Theft, corruption, embezzlement and general “occupational frauds” are rampant the world over. In Australia, fraud costs business and government a mind-bending $5.8 billion each year, making fraud responsible for one-third of the nation’s overall crime costs.
The Association of Certified Fraud Examiners (ACFE)’s Report to the Nations on Occupational Fraud and Abuse 2014 reports that the average organisation loses as much as 5% of their revenue to fraud translating to a projected global cost of nearly $3.7 trillion. With impacted Asia-Pacific businesses losing a median of $250,000, it’s clear to see why the ACFE warns that small-to-medium businesses often feel the blow the hardest.
Despite the financial fallouts, businesses continue to overlook effective anti-fraud controls. Only 35% of organisations surveyed who suffered losses from internal fraud were using proactive data monitoring and analysis. Those that did have protective measures in place found that frauds committed were 60% less costly and 50% shortened in duration. A big component of limiting the threat fraud will have to your business comes about by enhancing the perception of detection.
Security-risk management and the perception of detection
Your staff are your number one asset. They’re also potentially your biggest liability. As trusted members of your organisation, your business’ security shortcomings are revealed to them on a day-to-day basis. Having a security-risk management plan and effective security controls in place is your only option to creating a workplace that’s based on an ecology of ethical behaviour. Your staff need to know how to interact with one another, with senior management, external parties and the physical and digital boundaries of your business whenever a red flag moment happens. Failure to do so gives potential fraudsters the momentum to act and to keep on committing fraud knowing their actions go undetected.
A well-rounded security plan
The management plan to effective workplace security may be the road less travelled but it’s not exactly virgin terrain. Security businesses, whose job is to protect your job, should be working alongside your organisation’s internal departments to assist in building the right occupational fraud strategy for you.
Daniel Lewkovitz from Australian security provider Calamity says he would usually get the ball rolling through a frank discussion with key stakeholders including owners, managers, line-staff and security personnel. During these initial discussions security consultants are reviewing past security issues and the current threats towards the business based on previous experience with similar business types.
This could be anything from cash skimming at the till or larceny in the shipping yard to employee insurance fraud or upper-management corruption – the shape and scale of crime is crafted by a concoction of business type, opportunity, and a person/s willingness to do something shady. Occupational fraud doesn’t discriminate. That said, risk mitigation doesn’t have to be hysterical either.
It’s important any strategy doesn’t just work within a business’ budget, but actually works for its bottom line. For example, if the potential loss to a company is $5,000 a year then a security strategy worth $20,000 isn’t feasible. But if a $20,000 spend will reduce loss by $100,000 then we’re talking about a security system actively increasing end-of-year profits.
Additionally, the kind of security blueprint best for your business needs to be strategised. Wanton spending of time and money doesn’t do anyone any favours. You may need to invest in both CCTV and a financial forensics team to best protect your business. Your neighbour may need POS (point of sale) software partnered with remote monitoring of the loading docks after hours. There’s no one-size-fits-all solution.
Good security is about stopping tomorrow’s loss. Bad security is about stopping yesterday’s.
“Businesses that are proactive about their risk management typically enjoy fewer incidents, lower insurance premiums, less claims and higher levels of staff happiness,” said Lewkovitz.
And surveillance in the workplace, both online and off, isn’t exactly something Australians are shirking away from, with the Unisys Security Index bi-annual survey of customer opinion showing that 55% of Australians are for increased monitoring of workplace internet usage. Regarding the survey’s results, Head of Communications for Unisys, Claire Hosegood, said “it appears that while people may not be wild about the idea, they tolerate and understand the right of an employer to know how their equipment is being used.”
Despite this, surveillance in the workplace remains a topic of some trepidation for employers and employees alike. However, confusion around the legal framework of the NSW Workplace Surveillance Act (WSA) 2005, could be somewhat responsible for the fuss.
NSW privacy lawyer, Alex Butterworth, said that “surveillance under the WSA includes monitoring emails, GPS tracking vehicles, screen capture technology, mouse monitoring software and video recording.” However he’s quick to note that employers need to give staff 14 days notice before beginning surveillance including details of what will be tracked and why. “This notice must include details such as when the surveillance will be in operation (e.g. two weeks, ongoing etc.)…[and] what information will be used for,” said Butterworth.
