- No category
Forensic Methods and Techniques Study Guide FOR3702
advertisement
© 2016 University of South Africa All rights reserved Printed and published by the University of South Africa Muckleneuk, Pretoria FOR3702/1/2017-2019 70465703 Editor and Styler MNB_Style Contents PREFACE Learning unit 1: (v) INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 20 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE 39 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES 62 FOR3702/1/2017-2019 (iii) PREFACE I want to warmly welcome you to yet another exciting year of study – a year filled with opportunities and possible successes in this journey. I sincerely trust that your studies this year will also be enjoyable and rewarding and that you will be able to tackle the contents of this final year module with great success. This module adopts a risk-based perspective as it deals with methods and techniques relating to investigation. It is intended to give you an understanding of the various approaches that can be employed during an investigation. Many of the concepts sound similar and can cause confusion because they are often used as synonyms – even though they may have separate and different meanings. As an example I would like to use the terms "risk”, "environmental design”, "physical security", "social engineering", "vetting" and "security clearance". These words may be interpreted differently – even amongst investigators. Remember that it is of vital importance in forensic investigation that you convey a message that the stakeholders can understand easily. By “the stakeholders” I mean a prosecutor, magistrate or other person who is not directly involved in the investigation but who is the person who has to make a decision based on the contents of your report or case docket. At the end of this module you will find a glossary of terms. These are mostly Latin words that are used in the legal environment. I have included this to assist you to understand Latin terms that you may come across, to know what they mean and to be able to interpret the context in which they occur. Of course, I do not intend for you to learn them by rote but I would like you to be comfortable in their use and with their meanings. Do not become discouraged if at first you do not grasp the meaning of a word or of a concept. Like all specialised functions, forensic investigation has its own unique terminology and you will need to understand what this terminology means if you want to correspond effectively with others. This module does not cover all aspects of investigation using risk-based methods and techniques. I encourage you to do independent reading and research and to speak to more experienced investigators in the working environment. In compiling this module, I have relied heavily on the latest publications available. I have also relied on older writings containing information and explanations which I thought relevant for this purpose. FOR3702/1 (v) Learning unit 1 INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS Learningunit1 1.1 INTRODUCTION The aim or purpose of this learning unit is to teach you to apply investigation in relation to risk management and analysis and it details the methods and techniques employed by forensic investigators to solve crimes and transgressions. In addition, it also unpacks risk analysis or risk assessment phases. The concepts of environmental design, social engineering, physical security in relation to forensic investigation by utilising methods and techniques are also explored further. This chapter has been written with practical application in mind and I have grouped the concepts together so that they form a logical group. You will also find a number of activities which you are urged to do so that you are able to understand the concepts and to apply them in practice. 1.2 DEFINITIONS OF CONCEPTS I felt it prudent here to clarify the concepts dealt with so as to enable you to comprehend the context in which the varied concepts are used in this module. 1.2.1 Security Security is defined as the implementation of cost-effective security measures that, when taken as a whole, have the effect of reducing the probability of loss-incurring events and of reducing the impact of any loss-incurring events that occur. 1.2.2 Risk Management Risk management is the identification, assessment, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events or to maximise the realisation of opportunities (ISO Guide 73 2009). 1.2.3 Risk analysis According to Shimonski (2002:20), risk analysis is also known as risk assessment. Risk analysis is a management tool, the standards for which are determined by whatever the management of a particular organisation decides that it is prepared to accept in terms of actual loss. Risk evaluation is the analysis of loss exposure, where attention is focused on how frequent and how severe accidents are likely to be and how they may interfere with the organisation’s success. Risk analysis entails quantifying the risk and determining its possible impact on an organisation. 1.2.4 Crime Prevention Through Environmental Design (CPTED) The theory of crime prevention through environmental design is based on one simple idea: that crime results partly from the opportunities presented by the physical environment. This being the case, it should be possible to alter the physical environment so that crime is less likely to occur. Environmental design is the process of addressing surrounding environmental parameters when devising plans, programmes or policies or when designing buildings. CPTED strategies rely upon the ability to influence offender decisions that precede criminal acts (Geason & Wilson 1988:4-5). FOR3702/1 1 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.2.5 Physical security Physical security is the protection of personnel, hardware, software, networks and data from physical circumstances and events that could cause serious losses or damage to an enterprise, state, or institution. This includes protection from theft, corruption, fraud and espionage. 1.2.6 Social engineering “Social engineering is a form of techniques employed by cybercriminals designed to lure unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites.” (https://usa. kaspersky. com/internet-security-center/ definitions/social-engineering) with the intention to commit crime. In such instances the hackers may attempt to exploit a computer user's lack of knowledge of technology and the value of data and how to best protect it. Social engineering, in the context of information security refers to, “psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme.” (https://usa.kaspersky.com/ internet-security-center/definitions/social-engineering) 1.2.7 Vetting According to Minimum Security Information Standard (MSIS) (2006:2), vetting is a systematic process of investigation followed in determining the security or interests of the employing institution or the state. Vetting also refers to the conducting of a critical examination of a person prior to employment, or it may even mean a process of examination and evaluation. In the latter case, it would generally refer to the performing of a background check on someone before offering that person employment or conferring an award (Mdluli 2011:11). 1.2.8 Security survey A security survey is defined as a critical on-site inspection of security measures and its main objective is to identify and measure any weaknesses in security measures. Thus, the security survey focuses on identifying weaknesses in the security system or security measures of the organisation, whereas the risk analysis exercise focuses on identifying the probability and impact of risks on the organisation’s assets. This distinction is important when it comes to measurement. During a risk analysis exercise, risks are estimated while during a security survey, security measures are estimated. 1.2.9 Vulnerability In this context, the term "vulnerability" basically means that security measures are inadequate. For example, an asset such as cash may be exposed to a security risk such as robbery or theft. Vulnerability implies a lack of security measures in relation to security risks (Ozier 2003:5). 1.2.10 Risk impact The term "impact"’ refers to the degree or amount of financial loss that may be suffered as the result of a loss-incurring event or a security risk. This anticipated loss must include both direct and indirect losses (Le Roux 2002:9). An example of impact is the bankruptcy and closing down of a retail store as a result of suffering repeated burglaries and plundering. 2 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.2.11 Probability Probability refers to the likelihood or chance of a loss-incurring event actually occurring (Le Roux 2002:7). For example, what is the likelihood of a case of fraud occurring in the purchasing department within the next 12 months? Both the probability and impact of a loss-incurring event must be reduced to manageable proportions by the security measures or security system in place. These measures may be of a human, technological, physical and procedural or policy nature. ACTIVITY 1.1 Read the following scenario and respond to the question that follows. You attend a safety meeting at which industrial safety matters are discussed. At the meeting there is a dispute about the functions that resort under the safety department and those that resort under the security department. For example, which department is responsible for ensuring that staff members wear safety glasses when doing welding and which department is responsible for searching staff members at the end of the day when they leave an area where valuable goods are being manufactured? Briefly explain the concept of security to the meeting. FEEDBACK Security involves all crime prevention measures that are applied in order to create and maintain a relatively crime-free occupational environment. 1.3 OBJECTIVES OF THE RISK ANALYSIS EXERCISE When attempting to conduct a risk analysis exercise, you must have clarity of objectives as there is manpower and cost involved. The risk analysis exercise is conducted to achieve the following objectives: ● ● ● ● ● ● ● Identify vulnerable assets (people, processes, products, information and capital) Identify security risks such as robberies and people leaving warehouses unlocked Calculate probability (the likelihood of loss) Calculate impact (consequences of loss) Calculate risk factors (the probability multiplied by the impact) Prioritise risk factors in order of seriousness Report these risks to your client so that appropriate decisions can be taken Do you perhaps know other objectives pertaining to your environment? The objectives above are aimed at obtaining information, analysing it and coming to a fairly reliable conclusion regarding security risks that endanger the profitability of your client’s organisation. This information will help you to anticipate (predict) future losses. The risk analysis exercise provides your client with information that is vital to the decision-making process. Do you agree? Explain further. 1.4 HOW TO CONDUCT THE RISK ANALYSIS EXERCISE The findings of the risk analysis exercise will provide a clear picture of the nature and scope of security risks that endanger the profitability and existence of his or her organisation. The risk analysis exercise is thus a powerful management tool. Do you agree? Explain. Once risks have been accurately identified, decisions must be taken on the most effective methods that must be implemented to manage these risks. Now let me take you through each step. FOR3702/1 3 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.4.1 Step 1: Obtain a mandate from your client To conduct a risk analysis exercise, you will have to obtain a specific mandate from your client for the following activities related to the risk assessment exercise: ● Make observations (walk the risk) ● Interview people (talk the risk) ● Analyse documents (read the risk) The objective of the above three activities will be risk identification. A mandate may be provided in the form of a letter of authorisation. This could include permission to do the following: ● Interview certain employees to establish the nature and scope of security regarding risks in their areas of employment ● Visit certain areas in the organisation ● Examine specific assets ● Take photos ● Investigate specific risks (fraud, robbery, corruption and burglary) ● Determine the time frame for completing the exercise ● Determine the particular mode of reporting to be used ● Co-opt certain persons to serve on the risk analysis committee 1.4.2 Step 2: Establish a risk analysis steering committee The modern organisation is so complex and the security function so diverse that nobody, no matter how competent, should be allowed to conduct a security risk assessment exercise alone. A designated security risk analysis committee should be constituted to assist you with your task. Alternatively, you may choose to constitute a single steering committee for the entire security risk management process and to co-opt particular members as specific needs arise. You will require the assistance of various specialists at various stages of the security risk management process (during the risk analysis and security survey) as these activities are demanding. 1.4.3 Step 3: Identify assets An asset may be defined as any resource or thing that directly or indirectly contributes to the value, profitability or service levels of the organisation. Can you compile a list of assets that you think are vulnerable to risk? Identifying important assets is the point of departure when conducting a risk analysis exercise. Most large businesses or organisations have an asset manager who should serve on the risk assessment committee to assist in identifying valuable assets. 1.4.4 Step 4: Identify risks The fourth step in the risk analysis process is to identify and analyse relevant actual and potential crime risks and to prioritise them. As an investigator, you need to have comprehensive knowledge and experience of the various risks and their causes, which could cause financial losses to the business or organisation. 1.4.5 Step 5: Determine probability The probability or likelihood of a loss-incurring event depends on many crime-predisposing and precipitating factors. Probability is thus conditional. The effectiveness or lack of security measures will also influence probability. Do not confuse probability with frequency. Frequency refers to the number of times a lossincurring event has occurred in a specific period. Frequency is thus measured in terms of units of occurrence and time. The frequency with which specific losses occur affects the probability that a 4 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS serious loss will be suffered. For example, where numerous small items, such as calculators are being stolen daily from a shop, these small losses may eventually have the effect that the shop is forced out of business. Do you agree? Explain. This means the likelihood of the organisation or business suffering financial losses relating to an asset and as the result of a security incident needs to be assessed. 1.4.6 Step 6: Determine impact Once the risk analysis steering committee has determined a probability factor for a specific asset, the impact (severity of loss) must be determined. A five-point scale is utilised to measure the impact of the loss. 1.4.7 Step 7: Calculate and prioritise risk factors This means obtaining values of assets and assigning risk factors to them. This will then bring you to the prioritisation of risk. Risk prioritisation After scanning the internal and external environment for information on crime, you need to identify which assets will be most vulnerable to criminal activity, based on the information you have obtained from the internal and external environment. Logically, risk control begins with the identification and classification of risk. To accomplish this task, it is necessary to examine or survey all the activities and relationships of the enterprise in question and to develop answers to these basic considerations (Broeder 2000:7-8): ● Assets: What does the company own, operate, lease, control, have custody of or responsibility for, buy, sell, service, design, produce, manufacture, test, analyse or maintain? ● Exposure: What is the company exposed to that could cause or contribute to damage, theft, or loss of property or other company assets, or that could cause or contribute to personal injury of company employees or others? ● Losses: What empirical evidence is available to establish the frequency, magnitude and range of past losses experienced by this specific company and other companies located nearby, which render a similar service, or manufacture the same or similar product? The risk manager can categorise assets that were lost in the internal environment as a result of crime. Statistics received from the police can also be a good indicator of which assets are prone to criminal threats (external). Which other index do you think can be a source to identify assets at risk? The insurance claims history can also be used to determine which assets were claimed for or replaced by the insurance as a result of criminal losses. The identified assets need to be prioritised according to: ● Threats (likelihood of theft) ● Consequences (whether the loss could interrupt continuity of business) ● Vulnerability (whether it would be easy to steal the asset despite the current security measures). After identifying the assets that need to be protected, you must make a decision as to how you are going to protect the asset or whether you are going to transfer the risk. 1.4.8 Step 8: Report to the client A preliminary report should be drafted for top management’s information. Your main intention should be to make broad recommendations to top management (based on accepted business, financial and security principles) for managing identified crime risks cost-effectively and thus enhancing profitability and ensuring the longevity of the business or organisation. FOR3702/1 5 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS ACTIVITY 1.2 Read the following scenario and respond to the question that follows. You are the corporate investigator for a large chain of supermarkets. You have been mandated to conduct a risk analysis exercise for the entire organisation. Based on your experience as a corporate investigator, list seven assets that are of particular value to the supermarket chain. FEEDBACK You should have included tangible assets such as food, cash and vehicles; equipment such as meat-slicing machines; competent staff members; and electronic tills in the list you have drawn up for the activity above. Intangible assets include the client base (customers) of the supermarket chain; a hygienic environment in which the food is stored; creditors who pay their accounts on the due dates; reliable suppliers of a diverse range of high-quality food products; and the position of the supermarkets (conveniently close to clients or shoppers). 1.5 OPTIONS IN DEALING WITH THE IDENTIFIED RISKS ● Avoiding the risk by removing the target – Laptop theft can be avoided entirely by choosing not to provide laptops to employees. ● Reducing the risk by decreasing the target –The store’s shoplifting risk can be reduced by placing high value merchandise in a locked cabinet and by placing easily concealed high demand items, such as packs of cigarettes, behind the cashier’s counter. ● Diffusing the risk – This involves the use of barrier systems, such as perimeter fences; access control and intrusion detection equipment, such as card readers; and CCTV, locks, safes and vaults, and standard control procedures, such as property removal passes and inventory counts. ● Transferring the risk – This is made possible by purchasing insurance or raising prices so that the purchasers of the product or service pay for the losses. Another technique is to outsource risk-heavy functions to another party. An example is the transfer of liability when an employer replaces an in-house guard force with a contract guard force. If misconduct by a contract guard causes a serious accident, the employer may be able to escape liability under the terms of the contract. ● Accepting the risk – This is also an option. Management may decide that a particular risk is worth a gamble or that the cost of a possible loss is not great enough to justify the cost of prevention. Another deciding factor may be the intractability of the risk (that, despite best practices, the risk cannot be controlled to an acceptable degree). ACTIVITY 1.3 Which of the following statements is false? 1. 2. 3. 4. Probability indicates the chances that a loss-incurring event will occur. Probability is measured in units of percentages. Probability influences the risk factor that is calculated. Probability is measured strictly in units of time. FEEDBACK In the above activity, you should have found that statement 4 is the least true. The frequency with which a loss-incurring event occurs does play a role in determining 6 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS probability. However, probability is not measured only in units of time but also in percentages ranging from 1 to 100. 1.6 ENVIRONMENTAL DESIGN Environmental design refers to the applied art and sciences dealing with creating the humandesigned environment with the intent to prevent crime from taking place. This is explained further below. 1.6.1 Crime Prevention approaches The traditional approach to crime prevention has been to try to identify the psychological and social causes of crime and attempt to remedy these deficiencies by treating the individual offender and or designing special educational, recreational and employment services for groups regarded as being at risk. 1.6.1.1 There are four separate categories of crime prevention: ● Corrective prevention attempts to prevent crime by ameliorating social conditions which seem to lead to crime, e.g. by reducing overcrowding, creating viable neighbourhoods, rehabilitating areas and providing community health clinics and recreation facilities. ● Punitive prevention uses police to deter crime through lawyers, the police, courts, prisons and the legal system. ● Mechanical prevention emphasises hardware such as locks and doors. ● Environmental design prevention manipulates building design and the relationship between buildings and their environment to reduce opportunities for crime. Successful security planning will most likely incorporate some aspects of punitive, corrective, mechanical and environmental techniques; the last two categories are a 'situational crime prevention' approach (Geason & Wilson 1988:4). 1.6.2 RATIONAL CHOICE THEORY While traditional criminology tended to see criminals as driven by their conditioning and environment, more recent economics-based theories portray them as rational decision-makers who base their decisions to commit crimes on an analysis of the risks of the venture compared with the expected profits. That is, the criminal does a cost-benefit analysis. Rational choice theory says that individuals are motivated by the wants or goals that express their preferences. They act accordingly to the information they have received after having evaluated the opportunities before them. The theory is taken to imply a conscious individual who is engaging in deliberate calculative strategies. There are four elements of rational choice theory: ● ● ● ● People choose all behaviour, including criminal behaviour Their choices are designed to bring them pleasure and reduce pain Criminal choices can be controlled by fear of punishment The more severe the punishment, the greater its ability to control criminal behaviour Rational choice theory includes economic theory on crime. The economic theory on crime stipulates that individuals respond rationally to the costs and benefits of criminal opportunities. ACTIVITY 1.4 Discuss the elements of rational choice theory. FOR3702/1 7 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS FEEDBACK ● ● ● ● People choose all behaviour, including criminal behaviour Their choices are designed to bring them pleasure and reduce pain Criminal choices can be controlled by fear of punishment The more severe the punishment, the greater its ability to control criminal behaviour (clarke 1997:9). 