Dierckx & Associates

Risk Management, Legal & Financial Investigations, Forensic Services, Christchurch New Zealand

Heeding Lessons from Economic Downturn, Majority of Corporate Executives Report Need to Overhaul their Approach to Risk-Management, Accenture Study Finds

		Monday, 27 July 09 - 05:55 AM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

 06 July 2009
Heeding Lessons from Economic Downturn, Majority of Corporate Executives Report Need to Overhaul their Approach to Risk-Management, Accenture Study Finds

NEW YORK; July 6, 2009 – The vast majority (85 percent) of corporate executives say they need to overhaul their approach to risk-management if the lessons of the economic crisis are to be used to improve business results, according to results of an Accenture (NYSE: ACN) study released today.  

Accenture’s 2009 Global Risk Management Study, based on a survey of 260 chief financial officers, chief risk officers and other executives with risk-management responsibilities at large companies in 21 countries, also found that 40 percent of respondents said that their companies already have increased or will increase their investments in broader risk-management capabilities in the next six months.  Nearly another third (31 percent) of respondents said their companies are currently considering increasing their future investment in risk management capabilities. 

Read the whole story at: http://newsroom.accenture.com/article_display.cfm?article_id=4848#

Recruitment Risk Reduction tips

		Thursday, 16 October 08 - 01:37 AM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

When recruiters/head hunters, managers or HR professionals are in need to fill a position, they should look for more than just a proper skill set, experience or a good fit for team or company. They should also consider whether or not there are or may be reasons for not contracting a specific applicant. 

It is estimated that around 10% (US) of applicants have criminal convictions. A considerable amount of resumes contain serious falsehoods or omissions. Diplomas and certificates can  be bought at a reasonable price by those that want to beef up their academic achievements. It is therefore important to avoid costly mistakes and that appropriate measures are taken to reduce the risk associated with recruitment/hiring new employees. Especially in tighter markets where there is a shortage of skills, the need for proper hiring procedures may be overlooked or neglected.

At all times however, you will want to find a balance between required controls and attracting applicants. Employers, should use evaluation tools.  We do encourage you to contact us about our Triple R program (Recruitment Risk Reduction Program): a programmatic approach embedded in the organization's policies and procedures is the preferred choice.  For the purpose of this article however, and realizing that such a programmatic approach is not always realized, here are some tips that can be used immediately, at no cost, and that will assist you in better informed decisions and will hopefully reduce your recruitment risks. It is a well known idea that even the best fraud controls will not do their job if you hire dishonest employees. While it may not always be possible to predict the future and while it is believed that everyone deserves a second chance, we also promote that you can only make a good decision in these matters if you are well informed. I speak from experience when I say that I have often ended up being involved in cases where the sign were all over the wall if someone had only taken the trouble of a proper evaluation of the information provided by candidates. Ok, enough now, here are some tips that may assist you in making better informed decisions.

1. First determine what the actual needs of the organization are and whether or not these needs may be addressed internally. Consider recruiting internally first. 
2. If at all possible use pre-formatted application forms and include any documents or authorization forms that you may require. This ensures that you stay in control of the information you require from each applicant and forces to sit down and document your requirements.
3. Have each job applicant sign a consent form for a background check, including a check for criminal records, past employment, financial information and education. Announcing upfront that your firm checks applicants’ backgrounds may discourage applicants with something to hide, and encourage applicants to be truthful and honest about mistakes they have made in the past.
4. In addition to an actual check, ask whether or not an applicant has been convicted for criminal offenses in the broadest possible terms allowed by law. Laws may differ considerably so  ask your lawyer or HR professional where the boundaries are.
5. Towards the end of an interview, advise applicants that the firm performs a criminal background and reference check as a standard business practice.
6. Ask the applicant if he or she has any concerns to share. Good applicants will usually pay no heed to the question. Applicants with a problematic background may either reveal relevant background information or withdraw their application.
7. You could ask applicants during an interview what they think a former employer might say about them. For example, "If we were to contact past employers, how would they describe your performance, work style?" Since the applicant has signed an authorization and has been advised that such checks may occur, the applicant may be more motivated to reveal information about past jobs.
8. Make sure that the applicants are advised in clear terms that any false or misleading statements or material omissions are grounds to terminate the hiring process or employment, regardless of when discovered.
9. Should employment commence before the completion of a background check: make sure that any agreement states in writing that employment is conditional upon a background report that is satisfactory to the employer.
10. Verifying past employment is often a neglected but very important tool for an employer. Generally speaking, past job performance can be a predictor of future success and offers you an opportunity to test whether or not there may be issues as to how the applicant may fit in.
    
