The Threat of Fraud in the Organization - Assignment Example

  The Threat of Fraud in the Organization  Introduction In a survey done by the Chief Executive Group, 54 percent of senior executives responded that identity theft was their greatest worry, followed by third party lawsuits (Wren, 2011). This report will give an abstract of the main document body, review identity theft and the threat of fraud, measures and approaches to protect executives, give an overview of how to prepare a loss prevention workshop and close with a conclusion Abstract             Identity theft has been found to be a major challenge facing executives. Crooks have been getting ever smarter and now target executives of small to medium enterprises where for instance fictitious orders for goods or credit lines are initiated and the goods are shipped to a third party. This causes considerable losses to companies and executives. Identity theft can be managed by ensuring stronger internal control and monitoring systems such as using the RCSA, encrypting sensitive data, and obtaining insurance for the executives. A workshop organized to sensitize executives on fraud would include a participatory and self assessment session to monitor uptake of information by attendants. Literature 1. Answer to question 1 (a and b); How would you protect corporate executives of fraudulent acts against them?             Identity theft refers to the act of stealing or gaining another person’s identifying and personal information such as a social security number or credit card numbers by unauthorized means and using or having the intention to use the information fraudulently (van der Meulen, 2011). The first step in protecting executives would be to get insurance in the director and officer insurance form to cover against loss of wealth and associated assets. An executives' signature can for example be used to fraudulently get a binding agreement with the company, which would be detrimental to the company such as using the executive’s identity to access credit lines, which are not approved. The company would need to ensure it and its and executives are under the 'Merchant Risk Council' which is a group of over 7 800 merchants, financial institutions, law enforcement agencies and vendors who work together to enhance cyber frauds for example financial institutions would have to call the company before processing a credit card application. Of course improving cyber security at the business would be a viable step. Cyber crime occurs when three principal factors are present; opportunity, rationalization and pressure as the fraud triangle shows. Financial pressure Opportunity Rationalization                                                                       Financial The pressures to steal ID's are primarily financial or hobby and the fraudsters never share their problems or intentions to solve them especially through fraud. Rationalization is the act of someone justifying their fraudulent behavior and reconciling themselves with it so that they commit it without feelings of guilt. Opportunity refers to the capability to steal identities or commit fraud and crooks do their best to cover their tracks. Opportunity is the result of weak control systems in the company and is the one area where most business entities are most vulnerable since while they take steps to minimize fraud, crooks devise ever sophisticated methods to go around the security systems (Singleton & Singleton, 2010). A lot of focus would be directed to minimizing opportunity for ID theft by having firewalls and current anti spy ware in addition to installing anti malware and ant viruses in the computer systems and networks at the company. The use of password encryption and encryption of important information such as credit cards, social security numbers and other personal information would be stressed as this renders information unusable and inaccessible to third parties . The company's network would be based on a more secure server software such as Linux in which the kernel is modified to make it harder for crooks to attack  the system. A system to monitor what information employees passed on through the internet, chat rooms and by phone would be put into place with key words being detected (“Identity theft protection”, 2012). This would reduce internal risks of disgruntled employees passing out sensitive information. This would greatly reduce the 'opportunity' aspect in the fraud triangle; fraud is possible when all three 'corners' of the triangle are present. Other measures such as keenly going through monthly statements of credit and debit cards will help identify ongoing violations such as a credit purchase you did not make. On detection, the necessary quick steps should be taken to mitigate and stop further violations (Goodridge, 2009). 2. If you were requested by the chairman of the corporation to create a loss prevention education workshop for the corporate executives, how would you create it for implementation?            The loss prevention workshop would start by defining what fraud is, the common forms of fraud and how they are likely to be committed. The managers would also be enlightened on the personal implications and liabilities identity theft would have on them. They would then be given a presentation on personal as well as corporate measures to take to reduce chances for identity theft and most importantly the steps to take to mitigate incidences such as encrypting sensitive information and obtaining director and officer insurance to mitigate personal losses. Once any sign of a fraud is detected, an immediate report should be made to the relevant authorities such as law enforcement, financial institutions, and the insurance company. Early and quick reporting would ensure the insurance company does not honor its part of the bargain due to a time lapse in reporting frauds or attempted fraud. A risk control self  assessment (RCSA) system would be of great benefit to the organization as it would ensure there is  information on the company's exposure to fraud risks in good time to enable minimize risk and implement mitigation measures (“Risk control self assessment”, March 2010). It is also an indispensable tool to utilize for day-to-day risk of fraud monitoring at the business level. Outlining the objectives and the learning outcomes with a participatory and assessment session at the end of the workshop would ensure the attendees are more focused and learn in anticipation of a 'participation' session to test and demonstrate learning. Each attendant would have to fill in a 'personal fraud prevention strategy plan' where they would fill in the kinds of frauds they think are possible, what they have done about it and what they are doing towards mitigating that threat. This would be to test awareness and knowledge as regards identity theft. Once they do this, a score would be given and then we would all go through the steps in preparing a personal loss prevention strategy, identify existing gaps and propose strategies. This is called a risk control self assessment (RCSA); a method to mitigate risks through having timely information and risks. The executives would need to participate by giving ideas and suggestions to demonstrate their learning and internalization of the process of reducing and managing identity theft risks. 3. Please use examples to accentuate your plans and theories through academic criminal justice subject matter or real life criminal justice examples that are not in academic journals. Several firms exist that provide identity theft protection for individuals and corporates. The services include mnitoring of credit cards, threats and contact monitoring of threats of identity exposure. An example is Lifelock that also ofers a remediation service for stolen or lost wallets to stop usage or replace lost credit cards as well as complete recovery assistance and services if one's identity is stolen while subscribed to their service. This achieved through identity monitoring, checking for threats to identity theft, tracking and response services to identity theft (Angwin, 2009). Conclusion             Fraudsters used to target individual or anyone they could get their hands on. However, businesses and executives are increasingly being targeted. 54 percent of respondents on worries faced by executives said identity theft was their main worry. Implementing a personal risk mitigation strategy would be important in reducing risk, implementing strong internal control systems, getting director and officer insurance as well as constant monitoring of the system using the RCSA to mitigate and report risks in good time. References Angwin, J. (2009). The fallacy of identity theft. The Wall Street journal, Retrieved from http://online.wsj.com/article/SB125537784669480983.html Goodridge, E. (2009, May 01). Steps to prevent identity theft, and what to do if it happens. The New York times. Retrieved from http://www.nytimes.com/2009/05/02/your-money/identity-theft/02idtheftprimer.html?pagewanted=all Identity theft protection: Protect your computer. (2012, January). Retrieved from http://www.spamlaws.com/protect-your-computer.html Risk control self assessment. (2010, March 10). Retrieved from http://www.ior-institute.org/education/sound-practice-guidance/142-sound-practice-guidance-part-2   Singleton, T., & Singleton, A. (2010). Fraud auditing and forensic accounting. (4th edition ed., pp.         44-53). Hoboken, NJ: John Wiley & Sons. Van der Meulen, N. (2011). Financial identity theft: Context, challenges and countermeasures. (pp. 32-33). The Hague, Netherlands: T M C ASSER PRESS. Wren, P. (2011, July 26). Lawsuits, identity theft keep ceos up at night lawsuits, identity theft keep           ceos     up at night . Retrieved from http://www.prnewswire.com/news-releases/lawsuits-identity-theft-       keep-ceos-up-at-night-126166523.html   Read More