Forensic Focus newsletter September 2010Welcome >Business interruption Cutting through the smoke and mirrorssettlements –Smoothing the process >Fraud policies – Why youneed one and what itshould look like >Employee fraud – Forensic FocusActing on suspicions >Security card access –Keep your doors closed >Contacts > Welcome to the September 2010 edition of In this edition we feature: Forensic Focus. Business interruption settlements – Smoothing the Mother Nature has certainly made an impact on the lives process of many New Zealanders this month. The Canterbury Fraud policies – Why you need one and what it should Earthquake has, and will continue to cause personal and look like economic distress for some time yet. The substantial Employee fraud – Acting on suspicions spring storms have battered the whole country with Security card access – Keep your doors closed snowstorms in Southland, tornadoes in Tauranga and We hope you enjoy the read. damage to homes and businesses almost nationwide. Our thoughts are with everyone who has been affected Barry Jordan and the team. by these natural disasters. With so many businesses having to pick up the pieces, in this edition we have included some advice on what you need to think about if you are putting together a business interruption claim. As we often provide assistance in assessing complex claims, we know from experience what is expected of claimants to assist with timely and straightforward processing. Off to confront an unpredictable experience of a different nature is Lisa Tai from our Forensics team. Lisa has just left the country for a five month secondment to Forensics in the Deloitte Mumbai office. Arriving in Auckland, in Lisa’s place, will be Ankit Patni, from the Mumbai team. In the next edition of Forensic Focus, we hope to share some insights from Ankit about his experience in India. Once Lisa returns, we are sure she will also have a lot of interesting thoughts to share.
Business interruption settlementsSmoothing the processWelcome > Many buildings in the Canterbury region have clearly document the additional expenditure incurred and sustained significant physical damage as a result revenue lost throughout the period of interruption. TheseBusiness interruption of the 7.1 magnitude earthquake that shook actions will allow your claim to be much more visiblesettlements – Christchurch in early September. through your accounts, helping to streamline the claimSmoothing the process > process. The aftermath of any natural disaster is a traumatic timeFraud policies – Why you for many, particularly those that suffer extensive damage The timeline will also help keep track of your business’sneed one and what it to their homes and businesses. Many businesses are often operational status. We suggest that you divide theshould look like > forced to close due to damage to offices, warehouses, interruption period into the following four distinct stages: plant and equipment and inventory. It takes time beforeEmployee fraud – • Operations shutdown business returns to normal while these assets are repairedActing on suspicions > • Business is partially operational or replaced. Although business interruption insurance • Business is fully operational will help minimise this loss, the task of preparingSecurity card access – • Business is back to normal and submitting an accurate claim can become anKeep your doors closed > During each stage you should keep track of any overwhelming exercise. additional expenses incurred and revenue lost.Contacts > To assist with the process, here are some key steps to help you obtain a business interruption settlement more Additional expenditure includes any outgoings that would smoothly. not normally be incurred by the business but was bought on as a result of the earthquake. Operational expenses 1. Locate and review your business interruption policy such as repair costs and rental of temporary premises Your business interruption policy will summarise your and equipment should be recorded in a separate general insurance cover and the nature of the indemnity. ledger account, so they can be easily identified. If your 2. Notify your insurer in a timely manner people are usually required to allocate their time against Ensure you contact your insurer as soon as possible to jobs, we recommend that a unique code be created for start the claim process, obtain a timeframe and receive any tasks associated with clean up duties. further guidance. Revenue lost is any revenue that would definitely 3. Gather relevant information have been earned had the business not suffered the It is important to be aware that your insurance assessor interruption. For example, a hotel may not have been may request information to support your claim. They able to accommodate any guests, however, only those will also normally try to develop an understanding of rooms that would have been let could be claimed against. your business’s operations and how the interruption Booking sheets, quotes, contracts, emails etc should be affected your business. Below is a standard list of retained as they may be required to support these claims. typical documentation that an insurer may request. This 4. Prepare and submit your business interruption claim documentation should cover the period immediately before, during and after the interruption. While a natural disaster is obviously a traumatic • Monthly Profit and Loss Statements experience for everyone involved, it is important that your • Annual Financial Statements business gets its claim documented and filed as soon as • Budgets and Forecasts possible to maximise your recovery. • Monthly Inventory Reports For any questions about preparing your business • Bank Statements interruption claim, please contact Michele Hardy-Jones or • Payroll records Jason Weir. • Tax Returns • PAYE Records • GST Returns • Transaction listings and Invoices Jason Weir +64 (0) 9 303 0966 Your business interruption insurance should stand to put firstname.lastname@example.org you in the same position you would have been, had you not suffered the interruption. As a result any lost revenue or additional expenditure you incurred during this period should be refunded to you. To maximise this recovery a Michele Hardy-Jones timeline of key events should be maintained to document +64 (0) 4 470 3654 the key phases of recovery. In doing so, it is vital that you email@example.com