11. Verification of dates of employment and job title are critical because an employer: there may be hidden and unexplained gaps in the employment history to should be discussed or may raise concern. There may be many reasons for a gap in employment.
12. When you are provided contact details of referees from past employers or otherwise, always use the general number of the organization as opposed to any private number or DDI provided. Ill-willed applicants may have made arangments with friends or family.
13. Gaps in employment histories should at all times be discussed. There may be a thousand very valid reasons for these gaps, however if an applicant cannot account for them that could be a red flag. Where in doubt, consider ways to corroborate the explanations provided by the applicant.  
14. Ask for previous addresses, and likewise, if an applicant cannot account for them that may be another red flag. In some jurisdictions (for instance US) previous addresses are paramount to efficiently and effectively perform adequate criminal background checks due to the way the system is set up.
15. Obtain a listing of all past addresses for five to ten years.
16. Advise applicants that besides pre-employment screenings, employment screenings may be performed for specific reasons for instance if a future investigation is required.
17. Since you already obtained the authorization, do actually check for criminal records. There are services providers that can assist in this, as well as obtain financial and other background information.
18. Finally, documenting an attempt to obtain references can demonstrate due diligence and may be seen as an expression of how serious you take your company and its employees, the applicant included. They are after all your most important asset.
    

While these short tips may address some of the most pregnant issues regularly overlooked, Dierckx & Associates promotes you to have a comprehensive program in place. It does not need to be expensive and it does not necessarily mean going overboard. Your employees are one of the most important assets of your organizations: treat them like that, which starts by due care in hiring decisions. In some jurisdictions, this extra care is also required because of the potential of claims on the basis of 'negligent hiring' or because you may be on the receiving end of a claim based on for instance discrimination.

Dierckx & Associates in conjunction with its invovement in the Arcis Group, have developed a comprehensive program especially aimed at SME. Call us for more information.

Identity Theft gets Organized: SME's Beware

		Monday, 04 August 08 - 01:29 AM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

I came across this interesting article which is something we all may want to consider, especially SME's. Besides checking your companies office/house records, make sure you regularly get a credit report for your business and yourself.

Source: http://business.timesonline.co.uk/tol/business/entrepreneur/article4417605.ece

Organised criminals are now turning their attention from the well-documented personal identity theft to the corporate market

The Guide to Occupational Fraud And Abuse: 001 Introduction

		Monday, 26 November 07 - 09:26 PM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

This post is the first introduction in a new series of articles that will be published under the heading the Occupational Fraud Guide: a longer series of articles that, when taken together can serve as a guide to prevent, detect and deal  with occupational fraud and abuse in your organisation.

Although I believe that this series of articles will provide a good starting point, they are not meant as a substitute for expert advise. At all times it is recommended that expert advise is sought when designing and implementing an anti-fraud strategy, to ensure that it is based on the right triggers and embedded in the culture and nature of your organisation and organisational purposes, mission , vision, values. An anti-fraud initiative will not work if it is not properly embedded within your organisation.

Introduction

Regardless of the size of your organisation, it will be vulnerable of occupational fraud. Experience and external studies show that fraud in the workplace can happen to any organisation to a smaller or larger extent. In addition to this figures appear to indicate that occupational fraud and abuse is on the rise.

