Danbee Blog
2009
The 7 Deadly Sins of Logistics Security
It’s estimated that the cost of business crime in the United States now exceeds $100 billion a year and is responsible for nearly 1/3 of all corporate bankruptcies. In a survey taken by a national accounting firm, nearly 25% of the respondents reported that theft related losses in their respective firms exceeded $1 million.
Most wholesalers, consolidators, freight forwarders and distributors that find themselves victimized by internal theft share a common denominator: They have usually committed one or more of what I refer to as The 7 Deadly Sins of Logistics Security.
Is your company guilty of making any of these costly mistakes?
1. Are you relying on safeguards that simply don’t work?
Ask most executives how they protect their inventory and they’ll answer “alarms, guards and closed circuit television.” If these security solutions are effective, then why is it that so many companies that sustain loss have these controls in place?
Alarms are designed to protect against break and entry, not theft committed by insiders – which is how inventory loss usually occurs. Most uniformed guards are not adequately trained to recognize internal theft and collusion. Closed circuit television will only be effective if it has been strategically designed and consistently monitored, which is typically not the case.
2. Do you make it easy for dock personnel to work in collusion with truckers?
Because they don’t know how to prevent internal theft, many companies inadvertently make it too easy for drivers to work in unison with shippers, receivers, checkers and loaders. These theft schemes are silent, with no bells or whistles going off to alert anyone that they are taking place, which is why they oftentimes add up to a small fortune.
3. Is your company too reactive?
A large percentage of companies that incur shrinkage do little to prevent it from happening in the first place. By the time they decide to take action, they’ve already incurred a substantial loss and the missing inventory is never recovered.
It’s been repeatedly proven that preventing loss is far less expensive then reacting to it.
4. Do you have an efficient way for concerned employees to report security problems?
A confidential hotline can be an invaluable tool to learn about individual theft, collusion, fraud, workplace substance abuse, arson, product tampering, harassment or discrimination. Yet, many companies still rely on methods of communication that don’t work for security sensitive issues like these, such as open door policies or in-house tiplines. As a result, employees who become aware of unethical or illegal activity tend to remain silent.
In order for a tipline program to be successful it should be outsourced so workers can speak to people who won’t recognize their voices. Employees are more likely to confide in someone outside their company, rather than using an in-house system for tips.
Equally important, callers should never have to provide their name. The best response comes when you offer complete anonymity. The way we accomplish this with the Danbee Hotline for example, is to provide every caller with a code number, which is one reason why we’ve received information that has exposed millions of dollars of losses.
5. Are you checking your checkers?
Too many companies have made the mistake of not keeping their checkers accountable. Because of this lack of oversight, a percentage of checkers become negligent or dishonest over time, and that’s when companies can rack up substantial losses.
One effective way to control the accuracy and integrity of your checkers is by having loss prevention audits regularly performed. These can be done numerous ways.
One method would be to have a security representative arrive (without any advance notification) during the time your trucks are being loaded, select one (or several) and reconcile the product found on the trucks to the shipping manifests.
Another technique would be having surprise audits performed on your trucks as drivers begin their route deliveries. We refer to these as non-covert surveillances. By having an investigator meet a driver at their first stop and performing a verification of each piece delivered throughout the course of the day, you will uncover product that has been over-loaded.
Both of these security techniques are excellent ways to not only detect collusion or gross negligence, but they will also prevent it from taking place.
6. Does your company effectively weed out on-the-job substance abusers and distributors?
Nearly 90% of all employee drug users either deal or steal to support their addiction. As many distribution executives have learned, if you have a drug problem inside your company, you can expect to have a theft problem as well.
Two of the best ways to identify drug users and distributors on your payroll is through the use of a tipline program or by inserting an undercover investigator into your operation.
7. Do you provide meaningful training for your key personnel?
All too often, losses occur because managers and supervisors are not educated on how to recognize the subtle, ingenious ways that theft takes place in a distribution center. Keep in mind that much of this theft and collusion looks exactly like standard operating procedure. The reality is that if your key people don’t know what they’re looking for, they probably won’t see it.
2009
A 9/11 Reality Check: Is Your Supply Chain Really Secure & C-TPAT Compliant?
by Barry Brandman
During a recent trip to mainland China, I inspected the security at a large manufacturing complex on behalf of a client. Prior to my arrival, I had been advised by one of their U.S. based Vice Presidents that he was confident I would not find anything lacking because they had just undergone “an official” supply chain security audit by a local compliance company who gave them an outstanding evaluation.
