By The Security Executive Council
There is evidence that many companies are unwittingly suffering notable loss to fraud. In its 2020 Report to the Nations
, the ACFE estimates that organizations lose 5% of revenue to internal fraud each year. In a company with $1 billion in revenue, that would equate to $50 million in loss annually.
In light of these findings, we wondered how security practitioners are adjusting to leverage newer technologies and techniques to fight not only fraud, but also the many other kinds of incidents that cause damage and loss, such as robbery, assault, abuse, theft, etc., which are likely on the rise due to COVID-19 impacts regarding requirements, mandates and the economy.
A recent Security Barometer quick poll examined the latest in investigation program best practices.
More than half of respondents reported they had reviewed their investigative programs in the last one to two years. However, around one quarter reported they had never done it. Periodic review is itself a best practice to keep any program aligned and responsive to emerging issues.
We were not surprised to find that respondents reported a wide range of departments conducting investigations. This has been the case in many organizations for decades.
A few survey participants commented that corporate security was either precluded from conducting investigations regarding employees or were brought in after missteps were made by other departments. Click here for a resource that discusses the pros and cons of distributed investigations responsibilities.
Respondents reported using a variety of newer best practices that go beyond a traditional post-event interview-based discovery process. It is worth pointing out that over a quarter of survey participants reported that they used none of the listed practices. At least one participant commented that the advanced practices selected were being used by the cyber side of the organization and not corporate security.
Many newer practices are focusing on active early detection processes that limit the length of fraud schemes and minimize the loss. For an example of an investigative evolving practice, read our article about active early detection processes
that limit the duration of fraud schemes and minimize the loss.