EMPLOYEES AND FRAUD RISKS CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
Contents: <ul><li>Case Study </li></ul><ul><li>Formula for Risk in CNI </li></ul><ul><li>Defining Risk Mitigation </li></u...
This was what happened… <ul><li>Fraud Case Studies: </li></ul><ul><li>Lost Tickets </li></ul><ul><li>Over claims </li></ul...
Intro and Background Different Business, Different Frauds
Intro: CNI <ul><li>18 years old </li></ul><ul><li>Core Business: MLM </li></ul><ul><li>Others: Contract Manufacturing, Exp...
Intro: CNI
Intro: CNI <ul><li>CNI’s Business Model background </li></ul>Factory CNIE DC SP Leaders Customers
A. Risk Mitigation in CNI No Business, No Risks.
No Business, No Risks. <ul><li>Ironically, our success is the cause of risk </li></ul><ul><li>More success, more money, mo...
Fraud Risk Mitigation? (1/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>What is Fraud? </li></ul><ul>...
Fraud Risk Mitigation? (2/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>Risk = Likelihood x Impact </...
Def: “Likelihood” 5% likely to happen, hasn’t occurred within last 5 years 1. Very Low 20% likely to happen, has occurred ...
Def: “Impact” 0-4K 0-2K 0-5K 0-10K 1. Insignificant 5K-20K 3K-10K 6K-25K 11K-100K 2. Minor 21K-40K 11K-20K 26K-50K 101K-50...
CNI Risk Categories <ul><li>Four Categories of Risk in CNI: </li></ul><ul><li>Operational Risk </li></ul><ul><li>Complianc...
How CNI Implemented Risk Management <ul><li>Concept for BOD Approval (please refer to slides  Risk and Crisis Management -...
Examples of CNI Risks and Calculations <ul><li>Please refer to Handouts </li></ul>
Examples of Fraud Mitigation Actions: Fraud Risks
Where are the Fraud Risks? <ul><li>Industry </li></ul>Management Staff Frontline Suppliers/Vendors Retail Front
Industry Risks <ul><li>Get-Rich-Quick Schemes (Skim Cepat Kaya) </li></ul><ul><li>Direct Selling myths </li></ul><ul><li>B...
Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li...
B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
Fraud Root Causes <ul><li>Policy problem </li></ul><ul><li>People problem </li></ul><ul><li>Unavoidable problem </li></ul>
Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person
Alignment: Framework <ul><li>Org Structure </li></ul><ul><li>Job Design – C.Fraud.O. </li></ul><ul><li>Policies & procedur...
*Power Balancing <ul><li>Propose </li></ul><ul><li>Approve </li></ul><ul><li>Execute </li></ul><ul><li>Monitor </li></ul>B...
Alignment: Framework <ul><li>Tools </li></ul><ul><li>ICT Systems </li></ul><ul><li>Rules detection </li></ul><ul><li>Whist...
Strategy: Framework <ul><li>PED </li></ul><ul><li>Involuntary Role Modeling </li></ul><ul><li>Personal accountability and ...
Alignment: Framework <ul><li>New Employee Background checks </li></ul><ul><li>Willingness to Punish </li></ul><ul><li>Root...
The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
<ul><li>PED </li></ul>
Possible General Root Causes for Fraud <ul><li>&quot;Everyone does it.&quot; </li></ul><ul><li>&quot;It was small potatoes...
GENERAL STRATEGIES AND POLICIES <ul><li>B1.  Classification of Behaviors </li></ul><ul><ul><li>B1.1 Disrespectful Workplac...
GENERAL STRATEGIES AND POLICIES <ul><li>B2. Recruitment and Selection </li></ul><ul><li>B3. Exit </li></ul><ul><li>B4. Emp...
GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Leaders act as  role models  whether consci...
GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Educate </li></ul></ul><ul><ul><li>2. Invol...
SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud – Root Causes </li></ul><ul><ul><li>Profile: 68.6%  - no prio...
SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud - Prevention </li></ul><ul><ul><li>Background checks </li></u...
SPECIFIC STRATEGIES AND POLICIES <ul><li>C2. Violation of confidentiality or security of company information - Prevention ...
*ICT Security and Fraud (1/3) <ul><li>Biggest ICT risks to CNI </li></ul><ul><li>Security – All matters relating to the ‘c...
