BUSINESS BEING RUN ON FAITH = BUSINESS ON FAIT ACCOMPLI

Lot of times during past 22 years I have heard the statements from reputed CEOs that we need to have faith in our employees. Well, it is most desirable to have total faith in our employees talent but, it is altogether a different proposition to build a business model around this thought process. My experience indicates that a business model centring on faith, hoping that all employees shall continue to work truthfully, is a perfect recipe for business disaster. By not having adequate controls in business models, we offer opportunities to most honest talent to turn dishonest. Some of the examples are listed below :-

(a) A store Supervisor shared his password with his subordinate cashier in GOOD FAITH to tide over a minor customer issue at that time. Supervisor never changed his password, as he believed that it is with his team member. Later, it was detected that this cashier (to whom supervisor had provided his password) had misused supervisor’s password ("when one person uses other employees' data to avoid detection") and carried out fraudulent refunds causing a huge loss to the store.

(b) Critical sales data of a retailer was fraudulently shared with competition by one employee for monetary consideration. Independent studies show "50 per cent said they had been the victim of data theft in the last 12 months"

(c) Disputed property was hired on behalf of a company by its employees for personal monetary benefits. The issue of such properties went to court, thereby, preventing company from using the premises which it got hired through its own employees.

(d) System data was found fudged by some remote login for the simple reason that the remote login was made possible due to password sharing done on GOOD FAITH. Even former employee can cause such data loss/ manipulation.

(e) It is known world over that employees in retail sector are responsible for causing approximately $ 98.6 billion every year to retailers.

(f) Vendor caused a loss of million of rupees to the company by employing dishonest means.

(g) In one of the investigations it got revealed that some employees joined hands with dishonest transporter and changed superior quality goods with inferior quality goods enroute from one business entity to another.

THE LIST GOES ON (all of above are issues which have been witnessed / investigated personally)

The experience also conclusively proves that had there been adequate controls in the businesses, all the above could have been prevented or atleast, they could have been detected much before they assumed such gigantic proportions.

The issues listed above conclusively prove that a business can only be run in business like manner, based on system of checks incorporated in various business processes. Any business being run on faith is business designed to be doomed.

Indian Army has a very popular saying, "A task which is not checked is a task not done at all." Well, there is a lot of wisdom in the saying.

Pattern Recognition

One of the most common practice of store employees to defraud retailer is to bring down (Mark Down) the price of merchandise at a level which is much lower than the regular sales price of the product. Mark downs also take place regularly due to various promotional schemes which retailers offer to its customers. Products nearing 'best before date' also needs to be marked down so as to clear the stock before expiry date. In the interest of business, such privileges are also delegated to individual stores. Dishonest employees use this privilege to either derive personal monetary advantage or use it to pass unauthorised benefits to their friends and families. Since the billing is done on POS, the sales would get recorded in data ware house.

To protect the interest of business, it is most desirable that analysis of this 'marked down' data be carried out regularly at back end. That would indicate if marked downs are being done for operational reasons or for personal reasons. Once such analysis is completed then only investigator should visit store for final findings. This flows from the fact that it is highly undesirable that loss prevention / security officer visits stores to detect malpractices. His presence at store is more of interruption to business rather than to expedite the business.

It is obvious from the above, that we need to have as much detailed and focused analysis of data, as far as possible, at the back end so that minimum time of investigator is spent at store.
To help investigators interpret the data, a sample and simple method of recognizing a pattern indicative of fraud, has been discussed in slides below.

Pattern Recognition

Slide 1 This fist picture explains the methodology to narrow down data from millions of entries to few hundreds and then analyze those few entries further.

Slide 2 After having narrowed down the data to few hundred entries from million entries earlier, now the focus is to narrow down further to specific stores.
Slide 3 If the analyst has reached the point as given in this picture, be sure that he / she would be able to home on to the most suspicious entries and the chances are that even sitting at back end, he would be able to clearly discern as to what actions at POS (whether malicious or otherwise) would have led this entry to crop up in data warehouse. 90% chances are that the analyst shall be able to home on that single suspicious data out of whole data – in other words, he / she would be able to find a needle in the hay stack.

There could be many more patterns available to be flagged depending upon extent of automation in the company, type of reports being pulled out of data warehouse and also on experience of the investigators / loss prevention officers to interpret the same. Since it is not possible to discuss all reports and patterns in the given time and space available – a sample analysis is attached.

