The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting



Similar documents
High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits

Internal Auditing is an Asset for Small Companies as well as Large Ones

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Customer Data and Reputational Risk in the Pharmaceutical Industry

Fraud Prevention and Detection in a Manufacturing Environment

Incorporating Behavioral Analytics into Exception-Based Reporting O R A C L E W H I T E P A P E R D E C E M B E R

A Practical Guide to Information Governance in Microsoft SharePoint 2013

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.

Payment Card Industry Data Security Standards

Holiday Fraud Myths. How They Leave Retailers Vulnerable

Capital Projects and Construction: Building in Risk Management and Project Controls

Process Control Optimisation with SAP

INFORMATION TECHNOLOGY FLASH REPORT

Financial Close Optimization: Five Steps for Identifying and Resolving Systems and Process Inefficiencies

The Role of Governance, Risk and Compliance in a Firm

CREDIT CARD FRAUD PREVENTION IN NONPROFITS

Making Shadow IT Work for You: What Financial Companies Can Do to Bring Grassroots IT Solutions Into the Fold

FINANCIAL SERVICES FLASH REPORT

Loss Prevention Data Mining Using big data, predictive and prescriptive analytics to enpower loss prevention

A crash course in credit

Managing Supply Disruptions

How To Ensure Internal Control Of Financial Reporting In India

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Vendor Audit and Cost Recovery: Improving Bottom Line Results WHITE PAPER

PROTIVITI FLASH REPORT

Data Quality Assurance

Improving the Effectiveness of Retail Video Surveillance

MAKING THE RIGHT CHOICE

Clear Returns changes the way retailers think

HOW TO DETECT AND PREVENT FINANCIAL STATEMENT FRAUD (SECOND EDITION) (NO )

Payment Card Industry Data Security Standard (PCI DSS)

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Managing Regulatory Compliance and AML Risk in a Virtual Currency World

TECHNOLOGY YOU CAN USE AGAINST THOSE WHO USE TECHNOLOGY FRAUD ANALYTICS: TAKING DATA ANALYSIS TO THE NEXT LEVEL

PROTIVITI FLASH REPORT

Accounting Management Solutions, Inc presents

Schedule 46 SAO Certificate FAQs

FALSE ADVERTISING. How to Spot It and What You Can Do About It. The New York City Department of Consumer Affairs

Avoid completing forms in messages that ask for personal financial information.

Reputation Management A Must For Your Business

Texas Higher Education Coordinating Board Facilities Audit Protocol Q&A

Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc.

Implementing ERP in Small and Mid-Size Companies

Accountants and Auditors

The K3 Essential Guide Series Creating a loss prevention culture

Internal Controls, Fraud Detection and ERP

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

Detect, Prevent, and Deter Fraud in Big Data Environments

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

These are some labor burden test queries that auditors can make if they have the contractor s or vendor s labor burden breakdown:

Texas Lottery Commission. Comprehensive Study and Evaluation of Lottery Security PUBLIC REPORT

When you need someone to scrutinize your financial situation, call Kessler International we'll turn your questions into answers.

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

2016 The global ABB integrity program.

whitepaper 16 TIPS FOR BUILDING AN ENGAGING ECOMMERCE EXPERIENCE How to tackle the obvious and not-so obvious challenges

WHITE PAPER Moving Beyond the FFIEC Guidelines

High-Value Targets Retailers Under Fire

Deploying Insights from Online Banking Analytics in Incremental Innovation

Crime Prevention: A Guide for Small Businesses

Insight into Intelligence: eservices 2.0

PROTIVITI FLASH REPORT

FINANCIAL SERVICES FLASH REPORT

Admission Fraud / Loss Prevention & Theft Best Practices Britt Thompson Randy Ross Sylvia Matiko Bruce Bird