*ICT Security and Fraud (2/3) <ul><li>The following are threats faced by CNI from ‘inside’ the company:  </li></ul><ul><li...
*ICT Security and Fraud (3/3) <ul><li>Web browsing and Internet Access </li></ul><ul><li>Username and passwords   </li></u...
C. Decreasing the Impact We failed. Now what?
Why Impact? <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance </...
Levels of Impact (Fraud) <ul><li>small impact </li></ul><ul><li>BIG impact </li></ul><ul><li>Tangible </li></ul><ul><ul><l...
small Impact <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance <...
Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li...
Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li...
Investigation: Principles <ul><li>Preserve Evidence = documents, computers, laptops, voicemails, emails, phone logs, secur...
Investigation: Process 5. Public Disclosure 6. CAR/PAR 4. Management Decision External  Legal 2. Investigating Office (I/O...
BIG Impact <ul><li>Crisis Management Plan </li></ul><ul><li>Crisis Communications Plan </li></ul>
Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning Afte...
Crisis Communication Plan <ul><li>Crisis Communication Team (to determine small or BIG for communications purposes) </li><...
<ul><li>No case study from CNI on Crisis Communications arising from  Fraud </li></ul><ul><li>Not yet happened (fingers cr...
D. Tracking and Reporting
<ul><li>“ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbi...
Tracking: Who? How? <ul><li>Centralized monitoring: trends, patterns, flag unusual, symptoms </li></ul><ul><li>Regular rep...
E. New Fraud Risks We need help.
New Fraud Opportunities: CNI <ul><li>Change in Business Model: Inexperienced </li></ul><ul><li>eCommerce </li></ul><ul><li...
eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/Stolen  Credit Cards eCom  Frauds?
Latest Fraud topics: General <ul><li>Whistle Blowing compensation: tied to $$ amount of fraud exposed </li></ul><ul><li>Ne...
Fraud: Research Options? <ul><li>Profile of a Fraudster in Malaysia </li></ul><ul><li>New Fraud Risks in the 21 st  centur...
Risk Management: Research Options? <ul><li>New Strategic Risks faced by businesses </li></ul><ul><li>Embedding Risk Manage...
End Points
Dangers of Direct Incentives <ul><li>lessen internal motivation,  </li></ul><ul><li>switch to mercenary mode,  </li></ul><...
Mistakes and Lessons Learned <ul><li>Price to Pay for Fraud/Risk Mitigation => Business Flexibility </li></ul><ul><li>Cont...
In the end… <ul><li>Great Wall of China </li></ul><ul><ul><li>humans are the weakest link </li></ul></ul><ul><ul><li>bad t...
Thank You. soft copy of slides:   www.totallyunrelatedrandomanddebatable.blogspot.com
Upcoming SlideShare
Loading in …5
×

Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture

3,313 views
3,236 views

Published on

Published in: Business
2 Comments
0 Likes
Statistics
Notes
  • Lot of information is there. Presentation is good and people should aware of scam or fraud. Thanks http://www.nigerianspam.com/scam-baiting/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Great Presentation. You're extremely right. Fraud Risks . We've started to notice these types of scam on the site. http://www.nigerianspam.com/internet-scams-articles.html
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
3,313
On SlideShare
0
From Embeds
0
Number of Embeds
31
Actions
Shares
0
Downloads
152
Comments
2
Likes
0
Embeds 0
No embeds

No notes for slide
  • Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture

    1. 1. EMPLOYEES AND FRAUD RISKS CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
    2. 2. Contents: <ul><li>Case Study </li></ul><ul><li>Formula for Risk in CNI </li></ul><ul><li>Defining Risk Mitigation </li></ul><ul><li>Reducing Fraud risk Probabilities </li></ul><ul><li>Decreasing the Impact </li></ul><ul><li>Successful Risk Management programs </li></ul><ul><li>Researchable fraud areas </li></ul>
    3. 3. This was what happened… <ul><li>Fraud Case Studies: </li></ul><ul><li>Lost Tickets </li></ul><ul><li>Over claims </li></ul><ul><li>Undercutting </li></ul><ul><li>F/L-Leader pact </li></ul><ul><li>Swiss cash </li></ul>
    4. 4. Intro and Background Different Business, Different Frauds
    5. 5. Intro: CNI <ul><li>18 years old </li></ul><ul><li>Core Business: MLM </li></ul><ul><li>Others: Contract Manufacturing, Export/Trading, eCommerce </li></ul><ul><li>Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan </li></ul><ul><li>Staff force: ± 500 </li></ul><ul><li>Distributors: 250,000 </li></ul><ul><li>Products: Consumer Goods and Services </li></ul>
    6. 6. Intro: CNI
    7. 7. Intro: CNI <ul><li>CNI’s Business Model background </li></ul>Factory CNIE DC SP Leaders Customers
    8. 8. A. Risk Mitigation in CNI No Business, No Risks.