1.6.3 Situational crime prevention theory Situational crime prevention rests on two assumptions: ● The criminal is a rational decision maker who goes ahead with a crime only where the benefits outweigh the costs or risks ● The “opportunity” to commit a crime must be there (Clarke 1997:2–4). Situational crime prevention has been defined as 'the use of measures directed at highly specific forms of crime, which involve the management, design or manipulation of the immediate environment in as systematic and permanent way as possible' (Hough et al 1980). It is sometimes referred to as “primary prevention” or “opportunity reduction”. Situational crime prevention aims to remove the opportunity, and make the costs of a crime greater than the benefits. It includes various forms of target hardening to make the objects of crime less vulnerable (e. g. corruption policy, harsher sentences, CCTV cameras, deadlocks on premises). Can you think of other initiatives? The theory further encourages residents of an area to exercise control over their public spaces and keep intruders out; community crime prevention initiatives such as neighbourhood watch programs and citizens' patrols; and a variety of other strategies such as channelling potential offenders away from potential victims. There are five situational crime prevention strategies: ● ● ● ● ● Increase the effort needed to commit crime Increase the risks of committing crime Reduce the rewards for committing crime Reduce provocation or induce guilt or shame for committing crime Reduce excuses for committing crime As I have pointed out, a situational approach to crime prevention has rational choice theory as its basis. That is, it rests on the assumptions that offenders freely and actively choose to commit crimes; that the decision to commit the crime is made in response to the immediate circumstances and the immediate situation in which an offence is contemplated; and the motivation to offend is not constant or beyond control, i. e. it is dependent on a calculation of costs and rewards rather than being the result of inheriting or acquiring a disposition to offend. The term “situational crime” signifies that crime can be prevented or displaced through the use of protective measures put in place. Situational crime prevention presents crime as a rational choice made by the offender after he or she has evaluated several opportunities that exist for the crime in a given situation (Clarke 1997:2–4) The more the opportunity or niche for offending, the more likely it is that the motivated offender will commit crime. One principle of preventing such crime from happening is target hardening. Situational crime prevention operates on the concept of offender choice by identifying ways to manipulate immediate situations so that offending appears less attractive. According to this concept, in order to reduce criminal activity there are elements that must be kept in mind: ● Planners must be aware of the characteristics of sites and situations that are at risk to crime ● The elements that push people toward these sites and situations 8 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS ● What equips potential criminals to take advantage of illegal opportunities offered by these sites and situations? ● What constitutes the immediate triggers for criminal actions? ACTIVITY 1.5 Discuss situational crime prevention strategies. FEEDBACK The strategies involve the following key elements: ● ● ● ● ● Increasing the effort needed to commit crime Increasing the risks of committing crime Reducing the rewards for committing crime Reducing provocation or inducing guilt or shame for committing crime Reducing excuses for committing crime 1.6.4 Displacement The displacement argument maintains that, if we stop housebreaking and theft in one area, the housebreakers may simply move to areas where the residents cannot afford to fortify their houses or are not socially-conscious enough to set up neighbourhood watch programs in their area. Crime is reduced in one locality and then increases in another area. There are three elements that can prevent criminal acts: ● Potential targets are guarded securely ● The means to commit crime are controlled ● Potential offenders are carefully monitored The criminal is not strongly committed to a crime, and where the costs and risks of committing the crime are high, displacement is unlikely; however, where the situation is reversed, displacement may well occur. It would seem, then, that situational prevention can reduce crime by influencing the final decision of some potential offenders and that, even where displacement occurs, only a proportion of the initial potential offenders will pursue their intent to commit crime. That is, crime prevention measures stop some criminals from carrying out a crime in a particular place and not all of them will go elsewhere and commit a crime. To minimise the likelihood of displacement, police and government agencies could concentrate their crime prevention efforts and funds in underdeveloped areas. ACTIVITY 1.6 Discuss the theory that postulates that criminals make decisions when deciding to commit a crime. FEEDBACK The correct answer is rational choice theory. Rational choice theory says that individuals are motivated by the wants or goals that express their preferences. They act according to the information they have received after having evaluated the opportunities before them. The theory is taken to imply a conscious individual who is engaging in deliberate calculative strategies. FOR3702/1 9 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.6.5 Crime Prevention Through Environmental design Environmental design focuses on improving street lighting, controlling access to buildings, restricting pedestrian and traffic flow and dividing residential spaces into identifiable areas. The most advanced situational crime prevention is to be found in the protection of the property, mostly through the use of expensive hardware, alarm systems, and even private guards. Similarly, neighbourhood watch is often easier to set up in affluent neighbourhoods than in poor areas. The challenge is to motivate those in need of protection against crime to help themselves. This raises the need for a corporate or interagency response to crime prevention, rather than devolving all responsibility to the individual. An equal challenge is to convince government authorities and private organisations of the benefits of protecting themselves from crime. This means, among other things, convincing housing authorities to build anti-burglary measures into public housing estates; encouraging business-people to cut down opportunities for crime on their premises, and convincing car makers to install effective anti-theft devices such as steering locks in new cars, even those in the lower price ranges. But when these strategies make it impossible or too risky for criminals to proceed, will they simply abandon the project; or will they come back another time, or go somewhere else and commit a similar crime, or switch to another type of crime? All of these theories are explained in detail in learning unit 3, below. 1.7 PHYSICAL SECURITY Physical security orientation is the logical point of departure in the security risk management process. The on-site orientation entails, among other things, a physical site visit during which vulnerable assets, security risks and security weaknesses are identified. The on-site physical security orientation ends with planning for the risk analysis and comprehensive security survey exercises. The planning takes place once inspection and investigation has been conducted. The stages of on-site orientation are listed below: ■ Stage 1. The initial meeting with the client: ● Agreeing on needs and expectations ● Clarifying roles ● Obtaining permission and support ■ Stage 2. Conducting the on-site orientation: ● ● ● ● ● ● ● ● ● ● ● Inspecting the site Conducting interviews Identifying required resources Organising survey sheets Identifying external stakeholders Studying documentation Identifying core business activities Identifying vulnerable assets Identifying security risks and weaknesses Writing field notes Taking digital photographs ■ Stage 3. Activities following the on-site orientation: ● Compiling the on-site orientation report ● Networking 10 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS ● Planning for the security risk analysis ● Planning for the comprehensive security survey 1.7.1 Distinguishing between the on-site orientation and the security survey Before embarking on the on-site security orientation, it is important to distinguish between the concepts of an on-site orientation and a security survey. This will enable you to place in context the security risk management tasks that you will be required to perform during the on-site orientation. The on-site orientation precedes the risk analysis and comprehensive security survey. Note that, although some of the activities of the on-site orientation and the security survey overlap, the two concepts differ. Do you know the difference? The security survey is much more comprehensive, thorough and exhaustive than the on-site orientation. The security survey thus requires a lot more time, effort and money than the on-site orientation. For instance, during the on-site orientation the number of interviews with staff members is fairly limited, meetings with external stakeholders such as the South African Police Services (SAPS) are not conducted and the use of a wide range of security survey sheets (checklists) is not required. By contrast, during the security survey the interviews and meetings are more extensive and detailed security survey sheets must be completed. What about on-site orientation? An on-site orientation may be done in less than one day, whereas a comprehensive security survey of, say, a large chemical manufacturer may take a month or longer. However, the activities conducted as part of the on-site orientation have direct impact on the accuracy of the risk analysis exercise and comprehensive security survey. 1.7.2 Security risk analysis During the on-site orientation you will have to identify security risks that may result in financial loss to the business or organisation. Crimes such as robbery, fraud, corruption, internal theft, burglary and vehicle hijacking pose a risk to businesses or organisations. The state of current security measures will determine the extent of financial losses from current risks. The types of risk will determine the types of security measure to be implemented, such as installing an alarm. There is a unique relationship between risk and security measures. ACTIVITY 1.7 Read the following scenario and respond to the question that follows. Reflect on past experiences you may have had with your client (top management) regarding security activities. Clearly state what the impact of the first meeting with your client has on the rest of the security survey. Why is it important that you meet with the client prior to conducting an on-site orientation? FEEDBACK Reflect on all the questions that will help you understand the needs and expectations of your client, by doing so you will have an idea of what the priority with the siteorientation exercise is. Among other things, this meeting will clarify the roles and the duration of activities. 1.8 BENEFITS OF CONDUCTING AN ON-SITE ORIENTATION The temptation to take a short cut and avoid conducting an on-site orientation must be resisted. The advantages of an on-site orientation are as follows: ● Ability to conduct on-site orientation at short notice FOR3702/1 11 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS ● A client may demand immediate action following a major crime or incident, such as theft which resulted in loss of inventory ● The client and insurers normally call for the immediate investigation, report and completion of an insurance claim The spotlight then falls on the investigator. What do you suggest be done then? Once permission and support have been obtained, the investigator can immediately conduct the on-site orientation. 1.8.1 The objectives of profiling The objectives of profiling inter alia help the investigator achieve the following: ● Obtain an understanding of the structures, activities, methods, targets and movements of groups of people, individuals or organisations: in our context we focus on crime and criminals; the investigator must know whom he or she is dealing with ● Decide on the best possible strategy for eliminating or minimising the risks posed by criminals ● Follow the most effective methods of investigating the target ● Trace the subject or suspect ● Determine the movements, activities and associates of the subject ● Build up a case against a subject or suspect 1.8.2 Reasons for surveillance Surveillance as part of physical security is the careful and continuous watching of something or someone, carried out in a covert or discreet manner, in order to obtain information about the identities or activities of a subject or subjects. Surveillance can be broken into two general categories. The first category is called physical surveillance, whereby the operator must move, either on foot or by vehicle, in order to follow a subject or subjects. Physical surveillance is also called "mobile" surveillance or "tailing". Alternatively, the investigator can remain in a fixed position to observe a subject or subjects and this is called a "stakeout" or "static" surveillance. The second general category is called electronic surveillance. This is similar to physical surveillance except that it is done with electronic technology (Ferraro & Spain 2006:120). According to Newburn, Williamson and Wright (2008:428) reasons for surveillance operations are as follows: ● All conventional investigation methods and strategies have failed to provide the required evidence ● Information technologies that provide a new site for investigations have developed ● There is a trend away from reactive to proactive methods and strategies ● Surveillance techniques can provide high-quality evidence that is tantamount to an admission, without the need to interview ● Surveillance operations tend to bring speedy results in the investigation ACTIVITY 1.8 You are employed as an investigator by a motor manufacturer JBA Ltd. The business has experienced several burglaries and motor vehicle parts have gone missing. You are required to conduct on-site orientation and a security survey to inform management of the risks facing the business and how they can be mitigated. Briefly explain the objectives of an on-site orientation and those of a comprehensive security survey to a colleague. 12 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS FEEDBACK ● On-site orientation is a brief physical inspection of the organisation in question and includes interviewing and perusing security-related documents, for example, incident reports and occurrence books. The on-site orientation is usually conducted after an incident has occurred and when management seeks a quick report on what happened. ● A security survey is more thorough than an on-site orientation in that a comprehensive analysis of security-related documents is drawn up after the on-site orientation has been conducted. The current security risks and security measures are put in place and recommendations are made for top management to approve. 1.9 SOCIAL ENGINEERING Social engineering methods are often applied against individuals who can be convinced, against their better judgement, to do or believe things that they should not. Combine this with the inherent complexity of information technology systems that cannot be fully understood by many people and the unavoidable result is that information security can certainly be compromised by attack. Such indirect attacks are targeted against the human element of security – which falls under the general category of social engineering – and can prove detrimental to information security. Do you agree? Can you ponder on other methods criminals use to commit crime using the internet? Social engineers base their method of operation on well-proven applied psychology and persuasion techniques that they adapt to suit the needs of e-criminals. The internet has proven to be a breeding ground for computer crimes and abuses in various nations. To minimise the potential for loss that this raises it is necessary to: ● Prevent criminals and others from abusing computer technologies and systems for their own gain and to the detriment of others ● Educate large numbers of people in our society to better understand those technologies and the part they play in their daily lives ● Provide law enforcement agencies and security services with knowledge and training to detect and properly investigate computer-related crimes and abuses The personal computer and the internet have become the primary crime tools in the hands of criminals. What is your view on this? Can you explain why you hold this view. 1.9.1 Classic methods of committing computer crimes The connectivity of computing and communications has provided new opportunities for crime, including theft of services; information piracy, counterfeiting and forgery; the dissemination of offensive materials; electronic money laundering; electronic vandalism and terrorism; telemarketing fraud; illegal interception; and electronic transfer fraud. Can you mention other crimes that can be committed using computers and the internet? 1.9.1.1 Data manipulation and theft Changing data during or after input into a computer is the simplest, safest and most common method of committing computer crime. Do you know how this can be done? It can also be performed by anyone associated with or having access to the processes for creating, recording, transporting, encoding, examining, checking, converting or transforming data which is eventually entered. FOR3702/1 13 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.9.1.2 The salami technique This descriptive term implies trimming off small amounts of money from many sources and diverting these small amounts into one's own or an accomplice's account. Which employees do you think have access to other people’s monies? This form of crime is most common in banking environments with a large number of savings and or cheque and electronic accounts. By creating a new program or altering an existing one, an employee can randomly deduct one to five cents from a few thousand different individual accounts. The accumulated sums can be withdrawn by normal methods from his or her receiving account. 1.9.1.3 The Trojan horse Trojan horse programs initially appear legitimate and will behave as though they are doing what the computer operator expects. However, the Trojan horse contains either a block of undesired computer code or another computer program that allows it to do detrimental things to the system of which the operator is not aware, such as infecting the machine with a virus, worm, bomb or trapdoor. Remember, a Trojan horse program appears innocent and attracts users by inviting them to load it as some type of software. In reality, Trojan horse programs are not software, but ruses designed to penetrate a computer system so that a program of the perpetrator's choice can become active. 1.9.1.4 Viruses A virus can be referred to as any computer code that copies itself to other programs. Do you agree? Do you know anyone who has experienced a virus? In the computer field, a virus is a set of unwanted instructions executed on a computer and resulting in a variety of effects. 1.9.1.5 Hostile applets A new danger exists when you use the web to obtain information. The danger is from so called hostile applets that utilise a Java-enabled web browser. Java is Sun Microsystem's scripting language. Just as viruses perform a variety of tasks without the user's knowledge, so do hostile applets. The result can range from mild distraction to data loss. 1.9.1.6 Bombs Like a Trojan horse method, a bomb is a computer code a programmer inserts into legitimate software. There are two types of bombs: time bombs and logic bombs. A date or time triggers a time bomb, whereas some event, perhaps the copying of a file, triggers a logic bomb. 1.9.1.7 Trapdoors and backdoors Trapdoors are intentionally created and are normally inserted during software development. These doors are supposed to be removed once the software is completed. Unintentional access to software code is referred to as backdoor access. Doors allow programmers extensive access to test systems while they are being developed – access that would normally be denied. 1.9.1.8 Time stealing This is one of the most common forms of computer crime, because people do not consider the cost of accessing a computer without authorisation. Any access uses the computer's resources (hardware, memory, software, peripherals), which cost money. Time stealing can be compared to using another person's vehicle (using the petrol, and putting wear and tear on the vehicle) without his or her knowledge. 14 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS 1.9.1.9 Electronic eavesdropping Unauthorised tapping into communication lines over which digitalised computer data and messages are being sent is known as electronic eavesdropping. Using technologically advanced listening devices, eavesdropping can be done on traditional telephone lines and even satellite transmission networks. If the data transmitted is not encoded, capturing and transforming the data is equivalent to using a clandestine tape recorder to record a standard telephonic conversation. 1.9.1.10 Software piracy Providing software for computers is big business. Software programs can cost from a few rands to thousands of rands. For this reason some people are willing to copy software and resell it or give it away. What is your opinion? Do you think this is illegal? The unauthorised copying of copyrighted computer programs is referred to as software piracy. It has been estimated that for each legitimate copy of a software package sold, between four and thirty additional copies are made illegally. Although most copied programs are resold, they deny vendors and software developers profits that they should have accrued through legal sale of their intellectual property. 1.9.1.11 Scavenging memory Information contained in buffers and random access memory is kept until the space is written over or the machine is turned off. This fact allows a person gaining access to these areas to search for sensitive data that may be left from previous operations. 1.9.1.12 War driving This self-attached term refers to hackers who drive around locating wireless network points of entry to computer or networks. With today's technology, anyone with a laptop and powerful wireless card can enter a company's wireless network. As the range of the wireless systems card increases, so to do the threats from the war driver. 