- 1. REDUCING FRAUD LOSES THROUGH RISK MITIGATION CNIs Journey,
Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
2. Contents:
- Reducing Fraud risk Probabilities
3. Intro and Background Different Business, Different Frauds 4.
Intro: CNI
- Others: Contract Manufacturing, Export/Trading, eCommerce
- Malaysia, Singapore, Brunei, Indonesia, India, China, Hong
Kong, Philippines, Italy, Taiwan
- Products: Consumer Goods and Services
5. Intro: CNI
- CNIs Business Model background
Factory CNIE DC SP Leaders Customers 6. A. Risk Mitigation in
CNI No Business, No Risks. 7. No Business, No Risks.
- Ironically, our success is the cause of risk
- More success, more money, more fraud
- Easiest way to reduce fraud is to reduce business
- Dont laugh. This is what most FAC and HR people do,
unintentionally
8. Fraud Risk Mitigation? (1/2)
- We follow standard Fraud definitions:
- BothConditions must be met in order to be considered
Fraud.
9. Fraud Risk Mitigation? (2/2)
- We follow standard Fraud definitions:
- Risk = Likelihood x Impact
10. Where are the Risks?
Management Staff Frontline Suppliers/Vendors Retail Front 11.
Industry Risks
- Get-Rich-Quick Schemes (Skim Cepat Kaya)
These Fraud risks affect all Direct Selling organizations but
cannot be controlled by us. Only in joint efforts by drafting &
pushing new regulations 12. Real Fraud, Real Risks
13. B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
14. Fraud Root Causes
15. Risk Mitigation Strategies Culture Mitigation Identified
Fraud Risks Structure Resources Leadership Person 16. Alignment:
Framework
- Governance, Internal Controls
- Internal Audit, Surprise Audit, Regular Audit
(Surveillance)
- Levels of Authority, Power Balancing*
Structure 17. *Power Balancing
BOD Set 1 BOD Set 2 Approval/Verification 18. Alignment:
Framework
- Profiling/Assessment Tools
- Budget for Investigation, Litigation
Resources 19. Strategy: Framework
- Involuntary Role Modeling
- Personal accountability and Commitment
- Watch out: Current people promoted to Key Positions
Leadership 20. Alignment: Framework
- New Employee Background checks
- Root Cause Analysis (Mager & Pipe)
- Fraud Detection & Analysis Competency
- IT breaches through Frontline
Person 21. The Four Desperates 1. Desperate Competition 2.
Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
22.
23. Possible General Root Causes for Fraud
- "They had it coming." the revenge syndrome
- "I had it coming." the equity syndrome
24. GENERAL STRATEGIES AND POLICIES
- B1.Classification of Behaviors
-
- B1.1 Disrespectful Workplace Behavior
-
- B1.2Progressive Discipline
25. GENERAL STRATEGIES AND POLICIES
- B2. Recruitment and Selection
- B4. Employee Assistance Program
- B6. Communication and Feedback
- B7. Training and Education
- B8. Formal Complaint and Grievance
26. GENERAL STRATEGIES AND POLICIES
-
- 1. Leaders act asrole modelswhether consciously or
unconsciously
-
- 2. Leaders determine the workingenvironment
27. GENERAL STRATEGIES AND POLICIES
28. SPECIFIC STRATEGIES AND POLICIES
- C1. Theft and Fraud Root Causes
-
- 68.6%- no prior criminal record.
-
- Struggling financially or large purchases
-
-
- difficult time in their lives
-
- Merger and acquisition or reorganization activity.
-
-
- I dont have a career here attitude.
29. SPECIFIC STRATEGIES AND POLICIES
- C1. Theft and Fraud - Prevention
-
- Make a big noise when discovered
-
- Video surveillance equipment
30. SPECIFIC STRATEGIES AND POLICIES
- C2. Violation of confidentiality or security of company
information - Prevention
-
- a. ICT Security Policies*
-
- b. Ownership of Intellectual Property
-
- c. Inside Information and Trading of CNI shares
31. *ICT Security and Fraud (1/3)
- Security All matters relating to the coming-in and going-out of
all systems and information
- Backup - including Storage of critical and non-critical
information and Disaster Recovery
- Continuity Availability of systems and information at a
24x7x365 standard
32. *ICT Security and Fraud (2/3)
- The following are threats faced by CNI from inside the
company:
33. *ICT Security and Fraud (3/3)
- Web browsing and Internet Access
- Crisis management,Disaster recovery and Business
Continuity
- Servers, routers, and switches
- Internet / external network
- Documentation and change management
ICT Security, Backup, and Continuity Strategies 2005-2008: 34.
C. Decreasing the Impact We failed. Now what? 35. Why Impact?
- Cannot reduce likelihood - unavoidable
36. Levels of Impact (Fraud)
-
- Monetary Loss (>1,000,000) inc. capital, share price
37. small Impact
- Cannot reduce likelihood - unavoidable
38. Real Fraud, Real Risks
39. Real Fraud, Real Risks
40. BIG Impact
- Crisis Communications Plan
41. Crisis Management Plan Logistics & Info Systems
Communications Process Owner: [dept. accountable] Policy and
Planning After (profiting and learning) During (sound crisis
management) Before (readiness for crisis) Crisis: Business Function
42. Crisis Communication Plan
- Crisis Communication Team (to determine small or BIG for
communications purposes)
-
- Crisis Spokesperson & Interview
43.
- No case study from CNI on Crisis Communications arising
fromFraud
- Not yet happened (fingers crossed)
44. D. Tracking and Reporting 45.
- Asking the people responsible for preventing a problem if there
is a problem is like delivering lettuce by rabbit"
- CEO & Chairman, Lockheed Martin
46. Tracking: Who? How?
- Centralized monitoring: trends, patterns, flag unusual,
symptoms
- BSC, KPI and PMS embedded
47. E. New Fraud Risks We need help. 48. New Fraud
Opportunities
- Change in Business Model: Inexperienced
49. eCommerce Frauds Account Takeover Pharming Counterfeit
Advances Phishing Application Lost/StolenCredit Cards eComFrauds?
50. Mistakes and Lessons Learned
- Price to Pay for Fraud/Risk Mitigation => Business
Flexibility
- Rules vs. Humanity/Motivation
- Not tackling the root cause i.e. Motive + Opportunity i.e.
Humans
- Focus on FAC vs. Sales/Marketing => who has control?
- Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF
vs. RD
51. In the end
-
- humans are the weakest link
-
- bad treatment of staff will lead to weak link i.e. easier to
bribe, easier to con, etc;
-
- bad treatment examples: insulting, lose face, broken promises,
no dignity, public criticism, restructure without
communication
52. Thank You. soft copy of slides:
www.totallyunrelatedrandomanddebatable.blogspot.com