The frauds themselves can take many forms: theft of inventory, cash theft, expense frauds, corruptive purchases, statement fraud, abuse of internet and email facilities to name just a very few. Additionally the experience seems to learn that in many cases these frauds go undetected for longer periods and with that the damages run up quickly and chances of a successful recovery of these damages dramatically decrease.

All in all a good reason to consider fraud as part of your points of attention.

Experts agree that the best way top deal with fraud is to prevent it. However at the same time they agree that there is no such thing as a 100% fraud proof organisation.

Losses Are More Than Just Financial

Whilst the losses considered to be associated with fraud are usually just the financial losses, it is important to realise that occupational fraud and abuse can lead to damages that well extend just the financial ones. Whilst financial damages can be either covered through insurance or litigation (in whole or in part) there are other damages that you may need to think  about before you decide  that "it is not happening in my organisation so why care"

Some of the less obvious and non financial losses associated with fraud are:

• adverse publicity
• damage to reputation (and not just due to publicity)
• disruption of operations
• time spent in court or otherwise to deal with the fraud ( for instance with law enforcement)
  
• damage to the trust between employees who are oftentimes devastated when they find out that the persona at the next desk has been defrauding the company for longer periods of time
• emotional damages from finding out that your colleague and friend was a fraudster (who can you still trust)
• manipulated books that need to be gotten back in order
• damaged relationships with suppliers and clients
• increased fraud insurance premiums after claims
• a downward spiral in the ethical culture of your company ( this is especially prevalent where thefts lead to others picking up the same habit because they think they apparently can get away with it)
• loss of trust from share holders

The Need for Fraud Adequate Fraud Risk Management
While there is no such thing as a 100% fraud resistant organisation, there are most certainly ways to decrease the chances that fraud will occur in your organisation: consistent aplication of implemented risk management practices can and will decrease or even minimize the chances that occupational fraud and abuse will occur.

It all starts with understanding what is going on and subsequently taking adequate measures that fit in within the organisational structure and culture. It further starts with being able to adequately assess you fraud risks and top prevent poring money and energy in those areas that are (for the time being) may very well be not where your risks are.

In this series of articles we will explore the various types of fraud that can occur in an organisation and how they can be detected and prevented. Prevented is to be seen here as taking away as much of the opportunities as possible to commit such frauds and addressing where possible and required other elements of fraud which will be discussed later on.

Establishing  an anti-fraud and abuse strategy and implementing effective fraud controls, detection mechanisms and prevention strategies is of paramount importance for any organisation from a viewpoint of cost, culture, reputation, operational effectiveness and efficiency.

Some General Notions

• Occupational fraud and abuse is a common and everyday occurrence
• Occupational fraud and abuse can have a significant and even detrimental impact on the bottom line of a business
• The diversity of forms and methods and the often deceptive and concealed nature of occupational fraud and abuse make them harder to detect
• Appropriate responses require a sound understanding of your risks, recognizing the signs, understanding and on the basis of this understanding where to look for the threats
• Effective strategies focus not just on detection., they focus on prevention , detection, response and resolution.
  

Fraud: a Description
For the purpose of this series of articles occupational fraud and abuse are defined as the deliberate misuse or misapplication of the assets of an organisation in the course of one functioning within that organisation.

This definition covers a necessarily wide range of different behaviors by employees, principals, executives, and sometimes even board members.The behavior can range from simple cash or stock thefts to complex fraudulent schemes.

In the coming articles we will deal with the elements of fraud, general notions of dealing with fraud (risk) and subsequently  we will look at the various most common types of fraud, how they are committed and how they can be prevented and detected and investigated and resolved.

At the end of this series you should have a thorough understanding of the basics and able to make a good start at preventing, detecting, (preliminary) investigating and resolving fraud. In the meantime should you have any questions do not hesitate to contact me. Later on in this series I will open a specific forum where you can leave questions and have them answered not just by me but other readers as well.

The Fraud Iceberg
There are many ways to classify frauds.One way to doing that is by presenting fraud as an iceberg.

