Risk Management Bulletin

Most people who commit fraud at work are not career criminals – and are often trusted staff with no criminal history. According to criminologist Donald Cressey, there are three factors (the “Fraud Triangle”) that lead an ordinary person to fraud: opportunity, pressure, and rationalization.

Take this example: a bartender who splashes a little more scotch into his friends’ drinks when they come into the bar is succumbing to opportunity; his peers’ expectations that he’ll do this create pressure; while telling himself that “everybody does this – and we’re too stingy on our pours, anyway” provides a rationalization.

How can you use this three-legged tool to detect and deter fraud?

You can’t do much with about rationalizing fraudulent misbehavior because everyone does it without announcing their decision in advance.

You can’t learn whether employees might be under financial pressure to commit fraud without investigating their personal finances – which is impractical and illegal. However, you might be able to minimize work-based pressures they face (for example, forbidding managers from ordering them to hit their goals at all costs).

Opportunity provides the most effective leg in the triangle to curb fraud by making it more difficult. Here’s how:

1. Segregate duties so that no one has sole control over accounting, reconciling, custody of assets, and approval of transactions.
2. Make sure that transactions which are unusual or involve large amounts have strong managerial oversight and follow-up.

In other words, develop effective control systems so that any larcenous employee will need to be clever enough to avoid several pair of eyes while running a gauntlet of people who reconcile accounts and monitor budget.

If fraud does strike despite these precautions, make sure that you have the right insurance to protect you from loss. For more information, just give us a call.

It’s always difficult to terminate an employee – especially in this age of employment litigation and privacy concerns. Even if a worker leaves voluntarily, you need to make sure that he or she no longer has access to confidential information

The key to making sure that you’ve covered all bases of your bases is to follow a Departure Checklist:

• When an employee leaves, whether voluntarily or involuntarily, notify all staff immediately to help reduce rumors, hurt feelings, and concerns. Keep the announcement positive.
• Remove the employee from your facility soon as possible. Offering to have the person stay is nice, but might not always be helpful. If you decide to let the employee stay for the customary two weeks, assign him or her specific tasks to complete. Collect keys immediately and assign someone to work with the departing employee for the duration of their stay.
• Once the decision has been made, restrict the employee’s access to sensitive company information at once; be sure that this restriction includes any VPN or private access.
• Have the employee review all items on which he or she is working and write a synopsis of what’s needed to complete each item. Then review these items to create a specific workload transition plan, and assign them to other employees. The sooner you do this, the better.

The more you think through this process before a problem arises, the more effectively you’ll be able to deal with it. We stand ready at any time to help you develop and implement an effective plan that can go a long way to help you protect your business from this risk.

Businesses are transferring more and more client information files online for storage on hard drives in remote data centers or server farms that offer convenient Internet access. Buying space in this “cloud” (a $40 billion a year business, according to the IDC research firm) is becoming as common as paying for power, water and Internet service. With corporate spies after trade secrets, hackers out to steal sensitive financial information, and the federal government demanding online communications records, protecting data in the cloud creates a serious security risk for companies of all sizes.

“It’s easy to overlook security because of the virtual nature of the cloud,” warns Thomas Trappler, Director of Software Licensing at UCLA. “Your data is going over the Internet to another computer and not to some magical world where everything’s going to be fine.” Unfortunately, businesses often seem blissfully unaware of this threat: a recent nationwide study by the Ponemon Institute found that half the firms surveyed had not considered security risks when storing data with providers in the cloud.

A major question in these deals is determining who’s responsible for the risk of compromised data. Because companies often lack security expertise, they expect cloud providers to do the job. Some providers certify that they meet government or third-party standards for data confidentiality. However, few of them let clients test their digital security – which leaves their clients feeling that they might be liable.

To minimize this risk, Trappler advises businesses to:

1. Evaluate the provider’s reputation.
2. Insist on reviewing its encryption and security systems.
3. Set guidelines for immediate notification of any breaches.

You can also protect yourself from the risks of storing data in the cloud by investing in Cyber Insurance. To learn more, just get in touch with us.

Three out of five firms that suffer a major disaster go out of business or are sold. Preparing your business to survive a disastrous event involves a multi-step process: assessment, planning, implementation, testing, and documentation.

