Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance.
By David W. McCoy, CPP
The book features the authors’ view of the interplay among fraud specialists, corporate security professionals, and IT security practitioners. Clearly favored are the fraud specialists.
***** Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance. By Martin T. Biegelman and Joel T. Bartow; published by John Wiley & Sons; available from ASIS, Item #1685, 703/519-6200 (phone), www.asisonline.org (Web); 416 pages; $40 (ASIS members), $44 (nonmembers).
Senior business managers are charged with creating effective fraud-prevention programs that meet the requirements of the Sarbanes-Oxley Act of 2002. This book provides a blueprint them to do just that. The authors are very effective at describing the risks of inaction and the potential organizational benefits of establishing and maintaining a professional fraud-prevention program.
The book features the authors’ view of the interplay among fraud specialists, corporate security professionals, and IT security practitioners. Clearly favored are the fraud specialists. The authors illustrate the difference in perspective between security practitioners and fraud-prevention professionals by using an anecdote similar to ones from the bestselling business book Who Moved My Cheese?.
While there is certainly a specific skill set required of an effective fraud investigator, the authors make extensive reference to the Certified Fraud Examiner (CFE) certification program as if to justify the need for investigators who specialize solely on fraud issues. The implication is that related certifications, such as ASIS’s Professional Certified Investigator (PCI), aren’t suited for the task. The authors undeniably have a strong understanding of fraud issues, but they may not be as airtight in their understanding of the global protective function from the corporate perspective.
On the other hand, the authors demonstrate knowledge of convergence in the security marketplace, and they offer sound reasoning why the fraud-prevention function would fit well as a subset of IT. That may be dire news for physical security professionals, but it’s hard to contest that the continuing reliance on IT resources for all things financial supports the need for future fraud investigators to be highly competent in skills such as computer forensics and networking.
Despite sometimes giving corporate security short shrift, the book is effective, interesting, and well written, offering unique insights to readers. The message here should resound with corporate executives and redound to their benefit.
Reviewer: David W. McCoy, CPP, is quality program manager, Security Solutions Group, at Master Halco in Dallas. He is a member of ASIS.