It is all too common to hear about the business that went broke or lost millions following a decision to enter in an investment, joint venture or merger with another company that turned terribly sour. All that glitters is not gold. The usual reaction is to query how on earth such bad mistakes were made and why the warning signs and red flags went unheeded. “Didn’t these people know how to do Due Diligence?” is the common refrain.

That’s a valid comment — proper Due Diligence can certainly prevent such business fatalities. But that’s not where Due Diligence starts and stops. Whatever the type of the business relationship; whether it is with a local family company or a multinational group, you are electing to engage in a multi-year relationship with a business, organisational culture and people you barely know.

As the business progresses and the business cycle moves, relations will be strained due to many factors including; difficult clients, dropping revenue, slim profit margins or loss of key agents. How will this affect the relationship and what will it need from your side to keep things on an even keel?  What procedures and agreements can be implemented to resolve issues before they become points of conflict?

The employment of proper Due Diligence can address these issues in a systematic and methodical way prior to them occurring. Due Diligence in business should not be the preserve of upscale law firms or PE [Private Equity] firms; any business or corporation seeking to undertake a major business or financial transaction should employ some measure of Due Diligence.

Due Diligence means different things to different people. For accountants it usually relates to the P&L, asset register and balance sheet whilst a lawyer will be looking more at the IP, contract agreements and related clauses.

However, commercial Due Diligence seeks to identify any red flags or issues with the business in areas including:

• Backgrounds of key personnel

• Product or service – state of the current market

• Key customers – what are the long term relationships, chance of deserting the firm

• Litigation – have they been party to or subject of civil litigation

• Intellectual Property – what do they possess, is it owned or licensed, registered, integral to their business

• Suppliers – what are the relationships, are the suppliers being paid on time or any possible disputes

• Government involvement – need for permits or licences, how may this affect business

• Competitors – who are they, are they related, what threats do they pose

• Agreements – what other parties hold a stake in the business [unions, NGOs etc]

As Due Diligence becomes better known among business people and executive teams, issues arise as to how it should be applied, what phase of the relationship and under what circumstances. Proponents of Due Diligence often come upon objections or queries.

We have summarised some of these objections below with corresponding rebuttals:

Issue 1
Only investor firms conduct Due Diligence such as banks, lenders and Private Equity firms.

Answer 1
Though investor firms have been the leading users of Due Diligence [often simply as a legal requirement written into the deal], Due Diligence should not be limited to these users solely. Any business or organisation seeking to enter an agreement which involves a risk or threat to the business should undertake some form of Due Diligence to identify and potential risks and seek to address and mitigate them. Why not do as the experts do?

Issue 2
Some people or businesses take offense when told that there will be a Due Diligence profile undertaken.

Answer 2
These are far fewer in number than you’d think. Anyone willing to benefit from an investment, contract or Joint Venture should expect to have some form of background check done on them and their business – they’ve filled in a credit card application before with no tears.

The nature and focus of Due Diligence will be adjusted to suit each particular transaction. Most participants will be impressed that you have your act together and are taking the relationship seriously and want it to be successful, where’s the harm in that?

Issue 3
We did a media search and it showed that the business was once mentioned in a Supreme Court case – that makes them unsuitable.

Answer 3
This piece of information has to be viewed in context. Was the business a defendant or litigant or possibly an uninterested party? When did this happen and what were the findings of the court? Or was the matter discontinued and may be considered frivolous? Is the same management in place or have there been material changes?

A proper Due Diligence exercise will seek to lay out the details of any court case and what implications this had on the business or the main parties. Jumping to conclusions based on one incident is impractical and doesn’t grant the exercise the patience that it deserves.

Issue 4
Due Diligence is all about looking for problems such as a lawsuit by a former employee or action by a government department

Answer 4
Though these can be important facts uncovered during Due Diligence, they should be properly reported in context and due weight given to the issue. [If the issue was toxic leaks from the plant poisoning local drinking water, that would merit serious attention. If it was a minor fine for an unregistered vehicle then that would be relegated down the list of importance and reporting].

As mentioned above, Due Diligence is usually engaged to identify threats or issues not disclosed in the normal business relationship exchange. These points may include criminal record checks, civil litigation checks in state or federal courts, product history, key markets, Intellectual Property and a review of each office or location. The onus is on the profiler to meticulously search and review databases, compile the results and conduct discreet interviews with human sources whilst knowing from experience what to look for and the significance of the results.

