Home » Business

Understanding Identity Risk Management

Jun 5, 2008
Organizations take on risk when they do not know their customers, employees and vendors. According to the Association of Certified Fraud Examiners 2006 Report to the Nation on Occupational Fraud and Abuse, "U.S. organizations lose an estimated 5 percent of annual revenues to fraud." Fraud goes beyond a quantitative dollar amount. Fraud can do additional damage because of the potential regulatory sanctions and loss of trust and reputation in the marketplace.

Many solutions exist today that help mitigate enterprise-wide fraud risk from customers, employees and vendors. A series of software and solutions help perform checks prior to entering a business relationship, and then once a relationship has been established, can provide alerts of suspicious activity.

Implementing a comprehensive Identity Risk Management (IRM) solution means various tools, processes and policies are designed to help an enterprise mitigate potential fraud caused by inaccurate or incomplete information about a business (vendors) or individual (customers and employees).

As a best practice, a robust Identity Risk Management solution should help an organization by recognizing:

- Identity misrepresentation, impersonation, or identity theft
- Unauthorized physical access
- Unauthorized electronic access
- Collusion

The result of an effective ID Risk Management system is it can help strengthen an enterprise's identity verification, enhanced due diligence and regulatory compliance programs. This translates into additional layers of protection being incorporated into an enterprise's overall fraud prevention efforts.

Below are examples of how an enterprise can mitigate fraud on the customer, employee and vendor level by implementing Identity Risk Management solutions.

How to Mitigate Customer Fraud Risk:

Knowing your customer means having strong identity verification, regulatory compliance and enhanced due diligence programs. These five ID Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from customers.

Step 1. Discover - Who are you?
Step 2. Verify - Do you exist?
Step 3. Authenticate - Are you who you say you are?
Step 4. Evaluate - Can I do business with you?
Step 5. Alert - Are you exhibiting high-risk behavior? (This is process that involves ongoing notifications.)

How to Mitigate Employee Fraud Risk:

To know your employee means your have taken efforts to obtain pre-employment and background screening information. In addition, the organization might want to pursue drug testing, biometrics and enhanced due diligence and ongoing post-hire services. These five ID Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from employees.

Step 1. Discover - Who are you?
Step 2. Verify - Do you exist?
Step 3. Authenticate - Are you who you say you are?
Step 4. Evaluate - Can I do business with you?
Step 5. Alert - Are you exhibiting high-risk behavior? (This is process that involves ongoing notifications.)

How to Mitigate Vendor Fraud Risk:

Knowing your vendor is essential to companies that are sensitive to regulatory compliance. This is magnified by companies that rely on third-party vendors, a trend that is becoming more critical as means of controlling costs. However, the added savings of these vendors come with additional exposure to fraud risk. Performing background checks and monitoring activity that is not aligned with your core business values are essential to an organization working with third parties. These five Identity Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from vendors.

Step 1. Discover - What is the business' legal name? Who are the principals? Who are the officers?
Step 2. Verify - Does the business have the appropriate credentials?
Step 3. Authenticate - Is this a legitimate business?
Step 4. Evaluate - Can I do business with this company?
Step 5. Alert - Is this business exhibiting high-risk behavior? (This is process that involves ongoing notifications.)

Whether you are concerned with regulatory compliance or your organization's reputation, implementing an Identity Risk Management solution is something you should consider the next time your organization is discussing ways to mitigate potential fraud risk. The process of mitigating fraud exposure starts with having this fraud risk discussion.
About the Author
Michelle Thiel is an advocate for the information industry with an interest in Identity Risk Management solutions, ID Risk Management systems and enhanced due diligence programs.
Rating:
Please Rate:
(Average: Not rated)
Views: 207
Print Email Report Share
Article Categories