Watch out: Current people promoted to Key Positions
Promotional criteria
Leadership
Alignment: Framework
New Employee Background checks
Willingness to Punish
Root Cause Analysis (Mager & Pipe)
Rotation
PED
Fraud Detection & Analysis Competency
High Risk Jobs
IT breaches through Frontline
Person
The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
PED
Possible General Root Causes for Fraud
"Everyone does it."
"It was small potatoes."
"They had it coming." – the revenge syndrome
"I had it coming." – the equity syndrome
GENERAL STRATEGIES AND POLICIES
B1. Classification of Behaviors
B1.1 Disrespectful Workplace Behavior
B1.2 Progressive Discipline
B1.3 Zero Tolerance
GENERAL STRATEGIES AND POLICIES
B2. Recruitment and Selection
B3. Exit
B4. Employee Assistance Program
B5. Anonymous Hotline
B6. Communication and Feedback
B7. Training and Education
B8. Formal Complaint and Grievance
GENERAL STRATEGIES AND POLICIES
B9 Leadership
1. Leaders act as role models whether consciously or unconsciously
2. Leaders determine the working environment
GENERAL STRATEGIES AND POLICIES
B9 Leadership
1. Educate
2. Involve
3. Teach
4. Eliminate
SPECIFIC STRATEGIES AND POLICIES
C1. Theft and Fraud – Root Causes
68.6% - no prior criminal record.
Struggling financially or large purchases
difficult time in their lives
gets out of hand
Merger and acquisition or reorganization activity.
‘ I don’t have a career here’ attitude.
SPECIFIC STRATEGIES AND POLICIES
C1. Theft and Fraud - Prevention
Background checks
Duties segregated
Anonymous hotline
Share the wealth
Communicate successes
Make a big noise when discovered
Video surveillance equipment
SPECIFIC STRATEGIES AND POLICIES
C2. Violation of confidentiality or security of company information - Prevention
a. ICT Security Policies*
b. Ownership of Intellectual Property
c. Inside Information and Trading of CNI shares
*ICT Security and Fraud (1/3)
Biggest ICT risks to CNI
Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information
Backup - including Storage of critical and non-critical information and Disaster Recovery
Continuity – Availability of systems and information at a 24x7x365 standard
*ICT Security and Fraud (2/3)
The following are threats faced by CNI from ‘inside’ the company:
Current Employees,
On-site Contractors,
Former Employees,
Vendors/Suppliers,
Strategic Partners, and
OEMs
*ICT Security and Fraud (3/3)
Web browsing and Internet Access
Username and passwords
Instant Messaging
E-Mail
File access permissions
Backups
Crisis management, Disaster recovery and Business Continuity
Physical
PCs and laptops
Remote access
Servers, routers, and switches
Internet / external network
Wireless
PDA and cell phone
Documentation and change management
ICT Security, Backup, and Continuity Strategies 2005-2008:
C. Decreasing the Impact We failed. Now what?
Why Impact?
Escaped prevention
Policy or Procedure
Performance
Cannot reduce likelihood - unavoidable
Levels of Impact (Fraud)
small impact
BIG impact
Tangible
Monetary Loss (>1,000,000) inc. capital, share price
Locality
Intangible
Reputation, Image
Competitiveness
Consumer confidence
small Impact
Escaped prevention
Policy or Procedure
Performance
Cannot reduce likelihood - unavoidable
CAR/PAR
Mager & Pipe
Study Trends
PAR
Real Fraud, Real Risks
DC Fraud
Staff Fraud
Management Fraud
Distributor
DC Assistant
SP
Payroll
Undercutting
Purchasing
Credit Card
Ghost Staff
Ghost Distributor
Financial Reporting
Theft
F/L
eCommerce
Tickets
Share manipulation
Real Fraud, Real Risks
DC Fraud
Staff Fraud
Management Fraud
Distributor
DC Assistant
SP
Payroll
Undercutting
Purchasing
Credit Card
Ghost Staff
Ghost Distributor
Financial Reporting
Theft
F/L
eCommerce
Tickets
Share manipulation
BIG Impact
Crisis Management Plan
Crisis Communications Plan
Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function
Crisis Communication Plan
Crisis Communication Team (to determine small or BIG for communications purposes)
Crisis Media Plan
Media Management
Media Centre
Crisis Spokesperson & Interview
Press Release
No case study from CNI on Crisis Communications arising from Fraud
Not yet happened (fingers crossed)
D. Tracking and Reporting
“ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit"
Norman Augustine
CEO & Chairman, Lockheed Martin
Tracking: Who? How?
Centralized monitoring: trends, patterns, flag unusual, symptoms
0 comments
Post a comment