Our Blog

How to make the bad guys help protect the good guys?

 Inspired by counter-terrorism HUMINT (human intelligence) methods, the Think Intelligence™ methodology and its TINO™ framework, offers an out-of-the-box, anti-fraud solution

General introduction

The typical organization loses 6% of its annual revenue to fraud. Furthermore, fraud damages by executives are nine times as costly as those caused by employees. And more than 93% of these “bad guys” joined their company as “good guys”…

It is expected that the best anti-fraud advisors would be highly-experienced risk managers and anti-fraud officers. This seems reasonable, but remember that the better they are, the more likely they are to be good guys. In reality, however, the best fraud experts will always be found among the bad guys. Without the right ethical and practical measures they will remain out of reach and always ahead, leaving most anti-fraud experts behind as they develop new fraud methods.

The TINO Anti-Fraud program generates identifies vulnerabilities that may be exploited by fraudsters. Beyond fraud prevention, it also creates a highly valuable human network, whose members will gladly share observations regarding a wide range of objectives. You can read more about the innovation program and other solutions at the HUMINT Solutions blog.

Effective fraud prevention must properly approach the basic components of any fraud attempt. Every fraud is comprised of four basic stages:

• Identifying – an identified vulnerability represents an opportunity

• Planning -having identified such an opportunity, a planning process is initiated, aiming to take advantage of it.

• Acting - an action is taken. This may be a small test or full scale project.

• Checking - a re-examination process is conducted to observe whether the opportunity is still active or not.

 Case Study

A company and an overview of its market

Starting as relatively small family business, a company grows to become a successful multinational company. Its growth strategy was based on the acquisition of competitors.

Beyond its cutting edge R&D and impressive products portfolio, the company has an advanced information system which provides its decisions-makers with a wide range of required information.

The expansion into a global, multinational enterprise has generated a demand for better control capabilities. Through the years the company suffered from what was perceived as isolated fraud cases, mostly small cases which were perceived as the normal cost of doing business. But after exposing, almost by chance, an ongoing scam by a high-level, promising executive, the management decided to revise its control methods.

Following their highly creative legacy, the company also searched for out-of-the-box solutions. A short analysis done  with a program sponsor using the TINO 8WH Matrix defined the initial program scope as concerning problems in the supply chain management of a newly acquired company.

Business challenges

The challenges were

• Identifying frauds & fraudsters – identifying existing vulnerabilities that have been or might be used for frauds 

• Preventing & minimizing future fraud – building an effectively and friendly preventive control process.

• Achieving the best ethical image in the market – transforming ethical issues into an opportunity. Communicating the solution in a way that will help to brand the company as highly ethical.

Here's how the TINO program helped:

1^st stage - allocating resources

The president of the company acted as program sponsor; the CFO was chosen to head the Anti-Fraud program as part of a wider ethics program. Three workers from CFO counseling team were appointed as part time (1/3) members of the TINO team. The team structure was based on two profiles, two of Type B and one of Type A.

2^nd stage – generating BQs and TIKO profiles

After defining some initial business objectives together with the company president, the TINO experts worked with the CFO using tools like the 8WH Matrix to transform program objectives into a set of business questions. Secondly, using the web-based TIKOs FINDER, the TINO experts and the sponsor identified initial TIKO profiles.

3^rd stage – short theoretical training

The Anti-Fraud TINO team participated in a two-day TINO workshop. The workshop focused on managing TIKO networks, meeting management, and the analysis, integration, validation and reporting of undocumented information.

4^th stage - four modules of on-the-job training (OJT)

• Time & resources – the OJT lasted three months, during which each Type B TINO conducted 2-4 interviews per week. One of them mostly conducted meetings already scheduled as part of the existing control process, while the other Type B mostly interviewed people from outside the company. The third TINO (Type A) mainly worked on analysis, validation, and so on.

• Two HUMINT TINO experts focused mostly on the external business environment, conducting 2-3 interviews per week.

• One Type A member of the team was trained, guided and assisted in integrating, analyzing, validating and reporting.

Deliveries summary

Challenges	Deliverables highlights
Identifying frauds & fraudsters	The Process: After several TIKOs, including some relevant bad guys have been identified, a list of validated vulnerabilities was generated. Following an analysis using the company's impressive amount of documented information, vulnerabilities have both validated and quantified. Assisted by the same TIKOs and others, solutions were structured. After being implemented they resulted in several quick-wins. New policies were then communicated back to the TIKOs to maximized both control and deterrence. The Results: External TIKOs who took part in ERP implementation before the company was acquired pointed, among other vulnerabilities, to problems with the ERP authorization model. Other internal and external TIKOs described some shortcuts related to routine inventory checks. Further data analysis done by the internal TINO (Type A), working to validate information provided by TIKOs, indicated several severe authorization problems. More in-depth analysis revealed unknown active vulnerabilities. Quick data-TIKOs cross analysis pointed to suspected fraudsters. Beyond suggesting to the sponsors some legal and HR measures, a team based mostly based on a recommendation by external TIKOs first helped to structure solutions and then to monitor their effective implementation. A Hundred thousand USD of damages were identified, and a damage of millions of USD was prevented.
Preventing & minimizing future fraud	Key preventing factor: (1)   Most of the TIKOs were external (2)   Key internal workers realized that auditing and controlling processes are much more effective in recognizing schemes (3)   The ongoing nature of the TINO process (unlike ad-hoc solutions) increased effectiveness of traditional auditing or compliances measures  (4)   The in-house, friendly, ethical and collaborative nature of the program provided a higher sense of urgency among company workers, and helped them to act proactively and report on new kinds of vulnerabilities
Achieving the best ethical image in the market	Regardless of the relatively low number of external TIKOs, effective communication of the program as an ongoing search for vulnerabilities (rather than an investigation of bad-guys) has generated positive reactions by suppliers, clients and competitors. The positive image of being assisted by many external TIKOs (including bad guys), using outside-of-the-box approach not only helped to prevent further bad-intentioned measures, but helped to brand the company as a highly ethical player in the market.

Correction through evaluation

Every two weeks, a Gap Meeting was conducted. The sponsor was updated by the TINOs and the HUMINT TINO experts about:

• The raw insights gathered and the vulnerabilities which have been identified

• The status of the ongoing building of TIKOs network

• The actionable preventive ideas, with recommendations for their implementation.

The sponsor tuned-up and prioritized the input, and often added more business questions. Next, these questions, the interviews program, and other components, were adjusted.

     

   Return on Investment

Compared to traditional services, the TINO Anti-Fraud program generates great short-term and long-term returns:

 

Cost-benefits	TINO	Other solutions
Paying for information	No TIKO was paid	Participants are paid (e.g. focus groups)
Range of perspectives	Wide, evolving	Narrow, ad-hoc
Exclusive ideas	Many – most are found by the program	Few – most are supplied by the providers
Building an internal anti-fraud process	Designed to provide it!	Conflict of interests with their anti-fraud experts
Leaking of confidential strategic information	Very low, eventually zero	High
Modularity	TIKOs networks are generic human information solutions, and can be used for a wide range of  business domains (e.g. business development, cost reduction and many others), with little modification	None

Finally, as with other specific solutions (such TINO for Strategy Development) the TINO Anti-Fraud program can be easily modified and customized in order to support other business processes.

For more information contact haim[@]humints[.]com