1.9.1.13 Identity theft Using information stolen from computer databases, criminals are committing criminal acts that have an impact on the people whose identities are stolen. Though using false identification is an old method of criminal activity, the ability to access all types of information on the computer has given this old problem an entirely new life. 1.10 VETTING The vetting process is often called integrity assessment, pre-employment screening, background screening or checking, personnel assessment or due diligence assessment. All these concepts imply that how a person acts will be in accordance with the relevant moral values and norms he or she subscribes to (Mdluli 2011:199). Vetting complements corporate ethics and is similar to the profiling of a suspect. Businesses and organisations that do not conduct background investigations expose themselves to potential fraud, litigation, and loss of reputation. Background checks also serve as a deterrent to crimes. The initial focus of such checks pertained to credit reports and additional types of collected information. Do you know the kind of information to use when vetting a person? Information that may be acquired during an employee screening may include: criminal, court and driving records, employee references, employment verifications and education verifications. Businesses that conduct background checks usually outsource the investigation to background check companies which have several means to access personal information. Investigators typically search criminal and court records, sex offender registries, driving records, employment verification, and bankruptcy records. Many offer extra services such as fingerprinting, credit checks, and drug tests. They can also widen criminal record FOR3702/1 15 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS searches to more countries and conduct social media screenings. Many background check companies tailor the thoroughness of the check according to the employer’s needs. Each additional feature adds time and expense to the process. For businesses, the process is as simple as outsourcing the matter to a background check company. Pre-employment background investigations for new government employees are routine, and similar to those of business. The Minimum Information Security Standard (MISS) document is a document that regulates the processes behind the granting of security clearances in South Africa. The document is administered by the government and covers issues such as administrative security, physical security, information security, communication security, computer security and personnel security related to the protection of information. From the point of view of the employee, the background check process is even more invasive. First, employees must complete a Standard Form questionnaire that requires them to divulge personal information. The human resource division then requests security and vetting personnel to conduct security clearances based on the information that they have disclosed and other additional information that will be obtained by the investigators. Do you know the levels of security clearance in South Africa? Depending on the level of clearance required, the process may also include examining top secret, confidential and secret criminal records and qualifications for authenticity purposes before appointments are made. After the individuals are appointed and allocated to a specific division, they sign contracts and get sworn in to become officials. Only then the individual will be regarded as an official employee. Do you support this view? Do you know why businesses, governments or organisations conduct vetting on their new recruits or employees? This is done in order to prevent offenders or potential offenders from being hired. 1.10.1 The benefits of vetting Vetting for the employer shows prudence in crime prevention. What are the other benefits of vetting that you know of? The employer also shows that the organisation has a transparent hiring policy whereby only vetted employees are employed. This will assure shareholders and investors that their monies will not be stolen as criminals will not be employed. The employer can benefit from this procedure as it allows for: ● Recruiting people who are likely to contribute to the success of the organisation ● Making informed decisions about prospective employees as well as about internal appointments or promotions ● Identifying fraudulent behaviour before appointments are made ● Proactively mitigating human risks in the organisation ● Predicting behaviour in the work environment ● Evaluating job compatibility and identifying potential ● Identifying non-ethical behaviour ● Preventing negligent hiring lawsuits; and ● Being cost effective by preventing fraud, corruption, theft and high staff turnover. One of the uses for vetting is to allow an applicant to receive a security clearance that will enable him or her to have access to certain classified information. Do you think that a person issued with a security clearance should be trusted? Explain. ACTIVITY 1.9 Discuss the benefits of vetting employees. 16 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS FEEDBACK Management will have a level of trust for the employees. Read further under the subtopic “vetting” at 1.10.1, above, for additional answers. 1.11 SECURITY CLEARANCE Security clearance is influenced by risk management and risk identification (Mdluli 2011:31). A security clearance is an official document issued by a vetting authority to a person after successful completion of a security screening investigation. The certificate specifies the levels of classified information the person can access, subject to need-to-know principle. What kinds of information can a vetted person access? When this certificate is granted to persons they will then be allowed access to classified information held by the state or to organisational secrets or restricted areas. The term "security clearance" is also sometimes used in private organisations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access to particular information or a particular area; the organisation must also determine what specific information the cleared individual needs to have knowledge of. The organisation must also ensure that no employee is granted automatic access to classified information solely because of rank, position, or a security clearance. Personnel security clearances allow government and industry personnel (contractors) to gain access to classified information that, through unauthorised disclosure, could in some cases cause exceptionally grave damage to national security. It is important to keep in mind that security clearances allow for access to classified information on a need-to-know basis. Many governments, including the South African government, use other processes and procedures to determine if an individual should be granted access to certain government buildings or facilities or be employed as either a military or police officer or civilian employee or contractor for the government. A highquality personnel security clearance process is necessary to minimise the associated risks of unauthorised disclosures of classified information and to help ensure that information about individuals with histories of criminal activity or other questionable behaviour is identified and assessed as part of the process for granting or retaining clearances. The adjudication process is an examination of a sufficient period of a person’s life to make an affirmative determination that the person is eligible for a security clearance. This refers to the eligibility for access to classified information predicated upon the person meeting security guidelines. In evaluating the relevance of a person’s conduct, the adjudicator should consider the following nine factors: ● ● ● ● ● ● ● ● ● The nature, extent and seriousness of the conduct Whether the circumstances surrounding the conduct to included knowledgeable participation The frequency and recentness of the conduct The individual’s age and maturity at the time of the conduct The individual’s willingness to participate The presence or absence of rehabilitation and other pertinent behavioural changes The motivation for the conduct The potential for pressure, coercion, exploitation, or duress The likelihood of continuation or recurrence (Mdluli 2011:118). In addition to the above, Mdluli (2011:120) lists thirteen further security clearance factors that may have a bearing on whether or not the person concerned is approved for security clearance: ● ● ● ● ● ● Loyalty to the state, Constitution and employing institution Personal conduct Criminal conduct Financial consideration Sexual behaviour Emotional, mental and personality disorders FOR3702/1 17 LEARNING UNIT 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS ● ● ● ● ● ● ● Alcohol consumption and or abuse Drug involvement and or abuse Security violations Outside activities Misuse of information technology systems Foreign influence Foreign preferences 1.11.1 Security clearance levels The level indicated on the certificate ensures that the person is appropriately utilised within the employment environment. The certificate does not confer any rights on such a person. The categories of security clearance are as follows: ● ● ● ● Reliability status Confidential Secret Top secret Security clearance levels such as reliability, confidentiality and secret are valid for a period of ten years. Top level security status is valid for a period of five years only. ACTIVITY 1.10 Describe the purpose served by a security clearance. FEEDBACK A security clearance enables one to have access to specified classified information held by the state, business or organisation. It primarily assures management that one can be trusted with the information, depending on the classified level. 1.12 SUMMARY AND CONCLUSION The risk analysis exercise is a management tool that assists the organisation to determine risk exposure. The organisation and investigators have the economic, moral and legal responsibility to manage risks in a responsible manner. Security risk assessment can be achieved by obtaining information on crime and unethical corporate practices through primary and secondary sources. Risks – such as physical security risks – may include theft of property and/or cyber-attacks in the form of social engineering. Security survey sheets are one of the tools that can be used to determine and measure the risk factor or security weaknesses. Asset risk prioritisation can be applied only after the internal and external environments have been scanned. Risk can be managed by reducing the probability and impact by avoiding, diffusing, transferring and accepting it. Once the organisation has a clear picture of the risks confronting it, the next step is to conduct the security risk management process. The organisation should have clarity on the risks endangering the profitability of the organisation. This will enable the organisation to make responsible financial decisions when a risk assessment exercise is undertaken. Uncertainty, which is a key component of risk management, is removed when a risk analysis exercise is conducted. Once an on-site orientation has been conducted, a comprehensive risk analysis exercise and a comprehensive security survey may be necessary to verify the provisional findings of this on-site orientation and ensure that the measures taken will meet the organisation’s security needs. There may be a need identified for vetting to be conducted on the employees and/or people doing business with the organisation – or a need may be identified relating to building structure. Such a need may 18 Learning unit 1: INVESTIGATION IN RELATION TO RISK MANAGEMENT AND RISK ANALYSIS necessitate that entrances to the organisation be altered or security devices be installed to monitor movements. SELF-ASSESSMENT QUESTIONS Describe the step (s) of the risk analysis exercise that will help top management to make an informed financial decision. Why is it important to obtain permission from your client or top management before you may conduct a risk analysis exercise? Discuss the activities that you should do when conducting an on-site orientation. Why is it important to conduct an on-site orientation? What are the potential pitfalls of conducting an on-site orientation? 1.13 BIBLIOGRAPHY Clarke, R.V. 1997. Situational Crime Prevention: successful Case Studies. 2nd edition. Albany: Harrow and Heston. Constitution of the Republic of South Africa. 1996. (Act 108 of 1996) – referred to as the Constitution. Ferraro, E.F. & Spain, N. M. 2006. Investigations in the workplace. New York: Auerbach. Geason, S. & Wilson, P. 1988. Crime Prevention: Theory and Practice. Canberra: Australian Institute Of Criminology. Jenkins, B.D. 1998. Security risk analysis and management. Published report. USA. Kaspersky. What is Social engineering. https://usa. kaspersky. com/internet-security-center/definitions/social-engineering# Le Roux, G. J. 2002. Development of a security risk analysis model: the basics. Naspers. Mdluli, B.D. 2011. Fundamentals of security vetting in a democratic South Africa: A handbook for Managers, Practitioners, Students and users. Cape Town: BM Consultants. ISO. 2009 31000: Risk Management Principles. Available at http://www. iso. org/iso/home/standards/iso31000.htm. Newburn, T, Williamson, T. & Wright, A. 2008. Handbook of Criminal Investigation. UK: Willan. Olzak,T. 2008. Three security investigations pitfalls to avoid. IT Security. From: http://blogs.techrepublic.com (accessed 14 February 2011). Ozier, W. 2003. Risk metrics needed for IT-security. Available at www.theiia.org/publication. Shimonski, R.J. 2002. Risk assessment and threat identification. Available at www.windowsecurity. com/articles-tutorials/misc. Zaal, F.N .2005. The first attempts to use legislation for social engineering in South Africa: An analysis of the 17th century cape miscegenation Plakaten. Fundamina, 201 (11–12). FOR3702/1 19 Learning unit 2 INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES Learningunit2 2.1 INTRODUCTION Fighting crime has become one of the most important challenges for South Africa and is now a top priority for both the private and public sectors. Since the democratisation of South Africa, both this country and the world have seen rapid growth in all forms of organised crime, both international and domestic. This trend has also brought with it an associated rise in corruption – that is corporate fraud and cyber-crime, as well as other corrupt practices. Accordingly, the fighting of crime has become one of the most important challenges for South Africa and is now a top priority for both the private and public sectors. As is the case with e-commerce crimes, corruption is on the increase in South Africa. Media reports, information received from courts and official and unofficial reports suggest that we are not simply looking at a few isolated cases in our society. Corruption and cyber-crimes are fairly common practice in South Africa, affecting many sectors of society. We do not have to look far for the signs: ghost employees in the civil service (employees who exist on the books but not in real life), fraud in the hospitals, fraudulent scholar transport, cyber-crimes and electronic fund frauds at the banks and insurance institutions, theft of sensitive information, fraudulent university degrees, electoral fraud, and insider trading. 2.2 IDENTIFYING VULNERABLE AREAS AND PROCESSES As mentioned in learning unit 1, the security risk analysis exercise is aimed at identifying risks. Do you still remember this? What about the aim of the security survey? The security survey exercise is aimed at identifying security weaknesses. As part of the entire security risk management exercise, vulnerable points that are exposed to corruption must be identified. You will have to obtain the services of a small committee to assist you in this regard with its members drawn from departments or sections such as purchasing (procurement), logistics (supply chain) and security as well as from the ranks of the IT managers, finance managers, auditors and investigators. Can you think of other departments in your work environment that can be roped-in? The investigator must invite only people who can add value to the team. Every activity in an organisation has weak points and crime syndicates have no problem identifying and exploiting these weak areas. For example: Various phases in a tender process are very sensitive. Quotations obtained must be viewed as highly confidential. The procurement process may have weaknesses in it. The list of clients and pricing structures may be vulnerable. The names of people involved in the tender process may need to be kept secret. Auditing processes – such as the dates for surprise audits – may need to be kept secret and may be vulnerable (by way of bribery of the person organising or setting these dates to release them to interested parties, i.e. those who might have something to hide). ● There may be weaknesses in information security, and other e-resources. ● There may be weaknesses in environmental design and physical security. ● There may be weaknesses in personnel security. ● ● ● ● ● ● We stress, again, that the above are merely a few examples. Each organisation has its own unique vulnerable points. All vulnerable points need to be identified as part of the corruption prevention 20 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES programme. Can you think of some of the vulnerable areas in your work environment? Write them down. 2.3 FORMS OF INVESTIGATIONS IN THE CORPORATE AND PRIVATE ENVIRONMENT The nature and scope of corporate crimes committed are limited only by the offenders’ imaginations (their creative criminal genius). Corporate investigations, therefore, cover a wide range, including the following: ● ● ● ● ● ● Information-related investigations Personnel-related investigations Financial investigations Property-related investigations Legal, regulatory and other compliance investigations Co-operative investigations The investigation is conducted into the inherent and residual risks confronting any business or organisation. The main purpose of the exercise is to eradicate or limit such risks. 2.3.1 Objectives of corporate, private and public investigation The main objective of an investigation is to ascertain the facts about what really happened, obtain the truth and collect evidence. This must be done in strict accordance with the rules and provisions governing the process. The following key issues need to be established and clarified: what, how, when, why, where and who. After an investigation, any of the following steps may be taken: ● ● ● ● ● Prosecution Disciplinary measures Preventive action Amending company policy Civil recovery Do you agree? Or do you think there are other sanctions that can be included in the list mentioned above? To prevent wrongful acts or omissions, let us look at this from a pro-active perspective. 2.4 PRO-ACTIVE INVESTIGATION – DETECTION OF CORRUPTION Corruption is difficult to investigate because corrupt dealings are hard to detect. By their nature they are very secretive since they are committed by consenting adults who all benefit from concealing their greedy deeds. Such crimes are also often subtle because they are perpetrated by people who know that corrupt dealings within the system are harder to prove than more open crimes such as assault because there are generally very few witnesses to crimes of corruption. However, the following techniques may be used to detect corruption: ● Using undercover agents. This is a very sensitive, dangerous and complex operation that must never be attempted by inexperienced investigators. Many companies prefer to outsource this activity to well-established and reputable investigation agencies. ● Forcing staff members to take leave. This will ensure that someone else can perform a staff member's functions, which is a safeguard against irregularities being covered up and not being detected. ● Applying fraud detection techniques. Examples of these are regular internal and external audits, both scheduled and unscheduled, as well as the forensic auditing of management control procedures (University of South Africa 2004:350). FOR3702/1 21 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES ACTIVITY 2.1 Discuss the results of the most effective technique that you have used in your workplace to detect corruption. Alternatively, you may discuss a technique you have read about in the media and which has proven to be effective. FEEDBACK Your model answer should reflect information included under point 2.4 above. The use of surveillance and covert techniques in gathering information could be ideal for a corporate environment as well. You should not leave out the use of informants which is very much prevalent in the workplace. 2.5 INVESTIGATIVE RISK ANALYSIS OF DATA Several investigative methods may be used in the investigation of e-commerce crimes and corruption. Some of these methods are generally known and are often used, while others are less known and seldom used. The following are some of them: 2.5.1 Interviews and interrogation This way of investigating is normally used by both the police, corporate and private investigators. A case docket is opened after a charge is laid by a complainant, and the investigation is launched on the grounds of this complaint. This method of investigation is usually reactive; however it can also be pro-active, especially in electronic crimes and cyber-attacks. In a reactive situation, the police and investigators react to a reported complaint (the pressing of a charge or the opening of an investigation file). Statements are obtained from the complainant and witnesses, exhibits are seized and the suspect is arrested as soon as sufficient evidence becomes available. Where the investigation has been conducted by the police, once completed it is presented to the prosecuting authority for a decision whether or not to prosecute. The routine procedures of investigation are followed. 2.5.2 Surveillance Surveillance is the careful and continuous observation of something or someone, carried out in a secretive or discreet manner, in order to obtain information about the identities or activities of a subject or subjects. Surveillance can be broken into two general categories. In the first the investigator must move, either on foot or by vehicle, in order to follow a subject or subjects. This type of surveillance is called "mobile” or “tailing". In the second the investigator remains in a fixed position to observe a subject or subjects; this is called a "stakeout" or "static" surveillance. In the context of workplace investigations, physical surveillance is nothing more than watching people, places and things. Physical surveillance requires only two things, something to watch and someone to watch it. Electronic surveillance is similar to physical surveillance in that it is nothing more than watching people, places and things. However, unlike physical surveillance, electronic surveillance employs the use of electronic technology in order to improve results. Electronic surveillance can also be used in places and circumstances where simple physical surveillance cannot. Because electronic surveillance uses technology such as video, covert cameras and personal computer monitoring software, it can be used when and where physical surveillance is not possible. Surveillance requires specialist knowledge, skills and patience and is usually carried out by fulltime surveillance teams. Do you know which types of investigation will require the use of surveillance? Surveillance is an expensive and intense technique which should be used with 22 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES discretion and confined to important investigations. Professional criminals have no difficulty evading an investigator doing surveillance on his or her own and can thus thwart an entire investigation. This technique is always executed in secret and is really only effective if the subject is not aware of the surveillance. 2.5.3 Undercover investigations An intelligence-driven investigation is a collective name for a number of investigative techniques used in undercover investigations. These techniques are essentially proactive and are aimed at a person or business or organisation, rather than at the crime. Intelligence-driven investigations are commonly used when normal investigations do not produce the desired results. The subject or target of this type of investigation is usually unaware that the police are engaged in an intelligence-driven investigation against him or her. 2.5.3.1 Infiltration (agents and informers) As an investigative technique, infiltration is usually confined to secret investigations and operations. This technique entails the secret infiltration of a criminal group by an agent or informer to gather evidence and information about illegal activities. This technique delivers the best results against the planners and organisers of the criminal group. Any criminal is dealt a fatal blow if a police agent successfully infiltrates and testifies against the criminal in court. This technique requires a great deal of expertise and should be tackled with great circumspection. Although enormous risks are involved in this technique it may also be used very successfully. Organised criminal activity can be effectively investigated and combated through infiltration of the criminal group. Because of the risks involved, this technique must be carefully managed. Do you agree? Explain further. 