Cyber Attack Still the Top Business Threat

toronto-private-investigator

The previous year marked a lot of changes in the world of business security, but one disturbing fact is that cyber attacks and breach of data are still the top business continuity threats for the second year and possibly for 2016 as well.

10 Top Business Continuity Threats for 2015

A new online global survey, the 5th annual BCI Horizon Scan report published by the BSI (British Standards Institution) and BCI (Business Continuity Institute) places data breach and cyber attack as numbers 2 and 1 in the list of top perceived business continuity threats as identified by business continuity managers from 74 countries and 568 different organizations.

85% of the respondents cited the possibility of a cyber attack as a business threat, making it the top threat for the 2nd year. The research data also shows that cyber attack is the top concern for 6 of the 8 surveyed regions. As for data breach being a threat, it was cited by 80% of the respondents; placing it a place above its previous spot in the survey.

Below are the rest of the Top Business Continuity Threats for 2015:

  • Unplanned IT and telecom outages (moved down a spot)
  • Act of terrorism (moved up 5 spots)
  • Security incident (went up 1 place)
  • Interruption to utility supply (down 2 notches)
  • Supply chain disruption (moved down 2 spots)
  • Adverse weather (went down a notch)
  • Availability of key skills (new threat for 2015)
  • Healthy and safety incident (new entry for 2015)

BCI Horizon Scan 2016

BCI and BSI reports that 47% of survey participants identified the increasing complexity of supply chain as a trend, a possible factor for disrupting business operations in event of a natural disaster or a man-made conflict. Survey respondents also brought up the availability of key skills and talent as a threat, with 34% reporting that they are ‘concerned’ about it and 13% saying that they are ‘extremely concerned’ about the threat.

Other notable data are:

  • 83% of respondents says that the use of the Internet for malicious attacks is a concern.
  • 70% use long term trend analysis to understand and assess threats, down from the previous year’s 73%
  • 33% of those using trend analysis state that they do not use data to inform their management programs for business continuity.
  • 94% of Canadian organizations use trend analysis and only 29% of organizations in Latin America and the Caribbean does the same.

BCI chairman David James-Brown suggests that there is a need to identify and build resilience against the range of threats in the report. He further states that advising organizations on what to prepare for so that they can adjust their business recovery plans is crucial, especially that modern and traditional challenges are always changing. He further states that at this time, horizon scanning techniques are more valuable to assist organizations to be as prepared as they can be in the face of new threats and rising old ones.

BSI chief executive Howard Kerr says that the fact that businesses are still not using the available information to them for identifying and addressing their organization’s weaknesses is concerning. He adds that businesses should see to it that their businesses are thriving and not merely surviving in the face of the current business continuity threats and that there is opportunity to be had amongst all the risk.

Need assistance in identifying and managing your business continuity threats? Contact the best private investigators in Toronto for an obligation-free initial consultation today!

Economic Espionage – An Eye Opener

white-collar-fraud

Economic espionage, two words that you won’t be expecting may be closer to home than you’d ever imagine. Sure you may have heard of it, but it does sound like something out of an action movie involving spies and secret agents doesn’t it? That’s where you are wrong. Today, economic espionage is a real threat that can target anyone. If your business is in an industry where protecting your intellectual property is key to success, then you are a target!

What is Economic Sabotage?

Trade secrets are every company’s most precious possession. It is what makes a business successful compared to the competition. Economic espionage occurs when these trade secrets are stolen or are knowingly misappropriated for the economic benefit of whoever else except the trade secret’s owner. Another definition is when a foreign agent, foreign government, or foreign instrumentality benefits from stealing the trade secret.

Cases of economic espionage that are involving a foreign government are very difficult to prove. No foreign country would admit to sending agents to steal business secrets from another country and oftentimes, this results to cases ending up as a case of theft of trade secrets.

Our neighbour, the USA launched a nationwide awareness campaign courtesy of the FBI following cases of a nearly successful economic espionage attempts.