    9. 9. No Business, No Risks. <ul><li>Ironically, our success is the cause of risk </li></ul><ul><li>More success, more money, more fraud </li></ul><ul><li>Easiest way to reduce fraud is to reduce business </li></ul><ul><li>Don’t laugh. This is what most FAC and HR people do, unintentionally </li></ul>
    10. 10. Fraud Risk Mitigation? (1/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>What is Fraud? </li></ul><ul><li>Someone is Lying </li></ul><ul><li>Someone is Benefiting </li></ul><ul><li>Both Conditions must be met in order to be considered Fraud. </li></ul>
    11. 11. Fraud Risk Mitigation? (2/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>Risk = Likelihood x Impact </li></ul><ul><li>Risk Mitigation = </li></ul><ul><li>↓ Likelihood, or </li></ul><ul><li>↓ Impact </li></ul>
    12. 12. Def: “Likelihood” 5% likely to happen, hasn’t occurred within last 5 years 1. Very Low 20% likely to happen, has occurred within last 5 years 2. Low 50% likely to happen, has occurred within last 24 months 3. Medium 75% likely to happen, has occurred within last 12 months 4. High 99% likely to happen, has occurred within last 12 months 5. Very high Definition Likelihood
    13. 13. Def: “Impact” 0-4K 0-2K 0-5K 0-10K 1. Insignificant 5K-20K 3K-10K 6K-25K 11K-100K 2. Minor 21K-40K 11K-20K 26K-50K 101K-500K 3. Moderate 41K-60K 21K-30K 51K-100K 501K-1M 4. Serious >60K >30K >100K >1.0M 5. Very Serious Sub C Sub C Sub B Sub A Impact
    14. 14. CNI Risk Categories <ul><li>Four Categories of Risk in CNI: </li></ul><ul><li>Operational Risk </li></ul><ul><li>Compliance Risk </li></ul><ul><li>Financial Risk </li></ul><ul><li>Strategic Risk </li></ul>
    15. 15. How CNI Implemented Risk Management <ul><li>Concept for BOD Approval (please refer to slides Risk and Crisis Management - CNI BOD presentation v3.ppt ) </li></ul><ul><li>Implementation Plan (please refer to slides FRAMEWORK PRESENTATION.ppt ) </li></ul>
    16. 16. Examples of CNI Risks and Calculations <ul><li>Please refer to Handouts </li></ul>
    17. 17. Examples of Fraud Mitigation Actions: Fraud Risks
    18. 18. Where are the Fraud Risks? <ul><li>Industry </li></ul>Management Staff Frontline Suppliers/Vendors Retail Front
    19. 19. Industry Risks <ul><li>Get-Rich-Quick Schemes (Skim Cepat Kaya) </li></ul><ul><li>Direct Selling myths </li></ul><ul><li>Bad Hats </li></ul><ul><li>Imposters </li></ul><ul><li>Products on Shelves </li></ul>These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations
    20. 20. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    21. 21. B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
    22. 22. Fraud Root Causes <ul><li>Policy problem </li></ul><ul><li>People problem </li></ul><ul><li>Unavoidable problem </li></ul>
    23. 23. Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person
    24. 24. Alignment: Framework <ul><li>Org Structure </li></ul><ul><li>Job Design – C.Fraud.O. </li></ul><ul><li>Policies & procedures </li></ul><ul><li>Governance, Internal Controls </li></ul><ul><li>Management Systems, SOPs </li></ul><ul><li>Central </li></ul><ul><li>Special Task Force </li></ul><ul><li>Internal Audit, Surprise Audit, Regular Audit (Surveillance) </li></ul><ul><li>Levels of Authority, Power Balancing* </li></ul>Structure
    25. 25. *Power Balancing <ul><li>Propose </li></ul><ul><li>Approve </li></ul><ul><li>Execute </li></ul><ul><li>Monitor </li></ul>BOD Set 1 BOD Set 2 Approval/Verification
    26. 26. Alignment: Framework <ul><li>Tools </li></ul><ul><li>ICT Systems </li></ul><ul><li>Rules detection </li></ul><ul><li>Whistle Blower </li></ul><ul><li>PED </li></ul><ul><li>Profiling/Assessment Tools </li></ul><ul><li>Budget for Investigation, Litigation </li></ul>Resources