UNOBTRUSIVE SURVEILLANCE AT STORES

All organised retailers do up the stores so that it attracts customers. False ceilings, glazed tiles, ACs, glass doors, shelves etc - all is done. To prevent shoplifting, the best is to follow each customer - well sounds impossible ???????????????????

Try putting glazed tiles or high reflective material (for example glass) as false ceilings. Store employee standing in one corner of store can view complete store floor by looking at the reflections in this false ceiling, even the actions of dishonest customer who is trying to hide something on person behind some dark spot in store become visible............Live coverage of compelete store --------


Moment customer knows that he / she is continuously under surveillance, that itself deters shoplifting

TRANSIT LOSS PREVENTION

Whenever merchandise is being moved in closed container type trucks, it must be ensured that door hinges of truck cargo section are properly affixed / fastened. It can happen that a mischievous transporter keep the door hinges loose deliberately, thereby helping him to open the door during transhipment without disturbing the 'door seal' which the despatching business might affix to ensure safe transportation of his merchandise.

Even if hinges are properly affixed, it must be ensured that centre bolt holding door hinges is also permanently welded. A loose centre bolt can also be easily removed enroute and merchadise can be taken out without disturbing the 'seal' placed to seal the door.

A dishonest transporter can easily steal / replace merchandise enroute, if the above two issues are not addressed by the business.

CASH REFUND FRAUD

CASH REFUND FRAUD


BACKGROUND

1. One of the most common method of cashier’s fraud in Retail Industry is ‘Refund Transaction’. This methodology causes double loss to the company. First, it causes ‘Shrink’ as the item billed in return sales, does not physically get back to store and secondly, it causes cash loss, as the cost of item billed in reverse sale gets pocketed by the dishonest cashier.

2. Various cashiers have been using different methodology to carry out this fraud. However, each such cashier shall have distinct signatures of his actions – something like – generally, all criminals have an identifiable modus operandi.

METHODOLOGY OF COMMITTING CASH REFUND FRAUDS


3. Article Selection. Generally a dishonest cashier will generally select a few items for which he or she would carry out refunds for his / her personal gains. Such articles are generally the ones whose prices are in rounded off figure like Rs 80/-, Rs 299/- etc. This is required for the simple reason to keep the account simple. If a cashier selects low value item, he / she might have to carryout refunds very frequently, thereby, exposing him / her to risk of being detected. If the article is of high value, the same might attract store management attention to that because chances of detecting missing high value SKUs are more as compared to mid level priced SKU (above example is applicable more to general retailer rather than a brand retailer who might have SKUs of high value.

4. Over a period of time, cashiers get used to carrying out fraudulent refunds of particular group of SKUs. Each such cashier develops a liking for particular SKU because it becomes easier for him / her to remember the bar code and price. If he has spared some shelf edge labels, then he would continue to use the same.

5. Timing The timing to effect such transaction is very crucial. It shall be generally done in one of the following time line :-

(a) At a time when footfall is low at store. In other words, when cahiers have time to themselves.
(b) At a time nearing the opening of shift or towards the end of shift. This is for the reason that they are about to tally the cash and cash drawers would be open by default.

(c) If frequency of such transaction by a particular cashier is few and far between, then, he or she would execute this a day before his / her scheduled off day.

6. Cashier ID . Generally a dishonest cashier would use (steal) someone else’s ID to perpetuate this kind of fraud. This ID could be of some other cashier or that of Supervisor. Executing such transactions in someone’s else’s ID insulates the dishonest cashier (or so he / she thinks) against penalty in the event of transaction getting caught, as the dishonest cashier retains high degree of deniability.

Preventive / Detection Tools

7. The following are tested tools for preventing and detecting this kind of fraud :-

(a) Robust refund policy and ensure strict compliance to same.
(b) Carry out ‘pattern recognition’ of data available in data store house, infact, standarised reports can also be generated for users across the board.
(c) Carry out video analytics.
(d) Develop informers from amongst the honest employees. They should know whom to escalate such incidents.
(e) Appropriate password protection policy.

