13 June 2010

5% of annual revenue—that’s the estimate of how much money the typical organization loses to fraud, according to participants in the 2010 Report to the Nations on Occupational Fraud and Abuse.

I am a few hours away fro leaving for the National Retail Federation’s Loss Prevention Show in Atlanta this week and I was reading the 2010 Report to the Nations on Occupational Fraud and Abuse from one of my favorite organizations that I am a member the Association of Certified Fraud Examiners (ACFE). 

The report, prepared by the ACFE, an international organization of more than 50,000 fraud examiners, CPAs, law enforcement professionals, government officials and others, examines a wide swath of business-related fraud in an effort to pinpoint problems and highlight solutions. The fraud cases at issue in the report lasted a median 18 months before being detected. While million-dollar-plus financial statement frauds made up a small percentage of the crimes, the majority were less complex asset misappropriation cases involving billing, check tampering, payroll and expense report schemes.

A few of the key findings are: 
  • Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion. 
  • The median loss caused by the occupational fraud cases in our study was $160,000. Nearly one-quarter of the frauds involved losses of at least $1 million. 
  • The frauds lasted a median of 18 months before being detected. 
  • Asset misappropriation schemes were the most common form of fraud in our study by a wide margin, representing 90% of cases — though they were also the least costly, causing a median loss of $135,000. Financial statement fraud schemes were on the opposite end of the spectrum in both regards: These cases made up less than 5% of the frauds in the study, but caused a median loss of more than $4 million — by far the most costly category. Corruption schemes fell in the middle, comprising just under one-third of cases and causing a median loss of $250,000.  
  • Occupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002 when they began tracking data on fraud detection methods. 
  • Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.
  • Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. They looked at the effect of 15 common controls on the median loss and duration of the frauds.
  • Victim organizations that had these controls in place had significantly lower losses and time-to-detection than organizations without the controls. 
  • More than 80% of the frauds in the study were committed by individuals in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing. 
  • More than 85% of fraudsters in the study had never been previously charged or convicted for a fraud-related offense. This finding is consistent with their prior studies. 
  • Fraud perpetrators often display warning signs that they are engaging in illicit activity.  The most common behavioral red flags displayed by the perpetrators in our study were living beyond their means (43% of cases) and experiencing financial difficulties (36% of cases).

Conclusions and Recommendations 

  • Occupational fraud is a global problem. Though some of their findings differ slightly from region to region, most of the trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred. 
  • Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system. Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality, and employees should be encouraged to report suspicious activity without fear of reprisal. 
  • Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in our survey, but they ranked comparatively poorly in both detecting fraud and limiting losses due to fraud. Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but they should not be relied upon exclusively for fraud detection. 
  • Employee education is the foundation of preventing and detecting occupational fraud.  Staff members are an organization’s top fraud detection method; employees must be trained in what constitutes fraud, how it hurts everyone in the company and how to report any questionable activity. Their data show not only that most frauds are detected by tips, but also that organizations that have anti-fraud training for employees and managers experience lower fraud losses.  
  • Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Less than 30% of victim organizations in our study conducted surprise audits; however, those organizations tended to have lower fraud losses and to detect frauds more quickly.  Very good news for ReTel Technologies, Inc. The company I am going to Atlanta with for the NRF show.  The report went on to say while surprise audits can be useful in detecting fraud; their most important benefit is in preventing fraud by creating a perception of detection. Since, I have been saying this for years I found it very interesting.  Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught. The threat of surprise audits increases employees’ perception that fraud will be detected and thus has a strong deterrent effect on potential fraudsters. 
  • Internal controls alone are insufficient to fully prevent occupational fraud. Though it is important for organizations to have strategic and effective anti-fraud controls in place, internal controls will not prevent all fraud from occurring, nor will they detect most fraud once it begins.
  • Fraudsters exhibit behavioral warning signs of their misdeeds. These red flags — such as living beyond one’s means or exhibiting control issues — will not be identified by traditional controls. Auditors and employees alike should be trained to recognize the common behavioral signs that a fraud is occurring and encouraged not to ignore such red flags, as they might be the key to detecting or deterring a fraud.
After reading all of this I expect to have a great show.  Stop by booth 1140 if you are in Atlanta this week.  