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

Process Intelligence: An Exciting New Frontier for Business Intelligence

Compliance Reporting and Auditing: Best Practice Exchange Tony Farino, Partner Peter Claude, Sr. Manager PricewaterhouseCoopers LLP November 14, 2002

convincing reasons to replace your accounting system with ERP

web resources Sample Interview Questions by Robert Price

Sage Simply Accounting I Cash Flow White Paper. Cash Flow: The Lifeblood of Every Small Business

FINANCIAL SERVICES FLASH REPORT

Proactive Risk Management with SAP BusinessObjects

How an Innovative Marketing Strategy Can Pave the Way to New Customers

Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations

Suite. Market - Leading Data, Analytics & Scoring

The Finance Function. Investment Real Estate: Finance and Asset Management

A Look at the Varied Responsibilities of Internal Auditors. internal auditing: All in a days work

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

HOW TO CREATE AN EFFECTIVE CREDIT & COLLECTIONS POLICY

Managing Your Data Assets

Voyager Network Fleet Card <PARTNER> Add Partner logo here

IP VIDEO SURVEILLANCE IN THE RETAIL INDUSTRY A MILESTONE BLUEPRINT ARTICLE

Fighting Fraud with Data Mining & Analysis

Internet Reputation Management Guide. Building a Roadmap for Continued Success

RESEARCH NOTE NETSUITE S IMPACT ON SOFTWARE COMPANY PERFORMANCE

Investigating Effective Lead Generation Techniques

REAL ROI REPORT MICROSOFT DYNAMICS NAV

Using Data Mining to Detect Insurance Fraud

Point-of-Care Medication Administration: Internal Audit s Role in Ensuring Control

Securing Remote Vendor Access with Privileged Account Security

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

Command Center Handbook

30 CREATIVE WAYS TO USE SMS

The way we do business.

Protecting the POS Answers to Your Frequently Asked Questions

How To Sell Your Property In New York City

CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD

BUY, TRACK and TRANSACT

Transcription:

The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting

Introduction In the past 10 years, exception-based reporting (EBR) has become a widespread tool for loss prevention in retail organizations. EBR has allowed retailers to easily identify instances of potentially fraudulent activity by using data from point-of-sale systems. They no longer have to search through cumbersome sales records to spot patterns of dishonesty. However, most organizations are not taking advantage of the capabilities of their EBR solutions to change the behavior of sales associates. By enforcing policies regarding sales activity, improving employee training and identifying unwanted behaviors, sales executives can take action to encourage the desired behaviors and curb losses. This white paper explains why shifting to a so-called behavioral monitoring approach to EBR allows retailers to reduce the opportunities for fraud. What is an Exception-Based Reporting (EBR) system? EBR is a key tool for identifying habitual patterns of dishonest behavior in a retail organization. It provides a central data point for all of the information relating to point-of-sale transactions in the organization. EBR systems have become commonplace in the past 10 years or so, with manufacturers of cash registers and other key retail technologies making it easier for managers to access this point-of-sale data. An EBR system allows users to set thresholds that will identify anomalies in retail behavior for instance, an abundance of refunds or voids at a particular register, or by a particular sales associate. Managers who simply read the point-of-sale data cannot find such anomalies they do not stand out in such a sea of raw data. EBR systems can identify exceptions in many types of transactions and can therefore help pinpoint many types of fraudulent activity, such as credit-card fraud and gift-card fraud. How do EBR systems work? To make the best use of EBR systems, sales managers and analysts need to determine the established norms for given classes of transactions in other words, the number of refunds, credits, voids and other sales transactions that would be acceptable given the location of the retail outlet or store department, and any other factors that impact such transactions. An EBR system will not only trigger alerts when transactions go above the specified thresholds, but it also will retain historical data so that analysts can consider exceptions for past time periods. This allows analysts to make better-informed decisions about exceptions that are identified by the system. For instance, a flurry of refunds handled by one cashier during a given week may not indicate a true fraud problem. But if the EBR system identifies a pattern of behavior for a cashier over time, there is a stronger case for taking action. EBR systems work best when executives and analysts focus their attention on a small number of core transactions often three to five specific types that are the most problematic (and fraud-prone) in their organization. This will allow them to devote precious resources to identifying and reducing the most costly types of fraud, instead of trying to analyze and identify all fraudulent transactions. If the EBR system does not help sales executives to measurably reduce losses in these core areas, analysts should shift their attention to other types of transactions. 2