2.5.3.2 Penetration (recruiting a criminal group member as an informer) In this technique a member of the criminal group is recruited to provide information about the group's activities. The recruited member usually knows about the illegal activities and has personally participated in them. Since recruitment like this may have serious legal implications it is wise to obtain the authority of the Directorate for Public Prosecutions before proceeding. This technique requires a great deal of expertise and should therefore be approached with extreme circumspection. 2.6 NETWORK DEFENCES AS A PRO-ACTIVE RISK ANALYSIS The importance of protecting a network and its data cannot be underestimated. Attacks directed at networks and computers can destroy a business. The primary defence against network attacks can be classified into three groups. These include devices that can thwart attackers, designing the layout or configuration of a network so as to reduce the risk of attacks, and testing the network security. Because it is fundamentally different from a wired network, defending a wireless LAN from attacks requires that additional steps be taken (Ciampa 2007:180). Several network devices can be used to thwart attackers. Can you think of some examples? These include firewalls, network address translation systems, intrusion detection systems and proxy servers. 2.6.1 Firewalls A firewall, sometimes called a packet filter, is designed to prevent malicious packets from entering the network or computers. A firewall can be software-based or hardware-based. A software firewall runs as a programme on a local computer (called a personal firewall) to protect it against attacks, while hardware firewalls are separate devices that typically protect an entire network. Hardware firewalls are usually located outside the network security perimeter as the first line of FOR3702/1 23 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES defence. The foundation of a firewall is the rule base. The rule base establishes what action the firewall should take when it receives a packet. Three typical options are as follows: ● Allow: Let the packet pass through and continue on its journey. ● Block: Prevent the packet from passing to the network and instead destroy it. ● Prompt: Ask the user what action to take. Packets can be filtered by a firewall in one of two ways. Stateless packet filtering looks at each incoming packet and permits or denies it based strictly on the rule base. Can you think of any that you may know of? For example, a user from inside the protected network may send a request to a web server located on the internet for a web page. A rule in the firewall would allow the web page to be transmitted back to the requesting computer. Although a stateless packet filter does provide some degree of protection, attackers can easily bypass this protection. In the previous example, attackers only have to discover a valid internal IP address of the computer network. Then they can send an attack using that IP address and falsely change the packet to indicate it is an HTML document (port 80) (Ciampa 2007:180). The second type of firewall provides a greater degree of protection. Link state packet filtering keeps a record of the state of a connection between an internal computer and an external server and then makes decisions based on the connection as well as the rule base. For example, a stateless packet filter firewall might allow a packet to pass through because it is intended for a specific computer on the network. However, a stateful packet filter would not let the packet pass if that internal network computer had not first requested the information from the external server. Firewalls are a critical tool for protecting a network and computer from attacks. However, firewalls are not the final answer in the network defence. Firstly, they do not stop all types of attacks such as viruses and Trojan horses. Secondly, a firewall is only as strong as its rule base. Accordingly, a firewall must be properly configured with the correct rules to be an effective deterrent to attacks (Ciampa 2007:182). 2.6.2 Network address translation Another means of preventing attackers from sending malicious packets into a network is to disguise the IP addresses of the computers on the internet network. If an attacker does not know the IP address, it is more difficult to send a packet past the firewall. Devices that perform this hiding function are known as network address translation (NAT) devices. A NAT hides the IP addresses of the network devices from attackers. As a packet leaves the network, NAT removes the original IP address from the sender's packet and replaces it with an alias IP address. The NAT software maintains a table of the original address and the corresponding alias address. When a packet is returned to the NAT, the process is reversed. An attacker who captures the packet on the internet cannot determine the actual IP address of the sender. Without that address, it is more difficult to identify and attack a computer (Ciampa 2007:183–184). A variation of NAT is a port address translation (PAT). Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different port number. This allows a single IP address to be shared by several users. Port address translation is typically used on home networks that allow multiple users to share one IP address received from an Independent Service Provider (ISP) (Ciampa 2007:184). 2.6.3 Intrusion detection systems Although not found on home or small business computer networks, a device that establishes and maintains network security for large organisations is an intrusion detection system (IDS). An IDS monitors the activity on the network and what the packets are doing (instead of just filtering packets based on where they come from as a firewall does). An IDS performs a specific function when it senses an attack, such as dropping packets or tracing the source of an attack (Ciampa 2007:185). 24 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES Network-based IDS systems monitor all network traffic and are located just behind the firewall. Do you know how an IDS system functions? This system examines the type of data being transmitted and analyses activity on the network to determine if an attack is occurring. Some IDS systems look for attacks based on a database of attack signatures, similar to how antivirus software detects a virus. If an attack signature is not in the database, however, the system generally does not know about it. Other IDS systems are based on behaviour, which means the IDS watches network activity and reports abnormal behaviour. Network-based IDS systems can also work with other network security devices. For example, if an attack is identified, the network-based IDS can send an instruction to the firewall to block all packets from this source so they cannot enter the network. When an IDS system identifies an attack, it can send an alert message to an administrator through an e-mail, a pager or a cellphone (Ciampa 2007:185). 2.6.4 Proxy server The primary goal of a proxy server is to conceal the identity of the computers within a protected network. Can you think of other functions served by a proxy server? Although proxy servers function in a manner similar to a NAT system, they can also inspect the packets of data for viruses and other malicious content. A proxy server interprets requests sent to a server and replaces the original IP address with its own address, thus preventing a direct connection to the server. The packet is then sent to the server. When the server replies, the packet is sent to the proxy server, which reinserts the original IP address before sending the packet (Ciampa 2007:186). 2.6.5 Network designing Network security cannot provide the protection needed to ward off attackers if the network is not properly designed. One key to designing effective network security is to create a single point of entry into the network. In addition to restricting the number of points of entry, the security of a network can be enhanced by properly configuring the overall design of the network. Two technologies that are frequently used are demilitarised zones and virtual private networks. 2.6.6 Demilitarised zones A demilitarised zone (DMZ) is another network that sits outside the secure network perimeter. Outside users can access the DMZ, but cannot enter the secure network because the DMZ has been set up outside of the secure network perimeter. The DMZ contains a web server and an email server, two servers that are continuously accessed by outside users. However, outside users never enter the secure network, they enter only the DMZ. Placing these servers in a DMZ restricts the access of outside users to the secure network. For an extra level of security, some networks use a DMZ with two firewalls. The DMZ feature allows one local computer to be exposed to the internet to use a specialpurpose service such as internet gaming or videoconferencing. DMZ hosting opens all the ports of one computer, exposing the entire computer so all users on the internet can see it. Because of the high security risk, setting up a DMZ is not recommended unless it is absolutely necessary (Ciampa 2007:186-187). 2.6.7 Virtual private networks One of the great strengths of the internet is that it can be accessed from almost anywhere in the world. This makes it especially attractive for travelling business users who can access their company’s e-mail and corporate data over the internet. However, because the internet is a public network that anyone can access, it should never be used to transmit unprotected, sensitive or private data. Do you think there is a risk that can be posed by doing so? The risk is simply too great that someone will intercept the packets and see information. One way to securely transmit data through a public network is by using a virtual private network (VPN). A virtual private FOR3702/1 25 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES network creates a secure network connection over a public network. These networks are used extensively because they allow employees to access private data from almost anywhere an internet connection can be located (Ciampa 2007:189). When using a VPN, a unique connection known as a tunnel is first set up between the sender and receiver. Only those computers or servers that are designated as belonging to the tunnel can participate in the transmission. The packets that are to be transmitted are enclosed within another packet. This helps protect the integrity of the data being transmitted and hides information such as the IP addresses. Then, as an added degree of security, the packets are encrypted using digital certificates. The recipient must be authenticated as an authorised user to receive the packets (Ciampa 2007:189). 2.6.8 Testing network security A key to establishing a good network security defence is to periodically test the defences to ensure their strength. Do you agree? And do you know how to test the network? Several kinds of programmes can probe a network to determine if any vulnerability exists. It is recommended that network security be tested at least once a month for a home network or more frequently if it appears that a network may be targeted by attackers. In addition, the network security should be checked when the network configuration or the security settings change (Ciampa 2007:190). ACTIVITY 2.2 Read the following scenario and respond to the question that follows. Your company has embarked on a project to supply Telkom with fibre optic cables. You are the corporate investigator and your main role in this project is to ensure that the information pertaining to this project is safe from competitors and that no unauthorised person can gain access to such information. Lately you have realised that a number of hackers have tried to tamper with your company's computer network system to try to access this valuable information. When they failed to do so, they tried to destroy and distort the whole system. You have reported a number of linked problems in a report to the project management team. The company project management team members are now worried about the safety and vulnerability of all the company’s confidential information. They ask you to assist them by providing the appropriate security countermeasures to defend this information from any attacks or threats (both externally and internally). In doing so, briefly discuss all three network defences. FEEDBACK (Please note: this feedback is only an overview or guideline on points for discussion – your answer should be formulated in more detail and in a discussion format). To do this activity you will have to discuss network devices, that is firewalls, network address translation, intrusion detection systems and proxy servers. Then move on to discuss network design – that is demilitarised zones and virtual private networks. The last part of your discussion should deal with the testing of network security. 2.7 SECURING HARDWARE AND SOFTWARE ASSETS Software security can be defined as the protection of data and programs in a computer system. There are three major elements to the protection of software, such as program protection, 26 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES protection of data in online systems by software and protection of data in conventional batch processing systems, also by software. In the information security part of the electronic world, hardware is now a general term for the physical artefacts of a technology. It may also mean the physical components of a computer system in the form of computer hardware. Hardware controls and their management involve operating systems, protection of memory and addressing, protection of access to general objects, file protection mechanisms, file authentication routines and password protection. Input, output and processing are three essential functions of any computer. To prevent data integrity loss during these operations, several hardware features are available. 2.7.1 Read-after-write In disk drives and magnetic tape drives it is common practice to read the data immediately after they are recorded and to compare them with the original values. Any disagreement signals an error that requires rewriting. 2.7.2 Dual read To check the accuracy of document readers, the read operation is performed twice and the results compared. Any disagreement should produce a machine check halt. 2.7.3 Echo Data transmitted to a peripheral device, to a remote terminal or to another computer can be made to generate a return signal. This echo is compared with the original signal to verify correct reception. One common example is impact printers in which each hammer generates an identifying code when it is actuated. Timing errors caused by uncontrollable signal delays, jammed keys and other printer malfunctions produce echoes that do not agree with the original signals. 2.7.4 Overflow The maximum range of numerical values that any computer can accommodate is fixed by its design. If a programme is improperly scaled or if an impossible operation such as dividing by zero is called for, the result of an arithmetic operation may exceed the allowable range, producing an overflow error. 2.7.5 Hardware multiply Multiplication of binary numbers is carried out by a series of additions and register shift operations. Although programmed instructions or a standard subroutine could be called when required, faster and more reliable results are attainable with hardware-implemented multiplication. 2.7.6 Validity In any one computer coding system, some bit patterns may be unassigned and others may be illegal. 2.7.7 Replication In high sensitivity applications, it is good practice to provide backup equipment on-site, for immediate changeover in the event of failure of the primary computer. For this reason it is sometimes prudent to retain two identical, smaller computers rather than to replace them with a FOR3702/1 27 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES single unit of equivalent or even greater power. Fault-tolerant or fail-safe, computers use two or more processors that operate simultaneously, sharing the load. If one of the computers fails, the others pick up its share of the work without pause. Many of these sensitive applications, such as airline reservation systems, have front-end processors; it is important that this equipment be duplicated as well as the central processing unit (Hutt, Bosworth & Hoyt 1995:11.6-7). 2.7.8 Interrupts Interrupts are signals generated by hardware elements that detect exceptional conditions and initiate appropriate action. The first step is to immediately store the status of various elements in pre-assigned memory locations. The particular stored bit patterns, commonly called programme status words, contain the information necessary for the computer to identify the cause of the interrupt, to take action to process it and then to return to the proper instruction in the programme sequence after the interrupt has been cleared. There are five types of interruptions that are in general use. Each of them is of importance in establishing and maintaining data processing integrity. In order of probable frequency of occurrence they are as follows. 2.7.9 Input/output (I/O) interrupts Input/output interrupts are generated wherever a device or channel that had been busy becomes available. This capability is necessary to achieve error-free use of the increased throughput provided by buffering, overlapped processing and multi-programming. After an I/O interrupt, a check is made to determine whether the data have been read or written without error. If so, the next I/O operation can be started, but if not, an error recovery procedure is initiated. The number of times that errors occur should be recorded so that degraded performance can be detected and corrected. 2.7.10 Supervisor calls The supervisor, or monitor, is a part of the operating system software that controls the interactions between all hardware and software elements. 2.7.11 Programme check interrupts Improper use of instructions or data may cause an interruption that terminates the programme. Attempts to divide by zero and arithmetic overflow that would produce erroneous results are voided. Unassigned instruction codes, attempts to access protected storage and invalid data addresses are other types of exceptions that would cause programme check interrupts. 2.7.12 Machine check interrupts Among the exception conditions that will cause machine check interrupts are parity errors, open disk drive doors and defective circuit modules. It is important that proper procedures be followed to clear machine checks without loss of data or processing errors. 2.7.13 External interrupts These are generated by timer action, by pressing an interrupt key or by signals from another computer. When two central processing units are interconnected, signals that pass between them initiate external interrupts. In this way, control and synchronisation are continuously maintained, while programmes, data and peripheral devices may be shared and coordinated. 28 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 2.7.14 Trapping This is a type of hardware response to an interrupt. Upon detecting the exception, an unconditional branch is taken to some predetermined location. An instruction there transfers control to a supervisor routine that initiates appropriate action (Hutt et al. 1995:11.7–8). 2.7.15 Data storage The modern digital computer is known as a stored programme calculator to distinguish it from earlier machines that required external initiation of programme phases and differently wired boards as well. In the interests of data security and integrity, various therapeutic measures have been developed, as follows. ● Main memory Whether of magnetic cores, thin films, plated wires or metal-oxide semiconductors, all primary storage elements share the necessary quality of being easily accessed for reading and writing of data. Unfortunately, this necessary characteristic is at the same time a potential source of difficulty to maintaining data integrity against unwanted read/write operations. The problems are greatly intensified in a multi-programmed environment, especially with dynamic memory allocation, where the possibility exists that one programme will write improperly over another's data in main storage. Protection against this must be provided by the operating system. ● Read-only memory (ROM) What is the most important feature of main memory? One distinguishing feature of main memory is the extremely high speed at which data can be entered or read out. The set of sequential procedures that accomplishes this and other functions is the program and a programmer has complete freedom to combine any valid instructions in a meaningful way. However, where certain operations, such as multiplication, are frequently and routinely required, they may be performed automatically by a pre-programmed group of memory elements. It is then necessary that no change, intentional or inadvertent, occur in the pre-set program. For this purpose, a class of memory elements has been developed in which read-out is even faster than from main memory. Furthermore, once programmed they cannot be changed at all or at least they require a relatively long time and usually external equipment to do so. This class of memory is called read-only memory or ROM. The process, by which sequential instructions are set into the elements or the function they perform, is known as micro-programming. The technique can be used to advantage where data integrity may be safeguarded by eliminating the possibility of a programmer error. ● Secondary storage As the cost of primary storage continues to decline, computers are built with even larger main memories. At the same time, the sizes of programs and the number run concurrently in a multiprogramming mode continue to increase so that main memory remains an important constraint on throughput. To increase the effective size of main memory, various secondary storage devices have been developed. Unlike primary storage, secondary memories are not an integral part of the central processing unit, although they may appear to be, as in virtual memory systems. The hardware safeguards described earlier, such as redundancy, validity, parity and read-afterwrite, are of value for preserving the integrity of secondary storage. These safeguards are built into the equipment and are always operational unless disabled or malfunctioning. Other precautionary measures are optional and, as a consequence, are too often neglected (Hutt et al. 1995:11.9–10). 