Download your own copy of the ACFE report at http://www.acfe.com/rttn/2010-rttn.asp  

Learn more about ReTel Technologies Security Policy & Procedure Auditing, EAS Event-Driven Verification, Performance Standards Verification, On-Demand Investigations, Operational Auditing and      Consumer Insights at ReTel Technologies Website’s: http://www.reteltechnologies.com/

Loss Prevention on You Tube - Check this out!

I thought this was great!

11 June 2010

What is Loss Prevention?

Many people see Loss prevention is the act of reducing the amount of theft and shrinkage within a business. Loss Prevention is not simply that, or a method of safeguarding assets, but rather a process and use of internal controls, procedures and technological countermeasures that attack and remove opportunity and temptation from the business.    It is my belief that internal or external loss happens for the reasons best described by Donald R. Cressey (April 27, 1919 – July 21, 1987) in the Fraud Triangle.  It is my belief that the Fraud Triangle or today let’s call it the Loss Prevention Triangle, the rules are the same.

Financial Pressure is the base of the Loss Prevention Triangle and is the number one reason that causes a person to commit occupational fraud or steal.  Financial pressure can include almost anything including medical bills, expensive tastes, addiction problems, marital affairs, etc.  Most of the time, pressure comes from a significant financial need/problem.  Often this need/problem is non-sharable in the eyes of the fraudster.  That is, the person believes, for whatever reason, that their problem must be solved in secret. However, some thefts or frauds today come from been as great a sense of employee disenfranchisement and disaffection toward the organizations that employ them than there is today.  Further fueled the recession and the accelerated disappearance of healthcare, pension and other benefits … foreign outsourcing of both hourly and salaried jobs … and increasingly stressful workloads.

Rationalization is a crucial component in most frauds.  Rationalization involves a person reconciling his/her behavior (stealing) with the commonly accepted notions of decency and trust. Some common rationalizations for committing fraud are:
  • The person believes committing fraud is justified to save a family member or loved one. 
  • The person believes they will lose everything – family, home, car, etc. if they don’t take the money.
  • The person believes that no help is available from outside. 
  • The person labels the theft as “borrowing”, and fully intends to pay the stolen money back at some point.
  • The person, because of job dissatisfaction (salaries, job environment, treatment by managers, etc.), believes that something is owed to him/her. 
  • The person is unable to understand or does not care about the consequence of their actions or of accepted notions of decency and trust.  “I can steal today and sell on eBay tomorrow.”

Opportunity is the ability to commit fraud. Because fraudsters (thieves) don’t wish to be caught, they must also believe that their activities will not be detected. This is where I attack the behavior; I can’t help the attitude with management and the employees.  However, in my experience opportunity is created by weak internal controls, poor management oversight, and/or through use of one’s position and authority.  Failure to establish adequate procedures to detect fraudulent activity also increases the opportunities fraud for to occur. Of the three elements, opportunity is the leg that organizations have the most control over. It is essential that organizations build processes, procedures and controls that don’t needlessly put employees in a position to commit fraud and that effectively detect fraudulent activity if it occurs.

So this is the key, it’s “opportunity” and it’s in creating the perception that they will be caught or “detected”, if they try, whether or not they were an employee or not.  Every video solution I have ever sold in the retail sector was not sold for security reasons.  My solutions were always sold to stop internal or external losses, employee theft, shop lifting, frivolous liability claims, etc.  Violent crime or break-in’s were always secondary in the minds of my clients.  If I had to prioritize my sales in why people buy from me it would look like this:

Fraud Prevention
Loss Prevention
General Liability Concerns
Operations Concerns
Marketing Program Verification
Break-In Concerns
Robbery (Violent Crime) Concerns
General Security Concerns

However, when I design a solution I always think about the evidence value of my views in a violent crime scenario first.  I never want to say that the worst case scenario was not a priority; most of my customers counted on me for the design.   I learned early on that if you want help from law enforcement, you better give them good evidence.    My point is that the retail industry purchases video solutions to protect assets first, then to prevent crime or protect their people, assets and most importantly their “brand”.

