If someone were to ask you what your OC IQ is… many of you would probably think this is a TV trivia question about “The O.C.,” or Orange County, for those of you familiar with the TV show or SoCal surf scene.
However, for our purposes, “OC” stands for something much different and even more dastardly: organized crime. The question really asks, how savvy are you and your organization about organized crime activity and the impact it may potentially have on your business?
Knowing Organized Crime
Your knowledge and awareness about organized crime may be the difference between successful enterprise fraud risk management and profitability or being clobbered with fraudulent activity and large losses which negatively affect your bottom line.
Knowing organized crime means understanding what your opponent’s attack methodologies are, who their targets tend to be, what weaknesses they tend to exploit, and in what time frames they seek to do so.
If you think you don’t need an OC IQ, you’d be wrong. Recent criminal activity on a global scale supports this contention. Organized crime means organized criminal attack, or organized criminal warfare and fraud of this global magnitude definitely fits into this category.
Sun Tzu in The Art of War said:
“If you know others and know yourself, you will not be imperiled in a hundred battles; if you do not know others but know yourself, you win one and lose one; if you do not know others and do not know yourself, you will be imperiled in every single battle.”
The rough translation from this quote, which directly applies to every organizations enterprise fraud risk management operation, is to “know your enemy.” Hence, what’s your OC IQ?
Knowing Your Organized Crime Enemy
If you’ve thought about your enemy lately, you’d realize that on a large scale they really fall into three categories: Hacktivists (Political Activism), Organized Crime Rings (Financial Gain) and Industrial Espionage (Trade Secrets) which is often “state sponsored.” That ought to keep you up at night.
Having an OC IQ means that you proactively think about large scale, big picture fraud events like: cyber attacks, DDOS attacks, man-in-the-middle attacks, automated attacks, phishing, malware, Trojan horses, worms, viruses, emerging trends, etc.
Then, once you’ve identified vulnerabilities and attack vectors, get out in front of them before you become tomorrow’s front page news in the Wall Street Journal!
Your organized crime enemies are also going to be flexible and change their attack methodologies in direct response to your defenses, so having an OC IQ means the realization that your anti-fraud defenses cannot remain stagnant. Fluidity is key to a robust anti-fraud effort.
Knowing Yourself to be Prepared Against Organized Crime
The other critical part of the Sun Tzu quote is to “know yourself and be prepared.” Being prepared means thoroughly assessing your enterprise strengths, weaknesses and vulnerabilities especially in light of organized crime activity. This takes the form of an enterprise fraud risk management assessment.
Enterprise wide fraud risk assessments can certainly be accomplished with an internal review. However, from our experience, when organizations view themselves internally they often are not as candid about the true “state of their weaknesses” as when assessed by an independent anti-fraud professional.
This same “self assessment” principle holds true in life as well. Others more clearly see flaws in us that we cannot.
Aside from being able to provide an independent and unbiased view of an organization’s anti-fraud effort, external anti-fraud review also scores points because it tends to satisfy regulatory requirements which focus on the phrase “independent.”
What’s Your Organization’s OC IQ?
You can bet that the global organized crime rings know what your OC IQ is and if the quotient is low large scale victimization and financial losses may be right around the corner. These kinds of embarrassing incidents damage your brand and destroy profitability.
Take steps to improve your organized crime IQ with improved training programs, increased employee awareness and an independent and comprehensive enterprise fraud risk management assessment.
Have a knowledgeable anti-fraud professional help you identify the vulnerabilities which lead to these kinds of organizational attacks. Then, patch the holes before they get seriously exploited by an organized group… and they will.