In an age of widely publicised security breaches and rampant white-collar crime, it is surprising that many corporations still have a non-committal attitude to managing the risk of fraud and other intellectual property (IP) crimes.
"Recent research shows that 85% of fraudulent events in South African businesses are performed by insiders, 55% by management and 30% by employees," says Amir Lubashevsky, director of Magix Integration. "Moreover, without fraud detection or risk management systems in place, most companies only pick up that something has gone wrong months after the incident. And by that time it may be too late."
A similar situation is observed in the UK, with the BBC offering a conservative estimate that the total cost of employee fraud in listed companies alone amounted to about lb2 billion last year. The BBC adds that research from the Association of Certified Fraud Examiners found that effective internal controls could prevent fraud, but that only 50% of the UK`s top 350 companies have bothered to adopt extra anti-fraud measures.
"It`s not simply a matter of losing your IT facilities for a day or two, or even the embarrassment of losing your clients` contact and financial details due to an unscrupulous employee," adds Lubashevsky. "Ineffective risk management today could feed the many organised crime syndicates operating in South Africa or even, in extreme cases, terrorism."
Profiling is a process conducted to understand how all parties think and interact, as well as what type of risk they pose to a company. It includes searching all internal databases for links between current staff and external companies or individuals; as well as to look at the financial status of prospective employees by linking to the ITC database as well as other public databases. In certain circumstances, even an Internet search of a person`s name can produce a nugget of information that can affect their profile.
To prevent the weakest link in an organisation from compromising the future of the company, business leaders need to implement employee and partner profiling systems consisting of technical resources and strict business rules and processes. This provides a frame of reference to ensure a profile is monitored in conjunction with particular business rules.
"It is important to add that transgressors are not always those in high positions, such as directors, but are more often than not people in middle management who intricately know the processes they intend to take advantage of," explains Lubashevsky.
Invasion of privacy
"The question of privacy always arises when dealing with matters of profiling people and companies," notes Lubashevsky. "This is an important issue and one that must be dealt with openly. If a prospective employee gives a company access to his/her CV, it is reasonable to expect the company to verify details and ensure the person is who they claim to be. These days it is simple to adopt a false identity."
By becoming part of an organisation`s business processes, fraudsters learn how the system works and what loopholes they can take advantage of. Profiling will warn executives of who is most likely to cross the line, while risk management systems will warn them timeously that a transgression has occurred. They will also highlight all the steps leading up to the transgression and collate the information to ensure it is ready to be used as forensic evidence in court.
Risk management is not a subject to be taken lightly. Every business needs to consider the value of its information and IP and cater for the risks it exposes itself to. A simple mistake can mean more than losing face or money; it can mean the end of the business or even jail time for directors.
Share
Editorial contacts