02 August 2010

Does Your Organization Have A Robust Integrated Security Architecture Strategy?

Many organizations have ad hoc security measures in place or have implemented security procedures and technology as needed without a system wide review of what is necessary from all departments. Unplanned security architecture can leave holes in the environment that are not readily apparent or security spending can be on the wrong technologies without a full understanding of where the risk truly lies in the architecture. A robust integrated security architecture strategy is an end-to-end analysis of potential risk based on client business requirements.

Our Solution—Business Focus Beyond the Technical Domain

Your overall security and loss prevention is the focus of implementing good solutions over time.  A forward looking, detailed security architecture strategy can help you fix your current weaknesses, and anticipate or predict future risk and implement mitigation solutions. A solution will be developed that is specific to the available resources and maps closely to the business goals of the organization. Risk mitigating measures are developed with security technologies that fit the corporate framework.
To learn more send an email to James.McDonald@PST-Mail.com or call me at (877) 214-2900.

30 July 2010

Transforming Employee Motivation To Steal Into Motivation To Perform

New White-Paper  "As the world economy continues its weak recovery, internal shrink and fraud continues to plaque both retailers and restaurants as the biggest source of loss for these organizations.  Learn more about the Expectancy Theory by clinking on the image below:






To learn more go to http://www.reteltechnologies.com 

26 July 2010

CONSULTANCY SERVICES mean achieving real business results that allow you to transform andnot just maintain your security and operations.

We offer superior consulting services to assist Fortune 500 and other enterprise clients in providing safe and secure environments for their people, property and other assets. Our expertise is in the areas of Physical Security, Risk Management, Loss Prevention and Compliance.  We actively seek and apply the best possible solutions and methodologies today, making sure to holistically factor in people, processes and business issues.

RISK = (THREATS X VULNERABILITIES / COUNTERMEASURES) x Assets    


Our services are designed to protect clients “Brand” and pinpoint fraud & loss prediction and prevention program strengths and weaknesses, cure or reduce operational deficiencies and at the same time maximize existing resources. We do not provide any security services nor sell security products and is therefore unbiased and objective when assessing critical requirements and recommendations on behalf of their clients. We provide impartial balanced thought and advice helping our clients make the right solution decision. With a diverse background our team can deliver a comprehensive range of security, fraud deterrence, loss prevention, operational risk management consulting services to multi-sector clients.

Our aim is to exceed the client's expectations on each and every project, no matter how large or small the objectives. The primary purpose of all of our assessments is vulnerability identification or threat (exposure) determination and to make the task of analysis of the existing risk more manageable by establishing a base from which to proceed. We believe in the premise that vulnerability threats that occur, whether the source is fraud based, physical security, logical security or a general liability issue, are not random occurrences, they occur when the conditions are right for them to occur.

Our assessments attack the root causes and enablers of these vulnerabilities. Our thesis is that improving organizational policies and procedures to eliminate threats, improve awareness that protect assets, minimize exposure and reduce losses is the single best defense. Then we follow up with the latest technology countermeasures that reinforce your policies and procedures to act as an overwhelming deterrence and insure compliance and evolve as changes require over time.

Physical Security Project Management (PSPM)

To assist the client in selection, review, purchase of security, loss prevention, risk management or business intelligence equipment and/or security programs in bringing their security program into acceptable security standards and practices. Many companies do not have the time or expertise to review the inclusive security management plan and are lax in maintaining security standards which could result in theft, vandalism, fraud, loss of brand recognition, loss of service, business continuity or general liability.



My Solution

We are able to provide project management on your security, loss or risk vulnerabilities and liabilities that have been identified by our assessment (s). We work with your company to determine the most cost effective way to mitigate the concerns. We will team with vendors to determine which product is the most effective and efficient and obtain price quotes. Working with you, equipment or solutions can be purchased, installed and proper training provided. Follow-up and on-site inspections will be provided by MassBiz LLC; afterward the solution will be documented and verified by us.

Our Project Management Areas of responsibility include:

• Product search for the right equipment to resolve your problem
• Determine with client which vendor is most cost effective and efficient
• Ensure equipment is installed to specifications of purchaser
• Ensure proper training is provided to end user of equipment
• Follow-up to ensure equipment is working properly and adjust accordingly if necessary

How My Process Works

Our Physical Security Consultants will work with the client to establish what particular project management services will be provided. The consultant will explore the most efficient and cost effective measure to mitigate the security concern. We will work with the client purchasing department to determine which vendor should be selected varying on many factors. Follow-up will be provided by on-site inspections by us to ensure the correct product was purchased and installed.  Training by the vendor will be documented and verified by the MassBiz LLC consultant.

