Why Some Security Programs Don’t Protect Against Internal Theft

Danbee is frequently called upon to investigate white and blue collar crime by executives who wrongfully assumed that their companies were well protected. All too often, our investigations reveal that while may of these firms have allocated resources to protecting their assets, when tested; their safeguards did little to prevent them from being victimized.

In a large percentage of these cases, the companies that have incurred six or seven figure losses were guilty of making one or both of these two costly mistakes:

Being reactive rather than proactive

While some firms have learned that prevention is far less costly than apprehension, there are still many companies that haven’t gotten the message.

An example of this involved one distributor that experienced an ongoing drop in gross profit and an increase in inventory shrinkage. They had historically evaluated the success of their security program by how many individuals they caught stealing and arrested each year. However, despite the fact that they had apprehended a number of employees, their inventory shortages became worse over time.

What they failed to understand was that they were not plugging up the holes that allowed the theft to take place, i.e., not addressing the root cause of the problem. Consequently, new employees soon learned how easy it was to exploit the company’s controls. For every dishonest worker they terminated for theft, they were being replaced by new employees who learned that the risk of being caught stealing inventory was extremely low.

However, once this distributor began focusing on preventing theft, their losses dramatically declined and their bottom line improved. They learned to judge the effectiveness of their security program by how many employees remained honest, not by the number who was apprehended in the act of theft.

Becoming complacent

If you haven’t objectively evaluated your security and looked for ways to improve your loss prevention controls, there’s a high probability that your safeguards could be exploited.

All too often, companies mistake being lucky with having effective safeguards in place, only to find out how vulnerable they really were after their controls were compromised.

Prior to 09/11, there were many who attributed the absence of domestic terrorism to the effectiveness of U.S. airport security measures. As we painfully learned, many of those alleged safeguards were far more cosmetic than meaningful, and relatively easy for the terrorists to circumvent.

One way to avoid having a false sense of security is to have your physical, procedural, and electronic safeguards periodically audited and tested. While the results may be disturbing, you’re better off finding out where the weaknesses in your security program are before others have the opportunity to exploit them.