Part two of the article by Dutch author Ralph van Os on fraud
Organisation
There are many definitions that describe on what an organisation is. One of these definitions can be found in the Longman Dictionary: “The way in which the different parts of a system are arranged and work together: the social organisation of primitive cultures." (Longman Dictionary, 1995: 999)
As pointed out in the definition above, ‘culture’, ‘working together’ and ‘parts of a system’ seems to be aspects of an organisation. Every organisation has a certain structure, without this structure it is not correct to use the term ‘organisation’. Organisational structure can be seen as a formal pattern or interactions and co-ordination designed by management to link the tasks and interests of individuals and groups in achieving organisational aims and goals. The organisational structure consists mainly of four elements, task assignment, clustering into units and vertical and horizontal co-ordination mechanisms: "The assignment or tasks and responsibilities that define the job of individuals and units; the clustering of individual positions into units and of units into departments and larger units to form an organisation’s hierarchy; the various mechanisms required to facilitate vertical (top-to-bottom) co-ordination, such as a number of individuals reporting to any given managerial position and the degree of delegation of authority; the various mechanisms needed to foster horizontal (across departments) co-ordination, such as tasks forces and interdepartmental teams". (John Child, 1977: 31)
Organisations and related to them the organisational structure can be very complex. It could therefore be argued that for an organisation to succeed it must be lead by management with the ability to do the right thing. One of the remaining questions in this part of the article is: "does organisational culture exists and is this of direct influence for the prevention of fraud"?
Organisational culture
The first part of this article described what could be meant by an organisational structure and what parts it should contain. This part of the article will within the limited range of this article, focus on some of the forms and typologies, of organisational culture. Handy (1985: 76) for instance mentioned, rephrasing the work of Harrison (1972: 125), that organisations can be classified into four cultures. These four culture existence forms show that cultural aspects have direct influence to the structure of organisations. Power culture (Handy, 1985) within an organisation is based on someone, the spider in the web, or some group in command. This group or person, mostly operating or sited in the centre of an organisation, has the (absolute) control – power. The organisation with this kind of culture could act fast on incidents. This reaction, the speed to it, is limited to the size of such an organisation. When an organisation grows bigger this structure has to be changed and get more divisionalised. But in times of fear or critical circumstances, organisations will tend to go back to this power culture. It is therefore important for security managers to take this into account.
The role culture is a form of bureaucracy and is based and works on logic and rationality. This type of culture contains represent functions and specialisms. If security management can be positioned into such a culture, the key question is if security decisions can take place quickly or immediately, when needed.
The task (project team) culture could be best described and seen as a net with small teams or cells at the interstices. Nowadays this form is better known as the network organisation. Security management sited within such an organisational culture could act fast and have an important role by running such an organisation.
The person culture focuses on the individual within an organisation, as the central point. This culture is also known as a kind of freelance organisation. Security management could be implemented with such an organisation. The question within such a culture is if security management should be a kind of individual within an organisation or not. It is interesting to see that every organisational form of culture has his benefits and disadvantages. It is important for an organisation, before creating something like a security policy, to think whether it fits into the organisational culture. This will probably be one of the main issues for the security manager.
Sanders and Neuijen (1987: 26-27) and Schein (1985: 59) argued that certain behaviour has to do with the fact that feelings are integrated with organisational culture and security culture. They described a second function of the cultural aspects, namely those of removing any form(s) of fear from any of the members of an organisation. Their solution lies in the internal process of regulation, translated by the author: "Organisational culture does have a fundamental meaning for the acts of an organisation in the near future toward (international) competition and other influences such as security threats." (Sanders and Neuijen, 1987: 26)
Examples of how things can go wrong when management does not take corporate rules and regulations et cetera serious can be found in the media. A well known fraud case is the Baring bank case with the offender Nick Leeson. This case is a typical example of fraud whereby several functions where not separated and also any forms of control on procedures fail to appear. This case combines parts of the above mentioned power culture, the part that only one person is in control together with parts of the role culture especially the bureaucracy part of it. It is quite clear what went wrong in this particular case and lessons can be learned. No one should be alone in full control of an organisation, always keep procedures clear and last but not least check these procedures together with the persons working with it. As shown in the earlier part of this article each organisation form together with their culture has his specific benefits. It is depending on which goals an organisation aims to consider which culture will fit the best to prevent things like fraud and how the want to deal with it by the use of security management or other managerial tools.
