reducing fraud losses through risk mitigation - abf conference on managing risks in corporate fraud
Post on 22-Jan-2015
3.690 Views
Preview:
DESCRIPTION
TRANSCRIPT
- 1. REDUCING FRAUD LOSES THROUGH RISK MITIGATION CNIs Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
2. Contents:
- Defining Risk Mitigation
- Reducing Fraud risk Probabilities
- Decreasing the Impact
- Tracking and Reporting
3. Intro and Background Different Business, Different Frauds 4. Intro: CNI
- 18 years old
- Core Business: MLM
- Others: Contract Manufacturing, Export/Trading, eCommerce
- Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan
- Staff force: 500
- Distributors: 250,000
- Products: Consumer Goods and Services
5. Intro: CNI
- CNIs Business Model background
Factory CNIE DC SP Leaders Customers 6. A. Risk Mitigation in CNI No Business, No Risks. 7. No Business, No Risks.
- Ironically, our success is the cause of risk
- More success, more money, more fraud
- Easiest way to reduce fraud is to reduce business
- Dont laugh. This is what most FAC and HR people do, unintentionally
8. Fraud Risk Mitigation? (1/2)
- We follow standard Fraud definitions:
- What is Fraud?
- Someone is Lying
- Someone is Benefiting
- BothConditions must be met in order to be considered Fraud.
9. Fraud Risk Mitigation? (2/2)
- We follow standard Fraud definitions:
- Risk = Likelihood x Impact
- Risk Mitigation =
- Likelihood, or
- Impact
10. Where are the Risks?
- Industry
Management Staff Frontline Suppliers/Vendors Retail Front 11. Industry Risks
- Get-Rich-Quick Schemes (Skim Cepat Kaya)
- Direct Selling myths
- Bad Hats
- Imposters
- Products on Shelves
These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations 12. Real Fraud, Real Risks
- DC Fraud
- Staff Fraud
- Management Fraud
- Distributor
- DC Assistant
- SP
- Payroll
- Undercutting
- Purchasing
- Credit Card
- Ghost Staff
- Ghost Distributor
- Financial Reporting
- Theft
- F/L
- eCommerce
- Tickets
- Share manipulation
13. B. Reducing Fraud risk Probabilities Prevent. Deter. Kill. 14. Fraud Root Causes
- Policy problem
- People problem
- Unavoidable problem
15. Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person 16. Alignment: Framework
- Org Structure
- Job Design C.Fraud.O.
- Policies & procedures
- Governance, Internal Controls
- Management Systems, SOPs
- Central
- Special Task Force
- Internal Audit, Surprise Audit, Regular Audit (Surveillance)
- Levels of Authority, Power Balancing*
Structure 17. *Power Balancing
- Propose
- Approve
- Execute
- Monitor
BOD Set 1 BOD Set 2 Approval/Verification 18. Alignment: Framework
- Tools
- ICT Systems
- Rules detection
- Whistle Blower
- PED
- Profiling/Assessment Tools
- Budget for Investigation, Litigation
Resources 19. Strategy: Framework
- PED
- Involuntary Role Modeling
- Personal accountability and Commitment
- 10 Ants Values
- Watch out: Current people promoted to Key Positions
- Promotional criteria
Leadership 20. Alignment: Framework
- New Employee Background checks
- Willingness to Punish
- Root Cause Analysis (Mager & Pipe)
- Rotation
- PED
- Fraud Detection & Analysis Competency
- High Risk Jobs
- IT breaches through Frontline
Person 21. The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes 22.
- PED
23. Possible General Root Causes for Fraud
- "Everyone does it."
- "It was small potatoes."
- "They had it coming." the revenge syndrome
- "I had it coming." the equity syndrome
24. GENERAL STRATEGIES AND POLICIES
- B1.Classification of Behaviors
-
- B1.1 Disrespectful Workplace Behavior
-
- B1.2Progressive Discipline
-
- B1.3 Zero Tolerance
25. GENERAL STRATEGIES AND POLICIES
- B2. Recruitment and Selection
- B3. Exit
- B4. Employee Assistance Program
- B5. Anonymous Hotline
- B6. Communication and Feedback
- B7. Training and Education
- B8. Formal Complaint and Grievance
26. GENERAL STRATEGIES AND POLICIES
- B9 Leadership
-
- 1. Leaders act asrole modelswhether consciously or unconsciously
-
- 2. Leaders determine the workingenvironment
27. GENERAL STRATEGIES AND POLICIES
- B9 Leadership
-
- 1. Educate
-
- 2. Involve
-
- 3. Teach
-
- 4. Eliminate
28. SPECIFIC STRATEGIES AND POLICIES
- C1. Theft and Fraud Root Causes
-
- 68.6%- no prior criminal record.