What steps are taken to review exceptions? An EBR analyst usually examines, on a daily basis, activity that triggers alerts about high levels of potentially fraudulent activity. After the EBR system has identified potential problem areas, the analyst can compare this data to other information, such as historical data. The analyst also might do a peer comparison, which compares a store associate s performance to that of a colleague. For instance, if a specific employee was tagged for processing a high number of refunds, the analyst might check the refund record of other sales associates, because the particular store location may habitually process more refunds than others. The analyst also would examine other data that could explain the exceptions in the associate s performance. For example, a cashier with a high number of refunds also should have a corresponding high number of sales. If the analyst cannot use other data to excuse or explain a high rate of suspicious transactions, he or she then can look more closely at the particular employee s transactions history. Since people who engage in fraud tend to use the same methods over and over, the analyst may be able to zero in on the types of transactions the employee is using to commit fraud. When analysts believe they have identified possible fraudulent activity, they prepare a report, which then goes to a trained field investigator for consideration. Given the importance of understanding how to read the data in an EBR system and how to connect that data to other sources of information about sales transactions, it is obvious that knowledgeable analysts are needed. An EBR system provides valuable information about possible fraudulent sales transactions, but without a trained eye to decipher the results, it is difficult to identify the cases that should be referred to an investigator. Some retailers have turned to industry experts or outsourced solutions in order to add this level of sophistication to their loss-prevention operations. How do you decide if an exception is dishonesty, a policy violation or a training issue? In some cases, the exceptions identified by an EBR system are clearly cases of employee fraud. For instance, if an employee uses a gift card to make a purchase, the analyst should be able to find the corresponding transaction wherein the employee purchased the gift card, using his or her employee discount. If that corresponding transaction does not exist, chances are high that the gift card was obtained fraudulently. In many other incidences, it is not so easy to determine the cause of exceptions. In these cases, the field investigators are called upon to analyze the data and perhaps conduct interviews with the sales associates whose behavior has triggered the review. Many cases sent by an analyst to a field investigator are found not to involve dishonesty, but instead come about through lack of training or adherence to store policy. According to loss prevention experts, only 25 percent of the cases referred to investigators are found to involve theft. Another 25 percent of cases are dismissed, with no evidence of dishonesty found. The remaining 50 percent of cases are found to have involved policy or procedural violations. 3

What is the difference between transactional monitoring and behavioral monitoring? Many retail organizations do not use their EBR systems to their full potential, and miss out on opportunities to identify and eliminate instances of fraud. For instance, many retailers use EBR technology to search only point-of-sale transactions for exceptions. This is, of course, useful for catching employees who are engaging in dishonest activity. However, the goal of using an EBR system is to reduce losses and that involves more than identifying people who are committing fraud. Reducing losses also is accomplished by changing behavior that might lead to losses and by implementing policies that reduce opportunities for fraud. EBR findings can help an organization initiate or enforce changes in policy that can improve adherence to procedures, thus reducing losses. Consider the impact of simply reporting policy exceptions to store managers whose employees are exceeding the accepted thresholds for example, a high number of voids. Store personnel who are made aware that such data is visible and that analysts and managers are watching it on a regular basis are more likely to adhere to policy guidelines. How can EBR systems be used to identify fraud beyond sales data? Instead of using EBR systems to simply look for exceptions among sales transactions, retailers should use EBR to look for a wide array of exceptions to acceptable thresholds for business operations. For instance, EBR systems can search shipping and receiving data for fraud at the delivery level or the invoicing level. In addition, some retailers have opted to load inventory data into EBR solutions in order to compare this information to point-of-sale data, allowing them to isolate the possible causes of inventory losses. How does behavioral monitoring change the role of the EBR analyst? The analyst who is using EBR systems to track a variety of exceptions, including policy and transactional exceptions, needs to convert EBR reporting into policy directives for employees. In other words, a successful analyst is not just someone who can identify exceptions and send cases to investigators. He or she also must be able to think about the data on a high level and should be able to piece together information from various sources to make decisions about policy changes that could reduce losses. The analyst who is looking at the behavioral-reporting data also needs to have access to the top levels of the retail organization and needs the support of other key departments, such as operations and human resources, in order to initiate and suggest policy changes. Other Uses for EBR Analysis EBR analysis also can be used to monitor consumer behavior. This has the potential to increase the efficiency of departments such as Store Operations, Marketing and Inventory Control. For instance, consider how useful it would be to track the effectiveness of trade promotions and advertising by monitoring upticks in specific product sales. Some organizations that require sophisticated EBR analysis may decide to rely on field analysts for this task, instead of depending on a part-time analyst who may be needed for other assignments within the company. Other organizations outsource EBR analysis so retailers can benefit from the expertise of analysts who can share best practices from many organizations and are dedicated resources. In addition, organizations that outsource EBR tasks can benefit from faster identification of fraudulent transactions, since these domain experts are skilled at reading EBR data. 4