Security Management
Before we look at culture aspects and security management aspects it is necessary to have an understanding of what management is. The term ‘management’ is derived from the Latin manus, which means translated into English: hand. The Longman Dictionary of Contemporary English (1995) defines management as: "The act or skill of directing and organising the work of a company or organisation." (Longman Dictionary, 1995: 866). This will be one of the working definitions in this article.
The four main functions of (good) management are planning, organising, leading and controlling.
"The controlling function is closely allied to the other three major functions of management: planning, organizing, and leading." (Bartol & Martin, 1998: 511)
Does this suffice? Organisations have to deal with several decisions, the management team and managers will handle this process. What about managing innovation? Yeder and Honeman (1979) came up with a management theory. They use the terms: "controlling, directing, innovating, organising and planning."
They related these terms in the well-known ASPA Management Cycle. By using this theory, organisations and their managers, can take care of specific problems that arrive besides of their normal daily management. Security managers could use these terms. When we look at the environmental area of a mall, a risk manager could use the planning part, for planning against the risk of being robbed. The controlling part of this theory can be of use for the security manager. With this tool the security manager can be in control of securing the environment of that mall. Of course the total management can use this theory. Therefore this theory can be seen as a useful preventive tool. The word ‘security’ is derived from the Latin word securus, which means translated into English: safety. The Longman Dictionary defines security as: 1) "Things that are done in order to keep someone or something safe (public/government safety). 2) The state of being protected from the bad things that could happen to you (protection from bad situations)." (Longman Dictionary, 1995: 1282)
Managers need to have a definition of their work field. Without this definition , the meaning of where their work is related to, they can not do their work properly. Therefore it is essential for security managers to have a clear definition of security in order to know what their tasks are. A security manager who knows his span of control can use this for integrating his activities with the main objectives of the organisation that hired him. According to Sutherland (1992) and cited by Manunta: "What is the company paying for when it pays for security? Does security mean everyone is safe while on company property? Does security mean every risk has been identified and reduced to the lowest level? What is security? Only when security has been defined can a security manager begin to develop a security program that will satisfy company requirements." (Manunta, 1996: 239)
Almost everybody does have her or his own definition for what could be understood by security. It is known that there are several specialism into the profession of security and security management. For instance: fraud prevention, information security, shopping security, private security and home security.
There are so many varieties that it is impossible to list them all in this article. Besides this there is also the possibility that, while writing this article, some new forms of security i.e. security definitions will be invented.
One other attempt to define security was made in 1991 by Post and Kingsbury. In their book ‘Security Administration’ they admit that there are many definitions. A line has to be drawn in order to prevent organisational problems. They attempted a kind of univer-sal definition: "Taken in its broad context, security, at any level, attempts to accomplish two things: it must provide protection against hazards both manmade and environmental: and it must prevent all events, which have been defined as unlawful by society, from occurring to nations, states, municipalities, and individuals. Security’s primary objective is thus to provide protection against all types and kinds of losses." (Post and Kingsbury 1991, as quoted in Scarman Centre Module One, 1997: 10)
It can be concluded that there is still no standardisation of the definition of security or what security can be. Several practitioners and scientists have different ideas about the word security and the related offshoots.
The author’s definition of security management, based on his working experience, is: "Security management is about how to manage security and security related topics. Preventing a company getting victimised. Taking care of several security risks, like burglary. To protect (guard) a company and their employers."
Security management has many roles in an industrial environment. Notwithstanding that the nature of the business will dictate what roles might be. In general a security manager is responsible for loss prevention through theft, fraud, industrial espionage and malicious damage to property. Another function of this role would be to ensure the safety of employees while at work from the unlawful actions of outsiders. Several functions nowadays are combined into one particular management function called ‘the security manager’.
It was Henry Fayol (1841-1925) who was the first to come up with the idea of security management developed from the general concept of management. His book Administration Industrielle et General (1916, translated in 1949), divided industrial activities into six categories, technical, commercial, financial, security, accounting, managerial. From these Fayol summarises that: "Security activities are defined as measures for ‘safeguarding property and persons…. against….all social disturbances liable to endanger the progress and even the life of the business…It is, generally speaking, all measures conferring upon the personnel" (Fayol 1916, as quoted in Module One, 1997: 47)
Security management is a complex role. It is not always taken seriously as a profession. Security management has to take care of specific tasks such as: to be effective within budget, to react directly to changes, new security risks (by for instance the internet) do need new solutions. Unfortunately security management is still seen as a necessary evil rather than a slightly professional science as pointed out by Morris, 1994: "…while there is a managerial responsibility to ensure adherence to security measures, it is often the case,[…] that managers find it difficult." (Morris, 1994: 208)
It is quite clear what management, security and security management mean. Together with the other gathered information this article provides evidence that culture and human behaviour does have, sometimes an direct, influence on how people behave, especially regarding the possibility that the become fraud offenders in the organisation the work for. It is quite important to know this; the security manager does need this information for the prevention of threats like fraud. As West (1987: 103) mentioned as quoted in module D of CHaRM: "The only sure way to prevent fraud is to be aware that it exists, that it can happen to you and to take positive action to minimise the risk".