Issue 5
Due Diligence is too focused on talking to people who’ve dealt or worked with the subject company.

Answer 5
Human intelligence can be invaluable in providing timely and intricate information regarding a company or its senior personnel. However, caution has to be taken upon relying too heavily on their disclosures with cross referencing; is the source aggrieved or enamoured with the company to such an extent so that his information is polarised?

It takes an experienced investigator and profiler to obtain useful information in an unbiased manner and then seek to weigh up that information against what else is known or reports from other individuals. This takes time but does produce a well rounded and complete picture of the company at the time.

Issue 6
Due Diligence can make some people feel uncomfortable

Answer 6
Again, this is because they are unfamiliar with the Due Diligence process. We are all affected by Due Diligence processes in our working lives from applying for a bank loan [confirming our identity, ability to repay the loan etc] to obtaining a passport [divulging personal information to the government].

As long as the Due Diligence process is explained thoroughly along with the benefits and positives from seeking to get to know the other party better before becoming involved in a long term relationship there are few dissenters from our experience.
Do you need to know more about our services and how Regents can assist you with Due Diligence? Simply go to our Business Intelligence page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

The recent announcement by Google that a number of users Gmail accounts have been hacked into has ratchet up the debate on cyber war between China and the US. The importance of this report relates to the fact that these Gmail accounts were held and sued by senior US and South Korean government officials as well as Chinese political activists.

Google claims that it had discovered and alerted hundreds of users who had been duped by a carefully targeted “phishing” scam. The method used – called spear phishing – is not new but can be particularly successful when targeted properly.

A spear phishing attack occurs when a victim receives an email from a familiar address of a close associate or a collaborating organisation/agency. However, the address has been spoofed [falsely generated] and the email comes from the hackers. Usually the email has some form of attachment which needs a viewer – when clicked on, the user is directed to a fake Gmail login page for harvesting login details of the user.

Once the hackers had the password details of the user, the hacker would log into the Gmail account and create rules to forward all incoming mail to another account without the user’s knowledge. Often the other Gmail account ID is made to closely resemble the victim’s ID so as to reduce suspicion. From that point on, the spurious Gmail account is frequently accessed remotely and all incoming emails downloaded to a central location and the emails deleted from the Gmail account.

By this method, the hacker(s) can begin to create a patchwork of communications between various users and organisations. It has been indicated that these hacking attempts originated from Jinan, the capital of Shandong province. While there is no direct evidence that the hackers are located in Jinan or are in the pay of the Chinese government, the dedication of the attacks and their highly targeted nature eliminates direct financial gain as a motive. Technology watchers haven’t ruled out the possibility of the attack being state-sponsored.

However, it should be noted that the main reason that the Gmail accounts were selected in the first place is that they were thought to have contained some useful information related to the users work. Though we don’t know the identity of the users, it has been suggested that elements within the White House and Senate have been users plus South Korean government officials.

It is a fact that many White house officials choose to use external email accounts rather than the government approved ones for certain emails. The users are aware that government emails are archived and my be the subject of later legal actions, investigations or being placed in public archives. For this reason, they have chosen to use Gmail addresses for certain subjects or contacts. This happened during the Bush presidency too so that many subjects are absent from official correspondence.

What does this mean for your business or organisation? We are all prone to hacking attempts though mainly for commercial gain for scammers seeking bank account numbers, credit cards, passwords etc.

You need to brief email users as to the perils of `spear phishing’ attacks and the spoofing of addresses. One negligent click on a smart phone could expose company details to the outside world.

And what are your corporate policies on people using Gmail, Yahoo etc accounts for business or organisation communications? Is this acceptable? What happens when a smart phone is lost or the user leaves the business? Those email may be lost with no auditable trace of what was agreed with clients, customers etc

It’s not just the White House that needs to review policy and security – these hackers may be targeting you.

Do you need to know more about our services and how Regents can assist you with computer forensics and data recovery? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

l

Skimming is the term given to the type of fraud whereby cash from a customer is diverted before it enters the victim company. Embezzlement is the more technical term given to this practice and it is also known as an `off-book fraud’. Detecting and proving a skimming fraud can be fairly difficult as there is no definite paper trail to follow for investigators- the cash never entered the system and therefore is not obviously missed [though of course the theft will show up later as an inventory loss or a profit reduction].

