How Much Do You Trust Your Employees? How Much Should You?

Insider fraud cost businesses 5% of their revenue in 2009, a new study reports. So ho how much should you trust -- or distrust -- your employees?The 2010 Association of Certified Fraud Examiners (ACFE)report on the state of insider fraud and theft points out that while stealing company resources (asset fraud) accounted for 90% of last year's cases, financial fraud -- 5% of incidents -- was responsible for far greater losses.

The average asset fraud exploit cost companies $135,000; financial fraud averaged $4 million per exploit.

The result is that, on average, companies lost 5% of their 2009 revenue to employee fraud of one sort or another.

It can be difficult to predict -- or even become suspicious -- which employees are going to try and rip off an employer. According to ACFE, 85% of insider fraud is committed by employees whose records, up to that point, are clean.

So what do you do? Trust no one?

I don't think so.

We've all worked at or known companies whose attitude and relationship to employees is essentially paranoid and confrontational, an approach that may keep fraud at bay (emphasis on the may) but is also unlikely to foster a work environment that's as productive and innovative as it could be.

At the same time, it hardly pays (other than to the crooks) to be naive.

The solution, I believe, is to strike that reasonable balance that has always marked the best employers and, not coincidentally, many of the best and most innovative companies.

That balance consists of a variety of elements, key among them:

Clear and clearly written policies, with careful attention paid to digital assets and employees' relationship to them. A definition of those assets -- i.e., if you consider bandwidth capacity as asset (as, increasingly, companies should), make clear what employees are and aren't allowed to use company bandwidth for. A regular audit of employee access credentials -- who needs to have access to what data and resources, and who has such access but doesn't need it. Monitoring, audit and analysis tools that can reveal policy and access violations and attempted policy or access violations. Thorough education and communication with employees about policies and responsibilities. Heightened awareness on the part of line managers and supervisors as to what to look for.

That heightened awareness, along with enhanced communication with employees is an important point: ACFE reports that 40% of the cases it examined were brought to light by co-workers. (Other sources of information include customers and vendors.)

The complete ACFE Occupational Fraud And Abuse Report is here.