2.7.16 Data communications One of the most dynamic factors in current computer usage is the proliferation of devices and systems for data transmission. The necessity for speeding information over great distances increases in proportion to the size and geographic dispersion of economic entities and, at the FOR3702/1 29 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES same time, the necessity for maintaining data integrity and security, and the difficulty of doing so, increases even more rapidly. Do you think there are risks involved in internet connectivity? Major threats to be guarded against include human and machine errors, unauthorised accession, alteration and sabotage. Accession defines an ability to read the data stored or transmitted within a computer system; it may be accidental or purposeful. Alteration is the wilful entering of unauthorised or incorrect data. You must have heard about the word ‘sabotage’ many times before. This word is used differently by different people. In this guide sabotage refers to the intentional act of destroying or damaging the system or the data within it. Do you know of instances where this happened? For each of these threats, the exposure and the countermeasures will depend on the equipment and the facilities involved. Two types of wired facilities are in widespread use: leased lines and dial-up networks. Within each type several classes of services or tariffs are available from the common carriers. A third type of wired interconnection is one that can be made and maintained independently (Hutt et al. 1995:11.14). Both common carriers and independent systems may employ various media for data transmission. Generally, decisions about the choice of service are based on the volume of data to be handled and on the associated costs, but security considerations may be even more important. The following are the different technical systems used to access, communicate and transmit electronic data. ● Dial-up (telephone) lines Computer input ports may be reached by any subscriber to the public telephone system. Some method of identification is therefore necessary to detect and deter unauthorised callers. Can you think of some methods of identification to log-in on the computer system? Passwords are the most common means for accomplishing this, but their use must be well planned and systematically guarded. It is advisable to do the following (Hutt et al, 1995:11.14–15): ● Establish a hierarchy of programs and data files and restrict users to specified levels. ● Maintain close supervision over passwords and the change them often – at once if it is suspected that security has been breached. ● Compile a log of unauthorised attempts at entry and use it to discourage further efforts. ● Compile a log of all accesses to sensitive data and verify their appropriateness. ● Equip all terminals with internal identification generators or answer-back units, so that even a proper password would be rejected if sent from an unauthorised terminal. ● Provide users with personal identification in addition to a password if the level of security requires it. The additional safeguard could be a magnetically striped or computerised plastic card to be entered into a specific reader. ● Utilise call-back equipment that prevents a remote station from entering a computer directly. Instead, the device dials the caller from an internal list of approved phone numbers to make the actual connection. ● Leased lines Lines leased from a common carrier for the exclusive use of one subscriber are known as dedicated lines. Because they are directly connected between predetermined points, they cannot normally be reached through the dial-up network. Wiretapping is a technically feasible method of accessing leased lines, but it is more costly, more difficult and less convenient than dialling through the switched network. Furthermore, no legislation exists to prohibit calling any telephone number at all, while wiretapping is clearly illegal. The result, of course, is that leased lines are generally more secure. To this increased level of security for leased lines is added the assurance of higher quality reception. The problems of uncertain transmission paths and switching transients are eliminated, although other error sources are not. In consequence, parity checking remains a minimum requirement (Hutt et al 1995:11.15). 30 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 2.7.17 Wireless communication Data transfers between multinational corporations have been growing rapidly. At the same time, transoceanic radio and telephone lines have proved too costly, too slow, too crowded and too error prone to provide adequate service. An alternative is the communications satellite. Orbiting above the earth, the satellite reflects ultra-high-frequency radio signals that can convey a television programme or a computer programme with equal speed and facility. For communications over shorter distances, the cost of common-carrier wired services has been so high as to encourage competitive technologies. One of these, the microwave radio link, is used in many networks. One characteristic of such transmissions is that they can be received only on a direct line-of-sight from the transmitting antenna. With such point-to-point ground stations it is sometimes difficult to position the radio beams where they cannot be intercepted; with satellite communications it is impossible. The need for security is consequently greater and scramblers or cryptographic encoders are essential for sensitive data transfers. Because of the wide bandwidths at microwave frequencies, extremely fast rates of data are possible. With vertical, longitudinal and cyclical redundancy check characters, almost all errors can be detected, yet throughput remains high (Hutt et al 1995:11–16). 2.7.18 Terminals Data communications are carried on between computers, between terminals or between computer terminals. The terminals themselves may include teletypewriters, magnetic tape drives, cathode-ray tube stations, “intelligent'' terminals and microcomputers. Slow-speed terminals generally receive characters asynchronously, one at a time, storing them in a buffer until tested. If acceptable, the buffer is cleared and an appropriate signal returned. Otherwise, a signal is sent to the originating station requesting retransmission of the erroneous character. High speed terminals are similar in their action except that blocks of information containing hundreds of characters may be transmitted at once, stored in a buffer, checked for parity and validity and retransmitted as a block on receipt of an error signal (Hutt et al. 1995:11.15–16). 2.7.19 Cryptography Acquiring information in an unauthorised manner is relatively easy when data are communicated between locations. How can this kind of behaviour be discouraged? One method of discouraging this practice or rendering it ineffective is cryptographic encoding of data prior to transmission. This technique is also useful to preserve the security of master files within the data centre itself. If such files were stored on tape, disk or drum in cryptographic cipher only, the incidence of theft and resale would unquestionably be less. Theoretically, any code can be broken, given enough time and equipment. In practice, if a cipher cannot be broken fairly quickly the encoded data are likely to become valueless. However, since the key itself can be used to decipher later messages, it is necessary that codes or keys be changed frequently (Hutt et al. 1995:11.17). 2.8 PREVENTION STRATEGIES In the past organisations were mainly concerned with the recovery of losses caused by corrupt activities. Later there was a movement towards the prosecution of corrupt people as a way of discouraging repeat offenders. After a crime has occurred, losses often result. This requires investigation which can be costly. 2.8.1 The staff member who confesses Top management may offer an amnesty period to employees who have already become corrupt. This will provide corrupt officials with the opportunity to end their corrupt relationship with corrupt suppliers. This is a sensitive process where the security manager needs the help of top management, the human resources manager and the legal manager. A rehabilitation process may FOR3702/1 31 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES be required. This should be viewed as “sick leave” much the same when an alcoholic is sent for treatment. The fear of retribution from top management should be less than the fear of retribution from crime syndicates. The alternative to voluntary rehabilitation (confession) should thus be just too ghastly to contemplate. 2.9 STEPS IN INVESTIGATION AS A PREVENTIVE MEASURES 2.9.1 Secure the scene In most cases, the investigator is the first to arrive at the scene of an incident. His or her primary function in this situation will be to conserve the scene of the incident in order to ensure that the collection of evidence is as successful as possible. All evidence found at the scene will be needed for a departmental enquiry. Therefore it is important to secure the scene so that the investigation team will be able to collect the appropriate evidence needed. 2.9.2 Gather and preserve evidence In order to discover the facts on a particular incident, the investigator has to consider two sources of information, namely people and objects. These can be considered respectively as subjective and objective clues. Subjective clues relate to evidence provided by persons such as suspects, victims and eyewitnesses who have been directly or indirectly involved. Objective clues relate to factual proof and the objective explanation of this proof. The collection of evidence at the scene of an incident involves a search for: ● Exhibits (articles of evidence) ● Clues (relevant information gathered during an investigation) ● Witnesses for the purpose of establishing the identity of the transgressor and proving the transgression to the satisfaction of the disciplinary committee It is vital to leave no stone unturned when you are looking for relevant evidence. A systematic approach will enable the entire scene to be inspected. It would be advisable to draw a sketch of the scene and, if it is large enough, divide the area into workable sections. Open an investigation report file and note all your findings immediately – do not rely on memory. Number the various types of evidence found, which will be helpful when you prepare your statement. It will also determine whether any additional information is required to present your case. 2.9.3 Interview complainant, witnesses and suspect(s) Interviewing and interrogation form the basis of all investigations. The success of the investigation will depend on the investigator’s approach and his or her ability to obtain the truth. The witnesses are interviewed while a suspect is interrogated. To achieve this, the investigator should vary and adapt interviewing or interrogation techniques according to the personality of the individual being interviewed or interrogated. Approach the interviews or interrogations with empathy and as soon after the incident as possible. The same questions may be asked repeatedly to address ambiguities and clarify statements made. It is important that the interviewer shows qualities of patience and persistence when conducting interviews and, at the same time, displays the ability and personality to obtain the maximum assistance from the person being interviewed. Do you agree? The success of an investigation may be dependent on a single interview. It is therefore essential that the interview is not hurried. Questioning is not only concerned with the questioning of suspected person(s) but also includes whatever questioning takes place in the course of the search for the truth about an incident. The questioner should therefore strive for objectivity and meet the challenge of questioning by using techniques within the legal framework and ethics of the profession. 32 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 2.9.4 Obtain statements Because a lot of time may elapse between the occurrence of an incident and the appearance at the disciplinary hearing, it is important that all facts relating to the case are put into writing as soon as possible and kept safely until they are required. Can you think of some important information that should be written down for later use in court or disciplinary hearing? 2.9.5 Serious irregularity investigations If an employer is satisfied that the alleged irregularity is a serious one and justifies the holding of a disciplinary hearing, the employer must ensure that an investigation into the alleged irregularity is completed as soon as is reasonably possible and referred to him or her to initiate a disciplinary hearing (South Africa 2006). ACTIVITY 2.3 Read the following scenario and respond to the question that follows. You are called to investigate a burglary in Ms Gumbo’s office where a laptop was stolen. You have collected all the required evidence and are ready to leave the crime scene or incident. Explain how you will release the property or the scene to the lawful occupier. FEEDBACK At the completion of gathering evidence and information and, in some instances, the processing of the scene, the owner or person responsible for the property can regain access. This means granting the person unfettered access to his or her own house or property. This is allowed as all the information and evidence required for the investigation of the scene will have been collected and properly documented by the investigator for later use. Recording and diarising of the scene is crucial for an effective investigation. In the public environment, when releasing the crime scene, it is recommended that the investigator record in the pocket book every action or activity he or she undertakes or sees at the crime scene. This will ensure that valuable information and evidence are not overlooked. Once the scene is released to the lawful owner a warrant of search will be required should the investigator need to review it again. At this stage, evidence – if left at the crime scene – would probably have been tampered with or contaminated. This situation should be avoided at all costs. 2.10 FUTURE PREVENTION STRATEGIES IN THE WORKPLACE When conducting a disciplinary hearing we rely on Section 23 (1) of the Constitution of the Republic of South Africa which is intended "to ensure that everyone has a right to fair labour practices”. Since every employee has a right to fair labour practice, it is necessary to carry out a thorough investigation in respect of any breach of company regulations so that there is always proof on hand of any irregularity against an employee. If the employer's actions are questioned, the employer will have evidence to tender in respect of the action taken against the employee. Before disciplinary investigation is instituted, the employer must assess the nature of the irregularity by considering the actual or potential impact of the alleged irregularity on the work of the company, the employee’s department, his or her colleagues and the public, the nature of the work and the responsibilities of the employee, as well as the circumstances under which the alleged irregularity took place FOR3702/1 33 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 2.10.1 Types of investigations in the workplace ● Investigations of less serious irregularities In the event of less serious irregularity, the employer may invoke any of the following investigation procedures. 2.10.1.1 Corrective counselling If the nature of the irregularity requires counselling, the employer must interview the employee and bring the irregularity to the employee's attention, determine the reasons for the irregularity and give the employee an opportunity to respond to the allegations, seek agreement on how to remedy the conduct and take steps to implement the agreed course of action. 2.10.1.2 Verbal warning If the nature of the irregularity warrants a verbal warning, the employer may bring the irregularity to the attention of the employee and inform the employee that he or she is of the opinion that the irregularity warrants a verbal warning. The following should be adhered to: ● Allow the employee an opportunity to respond to the allegations. ● If the employee admits to having committed the irregularity, give the employee a verbal warning and inform the employee that further irregularities may result in harsher disciplinary action being taken. OR: ● If the employee denies having committed the irregularity, the employer may institute a disciplinary hearing. 2.10.1.3 Written warning If the nature of the irregularity warrants a written warning, the employer may bring the irregularity to the attention of the employee and inform the employee that he or she is of the opinion that the irregularity warrants a written warning. The following should be adhered to: ● Allow the employee an opportunity to respond to the allegations. ● If the employee admits to having committed the irregularity, give the employee a written warning and inform the employee that further irregularities may result in harsher disciplinary action being taken. OR: ● If the employee denies having committed the irregularity, the employer may institute a disciplinary hearing. The employer must give a copy of the written warning to the employee, who must acknowledge receipt. If the employee refuses to acknowledge receipt, the employer must hand over the written warning to the employee in the presence of another employee and both the employer and the employee serving as a witness must sign to confirm that the written warning was handed to the employee. The written warning must be filed in the personal file of the employee. A written warning remains valid for six months and, on expiry, the written warning must be removed from the personal file of the employee and destroyed. Should the employee commit a similar or related act of irregularity before the expiry of the sixmonth period, the written warning must be taken into account. 34 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES 2.10.1.4 Final written warning If the nature of the irregularity warrants a final written warning, the employer may bring the irregularity to the attention of the employee and inform the employee that he or she is of the opinion that the irregularity warrants a final written warning. The following should be adhered to: ● Allow the employee an opportunity to respond to the allegations. ● If the employee admits to having committed the irregularity, give the employee a final written warning and inform the employee that further irregularities may result in a disciplinary hearing. OR: ● If the employee denies having committed the irregularity, the employer may institute a disciplinary hearing. The employer must give a copy of the final written warning to the employee who must acknowledge receipt. If the employee refuses to acknowledge receipt, the employer must hand over the final written warning to the employee in the presence of another employee and both the employer and the employee serving as a witness must sign to confirm that the final written warning was handed to the employee. The written warning must be filed in the personal file of the employee. A written warning remains valid for six months and on expiry the written warning must be removed from the personal file of the employee and destroyed. Should the employee commit a similar or related act of irregularity before the expiry of the sixmonth period, the written warning must be taken into account. ACTIVITY 2.4 Discuss the various sanctions in a disciplinary hearing. FEEDBACK Your model answer should be in line with point 2.10.1. You should answer based on the following headings: Corrective counselling, Verbal warning, Written warning and Final written warning 2.11 POST- INVESTIGATION RISK ANALYSIS 2.11.1 Consequences of crime Many South Africans are under tremendous pressure to be successful in life. Do you agree with me? What is your experience and observation in your locality? In the urbanised affluent areas it can be said with a degree of accuracy that we have become materialistic in a context of rampant consumerism. Unfortunately, very few people see the end of the road when they embark on corrupt activities. People just do not take the time to consider and fully appreciate the consequences of being caught before they commit a small corrupt act. This is seen when suspects in corruption cases confess to their unlawful deeds. It is only then that they have remorse and fully appreciate the consequences of what they have done. This is regrettable. Top managers have an economic and moral obligation to proactively educate and inform their staff members about temptations that will confront them. What kind of information do you think top management should convey to staff? The consequences of engaging in corrupt activities should also be explained to staff members in a proactive way, especially staff members who are employed in senior positions. This information should be conveyed to staff members prior to their being FOR3702/1 35 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES appointed and to existing staff members by means of a programme to create and maintain security awareness. In fact all staff members should be exposed to this programme to promote security awareness. The financial consequences of crime can add up to tens of millions of rand. Do you agree? These costs are very seldom taken into account when a person first starts on the slippery slope to disaster. These costs are made up as follows: ● Loss of income ● A potential loss of accrued pension benefits and assets ● Difficulty in obtaining employment within the public or private environments (having a criminal record) ● Loss of the home when monthly hire purchase payments cannot be made ● Legal costs of appoint an attorney to represent the accused at a criminal trial and or disciplinary hearing People who commit crime are blinded by the immediate financial gain. The total financial consequences or impact of crime should be carefully evaluated before a person decides to commit a corrupt act. 2.11.2 Releasing of crime scene or scene of incident What do you think I mean by the concept - releasing of crime scene? Releasing of a crime scene or scene of incident happens after the completion of gathering evidence and information and in some instance processing the scene; the owner or person responsible for the property can regain access. This means granting the person unfettered access to his or her own house or property. This is allowed as all the information and evidence required for the investigation of the scene will have been collected and properly documented by the investigator for later use. Recording and diarising of the scene is crucial for an effective investigation. In the public environment when releasing the crime scene it is recommended that the investigator record in the pocket book every action or activity he or she undertakes or sees at the crime scene. This will ensure that valuable information and evidence are not overlooked. Once the scene is released to the lawful owner a warrant of search will be required should the investigator need to review it again. At this stage, evidence– if left at the crime scene – would probably have been tampered with or contaminated. This situation should be avoided at all costs. 2.11.3 Analysis and interpretation of evidence By the time the scene has been released, the investigator should have satisfied him or herself that all the required evidence and information have been collected. The evidence and information will be enough to prove the crime or incident. Depending on the nature of the scene and the gravity of the evidence at the disposal of the investigator, the investigator might need to engage the services of experts in making sense of the evidence and information available. In the public setting, the police often send the evidence to the Local Criminal Record Centre (LCRC) for development and analysis, depending on the nature of the crime. Can you think of various experts who are responsible for analysing forensic evidence that is collected at the scene? 2.12 CONCLUSION It is important that the investigator conducts every investigation within the framework of the Labour Relations Act, the Constitution and the Basic Conditions of Employment Act, as well as recognition agreements and bargaining council agreements between the employer and recognised employee representative bodies. The success of the disciplinary investigation will depend largely on certain skills of the investigator, such as good powers of observation, patience, discretion and working knowledge of the laws, policies and working documents of the company. 