In this model which most likely refers to the actual situation regarding fraud, there are three types fraud situations:

• fraud that has so far gone undetected
• fraud that has actually been identified as a potential fraud but still needs further action
• frauds that have been identified and resolved

While this does not paint a pretty picture, overall this is the reality when it comes to fraud. Not only is it a common occurrence; most times frauds go undetected.

Are Some Organisations More Vulnerable than Others?
A question one might ask is whether or not there are organisations that are more vulnerable to occupational fraud and abuse than others. Some think that having the largest amount of controls is the way to prevent fraud. Whilst controls are very important it has been my experience that it is not so much a matter of creating the highest level of controls but finding the right balance.

Organisations that have the highest levels of control or even go overboard on that do not necessarily experience less fraud. They do experience the added burden of higher costs that come with these overboard controls.

Controls must be adequate, meaning that they accomplish the actual goal of control: a cost-efficient protection against loss, damage, destruction or abuse.

A balanced perspective on controls weighs the organisational costs  and benefits  against the risks and threats as well as  the organisational structure and culture.

Fraud and fraud risks apear to be most prevalent in organisations that:

• have no controls, to much controls or inadequate controls
• no or low levels of trust
• a lack or or minimal ethical standards (values)
• no or low profits
• a grim outlook on the future or no viable future
  

Why People Commit Fraud
In my past years of being involved in investigating fraud and abuse, I have had a chance to talk to many identified fraudsters and abusers. Whilst the what question is of course very important, I think the why questions is often times just as revealing and helps in getting a broader perspective into the rationale of fraudsters. Some of the reasons why people committed their frauds that were brought forward are:

• I never thought I would be caught
• It was so easy
• I needed the money badly to pay for:
• maintenance of my lifestyle
• drugs
• gambling debts
  
• normal household costs
• Christmas presents
• I have been passed so many times when it comes to promotion that it was time it was my turn
• I hate my job here, it's boring and not challenging, the frauds gave me something challenging to do
• Everyone else is doing it, so why not me?
• The organisation is so big, and makes heaps of money, they won't notice it
• I got sick and tired of living on the edge of the cliff financially all these years, I was my turn for a change
• If the boss can do it and get away with it so can I
• I have been abused and undervalued for all these years, I thought screw them
• No one has ever been prosecuted, even if you are caught you still get away with it lightly
• Humans are weak, the flesh is weak, I am a human
• Many are doing it, no one ever gets caught
• I've been having financial problems for many years and needed some help, do you think they ever listened?
• I found out that they are in a way supporting Apartheid in South Africa, I am making a political stand here

As you can see there is a wide range of reasons and this is just a short list: the red threats however appear to be organisational control, organisational culture,  personal  reasons, a need for money. These reasons come back when we look at the three elements of fraud.

The Three Elements of Fraud: The Fraud Triangle
From the previous paragraph it transpired that there are a number of reasons why people commit fraud. There are however three elements that can and will be found in every single fraud case:

• Opportunity
• Perceived Pressure
• Rationalisation

These three elements are interrelated and always present in some way and to some extent. The list of reasons brought forward to commit fraud illustrate these elements since they refer to either opportunity, pressure or rationalisation.

These three element are presented in the so called Fraud Triangle, a presentation of the findings of Donald R. Cressey, a student of the well know criminologist Donald Sutherland..



Whilst this triangle was initially used to explain the phenomenon of fraud, this triangle has been used as a model by many professionals to think about fraud prevention.

The three elements work in a very similar way to what fire fighters are taught at firefighting school about fire. Fire has three elements, fuel, oxygen and heat. For a fire to occur all three elements need to be present and when brought together in the right mix a fire will occur. When one of these elements is taken out, there can be no fire. The more of one of these elements, the less is required of the others.

The three elements of fraud work very similar. The more opportunity the less pressure and rationalisation is needed. The higher the perceived pressure, the less opportunity and rationalisation is needed.