The U.S. Situation

It is no secret that industries in the U.S. spend a good deal of money on product research and development compared to other countries in the world. Companies spare no resources and effort to come up with a truly unique process or product that can give them an edge in business. This is why it is such a blow when years of hard work gets stolen and is used to benefit a foreign country. The damages are catastrophic! Not only is there a loss of revenue, but there’s also loss of employment, lost investment, damaged reputation, interruption of production, and ultimately can lead to a company going out of business. For businesses with a huge operation, sometimes supporting and providing an entire community with livelihood, this loss can have a significant impact on the local and national economy!

The American economy loses billions of dollars annually to this national security risk. Theft attempts are becoming increasingly daring, with foreign competitors and adversaries using people posing as foreign investors, researchers, and head hunters to get what they want.

If you have time, you might want to take a look at FBI’s short film The Company Man. It shows that no one is safe these days. Whatever industry you are in, no matter how small or how big the size of your operations is, someone will want to get what’s yours. It only takes one minor slip up or a dishonest employee to lose everything you’ve worked so hard to attain.

Protecting Your Trade Secrets

What is happening in the U.S. is not an isolated case. This is happening all over the world and can happen to you too. There is no doubt that you’ve invested time and resources into developing your brand, your idea, or your product. You need to protect it.

Below are some of the FBI’s recommendations for protecting yourself from economic espionage:

Need help beefing up your business’ risk management plan or investigating possible cases of trade secrets theft? Contact us for a free initial consultation. You need the best private investigators in Toronto on your side. Act before it is too late!

 

Why You Need a New Approach for Effective Data Risk Management

risk-management

Advancements and changes means facing new challenges, and that is becoming increasingly difficult to manage in today’s business scenario. Digitization of nearly everything means that the people-centric approach used in years gone by is no longer effective for protecting data and minimizing the risks that comes with data management.

Traditional employee training won’t work, not with everyone being on social media, being able to bring their own (increasingly powerful) devices at work, and having access to electronic communications. Compliance groups and legal groups must find effective ways to face and address the challenges posed by regulatory compliance requirements, network security and information security, and having massive data stores at present time.

When Traditional Strategies Fail

Basic technology such as keyword searches and electronic alerts may not be enough anymore, even when paired with policy trainings and having intradepartmental committees for data privacy. Older technologies are not really sufficient anymore for risk management, more so that they are often inefficient in handling unstructured data like emails. Take for example scanning emails for keywords such as ‘bribe’ or ‘donation’. Fraudsters would know not to use those terms to prevent themselves from getting flagged by the (old) security system, hence making the system obsolete.

Driving Factors for Finding New Data Risk Management Tools

The need for more intensive ways to investigate data risks in organizations is driven by 3 recent data trends discussed below:

Escalations in Data Volumes

The more data you have and the more locations you use to store data, the higher the risks involved; but this is totally unavoidable in a world that’s hyper-focused on information.

Unstructured forms of data such as emails and social media leave your employees (and you) exposed to risks, with malicious individuals only having to send malware or virus laden emails to attack your corporate network. All it takes is one click and your confidential corporate trade secrets can be divulged to the entire world.

Using third-party and low-cost data storage such as the cloud is a huge data security risk. How so? You may not know this but cloud providers are just as susceptible as your corporate network is to being hacked. You also have to check the cloud provider’s service-level agreement because some may transfer your data to other providers. There’s really a lot to be wary of, including international data protection laws. The point is, the more you understand how data handling is done these days, the better you can protect your data.

Threats to Data Security and Privacy

At present time, current data privacy and security regulations are at an all-time high, making traditional risk management solutions virtually obsolete. It is no wonder that nations have adopted restrictive information schemes to protect their citizens’ personal data. Take for instance the Data Protection Drive by the European Union which controls how and when organizations collect, transmit, alter, process, restore, and retrieve their citizens’ personal data. Nearly every country or region of the world has their own version of this and all is geared to protect against threats to data privacy and security.