36 Learning unit 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES If we truly wish to prevent e-commerce crimes and corruption, we must tackle the problem by focusing on the individual. This must be done within the framework of a proper organisational culture in which management is an example to employees and where procedures protect the employee from exposure to corruption, as far as possible. Proactive risk assessment is crucial in protecting assets. Defending a company or organisation's information from threats and attacks forms the most important activity for everybody in the institution. If this is not done effectively, the company may lose a lot of money through business espionage and other forms of stealing important business information or compromising other vulnerable information and management systems operating on the network. Evidence that would have helped the organisation or company or government department to successfully prosecute offenders might also be damaged if not managed properly. This illustrates the importance of security management of software and hardware assets. Network defences – that is various devices which can be used to defend the data – were discussed in this learning unit. The devices discussed included firewalls, intrusion detection systems and proxy servers. SELF-ASSESSMENT QUESTIONS Discuss the type of an irregularity investigation you would conduct in the workplace. Your answer should follow the process applicable to the investigation of less serious irregularities. Use information in point 2.10.1 above, as guidance in answering this question. What are the objectives of corporate, private and public investigations? 2.13 BIBLIOGRAPHY Allen, R.E. (ed). 1990. The Oxford dictionary of current English. Oxford: Clarendon. Ciampa, M. 2007. Security awareness: Applying practical security in your world. 2nd edition. Thomson. Experience post-1994. Unpublished research paper. Pretoria: University of South Africa. Ferraro, E.F. & Spain, M.N. 2006. Investigations in the workplace. New York: Auerbach. Hutt, E.A., Bosworth, S. & Hoyt, D.B. 1995. Computer security handbook. 3rd edition. New York: John Wiley. Joubert, C. 2001. Applied law for police officials. Florida: Technikon SA. King, G, Carlston, B & Robinson, L. 2000. Protective security: investigation (chapter 2, section 4). Durban: Butterworths. South Africa. 2002. Department of Public Service. Code of conduct for public servants. Pretoria: Creda Communications. South Africa. 1998. Prevention of Organised Crime Act 121 of 1998. Pretoria: Government Printer. South Africa. 1996. The Constitution of the Republic of South Africa, Act 108 of 1996. Pretoria: Government Printer. South Africa. 2006. South African Police Service disciplinary regulations. (Government Notice R 643 of 2006, Government Gazette.) Pretoria: Government Printer. University of South Africa. 2004. Criminal Investigation B: study guide for SEP221B. Florida: Technikon SA. FOR3702/1 37 LEARNING UNIT 2: INVESTIGATION OF VULNERABLE AREAS, SYSTEMS AND E-RESOURCES University of South Africa. 2015. Applied security risk management. Study guide for SEP3701. Pretoria; University of South Africa. University of South Africa. 2015. Security risk control measures 111. Study guide for SEP3704. Pretoria; University of South Africa. University of South Africa. 2011. Security technology and information security 111. Study guide for SEP3705. Pretoria; University of South Africa. University of South Africa. 2010. Corporate investigation 111. Study guide for SEP3703. Pretoria; University of South Africa. University of South Africa. 2005. Advanced corporate investigations IV: Study guide A for ACI401S. Pretoria; University of South Africa. University of South Africa. 2004. Criminal investigation B: study guide for SEP221B. Florida: Technikon SA. University of South Africa. 2003. Crime investigation: only study guide for CJS308-E. Pretoria: University of South Africa. 38 Learning unit 3 INVESTIGATION OF NON-COMPLIANCE Learningunit3 3.1 INTRODUCTION Crime is punishable in both the public and corporate environments; the difference is in the nature of the misconduct, proceedings and judgment meted out. Often in the corporate environment, the nature of the misconduct is the determining factor in taking a decision whether to institute a disciplinary proceeding against the alleged offender. The parties involved must have transgressed a policy of the organisation or institution, or committed a criminal offence that will have a bearing on the operations of the organisation. In the corporate environment, acts of misconduct and unethical behaviours are handled by corporate investigators in conjunction with management. The institutions or businesses are the ones that are responsible for deciding on whether to institute disciplinary proceedings only or, in addition, press charges with the police and bring a criminal case against their employees or interested parties doing business with the said institutions or organisations. The institution has to comply with corporate governance requirements and obligations and ethical risks are managed by corporate entities and their subsidiaries. Du Plessis, Mc Cornvill and Bagaric (2005:2) state that, “Corporate governance describes the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations. In this context the expression “corporate governance” embraces not only the models or systems themselves but also the practices by which exercise and control of authority is effected.” In this setting, witnesses play a vital role in the proceedings as information is the lifeblood of any investigation. Therefore, it is imperative to obtain information and facts that will lead to establishing the truth regarding a crime or instance of irregular conduct. Without information, it will not be possible to conclude an investigation. This unit looks at issues of non-compliance with policies, ethics, and recovery of loss in both the public and corporate environments. 3.2 NON-COMPLIANCE WITH POLICY Compliance means adherence to policies of the institution, such as information security, physical security, information and communication technology (ICT) and supply chain management (SCM) policies, amongst others. Grogan (2009:124) uses the example of labour inspectors that have the authority to enter and inspect employer’s properties and documents to ensure that they have complied with the requirements of the law with regard to consultation with employees. They may issue compliance orders to the employer to adhere to the requirements of the legislation or else face an order from the Labour Court. The penalties that a non-complying employer can face is one of the cancellation of state contracts or of being prohibited from being awarded state contracts in future, as well as substantial fines ranging between R500 000.00 and R900 000.00 (Grogan 2009:126). The scenario above clearly shows that non-compliance with policy is punishable in both the public and private sector environments. In the public environment, if a citizen chooses to violate the law – let us say he or she steals from a shop – the person will be charged with shoplifting which is a criminal offence. Conversely, if the employee were to steal from his or her employer the employee would be charged with theft of the employer’s property. The employer can either report the matter to the police for a criminal case to be opened against an employee and/or FOR3702/1 39 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE institute a disciplinary hearing against the employee for violating the institution or organisation’s policies. 3.2.1 Code of Good Practice The code of conduct often referred to as the Code of good practice is intended to establish a standard set of rules and regulations in the workplace. The code of conduct should contain rules that are common to all employees. It is obvious that no employee may be disciplined for breaking a rule that he or she was not aware of in the first place, and therefore it is essential that the employer's Disciplinary Code and Procedure be communicated to all employees in writing, in a language that the employees can clearly understand. The Disciplinary Code and Procedure describes the processes that an employee should comply with in a Disciplinary matter. This may mean printing the Disciplinary Code and Procedure and Code of Conduct in various different languages. If an employee is illiterate, then the Disciplinary Code and procedure must be translated for him or her into a language that he or she can clearly understand. The Standards of Conduct should stipulate the following: ● Serious offences: e. g. theft, fraud, insubordination, corruption, misconduct and non-compliance with policies, the use of any substance having a narcotic effect and arriving at work with the smell of alcohol on the breath, amongst others. ● What disciplinary action may be imposed should an employee be found in breach or guilty of breaking any rule listed under serious offenses. For example, "any employee found guilty of breaking any rule listed under Serious Offences shall be guilty of misconduct and may face dismissal. In this way, employee is left in no doubt whatsoever regarding the consequences of unacceptable behaviour in the workplace. He or she cannot claim that he or she did not know that the behaviour was a serious matter that would warrant dismissal. Employees need to be fully aware of the consequences of their misconduct. When a case is brought before the Commission for Conciliation Mediation and Arbitration (CCMA), the facts that are required to be proved are the following: ● Does the Code of conduct stipulate that dismissal will follow a certain act of misconduct? ● Was the employee fully aware of the Code of conduct? It follows that, once the accusations against the employee can be proved, then the case will be decided in the organisation’s favour. The general Code of Good Practice deals with the following: ● Dismissal in general ● Dismissal for operational requirements ● Dismissal for sexual harassment (Grogan 2009:168). You should not confuse the Code of Good Practice with the grounds for dismissal recognised by the Labour Relations Act 66 of 1995 (LRA) to justify the dismissal of employees which are: ● Misconduct ● Incapacity or poor work ● Operational requirements (Grogan 2009:201). As an investigator, your investigations into allegations of misconduct will, in all probability, be the motivating factor for management to make a decision on what action to take against the person involved. In addition to misconduct, some investigators become involved in the investigation of allegations of incapacity or poor work or the failure of employees to meet operational requirements in their work. 40 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE The method for the investigation of misconduct depends on the nature of the allegation. There are numerous classes of misconduct, ranging from absenteeism to unauthorised use of property. Your investigation will therefore concentrate on the nature of the allegation, taking into consideration that the burden of proof in a disciplinary matter rests on a balance of probability. This means that, contrary to the case with a criminal investigation where you have to prove the guilt of the accused beyond all reasonable doubt, in a disciplinary matter both in the public and corporate environment, you need only show that the defendant is guilty on a balance of probability. Item 7 of the Code of Good Practice determines as follows: “Any person who is determining whether dismissal for misconduct is unfair should considera. Whether or not the employee contravened a rule or standard regulating conduct in, or of relevance to the workplace; and b. If a rule or a standard was contravened, whether or not● The rule was a valid or reasonable rule or standard; ● The employee was aware, or could reasonably be expected to have been aware, of the rule or standard; ● The rule or standard has been consistently applied by the employer; and ● Dismissal with (sic) an appropriate sanction for the contravention of the rule or standard” (Grogan 2009:203). The offence has to be proved and you will have to prove that the policy, law or rule concerned existed and that the employee broke it. Proof is usually done by way of the employee’s contract, a collective agreement, policy or the disciplinary code. The rule need not exist in written form because it is generally agreed that, for instance fraud and theft, would destroy the employment relationship between the parties. It is then generally assumed that the employee knew or should have known that his or her conduct could lead to dismissal. In some instances the employee may deny knowledge of this. It is then up to you to prove that the employee knew or should have known of it. This could be done by showing that the employee was present during a training session where this was dealt with – usually an induction course. The attendance list or training certificate or signed course nomination form will usually be sufficient evidence that training was undertaken. Can you think of some of the reasons why groups of people get dismissed from work? In the workplace, there are various reasons for mass dismissal that range from failure or refusal to disclose the names of perpetrators to shrinkage of stock, organised crime perpetrated against the employer or theft of employer’s assets (Grogan 2009:205). In such cases, proof creates a special problem because you have to show that, on a balance of probabilities, each individual was involved before action can be taken. As far as the reasonableness of the rule is concerned, you simply have to show that it is operationally justified – in other words that it promotes the employer’s business and that it does not place an unreasonable burden on the employee. The next requirement – that the rule was consistently applied – is satisfied by showing that previous contraventions by other employees have had the same result. If certain transgressors were, in the past, given final warnings for specific contraventions, this sanction should be consistently applied. This means that, unless there are other factors involved, persons should not later be dismissed for the doing same thing. The last requirement, namely that the sanction should be appropriate, is regarded by Grogan (2009:208) as “being the most problematic.” A number of factors, such as provocation, previous employment history, length of service and the consequences of the particular infraction should be considered. Although these are issues to be considered by the presiding officer, it is nonetheless your responsibility to present evidence to show the seriousness of the actions of the person involved. FOR3702/1 41 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE ACTIVITY 3.1 Make a list of transgressions for which the sanction is dismissal either generally or specifically within your organisation. You should be able to get this information from your organisation’s Code of conduct. Are there other transgressions that you feel should warrant instant dismissal? If so, what are they? FEEDBACK Transgressions for which the sanction is dismissal: ● ● ● ● ● Theft of employer’s property Theft of employer’s secret information that is sold to the competitor Insubordination Fraud and corruption Conflict of interest and many others ACTIVITY 3.2 In a disciplinary hearing for the public environment which standard of proof is used? FEEDBACK Standard of proof used in the disciplinary hearing for public environment: The standard of proof that is used in all the disciplinary hearings is balance of probability. Note that this standard of proof is different to the one that is used in the criminal matters where the transgression must be proved beyond reasonable doubt. 3.2.2 Code of conduct for the public service The Code of Conduct for public servants is crucial in illustrating the importance of such a code in the workplace. Not only is it a guide for employees as to how they should conduct themselves in their relationship with their employer, but it also is a good way to determine a person’s frame of mind when you are undertaking an investigation into an alleged contravention. All employees are expected to know the Code of Conduct and policies that apply to their organisation. If you are able to prove the existence of such a code and such policies, and that the employee concerned was aware of these, the sanction imposed on a transgressor could be severe. Although the Code of Conduct for public servants was designed with public servants in South Africa in mind, it is worthwhile quoting the Code in its entirety here due to its universal applicability. The Code mandates that officials must behave ethically in the service of the employer. It quotes section 195 (1) (a) of the Constitution which “requires that a high standard of professional ethics must be promoted and maintained” in public administration generally. It goes on to state quite categorically that “the primary purpose of the Code is a positive one, to promote exemplary conduct.” It states that an employee shall be guilty of misconduct if he or she fails to comply with any provision thereof. 42 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE CODE OF CONDUCT FOR THE PUBLIC SERVICE C.CODE OF CONDUCT C.1. RELATIONSHIP WITH THE LEGISLATURE AND THE EXECUTIVE An employee – C.1.1. is faithful to the Republic and honours the Constitution and abides thereby in the execution of his or her daily tasks; C.1.2.puts the public interest first in the execution of his or her duties; C.1.3.loyally executes the policies of the Government of the day in the performance of his or her official duties as contained in all statutory and other prescripts: C.1.4.strives to be familiar with and abides by all statutory and other instructions applicable to his or her conduct and duties; and C.1.5.co-operates with public institutions established under legislation and the Constitution in promoting the public interest. C.2. RELATIONSHIP WITH THE PUBLIC An employee C.2.1.promotes the unity and well-being of the South African nation in performing his or her official duties; C.2.2.will serve the public in an unbiased and impartial manner in order to create confidence in the Public Service: C.2.3. is polite, helpful and reasonably accessible in his or her dealings with the public, at all times treating members of the public as customers who are entitled to receive high standards of service; C.2.4.has regard for the circumstances and concerns of the public in performing his or her official duties and in the making of decisions affecting them; C.2.5. is committed through timely service to the development and upliftment of all South Africans; C.2.6.does not unfairly discriminate against any member of the public on account of race, gender, ethnic or social origin, colour, sexual orientation, age, disability, religion, political persuasion, conscience, belief, culture or language; C.2.7.does not abuse his or her position in the Public Service to promote or prejudice the interest of any political party or interest group; C.2.8.respects and protects every person’s dignity and his or her rights as contained in the Constitution; and C.2.9.recognizes the public’s right of access to information, excluding information that is specifically protected by law. C.3. RELATIONSHIP AMONG EMPLOYEES An employeeC.3.1.cooperates fully with other employees to advance the public interest; C.3.2.executes all reasonable instructions by persons officially assigned to give them, provided these are not contrary to the provisions of the Constitution and/or any other law; C.3.3.refrains from favouring relatives and friends in work-related activities and never abuses his or her authority or influences another employee, nor is influenced to abuse his or her authority; C.3.4.uses the appropriate channels to air his or her grievances or to direct representations: FOR3702/1 43 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE C.3.5.is committed to the optimal development, motivation and utilization of his or her private staff and the promotion of sound labour and international relations; C.3.6.deals fairly, professionally and equitably with other employees, irrespective of race, gender; ethnic or social origin, colour, sexual orientation, age, disability, religion, political persuasion, conscience, belief, culture or language; and C.3.7.refrains from any party political activities in the workplace. C.4. PERFORMANCE OF DUTIES An employee – C.4.1.strives to achieve the objectives of his or her institution cost-effectively and in the public’s interest; C.4.2.is creative in thought and in the execution of his or her duties, seeks innovative ways to solve problems and enhances the effectiveness and efficiency within the context of the law; C.4.3.is punctual in the execution of his or her duties; C.4.4.executes his or her duties in a professional and competent manner; C.4.5.does not engage in any transaction or action that is in conflict with or infringes on the execution of his or her official duties; C.4.6.will recuse himself or herself from any official action or decision-,king process which may result in improper personal gain, and this should be properly declared by the employee; C.4.7.accepts the responsibility to avail himself or herself of ongoing training and self-development throughout his or her career; C.4.8.is honest and accountable in dealing with public funds and uses the Public service’s property and other resources effectively, efficiently and only for authorized official purposes; C.4.9.promotes sound, efficient, effective, transparent and accountable administration; C.4.10.in the course of his or her official duties, shall report to the appropriate authorities, fraud, corruption, nepotism, maladministration and any other act which constitutes an offence, or which is prejudicial to the public interest; C.4.11.gives honest and impartial advice, based on all available relevant information to higher authority when asked for assistance of this kind; and C.4.12.honours the confidentiality of matters, documents and discussions, classified or implied as being confidential or secret. C.5. PERSONAL CONDUCT AND PRIVATE INTERESTS An employee – C5.1.during official duties dresses and behaves in a manner that enhances the reputation of the Public Service; C.5.2.acts responsibly as far as the use of alcoholic beverages and any other substance with an intoxicating effect is concerned; C.5.3.an employee shall not, without prior written approval of the Head of Department obtain or accept any gifts, benefits or item of monetary value (a description and the value and source of gift with a value in excess of R350) from any person for himself or herself during the performance of duties as these may be construed as bribes; 44 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE C.5.4. does not use or disclose any official information for personal gain or the gain of others; and C.5.5.does not, without approval, undertake remunerative work outside his or her official duties or use office equipment for such work.” (Practical Guide to Ethical Dilemmas in the Workplace, 2002: 3.3 ETHICS Every profession these days has ethical standards that they have to comply with. There are business ethics, nursing ethics, engineering ethics, bioethics and other forms of professional ethics (Hartner 2015: 355). Why is it important to have professional ethics? The reason is that corporates are looking for ways and means to build ethically strong organisations and to inject a sense of ethicality amongst staff. This is done in the wake of growing confrontation with ethical dilemmas and an increasing realisation that “good ethics is good business” (Mahajan & Mahajan 2016:14). Ethics can be described as a decision of doing what is right and good in terms of conduct. The concept of ethics is often confused with the concept of morality. Do you know the difference? The difference between the two lies in the fact that “ethics” is related to custom or habit whereas morality refers to norms and values which are designed to give form to a particular community or society. Ethics focuses on ethical principles and ethical issues that arise in an individual. There are three types of questions that need to be answered