Perceived Pressure
There are basically three types of pressures that motivate people to commit fraud:

• Financial Pressures
• Vices
• Other Pressures

Financial pressures are considered to be the most important. The six most common financial pressures are:

• greed
• lifestyle issues
• high bills
• poor credit facilities
• personal financial losses
• unexpected financial needs

This list is not exhaustive and other financial pressures may very well be found. In addition to that they are not mutually exclusive so one or more may exist at the same time.

Vices

Other
Other pressures covers a wide range of options and are of a more psychological nature such a s peer pressure, marital pressure, pride, political idealism, religious idealism.

Rationalisation
Most fraudsters that are caught are first time offenders who would under normal circumstances not commit fraud. At some point however, the pressures and opportunity get up to a level that is compelling enough to consider committing or actually committing fraud. What is then needed is some form of a defense mechanism: a rationalisation. The rationalisations are defense mechanisms by which fraudsters conceal their true motivation and explain their actions and feelings in a way that is not threatening. It is a cognitive process in which the illegal behaviours are made to seem consistent with or based on reason.

Rationalisations help the fraudster to hide from the dishonest nature of their actions. Some of these rationalisations are:

• No one is victimised, fraud is a victimless offense
• It's for a good purpose or cause
• I deserve more than what I was getting
• Everyone else is doing it
• I paid my dues, now it is my time top get a fair share

Opportunity
In terms of developing an anti fraud strategy or program it is important to understand that opportunity is probably the most important aspect to focus on. The reason for that is simple: it is the area which lies most directly in the sphere of influence of the organisation. Together with appropriate levels of deterrence they form the primary foundation of any anti fraud program.

Opportunity arises where there is:

• A lack of controls or where controls to prevent or detect potential fraudulent activity are circumvented
• An inability to assess the quality of performance
  
• A lack of access to relevant information
• Ignorance, apathy, incapability and incapacity
• The absence of  adequate audit trails
• A failure to appropriately discipline identified fraudsters

An effective control structure is most likely the single most important feauture for any organisation that takes the possibility of fraud serious. The control structure consists of three components:

• the control environment: the organisational environment an organisation provides for its people
• the accounting system system
• an adequate internal control program.

These three elements will be discussed more in depth in the coming articles. If you have any questions or preferences right away, don't hesitate to leave a question by means of a comment or mail me or better yet, sign in and leave a question in the forum.

For those of you who'd like to read some more also see:

• Four out of five companies hit by fraud
• A Proactive Approach to Fraud and Theft
• Taking Risk Management Serious
• Think About Your Shrink

I hope to see you back again for the next part.

Four Out of Five Companies Hit By Fraud

		Wednesday, 03 October 07 - 10:39 PM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

Fraud is still a very current issue.

The recently released Kroll and Economist Intelligence Unit study "Annual Global Fraud Report" states that 80 percent of companies have experienced some form of fraud since 2004, and about 10 percent of large firms have lost over $100 million annually. In the health care and financial sectors, 20 percent of firms reported losing over $1 million to fraud.

Many of the losses stemmed from property or stock-related fraud. Other causes included self-dealing, information theft, financial mismanagement, and other incidents.

Thirty-two percent of executives surveyed indicated high employee turnover resulted in increased fraud exposure.Thirty-one percent reported complex technology arrangements as sources of fraud exposure.

To obtain a copy of the report go here.

A well worth read.

A Pro-active Approach to Occupational Fraud and Theft

		Friday, 25 May 07 - 02:50 PM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

Time and time again reports show thatwhen it comes to fraud, the greatest threat is not from outsiders but from insiders. Organizations can be proactive in detecting and preventing employee theft and fraud Below are some recommedations

LEAD BY EXAMPLE
Senior management and business owners set the example for the organisation’s employees. A non-consistent attitude toward rules and regulations by management will more than once be reflected in the attitude of employees. Every employee, regardless of their position, should be held accountable for their actions, so yes that includes top management.

And in all honesty, more than once we have found our initial client contact to be the involved party. It is often management that has the greatest access to fraudulent opportunities and it is more than once that same management that can get away with control overrides.

