robintek

Most people who commit fraud at work are not career criminals – and are often trusted staff with no criminal history. According to criminologist Donald Cressey, there are three factors (the “Fraud Triangle”) that lead an ordinary person to fraud: opportunity, pressure, and rationalization.

Take this example: a bartender who splashes a little more scotch into his friends’ drinks when they come into the bar is succumbing to opportunity; his peers’ expectations that he’ll do this create pressure; while telling himself that “everybody does this – and we’re too stingy on our pours, anyway” provides a rationalization.

How can you use this three-legged tool to detect and deter fraud?

You can’t do much with about rationalizing fraudulent misbehavior because everyone does it without announcing their decision in advance.

You can’t learn whether employees might be under financial pressure to commit fraud without investigating their personal finances – which is impractical and illegal. However, you might be able to minimize work-based pressures they face (for example, forbidding managers from ordering them to hit their goals at all costs).

Opportunity provides the most effective leg in the triangle to curb fraud by making it more difficult. Here’s how:

1. Segregate duties so that no one has sole control over accounting, reconciling, custody of assets, and approval of transactions.
2. Make sure that transactions which are unusual or involve large amounts have strong managerial oversight and follow-up.

In other words, develop effective control systems so that any larcenous employee will need to be clever enough to avoid several pair of eyes while running a gauntlet of people who reconcile accounts and monitor budget.

If fraud does strike despite these precautions, make sure that you have the right insurance to protect you from loss. For more information, just give us a call.

It’s always difficult to terminate an employee – especially in this age of employment litigation and privacy concerns. Even if a worker leaves voluntarily, you need to make sure that he or she no longer has access to confidential information

The key to making sure that you’ve covered all bases of your bases is to follow a Departure Checklist:

• When an employee leaves, whether voluntarily or involuntarily, notify all staff immediately to help reduce rumors, hurt feelings, and concerns. Keep the announcement positive.
• Remove the employee from your facility soon as possible. Offering to have the person stay is nice, but might not always be helpful. If you decide to let the employee stay for the customary two weeks, assign him or her specific tasks to complete. Collect keys immediately and assign someone to work with the departing employee for the duration of their stay.
• Once the decision has been made, restrict the employee’s access to sensitive company information at once; be sure that this restriction includes any VPN or private access.
• Have the employee review all items on which he or she is working and write a synopsis of what’s needed to complete each item. Then review these items to create a specific workload transition plan, and assign them to other employees. The sooner you do this, the better.

The more you think through this process before a problem arises, the more effectively you’ll be able to deal with it. We stand ready at any time to help you develop and implement an effective plan that can go a long way to help you protect your business from this risk.

Businesses are transferring more and more client information files online for storage on hard drives in remote data centers or server farms that offer convenient Internet access. Buying space in this “cloud” (a $40 billion a year business, according to the IDC research firm) is becoming as common as paying for power, water and Internet service. With corporate spies after trade secrets, hackers out to steal sensitive financial information, and the federal government demanding online communications records, protecting data in the cloud creates a serious security risk for companies of all sizes.

“It’s easy to overlook security because of the virtual nature of the cloud,” warns Thomas Trappler, Director of Software Licensing at UCLA. “Your data is going over the Internet to another computer and not to some magical world where everything’s going to be fine.” Unfortunately, businesses often seem blissfully unaware of this threat: a recent nationwide study by the Ponemon Institute found that half the firms surveyed had not considered security risks when storing data with providers in the cloud.

A major question in these deals is determining who’s responsible for the risk of compromised data. Because companies often lack security expertise, they expect cloud providers to do the job. Some providers certify that they meet government or third-party standards for data confidentiality. However, few of them let clients test their digital security – which leaves their clients feeling that they might be liable.

To minimize this risk, Trappler advises businesses to:

1. Evaluate the provider’s reputation.
2. Insist on reviewing its encryption and security systems.
3. Set guidelines for immediate notification of any breaches.

You can also protect yourself from the risks of storing data in the cloud by investing in Cyber Insurance. To learn more, just get in touch with us.

Three out of five firms that suffer a major disaster go out of business or are sold. Preparing your business to survive a disastrous event involves a multi-step process: assessment, planning, implementation, testing, and documentation.

1. Assessment: Brainstorm and list all potential losses. Then rate them on a 1-10 scale, with 10 being the most disastrous and 1 having the least impact on the business.
2. Planning: Formulate a comprehensive, detailed action plan, using both in-house and outside sources. The plan should include both steps to prevent the loss and remedies to take if the loss occurs. Be as specific as possible.
3. Implementation: Act on the plan. Determine what steps you must take to now insure a positive outcome if disaster strikes; Who will be accountable for taking these steps when and to whom will they report?
4. Testing: For example, if you’re planning to deal with a computer crash, data recovery is essential. Test back-up media regularly to ensure that they will be available when needed. All too many businesses lose data due to malware or mechanical breakdown only to find that their backup is either corrupted or unavailable when needed.
5. Documentation: Put the details of the plan (who, what, when, and where) in writing. Keep one copy in the office, another on the computer, a third off premises – and make sure that every manager knows these locations. Finally, review and update the plan every six months.

Although nothing is foolproof, implementing these five steps can go far to prevent a disastrous loss, or at least, mitigate its impact.

To learn more about developing a disaster plan for your business, feel free to give us a call at any time.