in dealing with ethics. The first are “questions as to what is right, good or how we ought to behave normative ethics, morals.” The second are “questions as to the answers given by particular societies and people as to what is right or good.” The third are “questions as to the meanings or uses of the words used in answering questions of what is right, good.” This describes morality and what one thinks it is important to do and in what ways; how to conduct one’s relations with other people; and being aware and prepared to be critical of one’s basic approvals or disapprovals.” This is enabled by taking an interest and wanting to learn from all the contacts one makes in life as it is essential for us to learn from one another as people. As an ethic, ubuntu is generally in conformity with the definitions and descriptions of ethics given above. Ubuntu, however, is unique in its substance, in its method and in its worldview. As an indigenous philosophy of values and principles, ubuntu presents an ethical worldview (referred to in this work as ubuntu ethics) with three constituent components. The first component of ubuntu ethics deals with the tension between individual and universal rights; the contribution of this component to global bioethics emerges by considering the Ethics of Care as a crucial aspect of bioethics discourse. The second component of ubuntu ethics concerns the cosmic and global context of life; the contribution of this component to global bioethics emerges by considering UNESCO’s Universal Declaration on Bioethics and Human Rights as crucial for bioethics discourse. The third component of ubuntu ethics deals with the role of solidarity that unites individuals and communities within a cosmic context. It applies to all aspects of the conduct of individuals in an organisation (Raguz & Matic, 2015:189). It covers how a person behaves and responds to every aspect of his or her life. The ethicality of a person’s behaviour is often measured based on societal standards. Such ethicality can be summarised that ethics is a way of conduct and morality is a norms and values issue. In business, there is what is called business ethics, which is the person’s participation in economic activity to attain a business goal, as well as to serve society and the general public. It is concerned with activities that can be perceived as right or wrong by society. Iannone (1980:80) refers to “leadership ethics” and is of the opinion that “the position of true leadership places upon the leader a moral obligation to adhere strictly to the same high standards of honour and integrity he or she expects from his or her subordinates and which they – and his or her superiors – have the right to expect of him or her.” Conduct is appraised by what it is, what he or she thinks it is and what it appears to others. This is not only applicable to a leader, but to all investigators. Integrity is non-negotiable (George 2016:52). FOR3702/1 45 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE Why do people obey the law? Do they do so as a result of ethical persuasion or through fear? For the investigator these are very interesting questions which should be borne in mind. Ethics is a very interesting subject because when one regards the lack of ethics in society, the one question that remains to be answered is where ethics originate from. Does it originate in the home, in the school, the university, the workplace or in society as a whole? How does one then restore ethics to a society that has lost it? The investigator is confronted by these very important issues because, if an investigation requires the assistance of a society that is hostile to that investigation, there is very little chance of success. As an example, one could consider an internal investigation that is being conducted in, for instance, a section of the police. There may be a strong social and ethical cohesion amongst the members of the unit concerned and the investigator will then find it difficult, if not impossible, to break through that barrier. ACTIVITY 3.3 Draw up a code of conduct which you feel would be applicable to your particular sphere of investigations. Guidance on answering this question is to be found under point 3.2.2. FEEDBACK Code of conduct: Some of the topics that you should elaborate further on in your code of conduct are issues concerning your relationship with your clients or customers, your relationships with the external stakeholders that the organisation or business is doing business with, the relationship between the business or organisation and its employees, the performance of duties by employees and external stakeholders, personal conduct on the part of employees and their private interests in relation to the business or organisation and, finally, how the employees should represent the organisation or business, even outside of working hours. 3.3.1 Professional and ethical conduct Professional conduct describes the conduct of the person concerned as being in keeping with the unique training and status that person has. Their status is usually indicated by the way in which they are addressed – such as referring to your doctor as “doctor” or an advocate as “advocate”. Society has come to expect a special form of behaviour from such persons who are regarded as being “fit” and “proper”. We respect them and expect them always to set an example. When we refer to “professional conduct” we are referring to honesty, integrity and truthfulness. These are the qualities that all investigators should aspire to. It is this conduct which will ensure that people that you deal with will respect you and will want to cooperate with you. Remember that respect is earned. A person with a high position or rank but who behaves in a disgraceful manner is not respected. The same applies to all investigators – especially a private investigator that must rely on integrity, personality and appearance to impress a witness. Do you know any other qualities that an investigator should have as an ethical professional? When one speaks of impressing a witness, professionalism is the most important quality of all. You should ask yourself whether you would rather cooperate with a well-spoken, well dressed person who respects you or with a person that looks like a hijacker. First impressions last. If the first impression that you make on a potential witness is positive, half the battle has been won. 46 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE Self-assessment questions ● Make a list of all the items or aspects that you would consider as being important to determine whether an investigator was either professional or not professional ● List these attributes in order of most to least important. ● Describe an ethical investigator Self-assessment questions ● Make a list of actions you would take to impress a suspect or uncooperative witness to convince him or her to cooperate with you without threatening or intimidating him or her. ● Make a list of unacceptable behaviour on the part of an investigator during an interrogation session with a suspect. ● What do you think is the single most important personality trait that an investigator should have? Self-assessment questions Assume that you are leading a racially and gender mixed team. You have been tasked to investigate a syndicate dealing in drugs and prostitution. You need an investigator who is able to infiltrate the syndicate and become accepted by them. Your preference for the job is a member who has recently been promoted and who is highly recommended. This person has all the qualities for the job and, being gay, is able to identify with various groupings in the gay and straight communities. 3.4 CORPORATE INVESTIGATIONS The concept of investigation fits into the broader spectrum of resolving the risks involved. The investigation of crime forms part of a process of activating the judicial phase of law enforcement scientifically, so as to manage crime and security risks. Figure 1.1 The investigative function Figure 1.1 gives you an overview of what we discuss in this learning unit. It places the role of corporate investigation in perspective by highlighting all the important factors relating to corporate investigation and the corporate investigator, as well as possible risks or crime facing any organisation. FOR3702/1 47 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE 3.4.1 The mandate of corporate and private investigators In 1994, a landmark case deciding the powers of private and corporate investigations was heard in South Africa as per court case S v Botha and Others 1994 (4) SA 799 (W). The case was based on the powers of private and corporate investigators in respect of investigating crime. The argument was in terms of sections 215(b) and 218(1) (d) of the 1993 Constitution, in relation to investigation of crime. However, neither section 215 nor section 218 determines explicitly or by implication that only the South African Police Service (SAPS) has the powers to investigate crime. The Judge stated: “Society has become so specialised and there are so many laws and activities that need to be administered and regulated, that no police service can investigate and prevent all crime in a modern society without the help of private institutions” (Van Rooyen, 2001:33). This judgment had an overwhelming effect on the entire private and corporate investigation industry. For the first time, this judgment acknowledged and tacitly approved the existence of, and need for, private companies that investigate crime-related matters – that is, investigative entities other than the SAPS. The intention of the legislator was to place certain duties on the SAPS and to determine parameters within which the SAPS may operate. The purpose of section 215 was not, however, to forbid anyone who is not a member of the SAPS from participating in the investigation of crime. 3.4.2 The ways of receiving a mandate to investigate The SAPS derives its mandate from the law – for example, from the SAPS Act, the Criminal Procedure Act, the Constitution, and the National Standing Orders of the police. However, the corporate investigator is mandated (given permission) to investigate via one of the following routes: ● As the result of a written corporate investigation policy. Conducting investigations without a written policy in place is a dangerous practice that must be avoided. ● As the result of a written or verbal request by an authorised member of top management. A written instruction to investigate, which is conveyed via a prescribed document, is always preferred to a mere verbal instruction. No investigation must be undertaken without obtaining the required authorisation. 3.4.3 Limitations to the mandate of corporate and private investigators Note that it should never be the aim of the private sector to take over the task of the SAPS, but only to support the police in their work. In this way, a sound and healthy business partnership can be built between the private sector and the police service. ● Whether investigations are carried out by the authorities or by the private sector, they must take place within a specific and strict legal context (demanding compliance) and with due consideration of the democratic rights of the individuals concerned. The corporate investigator must thus always operate within the limits and confines of the law and resist the temptation to operate outside of the law by taking shortcuts. All corporate investigations must be conducted in accordance with the letter of the law and standard operating procedures (SOP). It is this compliance with the law that will, among other criteria, determine the long-term credibility of the investigative function in the eyes of top management, staff members, unions, courts, the SAPS and the community at large. The need for competent investigators who understand the corporate environment and the legal requirements of their work has created a need for in-house investigators to be taught specific and specialised investigative skills and to know the extent of their mandate. However, practical examples of the limitations placed on corporate investigators are that they may NOT do the following: 48 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE ● Search private premises without the consent of the owner ● Obtain confidential bank statements ● Initiate and conduct investigations on their own without the consent of an authorising top manager ● Make arrests beyond the scope of their mandate and the law ● Bug offices or intercept telephones (Unisa 2004:8) ACTIVITY 3.4 Read the following scenario and respond to the question that follows. You are a confidential investigator for the organisation where you are employed. You approach a staff member who is a witness in a criminal matter to take a statement from him. However, he demands to know on what basis you have the right to do this. Briefly list three reasons why you may investigate the matter and take a statement from him. FEEDBACK In a situation like the one in the above activity, you should thank the staff member for his or her valid question. You should then politely inform the staff member of, among other things, the following: ● Corporate investigations are part of the company’s risk management policy. ● In the case of S v Botha, Judge Myburgh ruled that the right to investigate also resides with private investigators and is not the sole domain of the SAPS. ● The SAPS supports the work done by corporate investigators – you may quote a few examples of cases (do not mention specific names) that have occurred within your organisation and that were subsequently handed over to the SAPS. ● Private investigations have the support of the unions and staff within the organisation (if this is in fact the case). 3.4.4 Characteristics of a good corporate investigator The corporate investigator occupies a very sensitive position in the organisation and a bad decision when appointing an investigator can cause a lot of damage to the organisation. When selecting a good investigator, the characteristics that must be sought include the following: ● ● ● ● ● ● ● ● ● ● ● ● Fortitude, or tenacity and moral courage under difficult circumstances Persistence, or strong follow-through skills, and stamina Persuasiveness, creating confidence and trust Logical thinking ability, so as to be systematic and methodical Effective communication skills, both verbal and non-verbal An inquisitive mind, sustaining the need to know what happened A broad general knowledge Thorough subject knowledge Integrity, respecting people’s right to confidentiality, and being trustworthy Emotional maturity A sound academic background and practical experience A commitment to complying with corporate ethics and policies and not taking shortcuts The ideal investigator will, therefore, have excellent interpersonal and communication skills, substantial experience in business, and an ability to understand a wide variety of systems and procedures. He or she will also be persistent, thorough, ethical, honest, analytical and quietly confident, yet not arrogant. FOR3702/1 49 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE By contacting a recognised body such as the Civil Investigators’ Association or the Security Association of South Africa, an organisation can obtain the contact details of the larger and more well-established private investigation companies. These companies are likely to be able to offer the services of investigators who have most of the requisite qualities identified above. ACTIVITY 3.5 Read the following scenario and respond to the question that follows. You are the senior manager for investigation for your organisation and you are appointing an investigator. To assist the human resources manager in drawing up an advertisement, advise him or her of the attributes and requirements for a good corporate investigator. FEEDBACK In answering this activity you will also need to read point 3.4.4. Consider informing the human resources manager of the criteria set out above. Certain basic educational qualifications and investigative experience in the industry should also be stipulated in such an advertisement. 3.5 SOURCES OF INFORMATION As a corporate investigator, you will have to identify the various sources of information that are available in your organisation, for example, in its databases. The following may serve as sources of information within a specific working environment, such as a reporting system: 3.5.1 People As you know by now, people are one of the most important sources of information (Gilbert 1993:136). Information that can be used to investigate crime or irregularities is obtained from people such as informers, whistle-blowers and agents. Agents are used in undercover investigations (Gilbert 1993:372). Investigators are very seldom involved in such undercover operations, since this is the task of police officials and specialised private security consultants. (For an investigator to be involved in such a specialised investigation, the Director of Public Prosecutions must grant permission.) An investigating officer of the South African Police then applies for a project to be registered and an agent is contracted to infiltrate the syndicate involved. As soon as enough information has been gathered to build a criminal case against the syndicate, arrests and prosecution occur (Unisa 2008:195). 3.5.2 Technology and social media In our present technological age, technology is a source of information. Electronic devices are used in the investigation of crime or irregularities, as in the following example: After a series of thefts in a particular organisation or institution a risk analysis was conducted and a recommendation to acquire CCTV cameras was made. A hi-tech security solutions company was requested to install surveillance cameras in the building. By monitoring the cameras, suspected persons in the building were detected (Unisa 2008:196). 3.5.3 Your own potential to be a source of information Never underestimate your own potential to be a source of information. As an investigator you need to develop proactive skills and manage irregularities or crime in such a way that future risks are prevented. 50 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE 3.6 TYPES OF STATEMENTS Investigators encounter four main types of statements: ● ● ● ● Ordinary unsworn statements Statements under oath Statements under affirmation Statements in accordance with sections 212 and 213 of the Criminal Procedure Act 51 of 1977 As a corporate investigator you will have to take down a statement that is either made under oath (a sworn statement) or that is affirmed (an affirmation). 3.6.1 Ordinary unsworn statement Remember that, in terms of section 35 (3) of the Constitution, you have to inform a person whom you suspect of a transgression of his or her rights. Only after you have warned the suspected person of his or her rights, can you take down a statement from him or her. Any statement not under oath that the subject makes after he or she has been informed of his or her rights is an example of an unsworn statement. However, statements by witnesses and complainants must always be under oath. Therefore, witness statements do not belong in the category of ordinary unsworn statements. 3.6.2 Statement made under oath This type of statement is the most common. It is very important to remember that sworn statements can be used to obtain an authorised warrant of arrest or search warrant for later execution by the South African Police Service. A sworn statement is thus the best option when taking a statement. The purpose of an oath is to make the speaker responsible for speaking the truth. 3.6.3 Statement made under affirmation People who object to taking an oath may make an affirmation. Like the oath, it is intended to make the speaker responsible for speaking the truth and should be binding on the person’s conscience. The affirmation is phrased more or less as follows: “I do truly affirm and declare that …”. There is no difference in the evidential value of an oath and an affirmation; the court will view them in exactly the same light. 3.6.4 Statement in accordance with sections 212 and 213 of the Criminal Procedure Act 51 of 1977 As a corporate investigator, you are not likely to deal with statements in this category. However, you should understand when these statements are used. An expert normally makes this type of statement such as one speaking in respect of fingerprints, or a ballistics expert who has examined instruments involved in crime. 3.7 REPORTING TO MANAGEMENT The purpose of submitting to the corporate management a final report on an investigation project is not to record the number of people arrested, but is about the reduction of losses – including the recovery of losses already suffered (Unisa 2005:22). In order for the investigation process to be credible, the investigator and the decision-maker should not be the same person. The investigator’s role should be strictly to investigate. His or her process should be driven by the objectives of the investigation with the intention of providing his or her result to a party outside of the project team. As a practical matter, the investigator should report to someone not actively involved in the investigation (Ferraro and Spain 2006:68). FOR3702/1 51 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE 3.7.1 THE ELEMENTS OF AN INVESTIGATION REPORT One of the most important functions of a corporate investigator is to submit a comprehensive investigation report to management at the conclusion of the investigation. There are many ways to report to management and we can obviously not deal with all of the possibilities. It is, however, suggested that an investigation report will contain the following broad elements: 3.7.1.1 Executive summary A short and concise summary in just a few lines stating what happened, who was identified as suspects, the amount of the loss and prevention or recovery prospects. The purpose of this summary is to allow the manager (usually a member of top management) who is pressed for time to know what is going on without having to read pages and pages of information and views. 3.7.1.2 Background Under this heading, one can deal with the background to the case by stating how the loss or circumstances came to the attention of the investigator. Thereafter, the scenario can be sketched and the information gathered can be set out and explained. 3.7.1.3 Findings The investigator can now raise his views and provide an analysis of the matter by applying the information gathered. This is a crucial part of the report. 3.7.1.4 Control violations Corporations have controls in place to prevent losses. Most losses occur due to non-adherence to laid down procedures and the investigator must clearly spell out which controls were violated and by whom. Controls are not only for junior employees. Managers have a duty to ensure that their subordinates comply with laid down procedures. It therefore follows that if a subordinate violates controls, the manager should not be allowed to simply place the blame on the violator. A prudent investigator will include in his report any failure by any person to attend to controls being adhered to in his or environment. 3.7.1.5 Identified control weaknesses It may well happen that no controls were violated as there were no controls or laid-down procedures in place to cater for the incident. It is here where the enhancement function of the investigator is really tested. This is the opportunity to identify to management the weaknesses in the system which made it possible for the incident to have happened. However, identifying the weaknesses will not solve the problem. Something will need to be done about the matter and the investigator must apply his or her mind and come up with suggestions to prevent the same type of incident from happening again. Should a different solution be introduced this still proves the investigator’s commitment. 