POSITIVE WORK ENVIRONMENT
Create a positive work environment that encourages employees to follow established policies and procedures and act in the best interests of the organization.

Fair employment practices, written position descriptions, clear organizational structures, comprehensive policies and procedures, open lines of communication between management and employees, and positive employee recognition will all work to reduce the likelihood internal fraud and theft.

I see the importance in my daily practice. Once fraud and/or theft is established and a  perpetrator has been identified, more than once the issue of feeling not-recognised is at least part of the motive for stepping accross the line.

INTERNAL CONTROLS- Internal controls are designed to ensure the effectiveness and efficiencies of operations, compliance with laws and regulations, safeguarding of assets, and accurate financial reporting (See for instance the COSO model).

The internal controls controls for safeguarding assets and financial reporting require policies and procedures that address amongst others:

• Separation of Duties
  No employee should be responsible for both the recording and processing a transaction. I am aware that In New Zealand with a substantial percentage of very small businesses this is sometimes hard. However there are always options and more than once overriding this basic procedure for the sake of practicability has been disasterous.
  
• Access Controls
  Access to physical and financial assets and information and accounting systems should be restricted to authorized employees and its use should be monitored on a regular basis.Start off with simple checks: just ask your employees out of the blue, I need the password of so and so who's not hewre today, can anyone help me? You'll be surprised, or check for the yellow post its on the bottom of the screen or the back of the computer.
  
  And where it comes to physical access: more than once actually today I could have nicked all the confidential assets of my client: the person I was supposed to meet was tucked away in the back of the building, the rest of the creqw was at a seminar, and me I walked aroud and saw computers standing open, no one to receive me at the door and access to all offices. Not good.
  
  
• Authorization Controls
  Policies and procedures addressing the controls to initiate, authorize, record, and review financial transactions.
  
  Internal controls will reduce the opportunity for fraud as a detterent factor and will enhance the efficiency and effectivity of your operations.
  

EMPLOYEE SELECTION
If you hire dishonest employees you run a risk. Honest employees are an asset to any organisation, even one with poor internal controls. However, a dishonest employee will ignore management’s attempts to provide a positive work environment and search for ways to defeat even the most comprehensive internal controls to commit fraud.

It is good to realise upfront that no internal control system is  100% fail safe.

Therefore it is very important to keep dishonest applicants from becoming an employee. A thorough pre-employment background check should include:

• Criminal history for crimes involving violence, theft, fraud, etc
• Civil history for lawsuits involving collections, restraining orders, fraud, etc
• A financial background check ( Baynet)
• Driver license for numerous or serious violations especially where drinving is part of the job
• Education verification to verify degrees from accredited institutions. By now I receive approximately 20 emails a day offering me different buyable degrees and certifications. You can no longer afford to be just impressed with what you see.A check is a  requirement.
  
• Employment verification to verify positions, length of employment, reason for leaving
  

EMPLOYEE EDUCATION
Employees should receive information on the policies and procedures related to fraud, the internal controls in place to prevent fraud, the organisation’s code of conduct and ethics policies, and how violations of these policies will be disciplined.

Every employee should sign a form to verify the receipt of this material. On a periodical basis it is recommended that employees receive training on these subject matters.

And before I forget: referring new employees to the companies intranet for further advice without providing them a full package is not a good option top keep them updated. They are an important asset, make education something personal.

REPORTING SYSTEM
If anything, more than once I encounter witnesses saying that they "had this feeling all along that something was not ok. But I didn't know where to go to to express my concerns and I didn't want that colleague to become a suspect for nothing"

Every organization should provide a confidential reporting system for employees, vendors, and customers to anonymously report any violations of policies and procedure and even concerns.

Employers should promote and encourage the use of the reporting system. Not just from a reactive point of view but also pro-actively. More than once vices are involved or  signs are visible at an early stage, bosses don't see, colleagues do: make sure they can communicate those concerns.

AUDITS/ASSESSMENTS
Random, unannounced financial audits and fraud assessments are important to identify new vulnerabilities and measure the effectiveness of the controls in place.