IMPORTANCE OF EMPLOYEE BACKGROUND CHECKS – PRE ENROLLMENT ACTIVITY

IMPORTANCE OF EMPLOYEE BACKGROUND CHECKS – PRE ENROLMENT ACTIVITY

BUSINESS TRENDS
1. Whenever, a franchisee or an employee is employed or hired, most of the business have very elaborate mechanisms to carry out the following as part of background checks :-

(a) Address verification.
(b) Educational background verification.
(c) Past employment verification.
(d) last salary drawn verification.
(e) Character verification.

2. However, it has been noticed that despite elaborate listing of related processes, a minor slip up somewhere, by design or default, can have catastrophic effect on the business as would be seen in understated issues.

IGNORANCE OF BASIC COMMON SENSE CHECKS

3. Address Verification – Generally it is based on the documents submitted by the perspective candidate in terms either a driving license, pass port, electricity bill, voter card, PAN card etc. However, what is generally ignored that the addresses contained in these documents were correct (believed to be correct) at the point of time at which these documents were issued. WHAT IN CASE THE PERSPECTIVE CANDIDATE HAS CHANGED HIS RESIDENCE SUBSEQUENT TO ISSUE OF THESE DOCUMENTS ? We in business, land up verifying unreliable document ??

4. Remedy lies in the following :-

(a) Photocopies should be accepted only when accompanied by originals and be certified on copy with endorsement “ORIGINAL SEEN AND VERIFIED BY Mr / Ms ………….ON ……..(Date)” and be duly signed by the person verifying the same.

(b) Verify the photograph of the perspective candidate who is being interviewed with the ones which have been affixed on his address documents.

(c) Obtain an undertaking from the perspective employee that he is currently staying at the address about which he is producing a document. In case of change, ask for police verification or some other certification suiting the legal requirement.

(b) In case of employee being hired for critical positions, it would be better if physical checks could be carried out to verify the address.

5. Educational Background - Can a situation be imagined where in a person being hired is not the one who finally joins the company or not the one having the requisite qualifications? THERE HAVE BEEN CASES OF THIS NATURE TOO. Under the current procedures, all important educational certificates from reputed institutions carry a photograph of the student, but, every institute is not doing the same.

6. Remedy lies in cross checking the details with institute whose certificate is being produced as testimony to educational qualifications. Alternatively, other technical details can be cross checked from other related documents like parentage, date of birth, mother’s name etc. Few questions during the interview can lead to detection fraudulent cases.

7. In case of employee having a permanent address at far away place, the verification can be done by sending an ‘Acknowledgement Due’ Registered letter on the indicated address through postal department or through a courier company with instructions to produce proof of delivery to concerned HR team. If that is not possible, then tele verification based on land line number can also be made.

8. In one of the investigated case, it emerged that younger sister was working while the elder one was interviewed and her (elder sister’s) educational records were held with enrolment team. In another case, it was found that the output of employee did not match the job profile and it emerged that he had produced forged educational records.

9. Banking Details (A Case Study). A case was detected wherein an employee (Say Mr Suresh, of current employer but name changed) had produced his salary account, proof of address and company identity to some other bank stating that he is working with that company. Later this employee obtained huge loan and did not repay installments. What happened was that during the process of obtaining loan, he obtained required certificates from his employer. After obtaining this loan, the employee resigned from his current service. On noticing default, the banker which granted him loan approached his known address and were horrified to find that he never stayed there. Later the bank approached the previous employer and it got confirmed that the employer had verified his address on the basis of details mentioned in the PHOTOCOPIES of the following documents :-

(a) Telephone bill.
(b) Driving License.
(c) Ration Card.

10. Since all of the above documents produced by employee at the time of enrollment were PHOTOCOPIES and no one in the process of enrolment thought it fit to examine the original - ALL TURNED OUT TO BE FORGED DOCUMENTS.

11. Experience Verification. It has been noticed with some degree of satisfaction that lot of companies maintain brief record of employee personal and performance data permanently in the system. Such data can help businesses by referring to this data in case such query comes up from future employer of the employee. This system, if adopted across the board by all business, will make all businesses a healthy place to work in, without business heads worrying of enrolment of fraudsters.

