Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Upcoming SlideShare
Loading in...5
×
 

Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture

on

  • 5,191 views

 

Statistics

Views

Total Views
5,191
Views on SlideShare
5,185
Embed Views
6

Actions

Likes
0
Downloads
137
Comments
2

1 Embed 6

http://www.slideshare.net 6

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Lot of information is there. Presentation is good and people should aware of scam or fraud. Thanks http://www.nigerianspam.com/scam-baiting/
    Are you sure you want to
    Your message goes here
    Processing…
  • Great Presentation. You're extremely right. Fraud Risks . We've started to notice these types of scam on the site. http://www.nigerianspam.com/internet-scams-articles.html
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture Presentation Transcript

  • EMPLOYEES AND FRAUD RISKS CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
  • Contents:
    • Case Study
    • Formula for Risk in CNI
    • Defining Risk Mitigation
    • Reducing Fraud risk Probabilities
    • Decreasing the Impact
    • Successful Risk Management programs
    • Researchable fraud areas
  • This was what happened…
    • Fraud Case Studies:
    • Lost Tickets
    • Over claims
    • Undercutting
    • F/L-Leader pact
    • Swiss cash
    View slide
  • Intro and Background Different Business, Different Frauds View slide
  • Intro: CNI
    • 18 years old
    • Core Business: MLM
    • Others: Contract Manufacturing, Export/Trading, eCommerce
    • Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan
    • Staff force: ± 500
    • Distributors: 250,000
    • Products: Consumer Goods and Services
  • Intro: CNI
  • Intro: CNI
    • CNI’s Business Model background
    Factory CNIE DC SP Leaders Customers
  • A. Risk Mitigation in CNI No Business, No Risks.
  • No Business, No Risks.
    • Ironically, our success is the cause of risk
    • More success, more money, more fraud
    • Easiest way to reduce fraud is to reduce business
    • Don’t laugh. This is what most FAC and HR people do, unintentionally
  • Fraud Risk Mitigation? (1/2)
    • We follow standard Fraud definitions:
    • What is Fraud?
    • Someone is Lying
    • Someone is Benefiting
    • Both Conditions must be met in order to be considered Fraud.
  • Fraud Risk Mitigation? (2/2)
    • We follow standard Fraud definitions:
    • Risk = Likelihood x Impact
    • Risk Mitigation =
    • ↓ Likelihood, or
    • ↓ Impact
  • Def: “Likelihood” 5% likely to happen, hasn’t occurred within last 5 years 1. Very Low 20% likely to happen, has occurred within last 5 years 2. Low 50% likely to happen, has occurred within last 24 months 3. Medium 75% likely to happen, has occurred within last 12 months 4. High 99% likely to happen, has occurred within last 12 months 5. Very high Definition Likelihood
  • Def: “Impact” 0-4K 0-2K 0-5K 0-10K 1. Insignificant 5K-20K 3K-10K 6K-25K 11K-100K 2. Minor 21K-40K 11K-20K 26K-50K 101K-500K 3. Moderate 41K-60K 21K-30K 51K-100K 501K-1M 4. Serious >60K >30K >100K >1.0M 5. Very Serious Sub C Sub C Sub B Sub A Impact
  • CNI Risk Categories
    • Four Categories of Risk in CNI:
    • Operational Risk
    • Compliance Risk
    • Financial Risk
    • Strategic Risk
  • How CNI Implemented Risk Management
    • Concept for BOD Approval (please refer to slides Risk and Crisis Management - CNI BOD presentation v3.ppt )
    • Implementation Plan (please refer to slides FRAMEWORK PRESENTATION.ppt )
  • Examples of CNI Risks and Calculations
    • Please refer to Handouts
  • Examples of Fraud Mitigation Actions: Fraud Risks
  • Where are the Fraud Risks?
    • Industry
    Management Staff Frontline Suppliers/Vendors Retail Front
  • Industry Risks
    • Get-Rich-Quick Schemes (Skim Cepat Kaya)
    • Direct Selling myths
    • Bad Hats
    • Imposters
    • Products on Shelves
    These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations
  • Real Fraud, Real Risks
    • DC Fraud
    • Staff Fraud
    • Management Fraud
    • Distributor
    • DC Assistant
    • SP
    • Payroll
    • Undercutting
    • Purchasing
    • Credit Card
    • Ghost Staff
    • Ghost Distributor
    • Financial Reporting
    • Theft
    • F/L
    • eCommerce
    • Tickets
    • Share manipulation
  • B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
  • Fraud Root Causes
    • Policy problem
    • People problem
    • Unavoidable problem
  • Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person
  • Alignment: Framework
    • Org Structure
    • Job Design – C.Fraud.O.
    • Policies & procedures
    • Governance, Internal Controls
    • Management Systems, SOPs