Heightened Regulatory Analysis

As covered in the previous two factors, it is evident that more and more safeguards are being implemented for data protection, making being on top of all these changes a priority for any organization that deals with any form of data handling. You’ll have to brush up on your local data protocols, and possibly even international ones just to ensure that you’ve got your bases covered.

Want to know the best approaches to handle the current data security risks your organization may be vulnerable to? Contact us and we’ll see what we can help you with. Initial consultation for our services is free!

Do you Need a Cyber Security Plan for Corporate Risk Management?

toronto-private-investigator

Senior management and corporate boards often do not concern themselves about planning for risk management. They care more about the ‘business’ aspect of the company, focusing mostly on strategy and success of operations. This has to change, but why?

In today’s world, there are a lot of threats that can pose a very serious harm to every business. Cyber-intruders and hackers can wreak havoc on an organization’s system if they can find a way to access it. Having measures in place to protect one’s business from such attacks is one of the smartest actions every business leader can make.

Adding Cyber Security is a Smart Move

Gone are the days when corporate leaders can simply call upon the services of some information technology specialists and get cyber security risk management off their to-do list. These days, information governance is one of the biggest chunks comprising an effective corporate risk management program. Just a single breach in data management can mean extensive damage for an organization, more so for web-based businesses.

Every company should have a cyber security system that features an incident response plan to make sure that possible damage is kept to a minimum should a data breach occur. Not only that, but companies should be willing and able to devote attention and resources for the assessment of data vulnerabilities and having enough safeguards in place to protect against intruders such as hackers.

Minimizing Cyber Risks

Investors should make cyber risk management one of their top priorities. This means that the corporate board has to take a more active role in this area and start asking the tough questions. Questions such as whether the organization has an incident response plan for ensuring minimal impact in the event of a security breach, if there are people who have been assigned specific functions when an incident response plan needs to be implemented, and if the company has a way to ensure that everything will be properly executed and monitored in case of a security lapse – all needs to be addressed.

With everything that needs to be done to make sure that your data is safe, it is easy to be overwhelmed. You have to keep in mind though that the key to protecting your organization from cyber risks really just rests on having a sound cyber security system in place.

Think about it, crisis management will only be needed if a breach does occur. This means that instead of channeling your resources to crisis management, the smarter course of action would be to invest in how you can protect your organization from cyber intrusion. If there is no damage, there would be nothing to clean up, much like the saying that an ounce of prevention is better than a pound of cure.

A tip for minimizing cyber risks would be to assess whether you have any vendor-created cyber security risks. This is not to say that internal risks do not exist, but rather a reminder to take a long hard look at every small detail.

Get Involved

Although the top tier management can rely on information technology specialists to run the cyber risk management program, it is best if the senior managers and board members would brush up on the possible technology issues that may arise, more so if they have key roles to perform in the implementation of the company’s incident response plan.  For best risk management when a cyber attack does happen, who to report to and who will make decisions have to clear.

Run Drills                                                                     

Once the cyber risk management plan has been laid out, having a cyber-fire-drill of sorts would help your organization pin point strategies that work and those that do not, thereby helping you fine tune your plan for best results.

Not sure how safe you are against cyber attacks? Contact the best private investigators in Toronto for a cyber risk assessment and consultation today!

 

Why Employees Steal – A Closer Look at Dishonest Behaviour

private-investigator

What makes an honest employee engage in dishonest behaviour? This question has baffled HR recruiters and psychologists for as long as the history of employment has existed.

In today’s world, no one can truly afford losses caused by internal theft to simply go by. Unaccounted losses may not seem like a lot at first, but are you aware that a total of about $16 billion of revenue is lost to dishonest employees on a yearly average? That’s about 43% of all losses combined!

With how much is at stake by letting fraudulent employee behaviour continue, allowing it to continue would be akin to flushing money down the drain; but then, how can it be stopped? What pushes someone into stealing from one’s place or employment? Is there something that differentiates a perpetrator of white collar crime as compared to a common criminal?

