***** Fighting Fraud: How to Establish and Manage an Anti-Fraud Program. By Gerald L. Kovacich; published by Butterworth-Heinemann, books.elsevier.com/security (Web); 329 pages; $44.95.
We’ve all heard the Chinese benediction—or curse— “May you live in interesting times.” Fighting Fraud examines the major fraud trends affecting 21st century enterprise that will continue to make these “interesting times” for the security profession.
Author Gerald L. Kovacich observes that we live in a chaotic age that induces high levels of uncertainty and stress in business. Lifetime, or even long-term employment is out. Workers have few incentives to remain loyal to their companies. He astutely notes that IT inherently devalues the knowledge worker. When acquired knowledge is easily stored and quickly available, training time drops and the need for tenured staff decreases.
At the same time, corporate leadership can be mercenary, moving on to company after company. Together, these factors create an unprecedented climate for fraud while denying a stable platform for development of fraud-prevention programs.
Embracing a multi-dimensional approach, Kovacich provides an excellent synopsis of the current corporate and business frauds and offers practical advice on taking a project management approach to developing a program. The author acknowledges that internal politics often impair the security professional combating fraud. Thus, the security manager must double as a politician to succeed at fraud prevention.
Kovacich offers advice on negotiating and alliance building, or “teaming,” within the organization. He also offers concrete ideas on using knowledge dissemination tools, such as wikis, or user-edited online reference pages, Microsoft SharePoint, and other Web-based information resources in the education efforts, plus useful suggestions on generating metrics to justify the expenditures for an antifraud program.
Kovacich is wise and perceptive. The security generalist will benefit from reading this book because it offers practical advice on establishment of a fraud prevention and detection program. But even more, it describes the trends that will shape the evolution of corporate fraud in the 21st century. The author recognizes that this cauldron of uncertainty will produce “interesting times” for the security professional in spite of all of the advice the book contains.
Reviewer: Ronald Mendell, CISSP (Certified Information Systems Security Professional), is a freelance writer specializing in investigative and security topics. Holding a master’s degree in network security, he is an adjunct assistant professor of computer science at Austin Community College in Austin, Texas. His latest book, Document Security, was published by Charles C. Thomas in fall 2007.