1. Assessment: Brainstorm and list all potential losses. Then rate them on a 1-10 scale, with 10 being the most disastrous and 1 having the least impact on the business.
2. Planning: Formulate a comprehensive, detailed action plan, using both in-house and outside sources. The plan should include both steps to prevent the loss and remedies to take if the loss occurs. Be as specific as possible.
3. Implementation: Act on the plan. Determine what steps you must take to now insure a positive outcome if disaster strikes; Who will be accountable for taking these steps when and to whom will they report?
4. Testing: For example, if you’re planning to deal with a computer crash, data recovery is essential. Test back-up media regularly to ensure that they will be available when needed. All too many businesses lose data due to malware or mechanical breakdown only to find that their backup is either corrupted or unavailable when needed.
5. Documentation: Put the details of the plan (who, what, when, and where) in writing. Keep one copy in the office, another on the computer, a third off premises – and make sure that every manager knows these locations. Finally, review and update the plan every six months.

Although nothing is foolproof, implementing these five steps can go far to prevent a disastrous loss, or at least, mitigate its impact.

To learn more about developing a disaster plan for your business, feel free to give us a call at any time.

Studies have shown that most Americans spend more than 90% of their time indoors – an environment that’s significantly more contaminated than the outdoors. Maintaining a pollutant-free indoor environment can help raise productivity, reduce potential legal liability for building owners and managers, and improve the health of workers.

Fungi, a biological contaminant that flourishes in moist environments, can trigger a wide variety of health problems and complaints. The best way to curb fungal growth is to monitor and avoid water leaks, moisture migration through masonry walls, and condensation. (For example, high humidity levels might be due to running a chilled water air conditioning system at too high a temperature).

To help manage the moisture and water infiltration that breeds fungi, experts recommend following these rules of thumb:

1. If the fungal growth is on a hard surface, scrape it off as soon as possible.
2. If the fungus is growing on a porous surface – such as plasterboard, carpet, or ceilings –have it removed carefully to prevent the uncontrolled release of fungal spores. (Removing or disturbing materials contaminated by fungi can increase airborne fungal levels by a factor of 10).
3. Dispose of fungal-contaminated materials under controlled conditions to prevent contamination of clean areas and protect building occupants and the area from elevated exposures.
4. Dry any porous materials where water infiltration has occurred within 24 hours.

Increasing concern by the Occupational Safety and Health Administration and state health departments about exposure to fungal spores reinforces the need for keeping the spread of fungi under control.

We’d be happy to offer our advice on helping keep your building fungus-free – and its occupants healthy.

Employment-related accidents behind the wheel are the leading cause of death from traumatic injuries in the workplace, killing some 2,200 people a year and accounting for 22% of job-related fatalities. Deaths and injuries from these accidents increase costs and reduce productivity for employers – while bringing pain and suffering to family, friends, and coworkers.

Preventing work-related roadway crashes poses a significant risk management challenge. The roadway is a unique work environment. Compared with other work settings, employers have little ability to control conditions and exert direct supervision over their drivers. The volume of traffic and road construction continue to increase, while workers feel pressured to drive faster for longer periods, and often use mobile electronic devices that distract them behind the wheel.

To help reduce this risk, for both long-distance truck drivers and employees who occasionally use personal vehicles for company business, the National Institute for Occupational Safety and Health (NIOSH) recommends that employers follow these precautions:

• Require drivers and passengers to use seat belts.
• Ensure that employees who drive on the job have valid licenses.
• Incorporate road fatigue management in safety programs.
• Provide fleet vehicles with top quality crash protection.
• Make sure employees receive training to operate specialized vehicles.
• Offer periodic vision screening and physicals for employees whose primary job is driving.
• Avoid requiring workers to drive irregular or extended hours.
• Prohibit cell phone use and other distracting activities such as eating, drinking, or adjusting non-critical vehicle controls while driving.
• Set schedules that allow drivers to obey speed limits.
• Follow state laws on graduated driver’s licensing and child labor.

For more information about how to prevent work-related driving deaths and injuries, just give one of our Risk Management experts a call at any time.

If you have teenagers, you’re well aware that they’re all too prone to take risks. Four in five U.S. teen (80%) have part-time jobs. Of these, more than half (52%) are in the retail sector, which includes restaurants and fast food establishments.

To help keep themselves safe on the job – and thus reduce their employers’ risk-management exposure – teenagers who work in restaurants and agriculture can use interactive web-based training tools provided by the Occupational Safety and Health Administration (OSHA).

According to OSHA, educating and training young people about safety in the workplace can help prevent injuries today and lead to a healthy workforce in the future. These resources provide practical information to protect young workers from hazards in industries where many of them are likely to work during high school and college.

The Teen Worker Safety in Restaurants eTool highlights the most common hazards in these workplaces and offers safety and health suggestions, safety posters, and electronic links to educate young workers about job safety. Areas of focus include serving, clean-up, drive-thru, cooking, food preparation, delivery, and worker rights and child labor laws.

The Youth in Agriculture eTool presents case studies that describe common hazards and offers safety solutions for teenage workers in such areas as farm equipment operations, confined spaces, and prevention of c injuries g from falls, electrocutions, and chemical exposures.

