Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Risks in Corporate Fraud

REDUCING FRAUD LOSES THROUGH RISK MITIGATION CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad

Contents:
Defining Risk Mitigation
Reducing Fraud risk Probabilities
Decreasing the Impact
Tracking and Reporting

Intro and Background Different Business, Different Frauds

Intro: CNI
18 years old
Core Business: MLM
Others: Contract Manufacturing, Export/Trading, eCommerce
Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan
Staff force: ± 500
Distributors: 250,000
Products: Consumer Goods and Services

Intro: CNI
CNI’s Business Model background
Factory CNIE DC SP Leaders Customers

A. Risk Mitigation in CNI No Business, No Risks.

No Business, No Risks.
Ironically, our success is the cause of risk
More success, more money, more fraud
Easiest way to reduce fraud is to reduce business
Don’t laugh. This is what most FAC and HR people do, unintentionally

Fraud Risk Mitigation? (1/2)
We follow standard Fraud definitions:
What is Fraud?
Someone is Lying
Someone is Benefiting
Both Conditions must be met in order to be considered Fraud.

Fraud Risk Mitigation? (2/2)
We follow standard Fraud definitions:
Risk = Likelihood x Impact
Risk Mitigation =
↓ Likelihood, or
↓ Impact

Where are the Risks?
Industry
Management Staff Frontline Suppliers/Vendors Retail Front

Industry Risks
Get-Rich-Quick Schemes (Skim Cepat Kaya)
Direct Selling myths
Bad Hats
Imposters
Products on Shelves
These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations

Real Fraud, Real Risks
DC Fraud
Staff Fraud
Management Fraud
Distributor
DC Assistant
SP
Payroll
Undercutting
Purchasing
Credit Card
Ghost Staff
Ghost Distributor
Financial Reporting
Theft
F/L
eCommerce
Tickets
Share manipulation

B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.

Fraud Root Causes
Policy problem
People problem
Unavoidable problem

Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person

Alignment: Framework
Org Structure
Job Design – C.Fraud.O.
Policies & procedures
Governance, Internal Controls
Management Systems, SOPs
Central
Special Task Force
Internal Audit, Surprise Audit, Regular Audit (Surveillance)
Levels of Authority, Power Balancing*
Structure

*Power Balancing
Propose
Approve
Execute
Monitor
BOD Set 1 BOD Set 2 Approval/Verification

Tools
ICT Systems
Rules detection
Whistle Blower
PED
Profiling/Assessment Tools
Budget for Investigation, Litigation
Resources

Strategy: Framework
PED
Involuntary Role Modeling
Personal accountability and Commitment
10 Ants Values
Watch out: Current people promoted to Key Positions
Promotional criteria
Leadership

New Employee Background checks
Willingness to Punish
Root Cause Analysis (Mager & Pipe)
Rotation
PED
Fraud Detection & Analysis Competency
High Risk Jobs
IT breaches through Frontline
Person

The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes

Possible General Root Causes for Fraud
"Everyone does it."
"It was small potatoes."
"They had it coming." – the revenge syndrome
"I had it coming." – the equity syndrome

GENERAL STRATEGIES AND POLICIES
B1. Classification of Behaviors
B1.1 Disrespectful Workplace Behavior
B1.2 Progressive Discipline
B1.3 Zero Tolerance

B2. Recruitment and Selection
B3. Exit
B4. Employee Assistance Program
B5. Anonymous Hotline
B6. Communication and Feedback
B7. Training and Education
B8. Formal Complaint and Grievance

B9 Leadership
1. Leaders act as role models whether consciously or unconsciously
2. Leaders determine the working environment

B9 Leadership
1. Educate
2. Involve
3. Teach
4. Eliminate

SPECIFIC STRATEGIES AND POLICIES
C1. Theft and Fraud – Root Causes
68.6% - no prior criminal record.
Struggling financially or large purchases
difficult time in their lives
gets out of hand
Merger and acquisition or reorganization activity.
‘ I don’t have a career here’ attitude.

C1. Theft and Fraud - Prevention
Background checks
Duties segregated
Anonymous hotline
Share the wealth
Communicate successes
Make a big noise when discovered
Video surveillance equipment

C2. Violation of confidentiality or security of company information - Prevention
a. ICT Security Policies*
b. Ownership of Intellectual Property
c. Inside Information and Trading of CNI shares

*ICT Security and Fraud (1/3)
Biggest ICT risks to CNI
Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information
Backup - including Storage of critical and non-critical information and Disaster Recovery
Continuity – Availability of systems and information at a 24x7x365 standard

The following are threats faced by CNI from ‘inside’ the company:
Current Employees,
On-site Contractors,
Former Employees,
Vendors/Suppliers,
Strategic Partners, and
OEMs

Web browsing and Internet Access
Username and passwords
Instant Messaging
E-Mail
File access permissions
Backups
Crisis management, Disaster recovery and Business Continuity
Physical
PCs and laptops
Remote access
Servers, routers, and switches
Internet / external network
Wireless
PDA and cell phone
Documentation and change management
ICT Security, Backup, and Continuity Strategies 2005-2008:

C. Decreasing the Impact We failed. Now what?

Why Impact?
Escaped prevention
Policy or Procedure
Performance
Cannot reduce likelihood - unavoidable

Levels of Impact (Fraud)
small impact
BIG impact
Tangible
Monetary Loss (>1,000,000) inc. capital, share price
Locality
Intangible
Reputation, Image
Competitiveness
Consumer confidence

small Impact
Escaped prevention
Policy or Procedure
Performance
Cannot reduce likelihood - unavoidable
CAR/PAR
Mager & Pipe
Study Trends
PAR

Real Fraud, Real Risks
DC Fraud
Staff Fraud
Management Fraud
Distributor
DC Assistant
SP
Payroll
Undercutting
Purchasing
Credit Card
Ghost Staff
Ghost Distributor
Financial Reporting
Theft
F/L
eCommerce
Tickets
Share manipulation

BIG Impact
Crisis Management Plan
Crisis Communications Plan

Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function

Crisis Communication Plan
Crisis Communication Team (to determine small or BIG for communications purposes)
Crisis Media Plan
Media Management
Media Centre
Crisis Spokesperson & Interview
Press Release

No case study from CNI on Crisis Communications arising from Fraud
Not yet happened (fingers crossed)

D. Tracking and Reporting

“ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit"
Norman Augustine
CEO & Chairman, Lockheed Martin

Tracking: Who? How?
Centralized monitoring: trends, patterns, flag unusual, symptoms
Regular reporting
BSC, KPI and PMS embedded
RWC – RMC
Industry comparison
IAD, MSD, RD, SDD

E. New Fraud Risks We need help.

New Fraud Opportunities
Change in Business Model: Inexperienced
eCommerce
Partner Merchants
Franchise
Conventional retail
M&A Targets

eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/Stolen Credit Cards eCom Frauds?

Mistakes and Lessons Learned
Price to Pay for Fraud/Risk Mitigation => Business Flexibility
Control vs. Growth
Rules vs. Humanity/Motivation
Not tackling the root cause i.e. Motive + Opportunity i.e. Humans
Focus on FAC vs. Sales/Marketing => who has control?
Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD

In the end…
Great Wall of China
humans are the weakest link
bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc;
bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication

Thank You. soft copy of slides: www.totallyunrelatedrandomanddebatable.blogspot.com

Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Risks in Corporate Fraud

by Kenny Ong on Jan 29, 2008

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 14

Statistics

Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Risks in Corporate Fraud Presentation Transcript

http://www.slideshare.net	9
http://www.e-presentations.us	5