In addition to gathering important business intelligence through audits and assessments; it will deliver a strong message to employees that a pro-active stance in respect of fraud is a priority 

INCIDENT INVESTIGATION
A thorough and prompt investigation of policy and procedure violations, allegations of fraud, or the warning signs of fraud will provide management with the facts necessary to make informed decisions and reduce losses.

And again it send a strong message to the internal organisation that these things are taken seriously.

APPROPRIATE PUNISHMENT
Employees who are identified as committing fraud and theft should receive approriate punbsihment for their misdeeds. A failure to do so leaves an impression that the only risk for this conduct is termination. At all times it is recommeded that recovery of danages including the costs of investigation, litigation or prosecution is sought.

Taking Risk Management Serious: A great Resource

		Sunday, 29 April 07 - 03:58 AM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

Risk Management should be part of any organisation that takes itself serious. Having an excellent Risk Management program in place is by now not only an essential part ofbeuing a successful business, more than once it is a requirement to survive survival and in many instances part of the legal compliance framework of the organisation.

ERM is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events, that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Having worked for PricewaterhouseCoopers, it was inevitable that at one point I would be introduced into the COSO model. The "Enterprise Risk Management - Integrated Framework", also "COSO-ERM", is an Enterprise Risk Management Framework designed in 2004 by the Committee of Sponsoring Organisations or COSO.

Think About Your Shrink

		Monday, 05 March 07 - 11:13 AM (GMT) By John ML Dierckx in Fraud Prevention / Risk Management

From the schedule it transpires that internal or external theft only make up for part of the potential causes of loss.

Procedural Causes

Under the heading procedural causes, 4 separate categories appear:

• Audit Procedures
• Check Out/ Invoice Procedures
• Product Movements
• Data Entry

Audit Procedures relates to errors that could occur during the audit: erroneous stock counts, or overlooked items. Erroneous stock counts could involve, entering 6 packs as 12 packs, or where items are spread all over the storage sometimes items are overlooked.   

Check Out/Invoice Procedures are a potential cause of shrinkage where errors occur at the point of sales that lead to inconsistencies in the theoretical position of the stock compared to the physical position. This could be the result of entering the wrong product code at check out, entering an item once while multiple entities are bought or different varieties (with different prices), promotional free products are not scanned or accounted for at point of sale ( we all know the buy one, get one free promotions), overlooked items (ever came to your car with your groceries to find an item that had not been scanned or paid for?), or miscellaneous or no description codes (you get to the cash register and the item just doesn’t scan, typing ion the bar code does not work, an open code is entered with the price information).

Movement Procedures are related to movements of product within the business, for instance from delivery bay to storage or from storage to shop or client. Also mistakes in the return of goods could fall within this category. Most of the errors that transpire from the movement procedures are those that result in incorrect, incomplete or untimely registrations.

Data Entry, can cause shrinkage where items are incorrectly entered: for instance where stores or clients actually receive less or more that what the accounts and subsequent forms specify, especially where the recipient receives more than specified and paid for there is a good chance that you will never hear from that relation. Items could also be connected incorrectly with the stock database, such as promotional items which are incorrectly linked with the items in the general range of products, or even products that are registered in the stock administration systems whilst never received.

Physical Losses

Physical losses relate to the actual loss of goods within an organisation. We identified four major groups of causes:

·         Damage

·         Waste/Fall Out or Spoilage

·         Internal Theft

·         External Theft

 

Damage, relates to goods that have been damaged during any one of the business processes: delivery, storage, merchandising. As a result of that these goods can not be sold any more.

Waste/Fall Out/Spoilage relates to products that are of no further value after production, because they are over date and no longer safe to sell or that have been spoiled or spilled during the business processes. On more than one occasion we have seen that actual waste levels exceeded the theoretical one, leading to unexpected shortages in certain production lines. We could also think of for instance the calculated losses of certain products and consumer goods that are of limited durability such as fish, meat and vegetables, meals, diary products, bread, frozen food and flowers.