Fraud policiesWhy you need one and what it should look likeWelcome > As fraud becomes more prevalent in today’s • A statement that all appropriate measures to deter business, having a fraud policy is a critical tool in fraud will be takenBusiness interruption communicating your organisation’s stance and • The formal procedures which employees should followsettlements – processes in respect to fraud and how it will be if a fraud is suspectedSmoothing the process > dealt with. • Notification that all instances of suspected fraud will be investigated and reported to the appropriate authoritiesFraud policies – Why you The why • An unequivocal statement that all fraud offenders willneed one and what it The tone from the top is a key part of any fraud be prosecuted and that the police will be assisted in anyshould look like > prevention and detection strategy. Your people have investigation that is required to know that you take the threat of fraud seriously,Employee fraud – • A statement that all efforts will be made to recover and that you as the CEO and/or Board of Directors willActing on suspicions > wrongfully obtained assets from fraudsters take the strongest possible action against staff and • Encouragement to employees to report any suspicion third parties who commit fraud. A simple, focused andSecurity card access – of fraud easily understood fraud policy is a cost effective wayKeep your doors closed > • The steps to be taken in the event a fraud is discovered of demonstrating your organisation’s commitment to and who is responsible for taking action including: combating fraud and corruption wherever it is found. TheContacts > • procedures staff should follow development of an anti fraud culture is a crucial part of • assigning responsibility for an instant response to your fight against fraud. the occurrence The immediate aftermath of the discovery or allegation • recovering funds of fraud can be a difficult time. A document that sets out • dealing with the media responsibilities and procedures to be followed can be • preserving evidence and reporting to the police invaluable in ensuring the right decisions are made. This The plan, once communicated to all staff and fully is particularly important in relation to the preservation implemented, should be subject to a regular review at of evidence and on how to deal with the individuals the board level. All employees, including part-time and involved. contract, should be aware of the organisation’s policy A fraud policy raises awareness amongst staff that in respect of fraud and the need for vigilance to prevent response plans have been devised, to deal with and fraud. minimise the damage caused by any fraudulent attack. By Whilst detailed transaction analysis and robust systems explicitly defining actions that constitute fraud you ensure and controls are also effective tools in the fight against that all employees and third parties are aware of what is fraud, these can be time consuming and expensive. and is not acceptable. However latest statistics continue to show that a majority The what of frauds are committed by employees who manage to A fraud policy should include these key elements: circumvent or override systems and controls put in place to prevent fraud. • An explicit definition of actions that are deemed to be fraudulent A well drafted fraud policy that is communicated to all • Allocation of responsibilities for the overall employees, contractors and suppliers is an economical management of fraud way of indicating that the fight against fraud is endorsed and supported at the most senior level, and may lessen the risk of your business becoming a victim. If you would like to discuss how to draft a fraud policy specific to your organisation, please contact David Seath or Lorinda Kelly. David Seath Lorinda Kelly +64 (0) 3 474 8659 +64 (0) 4 470 3749 firstname.lastname@example.org email@example.com
Employee fraudActing on suspicionsWelcome > Maybe someone is covering a new role, perhaps What do you know? internal audit has brought something to your Gather all the information you have on the allegation,Business interruption attention, or more likely you’ve just received a suspects and other relevant facts such as employmentsettlements – tip-off. However you become aware of it, the history or events leading up to the allegation.Smoothing the process > possibility that you have an employee fraud to deal What do you need to know? with will plummet you into a whirlwind of decisionsFraud policies – Why you This will be an important factor in determining how about what to do next. Suspicion of fraud is aneed one and what it the investigation proceeds. Do you need to know the sensitive matter and has to be handled delicately.should look like > extent of the potential loss? All the parties involved? The right response will depend on the circumstances, Potential avenues of recovery? Or how the fraud couldEmployee fraud – but the decisions made at the beginning of an have occurred in the first place? Perhaps all of these areActing on suspicions > employee fraud investigation will have a critical impact relevant questions that you want answers to. on achieving a successful outcome. The outcome willSecurity card access – Do you have any known details for the suspects and encompass dealing with employment issues, recovery ofKeep your doors closed > other parties involved? funds and possibly prosecution. Details like phone numbers, addresses, related entities,Contacts > Employment issues should be top priority and car registration, and date of birth can be used by specialist advice sought. If suspension is the most investigators to conduct discrete background checks. appropriate course of action, it should be dealt with How do we secure the potential evidence (paper and the suspension terms be in place before contacting and electronic records)? prosecuting authorities. It can be very expensive if you It’s important to secure any laptops, telephones, USB’s, end up agreeing to your employee being suspended backups, CCTV footage or other potentially relevant for the duration of a police investigation – which may devices. Our team includes Forensic Technology continue for months or possibly years. specialists who you can consult to ensure correct There will be a lot of things that you need to consider, response measures are implemented. however these are some of the first questions you will How can you mitigate the risk of further loss? need to address: You need to prevent further access to the company’s Who is going to manage the investigation internally? records and assets. This could take the form of The best model has one internal person responsible for suspending the employee, removing their physical dealing with the numerous parties who will be involved. access to premises, removing remote computer access This one point of contact in the organisation will need to rights, removing signatory rights, credit cards, fuel cardsLorinda Kelly have access to records, make decisions in a timely manner and other purchase cards.+64 (0) 4 470 3749 and answer questions that arise. This person is usually the Who needs to be informed and what can/do firstname.lastname@example.org CEO, CFO, HR Manager or another senior manager. tell them? You need to remain mindful of the process of natural justice and privacy issues. So your communication strategy should consider what should and can be shared with stakeholders including the Board, management, staff, customers, shareholders and auditors. You should also alert your insurer, and you also need to be alert to the potential involvement of other parties. Use your lawyer to ensure the correct process is followed. Our Forensics team comprises senior forensic accountants, forensic technology experts, data analysts and investigators who have a great depth of experience investigating employee fraud and are available to assist you regardless of circumstance at short notice. If you suspect an employee fraud and require some assistance, or even just someone to talk to about the process you should be following, please contact Lorinda Kelly.