How does an organization drive the change to behavioral monitoring? Commit time and resources: Changing employee behavior requires more than a sophisticated EBR system it requires time and money that must be devoted to the effort. Therefore, executives in charge of all departments within the retailer including everything from human resources to inventory control must support the efforts to enforce policies and show their commitment to reducing losses. Consider impact on operations: When managers decide to change policies to reduce losses, they may impact operations in other ways, which they will need to address. For instance, managers might decide to implement additional checks for certain procedures. For example, they may require store managers to sign off on voids. This adds time to transactions, which may mean that stores cannot handle as many sales and might see a drop in revenue. Such an effect should be considered when discussing proposed policy changes. Improve employee training: Thorough training obviously goes hand in hand with policy changes. If employees do not know how to process refunds correctly, they may trigger a report about a policy violation, which could prompt an unnecessary investigation. Managers need to define clearly what is right and what is wrong in order to initiate policy changes that stick. Learn from best practices: Retail employees from managers to store associates need to express a willingness to learn from best practices at other store locations within the organization. Communicate among departments: Departments need to cooperate with each other, as some policy changes may require efforts that cut across organizational lines. For example, the marketing department may create a get one free coupon and distribute it to stores without recognizing the need to create checks and balances to guard against fraudulent use of the coupons. The loss prevention department would need to work with the marketing department to communicate those checks and balances before the coupons are put into use. Conclusion Transactional monitoring that uses EBR systems can help to identify patterns of potentially dishonest activity. However, a good percentage of such cases are, upon investigation, dismissed as problems caused by lack of employee adherence to store policies. This means that many cases that are referred to field investigators could be eliminated if these policy violations were reduced. Behavioral monitoring, which also uses EBR systems, provides a more sophisticated way to identify problematic patterns of behavior that can lead to retail losses. By folding in data from several sources within the company instead of just point-of-sale transactions retailers gain an in-depth view of the behaviors that present opportunities for fraud and theft. Behavioral monitoring can prevent losses before they have the chance to occur by allowing executives to implement policy and procedural changes to reduce fraud and theft. 5

About Protiviti Protiviti (www.protiviti.com) is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti, which has more than 50 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. About Creative Options Creative Options (www.creativeop.com), a Protiviti company, is a world-class specialty communications firm. We have built our reputation on designing communication tools that measurably reduce loss. From employee awareness to mobile audits, we are widely recognized for bringing innovative communication solutions to retail. For more information about the topics covered in this white paper or the Loss Prevention Consultative Practice services, please contact: James Curtis 484.883.0398 james.curtis@protiviti.com Craig Matsumoto 617.330.4849 craig.matsumoto@protiviti.com 6

Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. 2007 Protiviti Inc. An Equal Opportunity Employer

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information