Slideshow transcript
Slide 1: REDUCING FRAUD LOSES THROUGH RISK MITIGATION CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
Slide 2: Contents: A. Defining Risk Mitigation B. Reducing Fraud risk Probabilities C. Decreasing the Impact D. Tracking and Reporting
Slide 3: Intro and Background Different Business, Different Frauds
Slide 4: Intro: CNI 1. 18 years old 2. Core Business: MLM 3. Others: Contract Manufacturing, Export/Trading, eCommerce 4. Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan 5. Staff force: ± 500 6. Distributors: 250,000 7. Products: Consumer Goods and Services
Slide 5: Intro: CNI CNI’s Business Model background Factory CNIE DC Customers Leaders SP
Slide 6: A. Risk Mitigation in CNI No Business, No Risks.
Slide 7: No Business, No Risks. • Ironically, our success is the cause of risk • More success, more money, more fraud • Easiest way to reduce fraud is to reduce business • Don’t laugh. This is what most FAC and HR people do, unintentionally
Slide 8: Fraud Risk Mitigation? (1/2) We follow standard Fraud definitions: What is Fraud? 4. Someone is Lying 5. Someone is Benefiting Both Conditions must be met in order to be considered Fraud.
Slide 9: Fraud Risk Mitigation? (2/2) We follow standard Fraud definitions: Risk = Likelihood x Impact Risk Mitigation = ↓ Likelihood, or ↓ Impact
Slide 10: Where are the Risks? Industry Suppliers/Vendors Management Retail Front Staff Frontline
Slide 11: Industry Risks • Get-Rich-Quick Schemes (Skim Cepat Kaya) • Direct Selling myths • Bad Hats • Imposters • Products on Shelves These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations
Slide 12: Real Fraud, Real Risks 1. DC Fraud 1. Credit Card 2. Staff Fraud 2. Ghost Staff 3. Management Fraud 3. Ghost Distributor 4. Distributor 4. Financial Reporting 5. DC Assistant 5. Theft 6. SP 6. F/L 7. Payroll 7. eCommerce 8. Undercutting 8. Tickets 9. Purchasing 9. Share manipulation
Slide 13: B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
Slide 14: Fraud Root Causes • Policy problem • People problem • Unavoidable problem
Slide 15: Risk Mitigation Strategies Mitigation Resources Structure Identified Fraud Risks Culture Leadership Person
Slide 16: Alignment: Framework Structure • Org Structure • Job Design – C.Fraud.O. • Policies & procedures • Governance, Internal Controls • Management Systems, SOPs • Central • Special Task Force • Internal Audit, Surprise Audit, Regular Audit (Surveillance) • Levels of Authority, Power Balancing*
Slide 17: *Power Balancing 1. Propose 2. Approve 3. Execute 4. Monitor BOD Set 1 BOD Set 2 Approval/Verification
Slide 18: Alignment: Framework Resources • Tools • ICT Systems • Rules detection • Whistle Blower • PED • Profiling/Assessment Tools • Budget for Investigation, Litigation
Slide 19: Strategy: Framework Leadership • PED • Involuntary Role Modeling • Personal accountability and Commitment • 10 Ants Values • Watch out: Current people promoted to Key Positions • Promotional criteria
Slide 20: Alignment: Framework • New Employee Background Person checks • Willingness to Punish • Root Cause Analysis (Mager & Pipe) • Rotation • PED • Fraud Detection & Analysis Competency • High Risk Jobs • IT breaches through Frontline
Slide 21: The Four Desperates 1. Desperate 2. Desperate Competition Consumer 3. Desperate 4. Desperate Achievers Changes
Slide 22: • PED
Slide 23: Possible General Root Causes for Fraud 1. "Everyone does it." 2. "It was small potatoes." 3. "They had it coming." – the revenge syndrome 4. "I had it coming." – the equity syndrome
Slide 24: GENERAL STRATEGIES AND POLICIES • B1. Classification of Behaviors – B1.1 Disrespectful Workplace Behavior – B1.2 Progressive Discipline – B1.3 Zero Tolerance
Slide 25: GENERAL STRATEGIES AND POLICIES • B2. Recruitment and Selection • B3. Exit • B4. Employee Assistance Program • B5. Anonymous Hotline • B6. Communication and Feedback • B7. Training and Education • B8. Formal Complaint and Grievance
Slide 26: GENERAL STRATEGIES AND POLICIES • B9 Leadership – 1. Leaders act as role models whether consciously or unconsciously – 2. Leaders determine the working environment
Slide 27: GENERAL STRATEGIES AND POLICIES • B9 Leadership – 1. Educate – 2. Involve – 3. Teach – 4. Eliminate
Slide 28: SPECIFIC STRATEGIES AND POLICIES • C1. Theft and Fraud – Root Causes – 68.6% - no prior criminal record. – Struggling financially or large purchases • difficult time in their lives • gets out of hand – Merger and acquisition or reorganization activity. • ‘I don’t have a career here’ attitude.