10 June 2010

ReTel Technologies "PODCAST" Showcases Surveillance Audit Tool

I just finished a PodCast interview of the Re Tel Technologies product on Security Squared with Steven Titch and George Aspland, along with Adam Rodnitzky of ReTel Technologies.  Click http://bit.ly/9cFFvf .  Already used in retail environments by companies such as Dunkin' Brands, Shell, Jack in the Box and Fraiche, ReTel's Proactive Surveillance Video will have something of a coming out party at the National Retail Federation's 2010 Loss Prevention Conference and Expo June 14-16 in Atlanta. BOOTH 1140

Combining analytics with human monitoring, the service is currently aimed at the retailing and quick service restaurant (QSR) chains, The system generates reports providing time interval metrics of order turnaround, employee productivity and store cleanliness. The system also tracks for well-known markers of employee theft, such as higher-than-average returns and refunds, or an unusual number of ring-ups for items priced at less than $1.  Reports are presented graphically and in easy-to-read formats. Notations of suspicious activity are accompanied with links to video of the event. Sample reports can be found on the ReTel web site

See you at the 2010 NRF show with ReTel Technologies, Inc.

I will be at the NRF show with ReTel Technologies, they will be exhibiting in booth 1140 at the National Retail Federation Loss Prevention Conference and Exposition in Atlanta from June 14-16, 2010. Please stop by and say hi!
ReTel’s powerful surveillance discovery platform has been designed from the ground up to extract, organize and report on the valuable loss prevention, operations and marketing data captured by existing surveillance systems as efficiently as possible. ReTel’s surveillance discovery platform seamlessly blends the capabilities of a trained auditing workforce with the efficiency of cloud-based video processing to deliver next generation surveillance solutions with radical shifts in cost, accuracy and reliability.
To schedule a meeting at the show, just send an email to james.mcdonald@pst-mail.com.  The team will be meeting with prospects, existing clients and security vendors and they look forward to forging new partnerships at this event.

08 June 2010

Get Results with Enhanced-Hybrid Video Surveillance Systems

Video Surveillance Solutions are still growing and getting better every day, whether retailers are monitoring for shoplifting or employee theft, corporations identifying visitors and employees or monitoring hazardous work areas, governments and municipalities combating street crime and terrorism, casinos preventing cheating and fraud or even homeowner’s protecting their families and assets, one cannot deny that video is everywhere.  I really like the new HD cameras that are available today, they capture great evidence.   However, I still see the blending of IP and analog solutions a key to success and growth over the next 18 months.

I remember a few years ago when all we could talk about was IP vs. Analog.  In some of our minds it was like comparing Digital Video to VCR’s in 2000 as video streaming using Windows ’98 became a reality and the DVR was born.  The difference was that many of the security decision makers were intimidated by necessary network to support the technology, so the IT department came along and took control of the security network.  The normal decision makers lost power and we began to sell to the CIO who was more concerned about his network that he was about his physical or human assets.  Their biggest concern was that they were always one hack away from losing their job.  Thus the birth of the “convergence movement” began, which is still a driving force today.

In the ever increasing reach of today’s video security and surveillance systems, many security professionals are finding that the quality, bandwidth and distance needed to perform even the most basic surveillance is beyond the reach of coaxial and UTP cabling. In fact, even though IP-based video security systems are gaining popularity, they face a serious distance limitation of 100 meters (328 feet) or less over UTP cabling infrastructure. This poses an insurmountable hurdle when trying to monitor the many outreach locations of a typical surveillance installation. While fairing slightly better in copper distance limitations, most analog-based CCTV systems prove effective and economical only if the coaxial cabling runs are held to less than 750ft (228m). Utilizing coax beyond that distance, however, poses a number of problems, some of which are not immediately obvious.

For instance, let’s say your monitor is located 1,000 ft (304 m) from the camera. In that scenario, without any active signal conditioning, approximately 37-percent of the high frequency information will be lost in transmission, providing a seriously degraded image. In fact, since you cannot see information that is not there, you may not even realize that information has been deleted. To accommodate lengths greater than 750 feet (228 m) on a coax infrastructure, you must make certain that some provision has been made to guarantee the video signal's transmission strength such as the use of signal amplification, ground fault correction and surge protection. Installing these items will inevitably increase the cost of the system considerably, making alternative cabling methods more attractive.  In fact, the use of fiber optic cable will allow for cable runs of over 1500 meters (5,000 feet) on multimode and distances of over 10km (6.2 miles) on single mode cable.

Local area networks (LANs) very commonly deploy fiber optics as the network backbone between buildings or in vertical risers of multi-story buildings. Utilizing this infrastructure already in place would be an attractive transmission alternative to risking the distance and quality issues common to coax and UTP video systems. Accessing this fiber optic cabling can be a challenge for most video security professionals as the majority of new cameras and monitors on the market today are not available with fiber optic ports on them. In addition, most existing video security and surveillance systems were designed and installed with coax or UTP cabling. To improve the quality, bandwidth and distance of these existing systems by transporting the video on fiber optic cabling, a method is required to convert the electrical video signal over to an optical format.

