There are many procedural controls designed to prevent or reduce the impact of crime. For example, with respect to robbery risk in a financial institution, staff procedural training starts with their orientation. This is followed up with repeated individual and group training on the subject, including practice at describing “robbers” whose photos have been seen for only a few seconds. Training helps to reduce the likelihood of an improper response to a robber that might result in injury or increased trauma for staff or customers; familiarizes staff with other security features of the location; and builds the ability to become good observers should staff need to act as potential witnesses when a robber has been apprehended.
Proper branch opening and closing procedures ensure that an unauthorized person is not in the branch after closing time or that help will arrive quickly if there is a problem. Procedures that prevent an employee working alone not only protect the employee, but also protect the organization from employee dishonesty. Password control, joint custody practices, and segregation of duties are important procedural controls. A conflict of interest and fraud policy is an important document. Requiring staff members to read and acknowledge having read the policy at least annually is another important procedure.
Many organizations now control access to specific areas or floors of a building. This is an example of a combination of physical and procedural controls.
There is an acronym often heard at security training exercises – GONE:
- “G” represents “greed”. Greed is aimed at taking something belonging to another and converting it to the thief’s own use. Hiring procedures are aimed at screening out applicants with a high greed rating.
- “O” represents “opportunity”. Procedures are developed to reduce the opportunity for dishonest people to accomplish their objectives and uncover problems early, while a loss is still small.
- “N” represents “need”. Need is sometimes a cause of crime, although most needy people are not criminals. Procedures that involve monitoring staff accounts or changes in behaviour are often responsible for discovery of losses caused by employee dishonesty.
- “E” represents “environment”. Physical and procedural controls that harden the environment generally reduce exposure to loss through employee dishonesty, robbery, embezzlement and other types of loss. These include access control, surveillance cameras, a strict hiring process, and a policy that results in all employee crimes being reported to the police, etc.