As cash can be so easy to steal and use, any organisation which receives any payments via cash are at risk from this type of fraud. The collection points for cash – check out till, waiting staff, car park ticket issuer etc – are all vulnerable for skimming.

The most obvious form of skimming is where a salesperson receives cash as payment for goods or services but fails to place the cash in the register as a sale. Failure to ring up the full sale amount in the register allows the salesperson to pocket the cash without there being a shortfall in the recorded takings. The register tape / ribbon  is designed to record all transactions so that a reconciliation can be made to confirm that the correct amount of cash as indicated by the sales activity is present in the cash draw.

This operation of diverting cash by the salesperson can be quite difficult as the customer may require change or else may notice the failure to place the cash in the register. The dishonest salesperson may get round this by ringing up a `No Sale’ to open the cash draw and hope no-one notices. A manager or other employee may also witness the errant behaviour and then start to watch more closely. This is why most CCTV cameras in stores are trained more on the cash register and salesperson – rather than the customer – so that the video tape can be reviewed later to spot any thefts of cash.

Some enterprising salespeople have been known to tamper with the cash register so that when certain keys are pressed the transaction is not recorded on the sales tape. Thus, the salesperson can wait for a transaction where no change is needed and pretend to ring up the transaction but pocket the cash later when it’s not busy. This type of manipulation will usually result in a blank space on the register tape where the transaction would have been recorded.

One other option for the fraudster is to simply change or damage the register tape so that some transactions are missing and cannot be relied upon to perform reconciliation. Confusion over which tape relates to which period of business can be enough to muddy the waters and allow the fraudster to get away with stealing the cash.

The above may sound more like petty theft and no great problem to a business. Think again. A salesperson taking $100 a day can quickly drain a business of $6,000 in just a few months. How many retail businesses can afford to overlook those losses? A shop manager is in a position to steal more than a $100 per day and thus a poorly supervised organisation can hemorrhage cash and see profits flat line.

A fraud matter we handled related to skimming involved the manager of a gasoline station. Our subsequent investigations showed that he tinkered with various forms of skimming before he hit on one method which allowed him to steal hundreds of dollars each shift. He had realized that that the failure to ring up sales of gasoline would show up quickly in the lower level of gasoline left [gasoline levels were measured everyday by other shift managers]. Therefore, he chose to skim money from the hire of towing trailers. Customers could hire a trailer for a day for $100 and this was recorded in a separate hiring log.

The manager knew that if he focused on the towing trailers this wouldn’t show up as a loss of inventory. As the manager had the ability to manipulate the final daily figures for the station, he would ring up larger sales as towing trailer hire and then later `refund’ these so that he could take the equivalent in cash. Part of the way we could prove this fraud was that there weren’t any corresponding entries in the towing trailer hire log book and the manipulations occurred late in the shift when only the manager was present and had the power to correct entries. This escapade cost the victim company over $40,000 plus other fees to correct the problem.

What can a business do to protect itself from the simple yet costly fraud of skimming? Supervisors can’t be present at all times and as shown above, managers can turn bad too. To begin with, it is recommended that a business at least take these initial steps:

• Conduct a fraud audit of the business focusing on cash collection and handling

• Encourage all customers to request a receipt for every purchase

• Have CCTV cameras positioned to observe the cash register space

• Train managers on fraud awareness

• Have an investigator or loss prevention officer make trap purchases at random times to ascertain whether any skimming is taking place

• Make sure that all register tapes are handled properly and examined for any rash of `No Sales’, blank spaces, refunds or other issues

• Have strict rules for cash counting and reconciliation at each shift

• Consider having a fidelity insurance policy to cover theft of cash by employees

Of course, no system is foolproof over time so you need to keep your eyes open for any subsequent changes. One recent skimming fraud involved the manager of a store opening an hour early without authority and ringing up alls sales on the cash register. Before the official opening time, he would with the register tape and hide the used tape for use the next day. He was found out when an area manager arrived early for a meeting and noted that the store was already open.

This shouldn’t be confused with the incident in New Zealand where a computer error caused a supermarket to open for business during the middle of the night with no employees on duty. Fortunately most shoppers were honest and paid via the self- check out!

Do you need to know more about our services and how Regents can assist you with preventing fraud and theft? Simply go to our Fraud & Integrity page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Recent sales figures indicating that worldwide sales for smartphones will increase by 60% and top half a billion units in 2011 confirms what most people already knew; smartphones are no longer just for top executives or city hopping businesspeople.

