Q&A
Jim Ratley and ACFE: Going Broad on Fraud
Five years post-Enron, corporate fraud and white-collar crime continue to make headlines. Jim Ratley of the Association of Certified Fraud Examiners checks in to talk about corporate fraud and effective investigations.
By Scott Berinato
d all the others, and after the passage of Sarbanes-Oxley and other controls. It makes us wonder if we're any better off than we were before in terms of fraud.
I definitely don't think we're safer. The threats are still out there and growing. What I see is often the corporation is still unwilling to invest the resources needed for training and technology to give security people the tools they need to keep up. For the most part, investigative techniques and security departments tend to be reactive. I think security departments need to be proactive and start building preventive measures. I can already hear readers say, Yeah we know that! But our bosses won't give us the money!I know exactly what you're saying. Someone asked me recently what to do when a fraud prevention program costs more than the dollar amount that would have been lost in a fraud they detected. What to do? And I suggest to you that the fraud prevention program costs more than the dollar amount you show you saved when it is working and effective. Instead of reacting to the fraud and investigating it and bringing it to conclusion, you're preventing it from happening in the first place. To a lot of management, you're spending money on a negative, but statistics have shown that you can cut fraud dramatically with just a few simple techniques in a fraud prevention program, the first one being you tell people you're looking for it. [When you do that] you take that person who might be tempted to perpetrate the fraud and move them back to a person who's not tempted.What are some other techniques for fraud prevention?
I think the most important thing is to educate your employees. When you have employee orientation, when you talk about insurance and 401(k)s, I think you throw fraud education into that process. Show them the ethics policy. Say, Here's what we do and how we look for improper, illegal and unethical acts.
And give them a way to report it if they see it. Anonymous hotlines make a difference.
What do CFEs talk to each other about at cocktail parties these days?
The advancements in the IT end of [the] fraud examination field. Within the next five years I would guess the trained fraud examiner is going to have to have a strong background in computer forensics. Technology has made our world much, much better. We have more tools. More solid audit trails to go after fraudsters. Most people are unsophisticated when it comes to the new technology. Other than the use of the computer, they have no idea how to hide or bury their trail. That makes life great for me because I do know how to go in and find what's been on their computer. But at the same time, technology has given the perpetrator much more opportunity to violate trust and perpetrate the fraud.
So computer forensics are the core of what you do these days?
What I've found is there are so many facets to fraud examination. You need somebody who has the legal background to prevent something like what we're reading about in the paper now [with HP]. You need someone with the investigative skills, for doing admission-seeking interviews and document collection. You need someone who can look at financial documents and understand what they're seeing. You need someone who can pull stuff off computers. It's hard to find any one person who has a background in all of those.
What else are CFEs talking about?Probably about the prosecution of offenders. Back five years ago, before some of the big corporate
ACFE
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