The OSHA Teen Workers page offers educational resources such as fact sheets on workplace rights and responsibilities, hazards on the job, ways to prevent injuries, work hours, job restrictions, etc.

Letting teenage workers know about these resources can benefit them – and their employers. What’s not to like?

If you think of your business as a safe place, think again. Security experts recommend taking these precautions:

1. Parking Lot Security/Lighting. Because crime flourishes in the dark, implement a “buddy system” to ferry workers to and from cars. Limit parking lot access and keep the lots – and your entire facility, inside and out – well lit during non-business hours. Entrance Area Safety. Keep a receptionist on duty at all times. Provide a registration system for visitors (even if they’re dressed as service personnel). Have locks on doors and windows. Use badge or other photo ID systems, with frequent checks of entry codes. Never let employees prop open an outside door with a chair so it doesn’t lock behind them during a break.
2. Suspicious Activity. Urge employees to report anything suspicious around the building. Instead of allowing employees to open suspicious packages, give them to the authorities for search and disposal.
3. Information Safety. Because it’s increasingly easy for hackers or disgruntled employees to steal your organization’s vital data, use updated security software with regular backups. Shred paper documents containing critical information when they’re no longer needed.
4. Equipment Security. Inventory critical equipment, hardware, and software. This is especially important as electronic devices keep shrinking in size. An inventory will also make it easier for your insurance company to process any claims if anything “goes missing.”
5. Employee Valuables. Provide secure places, such as lockable drawers and closets, for employee property. Valuables, especially those that reveal personal information, should be locked away during meetings or breaks.
6. Safety Team. Have a group of managers and employees meet regularly with a set agenda.

To learn more, feel free to get in touch with our Risk Management specialists at any time.

“Contingent workers” {part-time, temporary, or contract employees) face a high risk of occupational injuries and illness. According to the National Institute for Occupational Safety & Health, reasons include the tendency to outsource more hazardous jobs, worker lack of experience and familiarity with operations in a new workplace, inadequate protective equipment, and limited access to such preventive measures as medical screening programs.

Even though the safety of contract workers is the legal responsibility of the contractor, the OSHA General Duty Clause makes you responsible for protecting everyone in your workplace. To meet this obligation, and bolster workplace safety compliance, we’d recommend these guidelines:

1. Make sure that the contractor agrees to comply with OSHA requirements. If the contractor doesn’t follow safety rules, force compliance or stop work for breach of contract.
2. Set safety compliance ground rules up front.
3. Share accountability for safety compliance with the contractor. Although you might not be legally responsible for an accident caused by a contract employee, it’s still your problem.
4. Offer assistance. Explain hazardous conditions or processes during project orientation and stress any rules and restrictions, such as hot-work permit requirements, lockout/tagout, and confined spaces situations and needs.
5. Document communications with contractors. Have them sign an agreement for resolving specific safety problems or for conducting inspections.
6. Read the OSHA Multi-Employer Citation Policy compliance directive (CPL 02-00-124), which applies to contractors on your work site.

Finally, the fact that most contingent workers will only be in your workplace for a short time adds to the urgency of getting them up to speed on company safety policies ASAP.

For more information on keeping contingent workers safe in your workplace, please feel free to get in touch with us.

If a catastrophe struck your business, who would provide such critical services as site clean-up, emergency power supplies, off-site redundant data storage, and alternative communication systems until you can get up and running again?

In this situation, having agreements in advance with restoration companies and other service providers can save you time, money, and headaches.

Although most companies recognize that such prearrangements can play a critical role in emergency crisis management planning, few take steps to develop specific relationships with their disaster service providers.

That can be an expensive mistake, says Michelle Cross, Boston-based National Practice Leader for Business Continuity at Wells Fargo Insurance Services USA. She points out that, “for any service provider to really provide quality, top-level, appropriate service, they have to know about your company, what you need, and what hazards you have on site.”

Pre-planning can also reduce Business Interruption deduction and claims significantly by shortening downtime to services and operations after a disaster, notes Dave Boyle, head of Property Claims for Zurich North America (Schaumburg, IL).

A case in point: Starwood Hotels & Resorts Worldwide uses pre-arranged recovery agreements because many of its properties are in locations at risk for natural disaster. When Hurricane Katrina struck, the Starwood Sheraton was the only hotel in New Orleans that remained open during and after the megastorm. Says Stephen Truono, the company’s Vice President of Global Risk Management and Insurance: “It’s about having a plan, practicing that plan, and engaging the necessary critical vendors, such as providers of power, plywood, diesel oil and potable water.”

Prearranged provider agreements are inexpensive and usually do not involve a fee until the time of service.

What’s not to like?