13 June 2010

5% of annual revenue—that’s the estimate of how much money the typical organization loses to fraud, according to participants in the 2010 Report to the Nations on Occupational Fraud and Abuse.

I am a few hours away fro leaving for the National Retail Federation’s Loss Prevention Show in Atlanta this week and I was reading the 2010 Report to the Nations on Occupational Fraud and Abuse from one of my favorite organizations that I am a member the Association of Certified Fraud Examiners (ACFE). 

The report, prepared by the ACFE, an international organization of more than 50,000 fraud examiners, CPAs, law enforcement professionals, government officials and others, examines a wide swath of business-related fraud in an effort to pinpoint problems and highlight solutions. The fraud cases at issue in the report lasted a median 18 months before being detected. While million-dollar-plus financial statement frauds made up a small percentage of the crimes, the majority were less complex asset misappropriation cases involving billing, check tampering, payroll and expense report schemes.



A few of the key findings are: 
  • Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion. 
  • The median loss caused by the occupational fraud cases in our study was $160,000. Nearly one-quarter of the frauds involved losses of at least $1 million. 
  • The frauds lasted a median of 18 months before being detected. 
  • Asset misappropriation schemes were the most common form of fraud in our study by a wide margin, representing 90% of cases — though they were also the least costly, causing a median loss of $135,000. Financial statement fraud schemes were on the opposite end of the spectrum in both regards: These cases made up less than 5% of the frauds in the study, but caused a median loss of more than $4 million — by far the most costly category. Corruption schemes fell in the middle, comprising just under one-third of cases and causing a median loss of $250,000.  
  • Occupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002 when they began tracking data on fraud detection methods. 
  • Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.
  • Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. They looked at the effect of 15 common controls on the median loss and duration of the frauds.
  • Victim organizations that had these controls in place had significantly lower losses and time-to-detection than organizations without the controls. 
  • More than 80% of the frauds in the study were committed by individuals in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing. 
  • More than 85% of fraudsters in the study had never been previously charged or convicted for a fraud-related offense. This finding is consistent with their prior studies. 
  • Fraud perpetrators often display warning signs that they are engaging in illicit activity.  The most common behavioral red flags displayed by the perpetrators in our study were living beyond their means (43% of cases) and experiencing financial difficulties (36% of cases).

Conclusions and Recommendations 

  • Occupational fraud is a global problem. Though some of their findings differ slightly from region to region, most of the trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred. 
  • Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system. Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality, and employees should be encouraged to report suspicious activity without fear of reprisal. 
  • Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in our survey, but they ranked comparatively poorly in both detecting fraud and limiting losses due to fraud. Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but they should not be relied upon exclusively for fraud detection. 
  • Employee education is the foundation of preventing and detecting occupational fraud.  Staff members are an organization’s top fraud detection method; employees must be trained in what constitutes fraud, how it hurts everyone in the company and how to report any questionable activity. Their data show not only that most frauds are detected by tips, but also that organizations that have anti-fraud training for employees and managers experience lower fraud losses.  
  • Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Less than 30% of victim organizations in our study conducted surprise audits; however, those organizations tended to have lower fraud losses and to detect frauds more quickly.  Very good news for ReTel Technologies, Inc. The company I am going to Atlanta with for the NRF show.  The report went on to say while surprise audits can be useful in detecting fraud; their most important benefit is in preventing fraud by creating a perception of detection. Since, I have been saying this for years I found it very interesting.  Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught. The threat of surprise audits increases employees’ perception that fraud will be detected and thus has a strong deterrent effect on potential fraudsters. 
  • Internal controls alone are insufficient to fully prevent occupational fraud. Though it is important for organizations to have strategic and effective anti-fraud controls in place, internal controls will not prevent all fraud from occurring, nor will they detect most fraud once it begins.
  • Fraudsters exhibit behavioral warning signs of their misdeeds. These red flags — such as living beyond one’s means or exhibiting control issues — will not be identified by traditional controls. Auditors and employees alike should be trained to recognize the common behavioral signs that a fraud is occurring and encouraged not to ignore such red flags, as they might be the key to detecting or deterring a fraud.
After reading all of this I expect to have a great show.  Stop by booth 1140 if you are in Atlanta this week.  

Download your own copy of the ACFE report at http://www.acfe.com/rttn/2010-rttn.asp  


Learn more about ReTel Technologies Security Policy & Procedure Auditing, EAS Event-Driven Verification, Performance Standards Verification, On-Demand Investigations, Operational Auditing and      Consumer Insights at ReTel Technologies Website’s: http://www.reteltechnologies.com/

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...