Smartphones – notably the iPhone and those running the Android OS – allow a user to check multiple email accounts, browse the web, track appointments, record video and voice, use the GPS function, online banking, tinker with a host of free Aps and, oh, make phone calls.

This means that smartphones now hold intricate data about the user of the phone; details of their emails, web surfing history, calls made to and from the phone, SMS messages sent and received, where the phone may have travelled just for starters. Most of this information may be unique to the user but much of it belongs to the company or organisation that the phone belongs to. In the event that the phone is lost or stolen, this creates a serious security issue should it fall into the wrong hands.

In an effort to reduce the risk to the data of the company organisation, the IT Department issuing the smart phones should co-operate with senior management and the risk / security officer to address the basics of smart phone security:

• Anti-virus response – This should be the same for as for emails received on a PC – If you don’t recognise the sender, or there is a suspicious attachment, don’t open / download it.

• Bluetooth – this can be an open door with a welcome mat! Select disable unless highly conversant with password / encryption settings

• Run frequent asset checks to ensure that all smart phones are being used properly – they haven’t been passed to a spouse / partner for their use to watch movies

• Solicit information from similar sized companies who have already implemented smartphones for feedback on security issues

• Look to selecting only a handful of models of smartphones so as to avoid excessive efforts on support and updating for the fleet of phones

• Prefer to select smart phones which can support key features like encryption, remote wipe, and password locking

• Develop a written security policy and procedure items for smartphone that governs acceptable use, monitoring, responsibilities of user (e.g. what to do if device is lost or stolen)

• Actively monitor security vulnerability for the smartphones and any reported new attacks on these types of devices

• Ensure that the devices in the field can be updated quickly to fix security issues once discovered

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

New laws under which workplace bullies will be imprisoned for up to 10 years have been welcomed by the family of a 19-year-old woman who committed suicide after being tormented by workmates.

The shocking suicide of Brodie Panlock, a 19 year old woman, in 2006 after suffering prolonged workplace bullying has been the catalyst to pass new workplace bullying laws in the state of Victoria. Brodie jumped to her death after she was victimised by colleagues at Cafe Vamp in Hawthorn over a long period.

Under proposed new laws, workplace bullies could be imprisoned for up to ten years. A Victorian government spokesperson said the Government’s amendments will add workplace and cyber bullying to Victoria’s Crimes Act.

The family of Brodie has lobbied government to seek to make workplace bullying the subject of criminal charges ion the future.  The Victorian Attorney-General agreed and said that “serious bullying was a serious crime” and should carry a significant jail term.

The ACTU [Australian Council of Trade Unions] President, Ged Kearney, said employers, governments and workers all shared a responsibility to make workplaces safe, secure and free of harassment.

“These laws will hopefully help deter people from undesired behavior but it shouldn’t suggest to employers that it’s no longer their job to provide a safe workplace for all employees,” Ms Kearney said.

Ms Kearney said she hoped that the increased penalties would deter all people from workplace bullying, but she wanted the Government to also send a strong message to employers that holding individual bullies to account would not absolve workplaces of their obligations.

It is anticipated that other states and territories governments across Australia will review their own work place bullying acts. This is likely to provoke companies and organizations to enhance their own anti bullying procedures to avoid the adverse publicity plus the likelihood that they took make be liable for increased fines or other regulatory punishments.

Therefore, it is recommended that all executive and management teams review their own anti bullying procedures [or check that they even have one] as soon as possible. These procedures should at least include the following:

• Make sure that they have clear written rules and regulations indicating that workplace bullying or harassment is contravention of company policy and may lead to the suspension or expulsion of those found to have engaged in bullying

• Ensure that all personnel undergo training and provided with an information package to inform all employees, contractors, managers and executives  to prevent, detect and report on any bullying activity

• Arrange for follow up reminders on work place bullying at regular intervals, usually combined with other personal training

• Appoint a responsible officer to administer and review the training and reporting of bullying – recording progress and making these figures available to senior management

• Senior management should review all anti bullying programs annually for improvements and in response to any reported cases

• The responsible officer should also focus special attention on those that may be more vulnerable to bullying activities such as new younger employees or new recruits

• The anti workplace bullying stance should be connected to an effective whistleblower program so that any victims or witnesses can report their concerns anonymously if necessary

• A qualified and experienced investigation team should be available to make rapid inquiries into the allegations should an offence take place or be reported