    27. 27. Strategy: Framework <ul><li>PED </li></ul><ul><li>Involuntary Role Modeling </li></ul><ul><li>Personal accountability and Commitment </li></ul><ul><li>10 Ants Values </li></ul><ul><li>Watch out: Current people promoted to Key Positions </li></ul><ul><li>Promotional criteria </li></ul>Leadership
    28. 28. Alignment: Framework <ul><li>New Employee Background checks </li></ul><ul><li>Willingness to Punish </li></ul><ul><li>Root Cause Analysis (Mager & Pipe) </li></ul><ul><li>Rotation </li></ul><ul><li>PED </li></ul><ul><li>Fraud Detection & Analysis Competency </li></ul><ul><li>High Risk Jobs </li></ul><ul><li>IT breaches through Frontline </li></ul>Person
    29. 29. The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
    30. 30. <ul><li>PED </li></ul>
    31. 31. Possible General Root Causes for Fraud <ul><li>&quot;Everyone does it.&quot; </li></ul><ul><li>&quot;It was small potatoes.&quot; </li></ul><ul><li>&quot;They had it coming.&quot; – the revenge syndrome </li></ul><ul><li>&quot;I had it coming.&quot; – the equity syndrome </li></ul>
    32. 32. GENERAL STRATEGIES AND POLICIES <ul><li>B1. Classification of Behaviors </li></ul><ul><ul><li>B1.1 Disrespectful Workplace Behavior </li></ul></ul><ul><ul><li>B1.2 Progressive Discipline </li></ul></ul><ul><ul><li>B1.3 Zero Tolerance </li></ul></ul>
    33. 33. GENERAL STRATEGIES AND POLICIES <ul><li>B2. Recruitment and Selection </li></ul><ul><li>B3. Exit </li></ul><ul><li>B4. Employee Assistance Program </li></ul><ul><li>B5. Anonymous Hotline </li></ul><ul><li>B6. Communication and Feedback </li></ul><ul><li>B7. Training and Education </li></ul><ul><li>B8. Formal Complaint and Grievance </li></ul>
    34. 34. GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Leaders act as role models whether consciously or unconsciously </li></ul></ul><ul><ul><li>2. Leaders determine the working environment </li></ul></ul>
    35. 35. GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Educate </li></ul></ul><ul><ul><li>2. Involve </li></ul></ul><ul><ul><li>3. Teach </li></ul></ul><ul><ul><li>4. Eliminate </li></ul></ul>
    36. 36. SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud – Root Causes </li></ul><ul><ul><li>Profile: 68.6% - no prior criminal record, Aged 26-40 years old, Annual income between RM15k-RM30k, 2-5 yrs of service </li></ul></ul><ul><ul><li>Struggling financially or large purchases </li></ul></ul><ul><ul><ul><li>difficult time in their lives </li></ul></ul></ul><ul><ul><ul><li>gets out of hand </li></ul></ul></ul><ul><ul><li>Merger and acquisition or reorganization activity. </li></ul></ul><ul><ul><ul><li>‘ I don’t have a career here’ attitude. </li></ul></ul></ul>
    37. 37. SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud - Prevention </li></ul><ul><ul><li>Background checks </li></ul></ul><ul><ul><li>Duties segregated </li></ul></ul><ul><ul><li>Anonymous hotline </li></ul></ul><ul><ul><li>Share the wealth </li></ul></ul><ul><ul><li>Communicate successes </li></ul></ul><ul><ul><li>Make a big noise when discovered </li></ul></ul><ul><ul><li>Video surveillance equipment </li></ul></ul>
    38. 38. SPECIFIC STRATEGIES AND POLICIES <ul><li>C2. Violation of confidentiality or security of company information - Prevention </li></ul><ul><ul><li>a. ICT Security Policies* </li></ul></ul><ul><ul><li>b. Ownership of Intellectual Property </li></ul></ul><ul><ul><li>c. Inside Information and Trading of CNI shares </li></ul></ul>
    39. 39. *ICT Security and Fraud (1/3) <ul><li>Biggest ICT risks to CNI </li></ul><ul><li>Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information </li></ul><ul><li>Backup - including Storage of critical and non-critical information and Disaster Recovery </li></ul><ul><li>Continuity – Availability of systems and information at a 24x7x365 standard </li></ul>
    40. 40. *ICT Security and Fraud (2/3) <ul><li>The following are threats faced by CNI from ‘inside’ the company: </li></ul><ul><li>Current Employees, </li></ul><ul><li>On-site Contractors, </li></ul><ul><li>Former Employees, </li></ul><ul><li>Vendors/Suppliers, </li></ul><ul><li>Strategic Partners, and </li></ul><ul><li>OEMs </li></ul>