Slide 29: SPECIFIC STRATEGIES AND POLICIES • C1. Theft and Fraud - Prevention – Background checks – Duties segregated – Anonymous hotline – Share the wealth – Communicate successes – Make a big noise when discovered – Video surveillance equipment
Slide 30: SPECIFIC STRATEGIES AND POLICIES • C2. Violation of confidentiality or security of company information - Prevention – a. ICT Security Policies* – b. Ownership of Intellectual Property – c. Inside Information and Trading of CNI shares
Slide 31: *ICT Security and Fraud (1/3) Biggest ICT risks to CNI 2. Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information 3. Backup - including Storage of critical and non- critical information and Disaster Recovery 4. Continuity – Availability of systems and information at a 24x7x365 standard
Slide 32: *ICT Security and Fraud (2/3) The following are threats faced by CNI from ‘inside’ the company: • Current Employees, • On-site Contractors, • Former Employees, • Vendors/Suppliers, • Strategic Partners, and • OEMs
Slide 33: *ICT Security and Fraud (3/3) ICT Security, Backup, and Continuity Strategies 2005-2008: 1. Web browsing and 1. Physical Internet Access 2. PCs and laptops 2. Username and passwords 3. Remote access 3. Instant Messaging 4. Servers, routers, and 4. E-Mail switches 5. File access permissions 5. Internet / external network 6. Backups 7. Crisis management, 6. Wireless Disaster recovery and 7. PDA and cell phone Business Continuity 8. Documentation and change management
Slide 34: C. Decreasing the Impact We failed. Now what?
Slide 35: Why Impact? 1. Escaped prevention • Policy or Procedure • Performance 2. Cannot reduce likelihood - unavoidable
Slide 36: Levels of Impact (Fraud) • small impact • BIG impact Tangible Monetary Loss (>1,000,000) inc. capital, share price Locality Intangible Reputation, Image Competitiveness Consumer confidence
Slide 37: small Impact 1. Escaped prevention – Policy or Procedure • CAR/PAR – Performance • Mager & Pipe 3. Cannot reduce • Study Trends likelihood - • PAR unavoidable
Slide 38: Real Fraud, Real Risks 1. DC Fraud 1. Credit Card 2. Staff Fraud 2. Ghost Staff 3. Management Fraud 3. Ghost Distributor 4. Distributor 4. Financial Reporting 5. DC Assistant 5. Theft 6. SP 6. F/L 7. Payroll 7. eCommerce 8. Undercutting 8. Tickets 9. Purchasing 9. Share manipulation
Slide 39: Real Fraud, Real Risks 1. DC Fraud 1. Credit Card 2. Staff Fraud 2. Ghost Staff 3. Management Fraud 3. Ghost Distributor 4. Distributor 4. Financial Reporting 5. DC Assistant 5. Theft 6. SP 6. F/L 7. Payroll 7. eCommerce 8. Undercutting 8. Tickets 9. Purchasing 9. Share manipulation
Slide 40: BIG Impact • Crisis Management Plan • Crisis Communications Plan
Slide 41: Crisis Management Plan Business Function Crisis: Before During After (readiness for (sound crisis (profiting and crisis) management) learning) Policy and Planning Process Owner: [dept. accountable] Communications Logistics & Info Systems
Slide 42: Crisis Communication Plan • Crisis Communication Team (to determine small or BIG for communications purposes) • Crisis Media Plan – Media Management – Media Centre – Crisis Spokesperson & Interview – Press Release
Slide 43: • No case study from CNI on Crisis Communications arising from Fraud • Not yet happened (fingers crossed)
Slide 44: D. Tracking and Reporting
Slide 45: “Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit" Norman Augustine CEO & Chairman, Lockheed Martin
Slide 46: Tracking: Who? How? 1. Centralized monitoring: trends, patterns, flag unusual, symptoms 2. Regular reporting 3. BSC, KPI and PMS embedded 4. RWC – RMC 5. Industry comparison 6. IAD, MSD, RD, SDD
Slide 47: E. New Fraud Risks We need help.
Slide 48: New Fraud Opportunities Change in Business Model: Inexperienced eCommerce Partner Merchants Franchise Conventional retail M&A Targets
Slide 49: eCommerce Frauds Lost/Stolen Credit Cards Account Application Takeover eCom Frauds? Pharming Phishing Counterfeit Advances
Slide 50: Mistakes and Lessons Learned 1. Price to Pay for Fraud/Risk Mitigation => Business Flexibility 2. Control vs. Growth 3. Rules vs. Humanity/Motivation 4. Not tackling the root cause i.e. Motive + Opportunity i.e. Humans 5. Focus on FAC vs. Sales/Marketing => who has control? 6. Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD
Slide 51: In the end… • Great Wall of China – humans are the weakest link – bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc; – bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication
Slide 52: Thank You. soft copy of slides: www.totallyunrelatedrandomanddebatable.bl ogspot.com



Add a comment on Slide 1
If you have a SlideShare account, login to comment; else you can comment as a guest- Favorites & Groups
Showing 1-50 of 0 (more)