• A suitable executive should be on hand to make a rapid decision such as suspension of alleged perpetrators to prevent the bullying continuing and the contamination of any witnesses or  evidence

• Have legal counsel review the legal environment to ensure the program is complaint across all states and territories

Do you need to know more about our services and how Regents can assist you with anti bullying issues and whistleblower programs? Simply go to our Whistleblower Page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Gift card vouchers can be the perfect solution for a birthday when you’re not sure which present to buy. Simply pay cash at the store or shopping mall and transfer the same value onto the voucher to be used at the designated outlets. Travellers Cheques have been replaced by `Travel Money Cards’ following the same principle – customers deposit funds onto a separate ATM card which are available in various currencies. Incorporating a PIN, the customer can then withdraw the funds from ATM machines in a foreign country until the card is spent. If the card is stolen then the most that can be lost is the value still stored on the card.

But such convenience has also attracted fraudsters, organised crime gangs and terrorist groups to solve a problem they all face; how to move funds between individuals around the country and overseas without the threat of being apprehended at Customs for cash smuggling.
Recent arrests in the US have documented that some crime groups are increasingly using the cards, many of which are bought with “digital currency” via the Internet using fake credit cards or compromised bank accounts. With casinos and banks the most established means for money laundering and thus coming under heavier scrutiny for AML, medium scale money launderers are increasingly turning to `Travel Money Cards’ to distribute their illicit funds because they provide ease and anonymity.

Gift voucher cards are normally designated as closed-system or closed-loop cards because they can only be used at the retailers or shopping mall that issued them. Other than retailers, other types of uses for closed-system cards include telephone, internet, dining or hotels.

Whereas open-system cards (such as those linked with card companies VISA and MasterCard) can be used at most retail stores and many of them are useable as ATM cards where the card holder can withdraw the value on the card in cash from most ATM machines in the world.

Because these cards can also be reloaded with funds via online transactions, at a bank or via a cash-tills transaction, they’re an effective method for fraudsters, criminals and money launderers for distributing funds quickly and covertly.

Criminals can thus load cash onto multiple pre-paid open-system cards and FedEx the cards to their counterparts outside the country. The counterparts can then withdraw the funds in cash in their own currency with ease from local ATM machines. When the card is spent it can be discarded and the cash is untraceable. Recent DEA investigations into criminal activity spanning international borders have noted an increase in the use of pre-paid cards with bulk cash smuggling activity.

As the retailers and banks are set to gain when consumers buy these cards – the user has to shop in their store or else the balance says with the bank until it’s depleted – individuals and businesses often purchase large numbers of cards and this doesn’t raise any red flags. Thus a fraudster can place several thousand dollars on a retail gift card or bank card and not have to deal with a currency transaction report and it is unlikely to be recorded on a suspicious activity report. In fact, fraudsters often will divert attention by breaking a large-dollar amount into a number of smaller amounts at different outlets (the method of laundering sometimes referred to as `smurfing’ – named after the little blue cartoon characters).

Open-system cardholders generally do not have to disclose details of their own bank accounts. In many jurisdictions, the banks handling the money that flows through the gift cards are required only to conduct customer due diligence and customer identification procedures on the independent firms that manage the cards and not the individual cardholders.

Fraudsters can muddy the waters further by purchasing a number of cards from several different retailers or banks at different locations or else have a trusted friend to do so. The cards can then be carried on board a flight or else mailed to an associate interstate or overseas and redeemed there. An enterprising fraudster can even sell the cards on websites such as eBay, Gumtree, www.SwapaGift.com or www.CardAvenue.com. The cards are sold at a slight loss but it’s another way to convert the cards into funds.

Investigators and fraud examiners need to be aware of this relatively new method to launder funds by criminals and fraudsters. Whether they can spot company funds being used to buy these cards or else evidence that a suspect has been engaged in such activity [from web browser activity or emails], this may lead to unearthing a considerable fraud or other crime that needs to be pursued further.

Do you need to know more about our services and how Regents can assist you with preventing fraud and money laundering? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Most people are lazy when it comes to using computers properly. People are even lazier when to comes to selecting a password for accessing their computer or web service. Computer security seems to be a keyboard type too far.

The more complex a password is by incorporating the use of upper and lower case letters, numbers and symbols the better. This will protect the password from a brute force or dictionary attack by a hacker or unauthorised use. Alas, most people either don’t realise the importance of choosing a complex password or are just not motivated enough to come up with a suitably complex password.

