.
sponsors this site

Home

Introduction

Establishing an Ethical Culture

Establishing Policy

Risk Assessment

Crime Response Plans

Internal Controls

The Prevention of Corruption

Investigations

Computer Crime

References

 .

DEALING WITH WHITE COLLAR CRIME

RISK ASSESSMENTS
line.gif (2662 bytes)

THE BAC SYSTEM

The author has devised an extremely simple methodology which can be adapted to suit any sized organisation. This comprises of five steps:

  1. The threat assessment.
  2. The production of a schedule of weaknesses.
  3. The production of an agreed list of vulnerable areas.
  4. The identification of the options available to close the vulnerable areas.
  5. The production of an action plan.

THE THREAT ASSESSMENT.

Essentially, the procedure is to list all the functional areas of the organisation. For each area the activity is described and the critical activity identified. For each activity the relevant risk criteria are listed. The activity and risk criteria are then analysed to identify the possible areas of compromise. The protection in place is then examined to see if possible areas of compromise are closed and from this the areas of weakness identified. An outline format for this is in Annexure B to this section.

SCHEDULE OF WEAKNESSES

The second step is the production of a schedule of weaknesses. This should be in two parts:

  • weakness in critical areas; and
  • other weaknesses.

LIST OF VULNERABLE AREAS

In the third step the schedule of weaknesses is discussed with the CEO/Board/Audit Committee of the organisation and a prioritised list of vulnerable areas agreed upon. Depending on the size of the organisation and the number of weaknesses exposed, it may be necessary to produce:

  • a consequence profile (a scientific analysis of what effect the threats would have on the organisation should they materialise); and/or
  • a probability profile (an assessment of what percentile chance the threats at each area of weakness have of occurring).

OPTIONS OPEN TO CLOSE AREAS OF WEAKNESS

The fourth step is to identify the options available to close the prioritised areas of weakness. These should be costed and further prioritised.

ACTION PLAN

The final step is the production of an action plan by the Audit Committee, if one exists. However, the Managing Director/CEO of the organisation should always take ownership of the plan.

Although the methodology described is simple in concept, management should be aware that it is not so in execution. In medium to large sized organisations, it is recommended that a team be formed to carry out the exercise. This team should include accountants, security experts, computer specialists and internal auditors. However, it is so designed that in a small organisation one person could do the job.

(Previous) (Next)

line.gif (2251 bytes)
Copyright© 2003  J Blindell. Portions copyright Business Against Crime. No portions of this site may be copied, reproduced or used in any form whatsoever without permission except as stated below.

Information contained in this site may be printed, saved to an electronic device and or distributed to others for non commercial purposes only and must at all times contain a reference to Business Against Crime and this Internet Site. Under no circumstances may any information taken from any of the pages here be used for commercial purposes.