DEALING WITH WHITE COLLAR CRIME

RISK ASSESSMENTS

BRITISH BANKERS' ASSOCIATION METHOD

The British Banking Association's recommended system involves the production of the organisations threat profile as a first step. This includes the identification of fraud threats specific to the products and services of the organisation and in addition, the general factors applicable to the sector in which the organisation operates which may make it more susceptible to fraud. It is important to perform this analysis in all sections of the organisation. The threat profile is usually documented in table format such as depicted in Annexure C.

The next stage is the examination of the organisation's existing policies and procedures in order to assess their effectiveness in addressing the threats identified. It is important that the effectiveness of the prevention, detection and response procedures for each threat take into account the basic techniques of:

• segregation of duties
• levels of authority
• monitoring and supervision
• design of value paper
• security of premises

Having identified and documented the risk evaluation, management can then produce the assessment of risk and identify any modification of controls to improve effectiveness.

Organisations wishing to adopt this system will need to obtain the British Bankers' Association's "Fraud Managers Handbook" which is available from BBA Crime Prevention Programmes, Information Transfer, 15 Newmarket Road, Cambridge CB5 8EG, England.

COMPUTER AIDS

There are a number of proprietary computer programmes on the market which aid the fraud risk process. For example Bergman Voysey's "Security by Analysis (SBA)" system. Others known to the author are "RiskWatch" and "BiAsys".

OTHER TECHNIQUES

Risk Assessments are of course not the only techniques for the recognition, of the symptoms of fraud. Some other techniques are:

• analysis of case studies of crimes committed in the general sector and their application to the organisation;
• vulnerability charts;
• invigilation (creation of a controlled environment);
• observation or surveillance;
• under cover investigations and informants;
• business and intelligence;
• spot checking;
• criminal targeting; and
• critical point auditing.

WHO CARRIES OUT THE ASSESSMENTS.

The reason why so much fraud escapes detection is usually because no one person in the organisation is made accountable for the task. The idea that fraud will be detected by auditors or police is often a fatal fallacy. The auditor is a watchdog, not a bloodhound. The police investigate fraud, they seldom detect it. To detect fraud, resources must be allocated specifically to that task. It cannot usually be achieved as a 'spin off' from conventional auditing. In detecting fraud, the objective should not be confused or combined with other work. It should not be considered as a one-off exercise as if done properly, it includes routine monitoring of events, and a lot of hard work. It is vital that "fraud detectors" have considerable investigative expertise and are capable of taking cases from initial detection of symptoms right through to criminal prosecution by the courts. For obvious reasons, the 'fraud detector' should be independent from the accounting department of the organisation. He is probably best located in the security department if one exists in the organisation.

(Previous) (Next)