Enter a useful little plug-in called “Naked Password” which could make choosing a password a whole lot more interesting.

“Naked Password” rewards the selection of more secure passwords with images of an attractive, sexy woman named `Sally’. As the user types in each irregular character such as an upper case letter, `Sally’ removes one more item of clothing. It will certainly work with some of the people I know working in our office. “Naked Password” is a jQuery plug-in with a racy 8-bit striptease,

Of course, an image of a stripping model may not motivate everyone, women for example. With some tweaking to offer a different image, such a handsome male or else something like a seal doing tricks, may make “Naked Password” a viable offering for all genders and age types.

“Naked Password” is certainly onto something and if by adding some fun by viewing a reward image and generating some proper excitement to lessen the chore of entering long and variable passwords then it should be welcomed.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Pre Employment Screening is a term often talked about among management without the full benefits and controls that it can bring to bear on a business being appreciated and understood. The following is a Q & A format to explain the issues that Pre Employment Screening can treat.

What is PES?
PES is the abbreviation commonly used for `Pre Employment Screening’. PES generally refers to the process whereby a prospective employer arranges for information relating to a potential candidate to be checked and verified to confirm the suitability of the candidate for employment or as a contractor.

Why do companies use PES?
PES provides an objective assessment as to the potential candidate’s capacity and capability to undertake the duties & responsibilities as per their experience and qualifications. The prospective employer has the ability to assess whether the candidate has fully disclosed their attributes and or any negative incidents such as a bankruptcy record or having being terminated by a previous employer.

Which companies use PES?
Some companies are required to undertake mandatory PES by the government, such as banks and insurance companies. Others choose to do as a risk mitigation and management planning tool and cover a wide spectrum of industries from retail, transport, manufacturing to mining. Many not for profit agencies and other volunteer organisations also conduct PES on prospective employees to screen out unsuitable or undesirable candidates.

Isn’t PES a method used to `catch people out?’
This is a common misconception among some potential candidates. PES is directed at verifying the potential candidates claimed attributes and highlighting any inconsistencies between what is stated and what is found during the PES process. It is for the employer to assess the suitability of the candidate for the position based on a host of considerations.

So how does PES work?
The general approach is to have potential candidate supply personal information in writing which relates directly to their employment such as education attainment, working history, job experience, references from previous employers etc. This information is usually supplied by submitting a standard form and supplying copies of any qualifications such as a Degrees or membership of a professional society.

Next is the verification process. Armed with a consent release from the candidate, contact is made with the relevant education intuitions [universities, colleges, TAFE, high schools etc], former employers and references provided by the candidate to ascertain whether the claims made by the candidate are accurate and valid. A report is compiled detailing these findings and submitted to the requesting potential employer or organisation. Any discrepancies between what the candidate has submitted and what was discovered during the verification process are given a `red flag’ for the client to consider.

Is consent from the potential candidate required?
Many countries have some form of Data Privacy law that requires that the candidate must first provide written consent before these PES checks can be undertaken. Most institutions will require viewing a copy of the consent release signed by the candidate before disclosing any information.

What other kinds of things can be checks can be performed?
There are a variety of background checks which can be undertaken for a prospective candidate depending on the country where the candidate is located and to what the prospective employer wishes to check the background. These checks include the following:

• Record of directorships or shareholdings in private companies

• Bankruptcy record

• Previous residential addresses

• Civil litigation history

• Media profile

• Criminal record

• Record of any regulatory agency actions

How focused is PES?
PES is as focused as the requesting company or organisation wants it to be. For example, a transportation company would think it crucial to confirm that a potential candidate for a driver position should have a clean driving licence, whilst a different firm engaging someone as a financial assistant may consider this check unnecessary. A qualified PES firm should be able to advice as to which checks are germane to the position which the candidate has applied for.

How many years does a PES check go?
Generally a PES check goes back between 5 and 10 years for previous employment whereas records such as bankruptcy and civil litigation can go back 20 years or more. With employee turnover increasing in most industries and companies merging or being bought out, employment records are difficult to obtain longer than 10 years back

How many days does PES check take?
The actual time will vary depending on the number of attributes to be verified, the location and the type of checks involved. Generally, a PES report can be completed within five days but some component checks can take longer to complete [e.g. criminal history checks].