Media Conversion Can Ease the Transition to Fiber, for those not familiar with the technology, media conversion products transparently connect one type of media, or cabling, to another – typically copper to fiber. Bridging the gap between legacy copper infrastructures and fiber growth, media conversion products provide an economical path towards extending the distance of an existing network, extending the life of non-fiber based equipment, or extending the distance between two like devices.  Whether distance extension or simply utilizing existing fiber optic infrastructure, media conversion can be a cost-effective way to integrate fiber optic cabling into an existing copper-based video security system.  In addition, the video media converters can be designed to actually perform many other functions in addition to transporting the video signal over fiber optics such as transporting the serial information necessary for control of PTZ cameras or even providing a means to transport the video over the Ethernet-based LAN.

Media converters come in a variety of form factors and sizes ranging from miniature, stand-alone devices that attach directly to a camera to managed, chassis-based devices allowing for full SNMP monitoring and management of the media converters.

In addition to providing a means for transparently connecting one type of media to another, media conversion can provide a cost-effective method for integrating a hybrid video security and surveillance system into one, seamless and manageable entity. Imagine the cost savings that can be realized by utilizing an existing, analog-based CCTV infrastructure, while implementing the latest technology of IP-based cameras for specialized video capture, storage or analysis as well as additional surveillance locations.

While coaxial, UTP and fiber-optic cabling each have definite benefits making them the optimum choice for a given installation, designing the cabling infrastructure does not need to be limited to the connector available on the output of a camera or input to a monitor or storage device. Media conversion can provide an economical and effective means to convert to the cabling medium of choice for the best performance, highest bandwidth or greatest transmission distance needed to provide for an optimal video security and surveillance system.

By justifying network infrastructure upgrades within your proposal, utilizing existing technologies whenever you can and removing the burden and concerns of the CIO at the same time you will make more friends in the sales process and create a road map for upgrades as technologies change in the future.

03 June 2010

NRF Loss Prevention Conference & Expo - "Crede Sed Proba"

ReTel Technologies, Inc., executive management team and select members of their consulting team will be traveling to Atlanta, Georgia to attend the National Retail Federation Loss Prevention Conference and Exposition June 14-16, 2010. ReTel’s powerful surveillance discovery platform has been designed from the ground up to extract, organize and report on the valuable loss prevention, operations and marketing data captured by existing surveillance systems as efficiently as possible. ReTel’s surveillance discovery platform seamlessly blends the capabilities of a trained auditing workforce with the efficiency of cloud-based video processing to deliver next generation surveillance solutions with radical shifts in cost, accuracy and reliability.

The team will be meeting with prospects, existing clients and security vendors and they look forward to forging new partnerships at this event. If you wish to pre-arrange a meeting with the team, please contact me at james.mcdonald@PST-Mail.com and I will gladly schedule a meeting during our stay in Atlanta.

About ReTel Technologies, Inc.
ReTel Technologies, Inc. is an advanced video processing company focused on increasing the quality and capabilities of video surveillance systems. ReTel’s proprietary solutions blend advanced cloud-based video management with flexible, on-demand video auditing workforces to offer previously unavailable services and cost savings to both providers and users of video surveillance. ReTel Technologies, Inc. was founded in 2007 and is based in San Francisco, California and Chicago, Illinois. Learn more ReTel Technologies at http://www.reteltechnologies.com/ & http://www.twitter.com/reteltech .

About James McDonald/MassBiz, LLC
At MassBiz LLC, we offer superior consulting services to assist Fortune 500 and other enterprise clients in providing safe and secure environments for their people, property and other assets. Our expertise is in the areas of Physical Security, Risk Management, Loss Prevention and Compliance. We actively seek and apply the best possible solutions and methodologies, making sure to holistically factor in people, processes and business issues. Our services are designed to protect client’s “Brand” and pinpoint fraud & loss prediction and prevention program strengths and weaknesses, cure or reduce operational deficiencies and at the same time maximize existing resources. Learn more about James E. McDonald http://www.securitytalkingpoints.com/ & http://www.twitter.com/PHYSECTECH

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...