Contrasting Theories

The Cultural Deviance Theory explains why some people commit crime but the story of the thieving employee does not fit into that. This creates an enigma for psychologists, who cannot equate someone who steals company merchandise to a person who commits armed robbery.

The Cultural Deviance Theory also states that cultural forces can result to crime. This translates to expecting a higher prevalence of crime and deviant behaviour from the group of less affluent individuals – so why is it that we often hear of employees who are being paid higher wages being found to be stealing as well?

If there’s one thing that’s a constant for real hardened criminals and the office thief, it would be the fact that both exhibits low self-control. It seems that no matter what an individual’s economic or social status is, it is the lack of control that drives someone to engage in unsavoury behaviour.

Possible Dishonest Employees – A Profile

Below are the universal character traits of people with low self-control who may be more prone to committing white collar crime:

  • Unable to form meaningful and persistent attachments
  • Impulsivity
  • Selfishness (not caring about the rights and privileges of other individuals at all)
  • Unwillingness to take responsibility for one’s actions
  • Poor judgment and planning in achieving goals
  • Incapacity to take responsibility for failures
  • Being non-dependable
  • Propensity to create drama over petty things
  • Not caring about social group maladjustment

The list of character traits above gives us a better understanding of who may commit retail crime behaviours so that they can be stopped – but why have this list in the first place? Since all employees have an equal opportunity to steal, actually doing the act means that the individual has made the decision to do so. The deciding factor is an internal one (character) rather than an external one (opportunity).

Preventing and Deterring Employee Theft

Because a person with low self-control will most likely take advantage of an opportunity to steal, having a consistent warehouse or store presence as well as implementing awareness programs is the way to go to prevent this from happening.

Examples of establishing consistent presence can be through store security visits, monthly audits, and having a mystery shopping program. Basically actions that convey that operations are being continuously monitored.

As for training and awareness, having meetings and perhaps an employee newsletter featuring your policies and theft-busting measures that are being implemented are effective deterrents for employees with low self-control.

Reducing cases of theft and fraud in your organization does take time and effective risk management. Armed with the right information on identifying dishonest employees and on how you can deter them from committing fraud, you can transform your organization into a fraud-free zone.

Need help with corporate investigations and surveillance? Contact us and we can talk about how we can help you with that.

 

 

 

 

3 Liabilities in Dishonesty Interviews

interview

Interviewing is often viewed as a process that only entails a bit of common sense; however, in the case of potential dishonesty, conducting an interview becomes a complicated process.

Whether you’re trying to gather some crucial information for a case’s resolution, limiting your list of suspects by process of elimination, or wanting to get an admission of fault from responsible parties; knowing how to conduct an interview professionally can save your company from ugly consequences such as low employee morale, possibly terminating the wrong person, or being faced with a wrongful termination suit.

Remember that an interview which seeks to get answers is a conversation with a purpose. Untrained or inexperienced interviewers who have no inkling on how to direct a conversation can complicate an incident and create more problems for your organization.

Below are the 3 liabilities for dishonesty interviews and how you can use them for finding a solution in cases of possible fraud.

Resolution

The main purpose of conducting dishonesty interviews is to get an admission from the individual(s) who’s responsible for the reason why there has to be an interview in the first place. This is where the significance of professionally directing the conversation truly comes into play, but how?

Using the wrong terms such as introducing the word ‘steal’ can make the interviewee clam up or give you inaccurate details, thereby resulting to sending back the dishonest individual to his or her position where that person can continue to create losses. Another thing of note is that by not being able to identify who the dishonest person is via interview, that individual now possesses a knowledge of how your fraud investigation process works, making him or her more adept on how to avoid getting caught later.

It goes without saying that obtaining an admission via interview won’t be possible every single time, but if the interview was handled by someone who knows how to direct the conversation towards getting answers, then you’ll be effectively limiting future possible losses to fraud.

Accusation

One wrong move can mean either a lawsuit or sabotaging the interview so an experienced interviewer knows how and when to present an accusation. It can also create an unpleasant work environment when made against an innocent person.