The remaining question is where security management fits in. The role of the security manager will focus on the human behaviour of all employees and other contacts who have any form of contact with the organisation. The security manager has to make sure that everybody is aware of the internal rules and regulations and besides this; the security manager is also in the lead for the controlling i.e. supervising act on this. It has also been clear for everyone that incidents like missing goods, or money, has to be reported to the security manager. It is an illusion to think that an organisation who has taken this kind of management decisions is totally free of the risk fo being a victim. The decisions will make some difference and possibly scare potential offenders off!
Conclusion
The question of this article was to analyse how it is that the overwhelming proportion of fraud is carried out by people who have an established relationship with the victim organisation. Several examples are used to illustrate the in this article mentioned arguments. Besides this information, this article also provided some information and evidence of what is understood by fraud, fraud offenders, organisation, organisational culture, management, security and security management. Based upon this analysis, this part of the article describes and justifies the range of fraud countermeasures.
Fraud is a very complex sort of crime. Fraud can occur externally: fraud committed by suppliers and internally: fraud committed by staff. Social science, criminology, proves that a crime like fraud happens just because the employees works at the organisation, as argued and proven by the rational choice theory. Fraud prevention therefore seems to rely on the removing, getting in control of, factors such as culture, opportunity and frustration. Unfortunately there is more to consider. The structure of an organisation together with their culture is of (direct) influence on how people behave as shown in the famous Leeson case.
Fraud is a real problem that has to be taken seriously by every organisation and prevention should be carried out by corporate rules and regulations, or values. Those values and regulations are the main concern of the senior management level, they have to take care about the commitment and arrange for all other employees that everybody has to obey this policy rules and regulations. Above mentioned arguments together with clearness and fair treatment for everybody, should help against the battle of internal fraud committed by their own employees.
References
Bartol, K. M. & Martin, D. C. (1998): Management, international edition. Boston, Irwin McGraw-Hill.
Bologna, J. (1993) Handbook on Corporate Fraud USA: Butterworth-Heinemann.
Centre for Hazard & Risk Management (CHaRM) (1997) Postgraduate Programme in Security Management Module D Physical Security & Fraud Loughborough: Loughborough University
Challinger, D. (1997) Will Crime Prevention ever be a Business Priority? In: Business and Crime Prevention, 1997, Felson, M. and Clarke, R.V. eds. Monsey New York: Criminal Justice Press.
Child, J. (1977) Organization: A Guide to Problems and Practice. New York: Harper & Row.
Cole, G.A. (1993, 4th ed) Management Theory and Practice. DP Publications Ltd.
Cools, M. (1994) Employees Crime (translated) Werknemerscriminaliteit. Criminaliteit tegen bedrijfsactiva Strafbare gedragingen gepleegd door werknemers in grote bedrijven.
Brussel: VUBPress.
Corner, M. (1985) Corporate Fraud (Second Edition) London: McGraw-Hill.
Fayol, H. (1949) General and Industrial Management. London: Pitman & Sons.
Felson, M. and Clarke, R.V. eds. (1997) Business and Crime Prevention
Monsey New York: Criminal Justice Press.
Gill, M. (ed.) (1994) Crime at Work: Studies in Security & Crime Prevention.
Leicester: Perpetuity Press.
Kluwer-Harrap Handbooks (updated annually) A Handbook of Security Croner Publications Ltd, Kingston-upon-Thames.
Longman Dictionary of Contemporary English (1995) (The complete Guide to Written and Spoken English): Longman Corpus Network: British National Corpus. Essex: Longman Dictionaries.
Manunta, G. (1996) ‘The Case Against: Private Security is Not a Profession’.
International Journal of Risk, Security and Crime Prevention, Vol. 1/3: 233-240.
Leicester: Perpetuity Press.
