A recent case reminded me that while funds stolen by an employee are a big problem, there could be other actions of the employee that have an even bigger effect on the business.
It is common to identify an employee stealing from the company or organization, only to find out that the scheme identified was not the only thing they were doing. I often hear about cases I haven’t worked on, and while listening to the story, identify other issues likely to have been occurring but went overlooked. It is common to find an individual had multiple schemes occurring, some of which may have never been identified and investigated.
One such case involved a long term, “trusted” business manager who was found to be stealing from the company. The theft was perpetrated through diversion of customer payments as well as personal charges on the business credit card.
As I asked questions about the case I wanted to learn more about the habits and actions of the target. I learned that the individual used to make a back up drive of the company’s computer server drive each day and bring it home. This was a daily routine that had been occurring for years. Located on the company’s server were the customer demographics and historical sales information, won and lost bids and proposals, information regarding the design and specifications of past projects, and all the other confidential information unique to the success of the business.
And where were the backup drives and information today – unknown. Arguably the most valuable asset of the business has been taken home with the target every night, and remains in the individual’s possession even after being found to have stolen funds.
Here are some questions I raised regarding the proprietary company information:
- where are the back up drives now?
- has the individual returned them all?
- could the individual made copies of the drives?
- has the individual been put on official notice regarding the information on those drives?
- what could the individual do with the information (competitors…?)
- how would we know if the individual used the information?
Intellectual information, patents, trademarks, copyrights, customer and client lists, proposal and bid information, and other company secrets need to have proper controls and procedures in place similar to those found in the financial areas to ensure all confidential company information is safeguarded from theft or abuse by employees.