But I heard that recruitment agencies do PES?
Not really, no. Some recruitment agencies do undertake some basic background checks to corroborate the candidate’s history but few recruitment agencies conduct what can be considered a thorough PES. Unlike a PES firm, recruitment agencies are looking to fill a vacancy and focus on selecting a candidate.

What are the downsides to PES?
Very little. Other than having to pay a small fees for the PES check and a slight delay between choosing a candidate and having them confirmed as being suitable.

Compare with this the risks and damage caused when hiring the wrong or inappropriate candidate. The direct costs can include the waste spent on the recruitment and training of the person, costs and difficulties with terminating their employment and possible damages claims.

However, the risks can be even more severe than this including damage to the company’s brand or share price plus the machinations of deposing of an unsuitable employee when they hold a more senior role. Compensation paid to wronged parties can quickly escalate and there are multiple examples of how much harm a rogue employee can cause an organisation – examples include Dr Jayant Patel hired by Queensland Health as surgeon despite being restricted from certain operations by the State of Oregon, USA and New Zealand chief scientist Stephen Wilce having falsified his resume. A standard PES check should have raised these red flags prior to them being hired and causing harm and damage to the reputation of the organisations involved.

PES is recognised as an integral first step for anti fraud measures protecting an organisation. By screening any prospective employee or contractor the organisation can save itself some serious grief in the future. On occasions this first step of PES will ward off potential fraudsters / under achievers simply by demonstrating that the organisation takes PES serious. We have had instances whereby applicants have declined to submit their details and walk away – possibly an indication that they will move on and try to join an organisation that isn’t so particular.

Are you seeking assistance with Pre Employment Screening of employees or contractors? If so, we at Regents can help you – just visit our Pre Employment Screening Webpage for further information

It is four years since the phone-hacking scandal at the News of the World newspaper [the leading UK Sunday newspaper] saw the newspaper’s former royal correspondent, Clive Goodman, jailed for his part in hacking into the mobile phone voicemails of Princes William & Harry. It appears that Clive Goodman was so desperate for a `story’, he resorted to engaging a Private Investigator, Glenn Mulcaire, to hack into the voicemail messages of the Princes for leads and gossip.

The two were found out when members of the Royal household noticed that messages they had yet to access were marked as `read’ plus Clive Goodman published a vanilla story in the News of the World about one of the Princes having medical treatment for his knee – almost word for word from a voice mail left for the Prince.

Four years ago the  News of the World  claimed that the phone hacking was the product of one misguided journalist and the private investigator, Glenn Mulcaire. An investigation was undertaken by the Metropolitan Police and there was enough evidence to prosecute these two. They both went to gaol. That was the end of that.

But it wasn’t. Rumours swirled around that in fact many of the journalists at the News of the World had used Glenn Mulcaire to gain access to the voicemail of celebrities and even senior politicians. Further allegations surfaced that in fact the Metropolitan Police had stacks of evidence that showed the phone hacking went far beyond the two Princes and also involved far more journalists within the News of the World. But the Metropolitan Police were flaccid in their investigation – followed by suggestions that senior Police officers had relationship with the publishers of the News of the World. Lord Prescott, Former Deputy Prime Minister and alleged victim of the phone hacking scam, is now seeking a judicial review into Scotland Yard’s handling of the investigation.

But the matter was kept alive by the Guardian and New York Times newspapers– both direct competitors to the publishers of the News of the World. Things were further complicated when Andy Coulson, former editor of the News of the World, was promoted to be a media advisor to David Cameron, the newly elected Prime Minister.

Coulson has denied knowing of the hacking but many doubt how valid this claim is. In court testimony for another matter, Andy Coulson said under oath the refrain that the phone hacking was due to one isolated journalist. However, Coulson must have known that Glenn Mulcaire was officially being paid ₤100,000 per year plus additional cash handouts – for doing what exactly? Some wonder whether any fresh evidence could disprove the sworn testimony of Andy Coulson and expose him to the charge of perjury. Stranger things have happened.

And now the stonewall put in place by the News of the World has some serious cracks in it. Each week in the UK another celebrity announces legal action against the News of the World, claiming that their privacy has been invaded by the phone hacking.

Some celebrities are taking separate legal action against Glenn Mulcaire directly for the phone hacking whilst he in turn is appealing against a decision to make him divulge which journalists on the News of the World hired him to hack the  phones.