Butterworth added that “for employers, the biggest issue is that they aren’t even aware these rules exist. Most employers just do things not realising that there are laws which protect employees from surveillance. Sometimes this is because they are an interstate based company operating in NSW, so their legal advisors are in Melbourne or Brisbane and aren’t aware of the laws, or they might be global companies with lawyers based overseas.”
Essentially, it comes down to creating a space of mutual respect and trust between employers and employees––at all levels. And that’s resolved by following the law and having a concise security-risk policy in place clearly communicating to all present and new employees the level of security you have in operation. Embracing the positives that an effective security system has on everyone rather than just focusing on the way it prevents profit losses is the best way to do this.
For Lewkovitz it’s important that CCTV is seen as beneficial to everyone on the ground. “I would argue that cameras protect employees as much as employers and customers. Whilst cameras typically prove someone did something, they can also disprove it––which can assist in protecting employees who are falsely accused of something they didn’t commit,” he said.
“By way of example we recently had an enquiry from a restaurant where staff were upset at their tip jar constantly being emptied by thieving customers. Although the money itself was relatively small, the employer put in a quite expensive CCTV system and the staff have been delighted about it.”
When fraud is captured on tape – proving theft beyond reasonable doubt
According to the ACFE, the vast majority of occupational fraudsters are first-time offenders. Only 5% had been previously convicted of fraud-related offences prior to committing a crime. So while background checks may be beneficial in ruling out some bad applicants, they’re not an ideal way to predict future fraudulent behaviour.
Known workplace surveillance will typically inhibit most employees from attempting fraudulent activity. However, if an employee is caught stealing or behaving fraudulently, it’s important employers can prove it beyond a reasonable doubt.
This is why the quality of camera deployment is critical; otherwise the cost of defending an unfair dismissal could outweigh the lost items. Lewkovitz says that recovered footage is “essential.”
Camera system maintenance is key to ensuring evidence-quality recordings that can help assist your legal team in a criminal proceeding. “There’s no point if a camera, DVR or recording device has failed due to poor maintenance,” said Lewkovitz. “Something as simple as failing to clean a lens every few months can effectively write-off a system worth hundreds of thousands of dollars. Our smarter customers recognise the need to make allowance for ongoing maintenance in order to protect their initial capital outlay on security”.
Easing employee fears and cultivating a profit environment
Workplace security should never rouse feelings of fear from your employees. “Employees won’t accept surveillance if they don’t also get to know what management are up to,” said Butterworth. “If management are open and honest, employees will feel like it’s a two way street.”
Primarily, it’s about always having the bigger picture in mind and avoiding micro-security.
Butterworth suggests employers avoid tracking employees for “little things like using Facebook at work… If the surveillance information is only being used for serious matters (like fraud and theft), employees won’t be as worried about it.”
For Lewkovitz, security needs to be seen as a tool capable of protecting both people and the bottom-line. “Business loss hurts everyone,” said Lewkovitz. “Security, on the other hand, only hurts those who are trying to damage your business.”
“Security is multi-beneficial,” said Lewkovitz. “One of my biggest joys is showing companies how security isn’t a merely another cost-centre and can actually be a powerful business tool that helps them grow.”
Although careful not to divulge client details, Lewkovitz gave some examples. Alarm and access systems can track employee and customer movement to better manage trading hours. Cameras can help retailers garner data on customer behaviour through heat-mapping (showing where customers tend to congregate allowing retailers to position their higher margin merchandise in high-traffic areas), queue management and people-counting.
These benefits help companies to make money. And of course they provide security protection.
He also mentioned Calamity looks after security at hundreds of 24hr gyms and is helping a growing number of businesses switch to this 24hr model––substantially increasing their revenue opportunity in a safety-conscious manner. “Although the hardware and tools are identical, it is not something one typically imagines when thinking about security,” said Lewkovitz.
“The look on their face from realising that the money they thought they were about to throw away on security, will actually pay itself back in a year is awesome.”