    • Central
    • Special Task Force
    • Internal Audit, Surprise Audit, Regular Audit (Surveillance)
    • Levels of Authority, Power Balancing*
    Structure
  • *Power Balancing
    • Propose
    • Approve
    • Execute
    • Monitor
    BOD Set 1 BOD Set 2 Approval/Verification
  • Alignment: Framework
    • Tools
    • ICT Systems
    • Rules detection
    • Whistle Blower
    • PED
    • Profiling/Assessment Tools
    • Budget for Investigation, Litigation
    Resources
  • Strategy: Framework
    • PED
    • Involuntary Role Modeling
    • Personal accountability and Commitment
    • 10 Ants Values
    • Watch out: Current people promoted to Key Positions
    • Promotional criteria
    Leadership
  • Alignment: Framework
    • New Employee Background checks
    • Willingness to Punish
    • Root Cause Analysis (Mager & Pipe)
    • Rotation
    • PED
    • Fraud Detection & Analysis Competency
    • High Risk Jobs
    • IT breaches through Frontline
    Person
  • The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
    • PED
  • Possible General Root Causes for Fraud
    • "Everyone does it."
    • "It was small potatoes."
    • "They had it coming." – the revenge syndrome
    • "I had it coming." – the equity syndrome
  • GENERAL STRATEGIES AND POLICIES
    • B1. Classification of Behaviors
      • B1.1 Disrespectful Workplace Behavior
      • B1.2 Progressive Discipline
      • B1.3 Zero Tolerance
  • GENERAL STRATEGIES AND POLICIES
    • B2. Recruitment and Selection
    • B3. Exit
    • B4. Employee Assistance Program
    • B5. Anonymous Hotline
    • B6. Communication and Feedback
    • B7. Training and Education
    • B8. Formal Complaint and Grievance
  • GENERAL STRATEGIES AND POLICIES
    • B9 Leadership
      • 1. Leaders act as role models whether consciously or unconsciously
      • 2. Leaders determine the working environment
  • GENERAL STRATEGIES AND POLICIES
    • B9 Leadership
      • 1. Educate
      • 2. Involve
      • 3. Teach
      • 4. Eliminate
  • SPECIFIC STRATEGIES AND POLICIES
    • C1. Theft and Fraud – Root Causes
      • Profile: 68.6% - no prior criminal record, Aged 26-40 years old, Annual income between RM15k-RM30k, 2-5 yrs of service
      • Struggling financially or large purchases
        • difficult time in their lives
        • gets out of hand
      • Merger and acquisition or reorganization activity.
        • ‘ I don’t have a career here’ attitude.
  • SPECIFIC STRATEGIES AND POLICIES
    • C1. Theft and Fraud - Prevention
      • Background checks
      • Duties segregated
      • Anonymous hotline
      • Share the wealth
      • Communicate successes
      • Make a big noise when discovered
      • Video surveillance equipment
  • SPECIFIC STRATEGIES AND POLICIES
    • C2. Violation of confidentiality or security of company information - Prevention
      • a. ICT Security Policies*
      • b. Ownership of Intellectual Property
      • c. Inside Information and Trading of CNI shares
  • *ICT Security and Fraud (1/3)
    • Biggest ICT risks to CNI
    • Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information
    • Backup - including Storage of critical and non-critical information and Disaster Recovery
    • Continuity – Availability of systems and information at a 24x7x365 standard
  • *ICT Security and Fraud (2/3)
    • The following are threats faced by CNI from ‘inside’ the company:
    • Current Employees,
    • On-site Contractors,
    • Former Employees,
    • Vendors/Suppliers,
    • Strategic Partners, and
    • OEMs
  • *ICT Security and Fraud (3/3)
    • Web browsing and Internet Access
    • Username and passwords
    • Instant Messaging
    • E-Mail
    • File access permissions
    • Backups
    • Crisis management, Disaster recovery and Business Continuity
    • Physical
    • PCs and laptops
    • Remote access
    • Servers, routers, and switches
    • Internet / external network
    • Wireless
    • PDA and cell phone
    • Documentation and change management
    ICT Security, Backup, and Continuity Strategies 2005-2008:
  • C. Decreasing the Impact We failed. Now what?
  • Why Impact?
    • Escaped prevention
      • Policy or Procedure
      • Performance
    • Cannot reduce likelihood - unavoidable
  • Levels of Impact (Fraud)
    • small impact
    • BIG impact
    • Tangible
      • Monetary Loss (>1,000,000) inc. capital, share price
      • Locality
    • Intangible
      • Reputation, Image
      • Competitiveness
      • Consumer confidence
  • small Impact
    • Escaped prevention
      • Policy or Procedure
      • Performance
    • Cannot reduce likelihood - unavoidable
    • CAR/PAR