    41. 41. *ICT Security and Fraud (3/3) <ul><li>Web browsing and Internet Access </li></ul><ul><li>Username and passwords </li></ul><ul><li>Instant Messaging </li></ul><ul><li>E-Mail </li></ul><ul><li>File access permissions </li></ul><ul><li>Backups </li></ul><ul><li>Crisis management, Disaster recovery and Business Continuity </li></ul><ul><li>Physical </li></ul><ul><li>PCs and laptops </li></ul><ul><li>Remote access </li></ul><ul><li>Servers, routers, and switches </li></ul><ul><li>Internet / external network </li></ul><ul><li>Wireless </li></ul><ul><li>PDA and cell phone </li></ul><ul><li>Documentation and change management </li></ul>ICT Security, Backup, and Continuity Strategies 2005-2008:
    42. 42. C. Decreasing the Impact We failed. Now what?
    43. 43. Why Impact? <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance </li></ul></ul><ul><li>Cannot reduce likelihood - unavoidable </li></ul>
    44. 44. Levels of Impact (Fraud) <ul><li>small impact </li></ul><ul><li>BIG impact </li></ul><ul><li>Tangible </li></ul><ul><ul><li>Monetary Loss (>1,000,000) inc. capital, share price </li></ul></ul><ul><ul><li>Locality </li></ul></ul><ul><li>Intangible </li></ul><ul><ul><li>Reputation, Image </li></ul></ul><ul><ul><li>Competitiveness </li></ul></ul><ul><ul><li>Consumer confidence </li></ul></ul>
    45. 45. small Impact <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance </li></ul></ul><ul><li>Cannot reduce likelihood - unavoidable </li></ul><ul><li>CAR/PAR </li></ul><ul><li>Mager & Pipe </li></ul><ul><li>Study Trends </li></ul><ul><li>PAR </li></ul>
    46. 46. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    47. 47. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    48. 48. Investigation: Principles <ul><li>Preserve Evidence = documents, computers, laptops, voicemails, emails, phone logs, security camera tapes etc. </li></ul><ul><li>Focused on Facts </li></ul><ul><li>Avoid (or try to avoid) legal exposure e.g. defamation, unlawful dismissal etc. </li></ul><ul><li>Verdict/Punishment only after investigation is complete and results obtained </li></ul><ul><li>Precedence </li></ul><ul><li>Limit number of people </li></ul><ul><li>Involve Professionals/Third Party whenever possible </li></ul>
    49. 49. Investigation: Process 5. Public Disclosure 6. CAR/PAR 4. Management Decision External Legal 2. Investigating Office (I/O) External P.I. 1. Case Tip Off 3. Internal Inquiry Independent Panel
    50. 50. BIG Impact <ul><li>Crisis Management Plan </li></ul><ul><li>Crisis Communications Plan </li></ul>
    51. 51. Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function
    52. 52. Crisis Communication Plan <ul><li>Crisis Communication Team (to determine small or BIG for communications purposes) </li></ul><ul><li>Crisis Media Plan </li></ul><ul><ul><li>Media Management </li></ul></ul><ul><ul><li>Media Centre </li></ul></ul><ul><ul><li>Crisis Spokesperson & Interview </li></ul></ul><ul><ul><li>Press Release </li></ul></ul>
    53. 53. <ul><li>No case study from CNI on Crisis Communications arising from Fraud </li></ul><ul><li>Not yet happened (fingers crossed) </li></ul>
    54. 54. D. Tracking and Reporting
    55. 55. <ul><li>“ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit&quot; </li></ul><ul><li>Norman Augustine </li></ul><ul><li>CEO & Chairman, Lockheed Martin </li></ul>
    56. 56. Tracking: Who? How? <ul><li>Centralized monitoring: trends, patterns, flag unusual, symptoms </li></ul><ul><li>Regular reporting </li></ul><ul><li>BSC, KPI and PMS embedded </li></ul><ul><li>RWC – RMC </li></ul><ul><li>Industry comparison </li></ul><ul><li>IAD, MSD, RD, SDD </li></ul>
    57. 57. E. New Fraud Risks We need help.
