Guide to Preventing Workplace Fraud - Chubb Group of Insurance ...

More documents

Recommendations

Info

■ Design and implement safeguards in response to identified risks, including those arising due to changes in the business. ■ Periodically monitor and test safeguards. Physical Security of Technology Assets The physical security of computers and computer systems is naturally an extension of a general physical security program. Existing physical security policies and procedures need to be adapted to meet the specific threats associated with information systems and related assets. Controls to consider: ■ Restrict access to the areas where computers and computer data are housed. ■ Perform comprehensive background investigations on personnel who will have access to computer areas and information. ■ Utilize asset-protection programs, such as asset-tracking devices or software installed on laptop computers. Defenses against unauthorized, malicious, and/or fraudulent logical access to computer systems include good physical security and use of security technologies. Successful computer system intrusions may involve unauthorized appropriation and use of user passwords. Compromised passwords need to be reported promptly, with swift action taken to revoke all related systems rights. 44
RESPONDING TO THE THREAT OF FRAUD Responding to the threat of fraud can be challenging. There is no “cookiecutter” fraud response strategy that is appropriate for every business. The diversity of fraud risks associated with different business environments and situations requires that fraud risk responses be appropriate for the specific business operations, business environment, and fraud experience. Consider that the “ideal fraud opportunity” might include any of the following factors: ■ A weakness in the internal control system or the ability to easily override the control system (i.e., an opportunity). ■ Pressures or incentives to commit fraud sufficient to overcome the pressures or incentives not to commit fraud. ■ Perceived reward for fraud is relatively high. ■ Perceived risk of detection is relatively low. ■ Potential penalty, if caught, is perceived as being small or relatively inconsequential. Therefore, an effective fraud response plan should: ■ Limit fraud opportunities by establishing strong internal controls and limiting overrides of those controls. ■ Manage pressures and incentives inherent in the business process (to the extent this is possible). ■ Focus fraud prevention and detection efforts on risks where potential financial loss is the greatest or where cumulative losses from smaller frauds may be significant. 45
Page 1 and 2: Guide to Preventing Workplace Fraud
Page 3: GUIDE TO PREVENTING WORKPLACE FRAUD
Page 7: CONTENTS Introduction .............
Page 10 and 11: focus on prevention, detection, and
Page 12 and 13: The Fraud Triangle What motivates p
Page 14 and 15: ■ Minimization: “I’m not taki
Page 16 and 17: Cash-diversion schemes range from s
Page 18 and 19: FRAUD RISK MANAGEMENT- LOSS CONTROL
Page 20 and 21: General fraud detection practices.
Page 22 and 23: ■ “Vendor audits,” which typi
Page 24 and 25: company. Checks with identified inc
Page 26 and 27: ■ Investigate Forms W-2 and 1099,
Page 28 and 29: Segregation of duties may be diffic
Page 30 and 31: In many companies, vendor payments
Page 32 and 33: ■ “Vendor audits,” which typi
Page 34 and 35: The above scenario presents a numbe
Page 36 and 37: part of computerized records and ar
Page 38 and 39: software, and color laser printers
Page 40 and 41: Misappropriation of Waste, Scrap, a
Page 42 and 43: Expense Account Reimbursement Fraud
Page 44 and 45: Payroll fraud may involve collusion
Page 46 and 47: ■ Employee correspondence sent to
Page 50 and 51: ■ Foster a strong “perception o
Page 52 and 53: Many companies require that employe
Page 54 and 55: ■ Callers are asked to call back
Page 56 and 57: ABOUT THIS BOOKLET This booklet was
Page 60: Chubb Group of Insurance Companies

Guide to Preventing Workplace Fraud - Chubb Group of Insurance ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?