There are a few instances when making a direct accusation is the way to go. An example would be if you have a video footage showing the individual in question in the act of committing the fraud. In this scenario, making an accusation will save up time and would hasten the process towards a resolution. The errant individual can then choose to simply own up to what he or she did or to continue lying – in which case you’ll have a strong evidence of dishonesty and fraud against the individual.

Never make an accusation out of frustration or out of anger. This would only result to the company and the interviewer facing a lawsuit and hindering the resolution of the predicament at hand.

Morale

Never forget that an interviewer can singlehandedly destroy a whole company’s morale. If an interview is handled incorrectly, everyone who was called to be a part of it can feel that they’ve been accused. The last thing you’d want to do is to alienate possible witnesses or to create more problems for your company.

Keep in mind that a professional dishonesty interview is geared towards taking the rotten apple(s) out of your barrel. You certainly won’t want to damage a whole barrel or place your organization in hot water for just one questionable individual.

Need someone to conduct dishonesty interviews the professional way? Then contact us and learn more about how we can help you with corporate investigations and fraud management.

Theft Prevention by Inventory Management

fraud-tips

Inventory accuracy is perhaps one of the most important safeguards any business owner can have against theft if the business deals with any form of physical goods. How so? Well, when you think of it, customer retention, profitability, and operational productivity are all made possible by a reliable inventory system!

In this day and age, no matter whether you are still relying on manually recorded inventory cards, or have a fully computerized system, or perhaps have a combination of the two…the benefits of inventory accuracy cannot be discounted. Just take a look at the benefits below and think of what a good inventory management can do for your business.

The Benefits of Proper Inventory Management

  1. An accurate record reduces stock-outs by helping you to make the right replenishment decisions.
  2. You and your sales reps will know for sure that what product you promised to send out will be sent out on time and be received on time.
  3. You will save time and your distribution centre will be more productive because you don’t have to waste any effort searching for missing or mistakenly recorded goods.
  4. You will have more cash for opportunistic purchases, capital improvements, and investments because your assets are not tied up in unnecessary inventory.
  5. Last but certainly not the least, a properly managed inventory in your business or warehouse is proven to reduce employee theft!

Wait, how does that work?

When you have everything recorded and in black and white, your employees cannot just take or steal items out of storage without it going by unnoticed. When everything is accounted for, there is less risk of employees committing white collar crime because they know that the likelihood of being found out is quite high.

So how do you go about this?

The When, What, and Where of Cycle Counting

Basically, cycle counting is just a form of inventory management that follows a regular schedule. Here are what you should consider when planning a cycle counting program:

  • WHEN – the best benefit you can get from cycle counting results from how often you do it. The more often or more frequent you take a record of everything, the easier it is to spot discrepancies.
  • WHAT – you do have to prioritize what to count or what to keep tabs on because you cannot track everything at the same time. More often than not, the most frequently stolen items are those that are small enough to fit in a pocket and have a high street value.
  • WHERE – items that are stored in less accessible areas and easily accessible areas of your office or warehouse is more likely to go missing. Why? If no one’s watching, thieves are more likely to go about their business.

Now, by no means are we saying that cycle counting is all you’ll need to prevent theft, but it is certainly one of the best tools you can use to reduce your organization’s vulnerability to thieving. With this said, it is still important to not let your guard down and not to underestimate a thief’s determination to commit fraud or steal from you. Other measures, such as doing background checks on potential new hires and employing other risk management solutions are still advisable.

Need professional help to safeguard your business from thieves and various forms of fraud? Then contact the best private investigators in Toronto! Contact us so we can determine what you need and talk about how we can help you.

Could Your Company Be a Victim to Anti-Corruption Compliance Program Tunnel Vision?

corruption-investigations

These days, companies from all types of industries are coming up with their own anti-corruption compliance programs; but how do we know when an anti-corruption compliance program actually works as it is supposed to?

Your company’s anti-corruption compliance program can be overly complex, can somewhat be needing some more work, or perhaps it is just the right balance; one thing is for sure though, success can’t be guaranteed by having an effective program alone.

