How To
How to Fraud-Proof Your Company
Fraud experts focus on ways to combat insidious insiders at the 19th Annual Association of Certified Fraud Examiners (ACFE) conference, and a convicted fraudster explains how he went down the wrong path
By Bill Brenner, Senior Editor
"I have to take it. Everyone has to take it," he said of the training. "It has to be ingrained into the corporation itself. Otherwise, it doesn't work. I went out to Enron [to investigate], thinking there were a couple bad apples." He found that unethical behavior was endemic throughout the organization.
Building the right anti-fraud policy
In another ACFE presentation, Christopher Rosetti, a partner in the Forensic Accounting and Financial Investigations Division at BST Valuation and Litigation Advisors, focused his presentation on key steps toward implementing a fraud and misconduct strategy.
He suggested a solid plan is based on:
- Ethical culture
- Effective personnel policies
- Awareness
- Reporting/feedback
- Monitoring
"An ethical culture is based on visible leaders, a values statement, communication of values, and a code of conduct that defines acceptable and unacceptable behavior," he said.
Most people are honest but can sometimes lapse into unethical behavior, not always realizing it. Therefore, Rosetti said, people need to be reminded of right and wrong.
"Spread the word via e-mail and the Web, attach the rules to paychecks and other forms," he said.
The code of conduct should include a checklist of right vs. wrong for everything from the use of mail facilities, office equipment, use of the Internet and outside employment. The code should clearly map out how confidential information should be handled and ensure severe punishment for those who use their position to acquire undeserved privileges. The code should even be clear about restrictions of on-site weapons.
"Some of these examples may seem absurd, but you never know what can happen," Rosetti said.
Other stories by Bill Brenner
fraud
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