Internal Theft/Fraud covers known incidents of loss of shrinkage whereby staff members illegally took away products or goods or misappropriated those goods in a way that makes it impossible to resell them. These thefts turn into fraud when they involve manipulation of the accounts or other registrations to prevent detection.
External Theft/Fraud covers incidents of theft by non staff members recorded by the company. This covers a wide range of illegal activities ranging from shoplifting to plain theft and burglary.

It is noted here that it is not always easy to distinguish between internal and external theft and fraud, collusion is possible and besides that it is a matter of opinion whether certain thefts or frauds should be classified as cash thefts or theft of products or a combination of both.

Variations in Value

This category refers to causes of shrinkage where the planned return on the products is not realised.

Discounts/Price Reductions refers to those goods that are sold below their planned sales price, for instance because they are very near their sell by date. We all know the $10.00 value packs of meat from the supermarket. Usually the meat has to be consumed (or frozen) the same day or the day after. Or clothing near the end of the season, with the new clothing trampling in storage eager to be put on display, computers is another example, very often the “best deals” come just before a new range is coming on the market. In general these discounts relate to a pressure of the business owner to get rid of parts of the stock against a reduced price.

Pricing errors relate to goods in stock going on display and the wrong price is put on them by staff, resulting in inconsistencies between the planned sales price and the actual return from sales. It could also be the result of mistakes made at the cash register. This is why registers with a scanner are so common nowadays. It speeds up the process and in large part eliminates the chances that pricing errors occur.

Missed claims are failure to claim refunds or rebates on items returned back to the supplier. A well know example is the return of newspapers within a certain timeframe. (Ever seen someone at your store cut out those heads of magazines and newspapers (or the barcodes? Well now you know why, that is what needs to be returned).

Losses Unaccounted For

Unaccounted for losses are those losses of physical product or value of those products that can not be explained by either one of the previously outlined causes: there is a loss but we do not know how this happened. It will be clear that we should keep the percentage of unaccounted for losses to a minimum. Studies show that the larger part of shrinkage is due to unknown causes.

Cash Losses

As a separate category under the heading total losses, cash losses are listed.

Error relates to honest mistakes in the process of counting, auditing and movements of cash within an organisation.

Again we have a category of unaccounted for losses, which covers all losses of cash for which no apparent cause can be determined.

Internal Cash Theft/Fraud relates to all misappropriations by staff members resulting in a loss of cash. It covers the area of physical theft of cash from for instance the cash register. External cash theft relates to cash that has been stolen by non-employees and can range from register snatches to robbery.

Now Why This Long Story? 

So where does this all lead to one might ask by now. Well I hope that with this model in mind organisations that see them selves confronted with the problem of shrinkage will realise that:

• Shrinkage is not necessarily the result of thieving and plundering staff or members of the public
• Managing shrinkage takes more than just placing security equipment: an in depth organisation wide approach
• A standardised approach of data gathering is made possible by applying such a model which in turn when applied industry wide could result in valuable benchmarking data and standards of performance. Discuss this with your industry relations.
• The outlined approach should enable organisations to identify the true causes of the shrinkage and can in that respect contribute to more informed investments that actually address the causes of the shrinkage. It can not be ruled out that to date a substantial part of the shrinkage has been addressed with solutions that are based on guesswork and self interest.

 

A holistic approach such as outlined above makes measurement and detailed analysis the priority and opens up a path towards true understanding of your shrinkage problem and most importantly it highlights that malicious causes are only part of the potential causes. This approach makes it possible to address the issue proactive instead of reactive, which is to date most often the case. It further emphasises that addressing shrinkage is more than just catching thieves which is only one of the potential causes and solutions to the problem.

I am not trying to say here  that security is not a valuable investment: far from that.  What I do like to say though is that investments in security and staff do not come cheap.

Make sure that  you invest your funds in something that  adresses your  interests  and not those of your security supplier.
 

... More items are available in our News Archive