    58. 58. New Fraud Opportunities: CNI <ul><li>Change in Business Model: Inexperienced </li></ul><ul><li>eCommerce </li></ul><ul><li>Partner Merchants </li></ul><ul><li>Franchise </li></ul><ul><li>Conventional retail </li></ul><ul><li>M&A Targets </li></ul>
    59. 59. eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/Stolen Credit Cards eCom Frauds?
    60. 60. Latest Fraud topics: General <ul><li>Whistle Blowing compensation: tied to $$ amount of fraud exposed </li></ul><ul><li>New US law -> Not allowed to sue Accountants, Auditors, Lawyers. What implications? </li></ul><ul><li>Credit Crunch = Tighter Cash Flow = More desperate people = more Fraud? </li></ul><ul><li>Sub-prime crisis + Société Générale = Transparency, Disclosure, Relationship Transparency </li></ul>
    61. 61. Fraud: Research Options? <ul><li>Profile of a Fraudster in Malaysia </li></ul><ul><li>New Fraud Risks in the 21 st century business environment </li></ul><ul><li>Internet, eCommerce, and ICT related Fraud risks and prevention </li></ul><ul><li>Company Culture and its influence on Fraud Risks </li></ul><ul><li>HR practices that can decrease Fraud in a company </li></ul>
    62. 62. Risk Management: Research Options? <ul><li>New Strategic Risks faced by businesses </li></ul><ul><li>Embedding Risk Management into Strategic Planning </li></ul><ul><li>New Risks in the 21 st century business environment </li></ul><ul><li>Risk Management in Small and Medium sized companies in Malaysia </li></ul><ul><li>The role of Risk Management in Mergers & Acquisitions </li></ul>
    63. 63. End Points
    64. 64. Dangers of Direct Incentives <ul><li>lessen internal motivation, </li></ul><ul><li>switch to mercenary mode, </li></ul><ul><li>do something and do not do something else, </li></ul><ul><li>easier for competitors to recruit, </li></ul><ul><li>lessen teamwork & helpful culture, </li></ul><ul><li>less and less impact for same value, </li></ul><ul><li>mockery of base salary and employment contract, </li></ul><ul><li>rebellion from non-incentivised staff, </li></ul><ul><li>end up incentivising everyone for everything?, </li></ul><ul><li>bribe and fraud culture, </li></ul>
    65. 65. Mistakes and Lessons Learned <ul><li>Price to Pay for Fraud/Risk Mitigation => Business Flexibility </li></ul><ul><li>Control vs. Growth </li></ul><ul><li>Rules vs. Humanity/Motivation </li></ul><ul><li>Not tackling the root cause i.e. Motive + Opportunity i.e. Humans </li></ul><ul><li>Focus on FAC vs. Sales/Marketing => who has control? </li></ul><ul><li>Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD </li></ul>
    66. 66. In the end… <ul><li>Great Wall of China </li></ul><ul><ul><li>humans are the weakest link </li></ul></ul><ul><ul><li>bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc; </li></ul></ul><ul><ul><li>bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication </li></ul></ul>
    67. 67. Thank You. soft copy of slides: www.totallyunrelatedrandomanddebatable.blogspot.com

    ×