Manunta, G. (1999) ’What is Security?’. Security Journal, Vol.12 No. 3: 62-63.
Leicester: Perpetuity Press in Association with ASIS International.
Ministry of Justice (2002) (translated Dutch title) SEC Magazine for society and criminal prevention April 2002 Volume 16 number 2. Den Haag
Morris, S. (1994) "Security implementation in a computer environment: people not products" In: Gill, M. (ed.) (1994) Crime at Work: Studies in Security & Crime Prevention. Leicester: Perpetuity Press.
NIVRE (1997) (translated Dutch title) Assurers made rules of conduct for the investigation to Fraud The Register Expert, 5th volume, number 4 October 1997. URL: http://www.nivre.nl/artikelen/160.htm
National Platform of Crime Control (NPC)
http://www.minjust.nl/b_organ/npc/engels/index.htm
Os, R.N.R. van (2001a). Article: The contrast and compares of the powers between the public police officer and the private security officer in preventing and detecting fraud. Modus: Den Haag
Os, R.N.R. van (2001b). Article: To what extent does the culture of an organisation determine the nature of its security? Security: Amsterdam http://www.beveiliging.nl
Os, R.N.R. van (2001c). Management initiatives are the basic for more security. Security, July 2001. Amsterdam: Keesing Bedrijfsinformatie B.V.
Os, R.N.R. van (2001d). Security starts by changing the organisational culture! Security, August 2001. Amsterdam: Keesing Bedrijfsinformatie B.V.
Post, R.S. and Kingsbury, A.A. (1991) Security Administration.
London: Butterworth-Heinemann.
Rousseau, D.M. (1990), "Assessing Organisational Culture: The Case for Multiple Methods" In: Schneider, B. (ed.), Organisational Climate and Culture, Oxford: Jossey-Bass, 1990, Chapter 5.
Ruimschotel, R. (1993) (translated Dutch title) Corruption and Fraud in The Nederlands suggestions for management and policy. Arnhem: Gouda Quint.
Sanders, G.J.E.M. and Neuijen, J.A. (1987) Organisational culture (Dutch: Bedrijfscultuur: diagnose en beïnvloeding). Assen/Maastricht: Van Gorcum http://www.vgorcum.nl
Scarman Centre for the Study of Public Order (1997-2001) Module One until Module Six and related textbooks: MSc in the Study of Security Management: Security Management. Leicester: Leicester University.
Schein, E.H. (1985), Organisational Culture and Leadership, San Francisco, California: Jossey-Bass
Slapper, G. and Tombs, S. (1999) Corporate Crime. Essex: Longman Criminology Series
Smircich, L. (1985), "Is the Concept of Culture a Paradigm for Understanding Organizations and Ourselves" In: P.J. Frost et al (eds.), Organizational Culture, Newburk Park, California: Sage, pp55-72
Thompson, M., Ellis, R. and Wildavsky, A. (1980) Culture Theory. Boulder: Westview.
Thompson, K.R. & Luthans, F. (1990), "Organizational Culture: A behavioural Perspective", In: Schneider, B. (ed.), Organizational Climate and Culture, Oxford: Jessey-Bass, Chapter 9
Traa, M. van (Chairman/eds) (1996) (translated Dutch title) Enquêtecommitee investigationmethods. Concerning investigation. Den Haag: SDU Uitgevers.
Turner, B. (1991) ‘The Development of a Safety Culture’, Chemistry & Industry: 241-3.
Tylor, E.B. (1871) Primitive Culture. London: John Murray. New York: Brentano’s.
West, H. (1987) Fraud: the Growth Industry London: Kogan Page.
Yoder, D. and Honeman, H. (1979) ASPA Handbook of Personnel and Industrial Relations Editions. Washington, BNA Books.
Websites:
http://www.hoffmannbv.nl/
http://www.minjust.nl/b_organ/npc/engels/index.htm
Bibliography
The Dutch Foundation for Society, Safety and Police (SMVP) (2000a). (translated Dutch title) Report Public-Private Fraud fight. Dordrecht: SMVP
The Dutch Foundation for Society, Safety and Police (SMVP) (2000b). (translated Dutch title) Recommendation of The Dutch Foundation for Society, Safety and Police related to the Report Public-Private Fraud fight. Dordrecht: SMVP
Vanderborght, J., Vanacker, J. and Maes, E. (Ed.) (2000) (translated Dutch title) Criminology The Science The human. Brussel: Politeia.