After conducting my assessment of this facility, I advised their on site management team that their security policies, procedures and technology were not even close to being C-TPAT compliant. I explained for example, that their personnel were not conducting proper container inspections prior to loading exports destined for the States, and that their finished goods department (which consisted of a building without doors), had product staged for hours at a time with no monitoring of any kind. They also were not bothering to place security seals on their loaded export containers until they reached the Hong Kong border (a two hour trip from their site). Consequently, their U.S. bound shipments, as well as the containers they used, had no real chain of custody.
They asked me to read the report they had received from this compliance company and give them my thoughts. I pointed out an array of observations and conclusions in the report that were factually inaccurate. They agreed that the report had limited value and admitted that the people who conducted the audit didn’t appear to know much about supply chain security. The weaknesses I had uncovered they said, were not examined or discussed during that audit. Yet, they were advised that they were successfully meeting C-TPAT criteria and awarded with an excellent numerical rating.
Is this an uncommon occurrence? Unfortunately, it’s not. After the C-TPAT program came into existence, it didn’t take long for a number of companies with little or no core competency in asset protection to magically transform themselves into supply chain security experts overnight. Despite the fact that they possessed scant knowledge of security technology and many had never conducted investigations into inventory theft, cargo crime, sabotage, fraud, smuggling or workplace substance abuse, these “experts” began aggressively advertising to overseas companies, promising them C-TPAT complaint security programs.
Some have even taken it a step further. During an audit at a Hong Kong consolidator, the general manager took me into his private office and proudly displayed their C-TPAT membership certificate hanging on the wall. When I asked if his company had any presence in the United States he replied no. Upon closer examination of his certificate, it was apparent that the certificate had not been produced by U.S. Customs and Border Protection.
I then proceeded to review their physical and procedural security safeguards and found them deficient in a number of areas. I explained that his loss prevention program required a good deal of improvement, and began discussing needed remedial action. He replied that if his security was inadequate, why was it that he was granted C-TPAT certification? At that point, I broke the bad news that his certificate was not legitimate and that his business entity wasn’t even eligible for C-TPAT membership. He was clearly shaken and replied, “But I paid over $6000 U.S. to this firm to become a member!”
Motivated by the opportunity to turn a quick dollar, a number of firms continue to prey on uninformed companies who have a sincere desire to either join the C-TPAT program or become C-TPAT compliant.
This problem transcends how I personally regard the ethics of these firms guilty of misrepresentation. Far more important are the significant risks that are created by companies that are performing superficial audits and providing bogus certifications.
Experts agree that the most vulnerable links in the supply chain are usually found on foreign soil. These are the likely places where terrorists will attempt to smuggle a chemical, biological or nuclear weapon inside a carton, pallet, container or trailer, which will then be sent to the United States. This is why Customs and Border Protection sends out C-TPAT Supply Chain Security Specialists who perform foreign validations every three years.
While these formal validations serve an important purpose, they typically only provide CBP with a very limited glimpse of an importer’s supply chain. The C-TPAT representatives may only have the opportunity to evaluate less than 10% of an importers entire network.
As previously stated, these validations only take place once every three years, a time frame where a company’s security program can easily develop gaping holes.
Plus, the C-TPAT validation team will always provide advance notice when they will be arriving and what facilities they intend to inspect. Consequently, when they are on site they may not be seeing a true representation of how the protective safeguards really operate on a day to day basis.
This is why CBP mandates that C-TPAT certified companies must conduct comprehensive self assessments of their supply chain security. These audits should identify weaknesses, recommend solutions to strengthen those areas that are vulnerable, as well as provide awareness training for key personnel. These audits should also result in detailed action plans, complete with time tables for completion of the needed remedial work.
However, when these audits consist of little more than individuals with questionable experience and expertise merely “pencil-whipping” generic checklists, this process becomes little more than a meaningless exercise.
Despite having significant vulnerabilities in their asset protection controls, after receiving these superficial audit reports and bogus certifications, foreign companies oftentimes then operate under the assumption that their supply chains are extremely secure. This false sense of security can be compared to wearing a defective bullet proof vest that won’t stop a 38 caliber round. While you may feel well protected, when actually tested the consequences could prove catastrophic.
U.S. importers cannot afford to rely on cosmetic, ineffective security programs. The first time their supply chain is victimized may not only lead to the suspension or revocation of C-TPAT membership, but could also result in significant financial loss, irreparable harm to their reputation, and most concerning, the opportunity for another major act of terrorism inside the United States. As we reflect on 9/11, let us remain committed to never allowing history to repeat itself.