Security card accessKeep your doors closedWelcome > Would you let a stranger into your company? It usually won’t be identified until a security incident Would you let them walk around the office occurs. In some cases the victim may never know.Business interruption unattended? Would you let them help them selfsettlements – What is RFID? to anything they want? The obvious answersSmoothing the process > RFID technology is increasingly being used to identify are ‘No’. However, you may have let this happen people and property. The technology is often without realising it.Fraud policies – Why you embedded in smart cards that are used to access publicneed one and what it Consider this transportation systems, to open doors in corporate andshould look like > You use your access card to call an elevator. The door government buildings and in some countries it’s being opens, there are many people in the elevator and you implemented into passports.Employee fraud – get in. The elevator is quite full so people are close toActing on suspicions > A live demonstration here in New Zealand showed how one another. You notice a man with a laptop bag strung an access card can be read and the captured data then over his shoulder standing next to you. You reach yourSecurity card access – written to a blank card all within seconds. These readers floor and go to work.Keep your doors closed > can possess an effective scanning range of up to 30 A week later the building manager and security contact centimetres. They contain onboard memory to storeContacts > you. There has been an investigation launched and they card information for later use, and are small enough to enquire why you were at work late on Saturday night. be concealed in laptop bags. They also mention that company property has gone How is RFID card ‘skimming’ being dealt with missing around that time. You explain that you were at overseas? home with your family. They claim that your access card In 2008, California’s Governor Arnold Schwarzenegger was used to access the building after hours on Saturday signed legislation into law that makes it illegal to when the property was taken. You tell them you have surreptitiously read someone else’s radio frequency had your access card all the time and they accuse you of identification card. There are currently no specific laws in giving it to someone who has accessed the building. New Zealand making secretly reading RFID cards illegal. Although instances of RFID card skimming are becoming increasingly common overseas, it has also occurred hereAlthough instances of RFID card in New Zealand where an access card was scanned,skimming are becoming increasingly duplicated and used to gain access to a secure area. How do I protect my RFID card from being scanned?common overseas, it has also occurred The best method is to place your card into a RFID shield. Ahere in New Zealand. RFID shield is a protective sleeve that prevents anyone from reading private information stored on your RFID cards. Other measures are to keep it out of site. If the culprit can’t see your card he won’t know where it is and What has happened here? won’t be able to scan it. Some people have their cards It’s most likely that your access card has been on a lanyard around their neck. It would look suspicious compromised. Remember the person in the elevator if the culprit lifted his laptop bag and tried to get it close with the laptop bag? He may have had a radio to your chest to read your card. frequency identification card (RFID) reader in his laptop bag. If your access card is clipped to your belt and hangs Final thoughts down in plain view, the culprit could move his laptop In times where RFID key access to the work place and bag close to your card and as quick as you can say secure areas is becoming the norm, people need to “fourth floor please”, your access card has been read. be aware of how easy it is to have their ‘electronic The perpetrator now has that information stored on his key’ copied. We are seeing that the ease of use far reading device. There would be no suspicion raised as outweighs the security of these technologies. Security is people are often close together in elevators, particularly ultimately in the ‘card holders’ hands, so remember to when the elevator is full. be vigilant and keep your access card out of view from the cunning “skimmer”.Jon Pearse When someone has their RFID card scanned, the victim+64 (0) 9 303 0838 may not know their card has been compromised and For more information on protecting your RFID email@example.com it may be weeks, months or years before they know. cards please contact Jon Pearse.