How so?

Fraudsters will find a way to circumvent an effective program and will do everything to avoid detection – to the point of paying bribes. This is where embracing an anti-corruption compliance program comes into play, but then, it is also vulnerable to a host of problems.

One such problem is when the leaders of the organization develops tunnel vision and thus relies so heavily on the program that they forget all about continued risk mitigation and exercising vigilance. When this happens, the organization is left vulnerable to fraudulent activities.

So what are the red flags that your organization may be suffering from tunnel vision as far as an anti-corruption compliance program is concerned? We’ve got that covered below:

Lack of Follow Through by Senior Leadership and CEO

Just having a program isn’t enough when the leadership does not understand how the program is supposed to work and what it takes to make it work. The absence of senior management commitment and ownership will render the program ineffective.

Business Managers Have Not Embraced Compliance

The best way to gauge a company’s commitment to compliance (on everything, and not just anti-corruption) is to see if the business managers are doing their part in ensuring compliance with anti-corruption laws and policies. This is especially true in sales. Business managers who do not monitor employee activities and don’t care to remind everyone of the policies are basically not taking any accountability for whatever happens with the program.

Disconnection Between Financial Controls and Anti-Corruption Compliance

Any potential unauthorized usage of funds should be monitored by CCOs, managers, and financial officers. Failing to do so by not having proper coordination of the anti-corruption compliance and financial controls can result to corrupt actions such as the company officials bribing government employees to gain favours or special treatment. Simply put, inadequate connection between financial controls and anti-corruption compliance can mean giving access to some funds to be used for bribery.

Lacking Due Diligence Process

If the due diligence program is not as it is supposed to be, it will be ignoring mitigation strategies and careful risk-based analyses. For instance, if the employees have no understanding of red flags and other possible signs of corruption, then there is no way they can report if they witness it occurring in the organization.

Having a Program for Reimbursement and Hospitality Expense

There is no real problem with simply having a reimbursement and hospitality expense program IF it requires pre-approval, has annual limits, and collects data of all interactions and meetings with recipients. Lacking these things can mean serious bribery risks.

Want to be on top of fraud prevention and detection in your organization? Then you might need the services of the top Private Investigators in Toronto! Contact us and find out more about how we can help you!

Must Haves of an Effective Whistle-Blower Program

corporate-private-investigator

What makes an effective whistle-blower program effective? How does it help with curtailing organizational fraud? Are you aware that more than 40% of all cases of fraud has been detected with a tip from a whistle-blower?

The above are just some of the main reasons why you need to have an effective whistle-blower program. A program like that is one of the best weapons against fraud which any organization can have; but what makes a fraud-reporting mechanism effective? What encourages a person to speak up despite fears of possible retribution or possible loss of friendship and relationships?

What you need are things which can help overcome the barriers described above.

Think it can’t be done?

The following are great incentives for possible whistle-blowers. Make sure you have one or all, and you’ll surely find the perfect combination which will work best with your organization!

So here’s the 5 Must Haves of an Effective Whistle Blower Program:

It Must Be Easy

One of the most crucial factors for under reporting of fraud is because people are not aware of what channels to use to report it. It should always be free and confidential.

A great way would be to have a hotline number which all workers are made aware of (such as during the company orientation or included as a note in the company manual). For organizations which are in areas of the world where 2 or more main languages are used, it would be best to publish the fraud-reporting information in various languages.

It Must be Rewarding

We’re not just talking of monetary gain here, but if a whistle-blower’s work or means of income will be affected by him or her reporting the fraud, there should be an appropriate compensation to cover the loss.

It Must Protect the Whistle-Blower’s Identity

This is perhaps the most important single factor for this type of program. Reporting fraud can endanger the person involved and so, a typical ‘snitch’ would want to stay anonymous for his or her own safety.

Oftentimes, work-related repercussions can also result from being tagged as a whistle-blower. It is not uncommon to hear of companies which refuse to hire known ‘snitches’ for issues such as the stigma attached to it.