-
- Struggling financially or large purchases
-
-
- difficult time in their lives
-
-
-
- gets out of hand
-
-
- Merger and acquisition or reorganization activity.
-
-
- I dont have a career here attitude.
-
29. SPECIFIC STRATEGIES AND POLICIES
- C1. Theft and Fraud - Prevention
-
- Background checks
-
- Duties segregated
-
- Anonymous hotline
-
- Share the wealth
-
- Communicate successes
-
- Make a big noise when discovered
-
- Video surveillance equipment
30. SPECIFIC STRATEGIES AND POLICIES
- C2. Violation of confidentiality or security of company information - Prevention
-
- a. ICT Security Policies*
-
- b. Ownership of Intellectual Property
-
- c. Inside Information and Trading of CNI shares
31. *ICT Security and Fraud (1/3)
- Biggest ICT risks to CNI
- Security All matters relating to the coming-in and going-out of all systems and information
- Backup - including Storage of critical and non-critical information and Disaster Recovery
- Continuity Availability of systems and information at a 24x7x365 standard
32. *ICT Security and Fraud (2/3)
- The following are threats faced by CNI from inside the company:
- Current Employees,
- On-site Contractors,
- Former Employees,
- Vendors/Suppliers,
- Strategic Partners, and
- OEMs
33. *ICT Security and Fraud (3/3)
- Web browsing and Internet Access
- Username and passwords
- Instant Messaging
- File access permissions
- Backups
- Crisis management,Disaster recovery and Business Continuity
- Physical
- PCs and laptops
- Remote access
- Servers, routers, and switches
- Internet / external network
- Wireless
- PDA and cell phone
- Documentation and change management
ICT Security, Backup, and Continuity Strategies 2005-2008: 34. C. Decreasing the Impact We failed. Now what? 35. Why Impact?
- Escaped prevention
-
- Policy or Procedure
-
- Performance
- Cannot reduce likelihood - unavoidable
36. Levels of Impact (Fraud)
- small impact
- BIG impact
- Tangible
-
- Monetary Loss (>1,000,000) inc. capital, share price
-
- Locality
- Intangible
-
- Reputation, Image
-
- Competitiveness
-
- Consumer confidence
37. small Impact
- Escaped prevention
-
- Policy or Procedure
-
- Performance
- Cannot reduce likelihood - unavoidable
- CAR/PAR
- Mager & Pipe
- Study Trends
- PAR
38. Real Fraud, Real Risks
- DC Fraud
- Staff Fraud
- Management Fraud
- Distributor
- DC Assistant
- SP
- Payroll
- Undercutting
- Purchasing
- Credit Card
- Ghost Staff
- Ghost Distributor
- Financial Reporting
- Theft
- F/L
- eCommerce
- Tickets
- Share manipulation
39. Real Fraud, Real Risks
- DC Fraud
- Staff Fraud
- Management Fraud
- Distributor
- DC Assistant
- SP
- Payroll
- Undercutting
- Purchasing
- Credit Card
- Ghost Staff
- Ghost Distributor
- Financial Reporting
- Theft
- F/L
- eCommerce
- Tickets
- Share manipulation
40. BIG Impact
- Crisis Management Plan
- Crisis Communications Plan
41. Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function 42. Crisis Communication Plan
- Crisis Communication Team (to determine small or BIG for communications purposes)
- Crisis Media Plan
-
- Media Management
-
- Media Centre
-
- Crisis Spokesperson & Interview
-
- Press Release
43.
- No case study from CNI on Crisis Communications arising fromFraud
- Not yet happened (fingers crossed)
44. D. Tracking and Reporting 45.
- Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit"
- Norman Augustine
- CEO & Chairman, Lockheed Martin
46. Tracking: Who? How?
- Centralized monitoring: trends, patterns, flag unusual, symptoms
- Regular reporting
- BSC, KPI and PMS embedded
- RWC RMC
- Industry comparison
- IAD, MSD, RD, SDD
47. E. New Fraud Risks We need help. 48. New Fraud Opportunities
- Change in Business Model: Inexperienced
- eCommerce
- Partner Merchants
- Franchise
- Conventional retail
- M&A Targets
49. eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/StolenCredit Cards eComFrauds? 50. Mistakes and Lessons Learned
- Price to Pay for Fraud/Risk Mitigation => Business Flexibility
- Control vs. Growth
- Rules vs. Humanity/Motivation
- Not tackling the root cause i.e. Motive + Opportunity i.e. Humans
- Focus on FAC vs. Sales/Marketing => who has control?
- Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD
51. In the end
- Great Wall of China
-
- humans are the weakest link
-
- bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc;
-
- bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication
52. Thank You. soft copy of slides: www.totallyunrelatedrandomanddebatable.blogspot.com
top related