The Police have now admitted that they had seized multiple pages of phone details from Glenn Mulcaire with first names handwritten on each – supposedly by Mulcaire indicating which journalist within the News of the World was requesting the information. Will Mulcaire declare who ordered what phones to be hacked? Will he name names? The News of the World news editor, Ian Edmondson, had been suspended amid allegations relating to the phone hacking of actress Sienna Miller’s phone.

Lawyers acting for alleged victims of the phone hacking suggest that there may have been thousands of victims. Around 3,000 phone numbers were listed in documents seized by Police back in 2006 and telephone records for Glenn Mulcaire show multiple calls from his own phone to the numbers used by celebrities – the path of evidence should be fairly easy to follow. How vigorously will the Police pursue it this time round?

This one will run and run.

How was the phone hacking conducted?
For some mobile phones, it is possible to listen to any voicemails by dialing an access number, enter the mobile phone number followed by the PIN.

Often the user either leaves the PIN as the default – usually `0000’ – or else chooses a simple PIN like 1234 or 1111. On some occasions, the hacker may get the PIN via dumpster diving or else under pretext – calling the phone provider pretending to be the owner and asking for the PIN.

How to protect yourself from phone hacking?

• Choose an irregular PIN such as 4729 or 8147

• Do not record the PIN in an accessible place i.e. a post-it note on your desk or in your diary

• Change your PIN every few months

• Observe whether any voicemail messages have been designated as accessed before you have viewed them

• Report any suspicions you may have to your mobile phone provider and insist that they investigate the matter

• Do not pass your PIN to anyone else

In the meantime, wasn’t it The Jam that sang the lines:

Each morning our key to the world comes through the door
More than often its just a comic, not much more
Don’t take it too serious – not many do
Read between the lines and you’ll find the truth

Read all about it, read all about it – news of the world

Read all about it, read all about it – news of the world

Do you need to know more about our services and how Regents can assist you with mobile phone forensics or computer forensics? Simply go to our Computer Forensics page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

The  new Indian sports minister has sacked the chief organiser of 2010 scandal-ridden Delhi Commonwealth Games as the coalition government suffers a string of corruption scandals and thus seeks to repair its own public image.

Ajay Maken said he took the decision to terminate Games chief Suresh Kalmadi and Secretary General Lalit Bhanot so that the inquiry can mount an open investigation into corruption allegations surrounding the $6 billion event held in October 2010.

The Games were intended to be India’s answer to China’s impeccable staging of the 2008 Beijing Olympics. However, the Delhi Games descended into a complete farce and were salvaged only after a last-minute mad scramble by the red-faced government.

Once the Games were finished, the government appointed  federal investigating agency the Central Bureau of Investigation to review allegations of corruption and irregularities in the construction, organisation and conduct of Commonwealth Games 2010.

Long before the actual Games began, corruption charges surrounded the London leg of the Queen’s Baton Relay, which lead  to the sacking of three senior officials in August. Subsequent inquiries by Indian anti-corruption watchdogs identified several irregularities in the awarding of contracts and identified several Games projects beset large-scale corruption.

The Games debacle resulted in Ashwini Nachappa, a former international athlete, teaming up with ten other international athletes spear-heading CleanSports India, a nationwide campaign to rid Indian sports of all types of crooked officials and rigged results for gambling, including those overseeing the games.

Investigations have revealed scandal after scandal involving officials with kickbacks, off-shore companies, forged emails, unjustified payments to bogus companies and inflated costs for goods and services ranging from cleaning to exercise machines. The final costs for the Games are expected to be over $8 billion – most of it paid by the tax payer and draining government resources.

India’s leading corruption watchdog, Central Vigilance Commission, highlighted the irregularities in more than a dozen projects and questioned the quality and finish of the venues. Huge piles of rubble and rubbish, a collapsed roof, hanging wires, leaky walls, broken tiles and an incomplete stadium became the visual staple of daily newspapers and television channels.

The government and police have been kept busy with the upcoming Cricket World Cup due to start in February 2011. The state of some of the venues has been criticized and there is the fear that the rampant illegal bookmaking syndicates will try to infiltrate the player’s dressing rooms and hotel accommodation.

Despite the recent disciplining of three Pakistani players for match fixing, the lure of easy money and the fact that nearly all gambling in India is outlawed means that ready cash flows around the stadiums and has the power to spoil the sport.

Do you need to know more about our services and how Regents can assist you with anti corruption, graft or misconduct issues? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.