    • Mager & Pipe
    • Study Trends
    • PAR
  • Real Fraud, Real Risks
    • DC Fraud
    • Staff Fraud
    • Management Fraud
    • Distributor
    • DC Assistant
    • SP
    • Payroll
    • Undercutting
    • Purchasing
    • Credit Card
    • Ghost Staff
    • Ghost Distributor
    • Financial Reporting
    • Theft
    • F/L
    • eCommerce
    • Tickets
    • Share manipulation
  • Real Fraud, Real Risks
    • DC Fraud
    • Staff Fraud
    • Management Fraud
    • Distributor
    • DC Assistant
    • SP
    • Payroll
    • Undercutting
    • Purchasing
    • Credit Card
    • Ghost Staff
    • Ghost Distributor
    • Financial Reporting
    • Theft
    • F/L
    • eCommerce
    • Tickets
    • Share manipulation
  • Investigation: Principles
    • Preserve Evidence = documents, computers, laptops, voicemails, emails, phone logs, security camera tapes etc.
    • Focused on Facts
    • Avoid (or try to avoid) legal exposure e.g. defamation, unlawful dismissal etc.
    • Verdict/Punishment only after investigation is complete and results obtained
    • Precedence
    • Limit number of people
    • Involve Professionals/Third Party whenever possible
  • Investigation: Process 5. Public Disclosure 6. CAR/PAR 4. Management Decision External Legal 2. Investigating Office (I/O) External P.I. 1. Case Tip Off 3. Internal Inquiry Independent Panel
  • BIG Impact
    • Crisis Management Plan
    • Crisis Communications Plan
  • Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function
  • Crisis Communication Plan
    • Crisis Communication Team (to determine small or BIG for communications purposes)
    • Crisis Media Plan
      • Media Management
      • Media Centre
      • Crisis Spokesperson & Interview
      • Press Release
    • No case study from CNI on Crisis Communications arising from Fraud
    • Not yet happened (fingers crossed)
  • D. Tracking and Reporting
    • “ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit"
    • Norman Augustine
    • CEO & Chairman, Lockheed Martin
  • Tracking: Who? How?
    • Centralized monitoring: trends, patterns, flag unusual, symptoms
    • Regular reporting
    • BSC, KPI and PMS embedded
    • RWC – RMC
    • Industry comparison
    • IAD, MSD, RD, SDD
  • E. New Fraud Risks We need help.
  • New Fraud Opportunities: CNI
    • Change in Business Model: Inexperienced
    • eCommerce
    • Partner Merchants
    • Franchise
    • Conventional retail
    • M&A Targets
  • eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/Stolen Credit Cards eCom Frauds?
  • Latest Fraud topics: General
    • Whistle Blowing compensation: tied to $$ amount of fraud exposed
    • New US law -> Not allowed to sue Accountants, Auditors, Lawyers. What implications?
    • Credit Crunch = Tighter Cash Flow = More desperate people = more Fraud?
    • Sub-prime crisis + Société Générale = Transparency, Disclosure, Relationship Transparency
  • Fraud: Research Options?
    • Profile of a Fraudster in Malaysia
    • New Fraud Risks in the 21 st century business environment
    • Internet, eCommerce, and ICT related Fraud risks and prevention
    • Company Culture and its influence on Fraud Risks
    • HR practices that can decrease Fraud in a company
  • Risk Management: Research Options?
    • New Strategic Risks faced by businesses
    • Embedding Risk Management into Strategic Planning
    • New Risks in the 21 st century business environment
    • Risk Management in Small and Medium sized companies in Malaysia
    • The role of Risk Management in Mergers & Acquisitions
  • End Points
  • Dangers of Direct Incentives
    • lessen internal motivation,
    • switch to mercenary mode,
    • do something and do not do something else,
    • easier for competitors to recruit,
    • lessen teamwork & helpful culture,
    • less and less impact for same value,
    • mockery of base salary and employment contract,
    • rebellion from non-incentivised staff,
    • end up incentivising everyone for everything?,
    • bribe and fraud culture,
  • Mistakes and Lessons Learned
    • Price to Pay for Fraud/Risk Mitigation => Business Flexibility
    • Control vs. Growth
    • Rules vs. Humanity/Motivation
    • Not tackling the root cause i.e. Motive + Opportunity i.e. Humans
    • Focus on FAC vs. Sales/Marketing => who has control?
    • Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD
  • In the end…
    • Great Wall of China
      • humans are the weakest link
      • bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc;
      • bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication
  • Thank You. soft copy of slides: www.totallyunrelatedrandomanddebatable.blogspot.com