Is Your Supply Chain Under Attack?

By Amy Radishofski, Features Editor, Manufacturing.netWhile you’re working to stay ahead of your competitors, your organization may be getting bombarded by someone on the inside. Do you know how to protect yourself from fraud?

Whether you make paper clips, widgets or cars, you work hard to create, market and sell your products. But while you’re working to stay one step ahead of your competitors, you may be under attack by an internal source.

You should take a step back, evaluate your operations, and be aware of where there may be vulnerabilities along your supply chain and protect yourself accordingly.

“The key to securing your supply chain is knowing who you’re dealing with,” said Mark J. Sullivan, C.F.E, Managing Director and Head of Loss Prevention at global risk consulting company Kroll Inc.

Sullivan suggests companies have screening processes in place for new hires, as well as for their vendors and suppliers.

“During peak seasons, many manufacturers will turn to staffing agencies to fill positions with temporary workers,” Sullivan said. “The companies may turn the temps to full time workers, but they don’t really know that employee’s background. They need to do full background checks to look for obvious red flags like criminal records.”

When you’re interviewing a prospective candidate, don’t be afraid to ask them straight out, ‘What would you do if you were asked to help someone steal something?’ An honest person would say they wouldn’t have anything to do with it. A questionable candidate may pause before answering.

“Trust your gut feeling. If anything they do raises doubts in your mind, make a note of it,” Sullivan said. “You should also be interviewing the candidates several times, and you should be explaining to them what you expect from them and what you do to protect your assets.”

And for your existing employees, you should have a system in place for them to report any unusual behavior.

“Companies should have a 24-hour hotline for employees to call in anonymous tips. The hotline should be answered by an actual person, preferably from a third party. If a company has a hotline that basically goes to a voicemail box in human resources, no one will call and risk having their voice on tape making an accusation,” Sullivan added.

Sullivan warns that companies tend to have a false sense of security. Those businesses with cameras and security guards might feel like they are protected, but their security guards may not be sure of what they should be looking for.

“You need physical protection, but you also need to dig into your internal processes,” Sullivan advises. “You may have employees that are diverting products through normal channels.”

One area where companies are susceptible to problems is in their small pack operations. While you may keep detailed records of cargo being sent out in mass quantities, the smaller shipments that may be sent out via FedEx or UPS should be subject to audits.

“You can screen employees when they come in and when they leave,” Sullivan said. “But while stealing is hard, shipping is relatively easy. They can print out their own labels and put them on a package and send it wherever they want it to go.”

To help protect themselves, companies should document customer complaints and be on the lookout for trends that may indicate some form of fraud is taking place. If products aren’t going where they need to go, it’s clear that there is a problem.

“When it comes to preventing cargo theft, you should limit information to only those who need to know,” Sullivan advises. “Everyone in the company doesn’t need to know when the next truckload of plasma TVs is going out.”

Sullivan also suggests companies mine their data and look for exceptions.

“If you have 150 customers and you know the zip codes of all the customers, you can check for packages sent elsewhere,” he said. “You can also check for anomalies in your accounts payable. If you’re open only Monday through Friday, for example, you should be suspicious of any checks cut on the weekend.”

If you suspect your organization is under attack, get as much information as you can, but keep it as quiet as possible. You should also involve your general counsel in the process.

“People involved in fraud schemes won’t even take vacation time because they are afraid someone will catch on,” Sullivan said. “If you suddenly start having extra meetings or call the authorities, you could scare them off and they can destroy all the evidence.”

And it’s not just your own facility that you need to worry about. You should have a compliance program in place for your vendors, suppliers, and partners.

“It may be a matter of physical or technical security, or safety issues,” Sullivan said. “But your vendors need to certify that they comply with your security program, and you need to perform audits to show them that you take it seriously.”

Sullivan advises against attaching audits to other business affairs.

“If you have a manager making a visit to a supplier, that isn’t a good time for an audit,” he said. “The trip was most likely planned weeks ahead of time, giving the supplier ample time to hide evidence and cover up anything.”

As far as consequences for failing to comply, Sullivan says companies should follow a process to similar employee disciplinary actions. First, the supplier should be given a warning. If the problem persists, fines could be an option. And if all else fails, they lose the opportunity to be your vendor or supplier.

Failing to keep your facilities and your suppliers, vendors and partners on task when it comes to security could mean big problems. Your products could be missing from store shelves during an upcoming holiday season, or they could end up in the black or gray markets. Your reputation and bottom line could be at risk, as well as the safety of your customers.

Kroll is a risk consulting company, helping companies, government agencies and individuals reduce their exposure to risk and capitalize on business opportunities. For more information, visit http://www.kroll.com.

        An unexpected error occurred: Timed out after 10000ms
      
More