CASH SAFE AND KEY MANAGEMENT

CASH SAFE AND KEY MANAGEMENT


General Business Process
1. Retail business including bulk sales and all other businesses have a necessity of managing day to day cash, cash coupons and cash vouchers of various forms. Businesses invest heavily on procuring hardware, software and other guarding devices to securing such cash and valuables which gets collected every day. The general principles, on which the business models are designed for such protection, are as follows :-

(a) Install cash safes at appropriate locations.
(b) Suitable business processes for safe custody of cash and cash accounting process.
(c) Suitable cash pick up/ cash banking model.
(d) System checks.
(e) Requisite electronic security measures.

2. Experience shows that any lacunae in any of the issues as discussed below can lead to recurring cash losses with inability of the business to pin point the blame on any individual or group of individuals.

Locks and Key Management

3. Generally, there are two keys for a lock and that for cash safe, In some cases, locks have four keys. It has been noticed that in some instances, keys of the all locks are same ie they are interchangeable, implying that any lock can be opened with any of the similar key like that of POS. The following considerations while designing the business process, for key management can reduce the risk of cash loss / misappropriation by malicious minds :-

(a) While negotiating with vendors / while procuring locks / Points of Sales counters (POS) cash tills – ensure to incorporate the clause in deal that it is the duty of vendor to ensure that keys are not interchangeable.

(b) In case that is not possible, then operating procedures should define that all such surplus keys are counted and deposited with some designated authority in his safe custody. Ownership of custodian of operational key should be defined.

(c) Generally, it is spelt out in the business process as to who is the custodian of “Duplicate” keys of locks and safes. However, such listings of responsibilities is sketchy at best. They do not lead to tracing the ‘Key movements’ which is required to be done in the investigations into reported losses. Any loose end in this process shall disturb detection of chain of events leading to such losses.

(d) Amplifying further, for example, if the duplicate keys are not certified to be held correctly periodically, it would become extremely difficult for investigators to ascertain as to when the keys were physically counted and by whom. Hence, pinpointing period of loss of such keys becomes difficult to the extent that it can block further investigations.

(e) Under no circumstances the process should lead to multiple ownership at any given point of time. Ownership of original and duplicate keys must be fixed to individuals at all times and that too separately. In case of original owner is absent from duty for some reason or the other, the process should dictate the proper handing / taking over by current custodian / next custodian.

(f) In lots of cases, it has been observed that employees resort to shortcuts in handling of keys. It should be a matter of serious concern to the business that keys are routinely passed on to unauthorized employee on the plea that the authorized employee is not available due to some business reasons. Hence, to facilitate smooth business operations, the keys get handed over to next employee. It is also an unwritten fact that in such cases, the seniors are aware of such practices in their business but they choose to ignore such deviations – at their peril till such time a loss is reported. IF A PROCESS LAYS DOWN CERTAIN ACTIONS TO BE DONE IN A CERTAIN MANNER – IT MUST BE DONE THAT WAY OR NOT DONE AT ALL. In case of serious business issues, the deviations must be reported and proper checks must be spelt out in risk mitigation process to overcome such eventualities.

4. The issues listed above, though, might give an impressions of their being trivial in nature, but, if the loophole exists – be sure that it shall be exploited sooner or later and that would have crippling effect on business. More so, because the investigator shall not be able to pinpoint the blame on any individual for the loss.

Cash Safe

5. Why do we have the requirement of lock or cash safe ? What kind of lock or cash safe is ideal for the business? The basic aim of provisioning of cash safe and lock is that, the thief should not be able to walk away freely with our cash / valuables. To prevent this, we have locks, safes, physical barriers and other electronic systems in place TO DETER THE POTENTIAL THIEF AND IN CASE OF ACTUAL ATTEMPT TO STEAL AWAY, THEN SUITABLE RESISTANCE MUST BE OFFERED KEEPING IN MIND THE REACTION TIME OF THE PREVENTION TEAM, be it own internal department or law enforcing agency.

6. From the above, it logically flows that while designing a process and procuring equipment, the business must be conscious of the fact as to how much of delay potential our systems and hardware should impose on potential thieves – measurable in term of time. For example, we know that our first reaction can take in 30 minutes of time ie the time at which physical reaction can be possible by business team – then it is imperative that our cash safe, the locks and other barriers in place be of such specifications that they offer resistance to thieves for 30 minutes, at least, and in the meantime our reactions shall be in place. That would ensure safety of our cash and valuables. In case of internal thefts, the same should be preventable by suitable business process.