It Must Have Consistent Protocols

Everyone who is a part of the organization should have equal access to information regarding means of reporting fraud. There should be clear guidelines as well as consistency. This could mean that you may need to appoint someone as a fraud prevention manager or leader.

It Must Have Recording and Tracking Processes

Recording and tracking of data is highly important in cases of fraud more so if the incidence is something which may involve legal authorities. The evidences, the progress of each case, as well as all relevant data should be a part of the records for future reference.

Receiving a report for fraud is quite tricky. You’ll have ensure to avoid malicious false reports by checking the veracity of whatever is reported to ensure that only real reports are recognized. You should also have a laid-out plan for responding as well as know the steps needed to protect the whistle-blower and cull the perpetrator.

Do your part to help stop organizational fraud and stop thinking that fraud can’t happen to you. There’s quite a few risk management solutions you should be doing and one of them is all about taking the first step by making sure that you are encouraging potential whistle-blowers to report. A great private investigator team can help you in uncovering cases of fraud and unearth the truth for tough cases. Contact us and we’ll walk you through everything.

Risk Management Solutions You Should Be Doing

risk-management

A lot of business owners tend to not have a clue about minimizing the possibility of fraud within their company or organization. That’s too bad, but we’re telling you that it’s time to make a change about that and it can be easy!

You see, by knowing what kind of risks your organization is facing, you’ll have a better chance of mitigating it. It will also give you more chances to increase revenue and reduce losses. Sounds good? Then read along below!

Here’s what you got to do…

First, You Need to Have a Risk Management Plan

A plan helps you keep focused and ensures that you’ll have something to hold yourself to. Studies indicate that a clearly laid out plan increased the possibility of success by a very significant percentage, so get your board together and prepare to talk this out with your team!

Next, You Have to Improve Your Plan

How so? Well, set the tone at the top.

You and your team of managers have the power to set what kind of culture you’ll have in your enterprise. How you act and behave shapes the behaviour and action of your people.

What we mean is, you can’t expect your people to play nicely if you’re a known fraudster, more so if they’ve witnessed you or your managers committing some very questionable things. Lead by example and you’ll see people will follow.

Then, Understand and Use the Fraud Triangle

What? What is this thing?

The Fraud Triangle describes the 3 main factors which has to be present for fraud to occur. Developed by Donald Cressey, it says that there has to be a person who’ll commit the fraud, reason or rationalization for doing so, and opportunities to commit it.

Okay, it’s not anything new, but what we can get from this is most frauds occur because of the availability of opportunity – that’s what we are trying to take out of the equation.

Smash Down the Silos

Independent parts of a company makes it easier to hide things and do things under the table. Break it and you’ll have less opportunities present for fraudsters to trick you.

Incorporate Risk Management in Your Business Processes

Risk management requires frequent and regular visits, just like tending a garden. There has to be checks on HR liabilities and compliance, 3rd party relationships, financial controls, and insurance. This works best when done at every level of your business and is integrated as a part of company culture.

Don’t Forget to Have Management Review of Your Process!

Make sure that there is nearly no oversight by reviewing the risk management process itself on a regular basis. Effective controls are only effective when done right, thereby you have to make sure that the measures you have in place are still appropriate.

And Lastly, Take Care of The Whistleblower

Hey, if someone reported the fraud to you, protect and help that person. Do not let him or her be the fall guy. Let him or her remain anonymous whilst you find out what’s going on or if there really is white-collar fraud being committed under your nose.

Remember, you wouldn’t have known there was anything fishy going on if not for the whistleblower. Make sure that potential and existing whistleblowers are given a safe and healthy way to let you know what’s going on. After all, we’ll need their help in conducting private investigation of the matter at hand.

Want more tips and tricks in identifying organizational fraud and screening new hires? Then follow this blog for the latest tidbits on and tips from the leading private investigator in Toronto! Questions are welcome, all you have to do is contact us and we’ll figure out what to do next.