Investors always venture into business with the aim of making money using the resources which the business has acquired using the capital injected into it. The resources include the staff that have been employed to link the organisation with customers and other key stakeholders and fixed assets like buildings, computers and furniture, cash in the bank and at hand, stocks and intangible assets like IT based information among others. You can only make money using the resources of the organisation provided the resources are continuously available for the intended purpose. We often take it for granted that the business resources will always be available to the organisation to make money. This is not always the case as the business can either temporary or permanently be denied access to the organisation’s resources for purposes of making money. The organisation’s capacity to make money can be compromised as a result of espionage, sabotage, fraudulent and attack actions by the wrongdoers. Security challenges may include frauds, threat to your staff both at work and home, theft of assets and other business resources and the threat of terrorist attacks among others.
Taking business security for granted can be risky as it can lead to a business coming to halt as a result of actions by the wrongdoers.
The security of the organisation is the responsibility of management in ensuring that an effective risk prevention, detection and response strategy is in place. The responsibility of staff is to do the right thing even if no one is looking at them.
You may want to ask yourself on what causes the security lapses. Many business security exposures are due to lack of effective action from management. Lack of effective action from management can cause security lapses as a result of the following;
I have come across some CEOs who believe that they are competent enough not to allow security lapses to take place. They have a negative attitude towards business risk and hence cannot have an open mind about business security. It is important to appreciate that business security lapses can take place in any organisation and the existence of effective internal control makes difficult for security incidents to take place and to remain un identified.
Tone at the top
The moral tone and the emphasis of prevention of security lapses must come from the board through management to staff and the outside world. Management’s stand on business security must be clear enough and adequate security guidelines should be available to staff.
It is the responsibility of management to design and implement an effective internal control system which ensures that risks are prevented in first place, promptly identified in case they have taken place and effective mitigation strategy is promptly implemented to minimise losses.
Collusion of staff and third parties
Always bear in mind staff may collude with each other in exploiting a lapse in the business security system. The plan to exploit the lapses are normally hatched by the ring leader and sold to other trusted staff. The collusion can also be between staff and outsiders. It is advisable not to make staff that are closely connected through friendship and other means to check each other.
It is important to trust your staff that they can do the right things even if no one is looking at them but do not over trust. I have suffered from fraudulent actions because of over trusting people around me that they can not do anything wrong. A number of terrorists’ attacks, frauds, thefts etc are pulled off by the trusted people. When you are trusting people always bear in mind that anything negative can be done by someone who is trusted so much. Therefore make sure no staff does any process from beginning to the end without any other staff independently checking the work during the cause of their own work.
John Muhaise Bikalemesa
Director: Big Drum Advisory Services