitled to do so. A recent study by the Ponemon Institute found that more than 50% of departing employees claimed that one reason they took employer data was because “everyone else did it when they left.”
What they steal
It’s not just headline-grabbers like industry trade secrets that are vulnerable to theft. It could be something as simple sounding — yet potentially damaging — as job descriptions and how each employee does a specific job. This information is easily available to workers. Other frequently stolen information assets include email lists, customer information, financial records, private employee records and intellectual property, such as product designs.
IT employees especially have opportunity to steal sensitive company data, since they have considerable access to confidential information. The latter includes passwords, financial information and intellectual property from Research and Development.
How they steal it
In business days of yore, it was much more cumbersome for employees to steal information, since most of it was kept in paper files. Today, electronic documents make it easy to make off with valuable data. Copying them is even easier now that businesses have migrated from disks and CDs to portable USB storage devices. The latter are tiny, easy to hide and can store vast amounts of information.
Smartphones — such as iPhones, BlackBerrys and Androids — have become useful tools with which to steal company data. They are often connected to the company email system, private intranet and wireless network.
Private email accounts are another way to conceal stolen data and avoid potential lawsuits. An employee can quickly email company data to a personal account and then access it from home. A personal email account is typically beyond the control of the company and its legal resources.
What you can do
The good news is such theft is preventable — if you are proactive about it. First, identify and prioritize your business information. That includes everything from legal documents to intellectual property, financial data, customer and HR records and even sales projections. You should consult your company’s legal and finance teams on all data security, classification and retention issues.
Then, to truly protect your company from information theft, make sure you have a policy and procedures in place regarding your confidential data.
The policy should be carefully thought out, well documented and well communicated. Procedures should be clearly spelled out and simple to enforce. The policy should include an Acceptable Use Policy, Data Classification and Retention Policy, and New and Departing Employee Procedures.
An Acceptable Use Policy is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network site or system may be used. Such a policy reduces the potential for legal action that may be taken by a user. For a look at AT&T’s Acceptable Use Policy, click here.
For the Ponemon Institute’s Best Practices in Data Protection Study, click here.