3.7.1.6 Root causes of loss Because losses are to be minimised, the root cause of each loss needs to be identified in order to enable management to address it. 3.7.1.7 Financial implications This section of the report will quantify the loss and any financial impact of the loss and ways of loss recovery 52 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE 3.7.1.8 Conclusion The investigator can record his or her views on the matter. 3.7.1.9 Recommendation The investigator should make objective recommendations only as subjective comments. Recommendations are not desirable in the report. ACTIVITY 3.6 Read the following scenario and respond to the question that follows. Mr Ephraim, the project leader, is in the process of compiling the final executive report to management on an investigation project. From your own experience as a corporate investigator, and using the headings below, indicate the kind of information Mr Ephraim should add. ● Executive summary ● Background ● Identified control weaknesses FEEDBACK The executive summary should include a short summary in just a few lines stating what happened, who was identified to be the suspects, the amount of the loss, prevention measures taken and details of recovery or recovery prospects. The purpose of this summary is to allow the manager (usually a member of top management) who is pressed for time to know what is going on without having to read pages and pages of information and views. Under “Background”, one can deal with the background to the case by stating how the loss or circumstances came to the attention of the investigator. Thereafter, the scenario can be sketched and the information gathered can be set out and explained. A section on “Identified control weaknesses” is one of the major sections of the report. You must describe the controls involved and whether they were violated. It may well happen that no controls were violated, as there were no controls or laid down procedures in place to cater for the incident. It is here where the enhancement function of the investigator is really tested. This is the opportunity to identify to management the weaknesses in the system which made it possible for the incident to have happened. Identifying the weaknesses will not solve the problem, however, and something will need to be done about them. The investigator must apply his or her mind and come forward with suggestions to prevent the same type of incident from happening again. 3.8 DECISION ON CRIMINAL AND OR DISCIPLINARY ACTION Because of the increasing complexity of problems in the corporate environment and the number of decisions that need to be made to find solutions to these problems, it is necessary for decisionmakers to have a working knowledge of leadership and management theory and practice. Investigators and managers in the corporate environment have an ethical duty to satisfy the needs of clients, employees and employers and to treat everyone they are exposed to with dignity and respect. These shared values and established standards protect even wrongdoers from harsh treatment. FOR3702/1 53 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE 3.8.1 Powers and responsibilities of police, corporate and private investigators The manager with whom the investigation report lands must have an understanding of the powers (authority) and the responsibilities of the corporate investigator, the private investigator and the South African Police Service investigator so that proper decision-making can take place. Table 1 Powers and responsibilities of corporate, private and police investigators Capacity Corporate investigator Private investigator South African Police Service investigators Powers Responsibilities Powers of private persons. Refer to Criminal Procedures Act 55 of Powers of private persons. Refer to Criminal Procedures Act 55 of 1977. 1977. Investigation of internal Investigation of private and corporate matters. This public matters. This includes includes the following: the following: Certain categories of crimes such as theft and fraud in consultation with the South African Police Service Private investigation, such as tracing missing persons, matrimonial matters, gathering information on people, businesses and their activities Disciplinary investigations such as misconduct and labour disputes Background investigations Determining loss of assets such as missing office equipment and unaccounted missing funds Crimes such as theft, fraud, corruption and related activities in consultation with the South African Police service. Powers of police officials. Refer to Constitution of the Republic of South Africa; the Police Act 68 of 1995; and the Criminal Procedures Act 55 of 1977. Investigation of all criminal matters. This includes, inter alia, the following: Violent crimes such as murder and robbery Economic crimes such as theft, corruption and fraud Sexual offences such as rape and child abuse Investigation of workplace accidents 3.8.2 Reporting of cases to the South African Police Service Corporate investigators should at all times be encouraged to adopt and adhere to a policy of reporting all crimes committed to the South African Police Service. The reason why it is important to report all crimes to the South African Police Service is that it is a requirement of law that all crimes be reported to the police. The reporting of crimes allows the police to build and maintain a good database in which all reported crimes are recorded and the details of which can be used in analysing crimes. This will lead to bringing scattered pieces of a puzzle together. If a crime is not reported, a crucial piece 54 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE may remain missing. A firm policy of reporting all crimes will act as a deterrent to would be offenders. When criminals are convicted, it acts as a deterrent to others, especially employees. Consistent reporting of crime creates a culture of vigilance and awareness amongst employees and the corporation as a whole. The corporate investigator is in an ideal position to influence a corporation to adopt a policy of reporting all crimes committed against the institution or organisation. The reporting of cases to the police must take place in terms of the organisation’s written and approved policy, with specific reference to the reporting of all criminal cases to the police. In certain instances, people are bound by statute to respond to crimes (e.g. corruption). 3.8.3 Disciplinary policy The corporation’s disciplinary policy should be drafted in accordance with the principles set out in the Code of Good Practice, contained in Schedule 8 of the Labour Relations Act 66 of 1995. Misconduct is one of the grounds in law that justifies an employer to terminate the contract of employment of an employee. However, in order for a dismissal resulting from misconduct to be fair, the dismissal must be: ● Substantively fair – there must be a valid reason for the termination of the contract of employment, and the facts of each case will determine whether the dismissal is a fair reason and whether dismissal is the appropriate penalty ● Procedurally fair – the dismissal must be effected in a procedurally fair manner This means that an employer may not simply give notice in accordance with the contract of employment or in terms of governing legislation. An employer must also ensure that dismissal for misconduct is for a valid reason and that it takes place after a fair procedure has been followed. Since every employee has a right to fair labour practice, it is necessary to carry out a thorough investigation in respect of any breach of company policy so that there is always proof on hand regarding any irregularity against an employee. If the employer’s actions are questioned, the employer will have evidence to tender in respect of the action taken against the employee. Before disciplinary investigation is instituted, the employer must assess the nature of the irregularity by considering the following: ● The actual or potential impact of the alleged irregularity on the work of the organisation or company, the department of the employee, his or her colleagues and the public ● The nature of the work and the responsibilities of the employee ● The circumstances under which the alleged irregularity took place Investigations of less serious irregularities may be handled through corrective counselling, verbal warnings, written warnings and final written warnings. If an employer is satisfied that the alleged irregularity is of a serious nature and that this justifies the holding of a disciplinary hearing, the employer must ensure that an investigation into the alleged irregularity is completed as soon as reasonably possible and is referred to the authorising manager to initiate a disciplinary hearing (South African Police Service Disciplinary Regulations, 2006). ACTIVITY 3.7 Provide the responsibilities of the corporate investigator. FEEDBACK The answer to this activity is found at 3.9.1, above. You should have mentioned the investigation of internal corporate matters such as irregularities, determining loss of FOR3702/1 55 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE assets such as missing office equipment and unaccounted-for missing funds as well as the investigation of workplace accidents and disciplinary cases, amongst other things. ACTIVITY 3.8 List the elements of an investigation report. FEEDBACK The answer to this activity is at 3.8.1. You should have mentioned, amongst other things, these elements as part of the report. The elements are the executive summary, the background, the findings, any control violations, any identified control weaknesses, the root causes of the loss, financial implications, a conclusion and any recommendations. Self-assessment question Mr Ephraim Thenga has submitted his duly completed investigation report to executive management and their decision on the investigation project is awaited. In his conclusion, Mr Thenga showed that theft of inventory in the business was having a negative impact on productivity of the business. In the report, a few employees were fingered as there was evidence of their involvement in the crime. In view of the need to report criminal cases to the police and of the disciplinary policy of the company, read together with the Code of Good Practice contained in Schedule 8 of the Labour Relations Act 66 of 1995, what decision should Mr Thenga expect from executive management given the seriousness of the misconduct. 3.9 RECOVERY OF LOSS. Employers may withhold pension benefits if an employee has acted fraudulently. Employers invest resources in their employees and, accordingly, they place much value and trust in them. For this reason, fraud or theft perpetrated against an employer by one of its trusted employees is unpalatable to an employer. In most cases, by the time the fraud, theft or misconduct is detected, the employer has already suffered a loss. Although employers are often quick to investigate the circumstances surrounding fraud, theft or misconduct perpetrated against the company or organisation, employers tend to be hesitant to initiate civil proceedings against guilty employees out of concern that the employee will not have sufficient assets to satisfy any judgment that is ultimately obtained. Recovering losses after misconduct is the number one priority for most victims. At a minimum the goal will be to ensure that the fraudster does not get to enjoy the illgotten gains of his crime. There is, however, a remedy available to an employer in this position. Section 37D(1)(b) of Pension Funds Act 24 of 1956 (PFA) allows an employer to recover the losses suffered as result of a fraudulent employee by requesting the Pension Fund Administrators to withhold the employee's pension benefits. This is what happened in the case of Kotze v Mpumalanga Department of Education and Others (18453/13) [2014] ZAGPPHC 322; (2014) 35 ILJ 2361 (GNP). The principal benefit of withholding an employee's pension benefits in terms of section 37D(1)(b) is that an employer is reasonably assured that there will be an asset against which to execute once judgment is ultimately obtained. The general rule in terms of section 37A of the PFA is that pension benefits belong to a member and they shall not be capable of being reduced, transferred, ceded or be liable to be attached for 56 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE execution. Section 37D(1)(b), which permits a Fund make a deduction from an employee's benefit to settle a debt owing to the employer, is an exception to the general rule. Section 37D(1)(b) provides: A registered fund may(b) deduct any amount due by a member to his employer on the date of his retirement or on which he ceases to be a member of the fund, in respect of● (i) (aa) ... ● (ii) compensation (including any legal costs recoverable from the member in a matter contemplated in subparagraph (bb)) in respect of any damage caused to the employer by reason of any theft, dishonesty, fraud or misconduct by the member, and in respect of which● (aa) the member has in writing admitted liability to the employer; or ● (bb) judgment has been obtained against the member in any court, including a magistrate's court, from any benefit payable in respect of the member or a beneficiary in terms of the rules of the fund, and pay such amount to the employer concerned; Before a Fund deducts or withholds a member's benefits on behalf of an employer, it must ensure compliance with the following conditions: ● There must be an amount due by a member to his employer on the date of his retirement or the date on which he ceases to be a member of the fund ● The amount must be for compensation in respect of any damage caused to the employer ● The damage caused to the employer must be by reason of theft, dishonesty, fraud or misconduct by the member ● The member must either admit liability in writing to the employer or judgment must be obtained in any court ● The judgment or the written admission of liability must be in respect of the compensation of the damage caused If the above conditions are met, the Fund may deduct from the member's benefits the amount due to the employer, as held in the case of Highveld Steel and Vanadium Corporation Ltd v Oosthuizen. The damage caused to the employer must be by reason of theft, dishonesty, fraud or misconduct by the member. In the case of Moodley v Scottburgh/Umzinto North Local Transition Council and Another [2000] 9 BPLR 945 (PFA), it was held that "misconduct" must be interpreted in light of the words "theft, dishonesty and fraud" that precede it. Therefore, to use the word "misconduct" there must have been an element of dishonesty. Section 37D(1)(b) refers to a Fund's discretion to make a deduction on the strength of a written admission of liability or a judgment by any court of law, including a magistrate's court. The judgment must either be a civil judgment sounding in money; alternatively, it must be a compensatory order made in terms of section 300 of the Criminal Procedures Act 51 of 1977, specifically allowing compensation to the employer. It is not often that a member admits liability for damage caused to an employer – which then leaves an employer with only the option of obtaining judgment against the employee. A challenge faced by an employer is the delay in obtaining judgment against an employee, especially where court proceedings are opposed by the employee. Until the judgment in Highveld Steel and Vanadium Corporation Ltd v Oosthuizen [2009] 2 All SA 225 (SCA), there had been uncertainty as to whether a Fund was entitled to withhold payment, especially where there had been no written admission of liability by a member to an employer or where an employer had not yet obtained judgment against the employee. It has been stated in many judgments that the purpose of section 37D (1) (b) (ii) is to protect the employer's right to pursue the recovery of money misappropriated by its employees. In the Highveld case, the court held that to give effect to the purpose of the section, which is to protect an employer's right to recover money misappropriated from it, the wording must be interpreted to include the power to withhold payment of a member's benefits pending determination or acknowledgment of the member's liability. FOR3702/1 57 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE To achieve reasonableness, and before withholding or deducting a member's benefits, a Fund must be satisfied that the employer has made out a prima facie case against the member and that there are reasonable chances of success in the proceedings. The employer is not at any stage responsible for any undue delay in the prosecution of the proceedings. Whilst withholding the pension benefits, a Fund must review the matter and consider the time taken to finalise matters. This makes it even more important, that an employer acts promptly in conducting an investigation, and in instituting proceedings against a suspected employee as soon as fraud has been detected. Prompt action will not only satisfy a Fund as to the employer's determination to prosecute the matter without delay; it will also send a decisive message to the rest of the organisation about the employer's stance on fraud. There are a number of different routes that a victim can take to try and recover his or her losses: 3.9.1 Criminal Compensation – Court Order If the matter has been prosecuted by the DPP, the court may order that compensation be paid to the victim. The Criminal Procedures Act 51 of 1977 states: Chapter 29 Compensation and Restitution Section 300: The court may award compensation where an offence causes damage to or loss of property. Criminal cases will usually involve corruption, fraud, misconduct, but the employer needs resources and time to follow this avenue. The Public Prosecutor has the option to decide whether or not to allow a case to continue. This may be one of a number of conditions that the court has imposed on a fraudster so that he or she can avoid going to prison and the court will usually ask the Probation Service to supervise the payment of the compensation. 3.9.2 Civil case If a criminal prosecution did not proceed or did not result in compensation, the victim can sue the fraudster personally in the civil courts. The most common grounds for civil fraud cases in South Africa is deceit, commonly known as fraud or fraudulent misrepresentation. The objective is to win an award of damages sufficient to restore the victim to a financial position as close as possible to the position he would have been in had the misconduct not occurred. 3.9.3 Small Claims Court The Small Claims Court allows claims up to the value of R15 000. However, the rules of the Small Claims Court state the following in respect of parties that may appear in the court: ● Only a natural person may institute an action in a court ● A juristic person may become a party to an action in a court only as defendant Anyone except juristic persons such as companies, corporations or associations may institute an action in the Small Claims Court. This closes a potentially useful avenue that would allow an employer some relief in terms of recovery of losses or damages caused by an employee. If it were available to companies, corporations or associations, this forum would be perfect as it does not allow attorneys or advocates to represent the parties and could be an effective, faster and cheaper method for the employer to recover losses or damages suffered by the employee. ACTIVITY 3.9 Read the following scenario and respond to the question that follows. Ms Tshabalala was employed as a store manager for ABC Computer Corporation and was responsible for stocktaking and record keeping. She stole 10 computers and sold them to street traders few blocks from her employer’s business. The investigation found that Ms 58 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE Tshabalala was involved in the theft as she had been captured on the company’s CCTV cameras stealing the computers. She was confronted and ultimately confessed to the investigator. On the same day she immediately tendered 24 hours’ notice of resignation instead of giving a 30 days’ notice. Mention the routes the employer can take to recover the loss suffered by the organisation as a result of this employee’s misconduct. FEEDBACK A model answer can be drawn from point 3.9. Some of the facts are that the employer can make use of section 37D(1)(b) of the Pension Funds Act 24 of 1956 which provides an employer with a remedy to recover the losses suffered as result of misappropriation of the employer’s property by employees. The employer will have to request the Pension Fund Administrators to withhold the employee's pension benefits – as was held in the case of Kotze v Mpumalanga Department of Education and Others (18453/ 13) [2014] ZAGPPHC 322; (2014) 35 ILJ 2361 (GNP). The principal benefit of withholding an employee's pension benefits in terms of section 37D (1) (b) is that an employer is reasonably assured that there will be an asset against which to execute once judgment is ultimately obtained. The employer should also consider turning down the notice of resignation and instituting a disciplinary hearing against the employee for misconduct. 3.10 SUMMARY AND CONCLUSION Even though there may be varied objectives in an investigation between the public, corporate and private investigators, the manner in which evidence is obtained remains similar. The same rights that are accorded the suspects in external investigations are similar to the rights of the employees who are suspected of non-compliance with policies or other transgressions. Investigators must be knowledgeable regarding labour law – especially investigators who are investigating within organisations. In addition to this, the conduct and professionalism of investigators is equally important. Ethics plays a major role in investigation. The investigator ought to demonstrate his or her intellectual independence and leadership through professional and ethical decision-making, without any bias or prejudice towards any person. A report must be prepared so that it tells a story, It should have a beginning, a middle and an ending. The story should be complete and express precisely that which is being reported upon. The report must objectively represent the investigation result and the recommendations of the report must be made in such a way that the recipient is able to make an informed decision. It should be borne in mind that if the interviews, questioning or interrogation were not properly conducted, the case under investigation may not result in a conviction. The courts and other quasi-judicial forums depend on evidence brought before them in order to draw certain conclusions. The process by which the information on which a report is based must have been obtained using a legal and transparent process. In most cases corporate and private investigators need to recover losses suffered by the organisations concerned and should follow the correct processes in order to do so. 3.11 BIBLIOGRAPHY Adams, S.H. 1996. Statement Analysis: What do Suspects’ Words Really Reveal? Available at: www. crimeandclues.com (accessed on 26/08/2009). Constitution of the Republic of South Africa. 1996 (Act 108 of 1996). Referred to as the Constitution. Ferraro, E.F. & Spain, N.M. 2006. Investigations in the workplace. New York: Auerbach. Ferraro, E.F. & Spain, N.M. 2006. Investigations in the workplace. New York: Auerbach. FOR3702/1 59 LEARNING UNIT 3: INVESTIGATION OF NON-COMPLIANCE Ferraro, E.F. & Spain, N.M. 2006. Investigations in the workplace. New York: Auerbach. George, K.M. 2016. No ethics without things. Journal or religious ethics, 44. 1: 51–67. Gilbert, J.N. 1993. Criminal investigation. New York: MacMillan. Grogan, J. 2007. Workplace law. 9th edition. Cape Town: Juta. Guerin, L. 2007. The essential guide to workplace investigations. USA: Consolidated printers. Hartner, D.F. 2015. Should ethics courses be more practical? Teaching Ethics, Joubert, C. 2001. Applied law for police officials. 2nd edition. Florida: Technikon SA. Machovec, F. 2006. Private Investigation and Security Science. A Scientific approach. Springfield. Charles C Thomas. Mahajan, A & Mahajan, A. 2016. Code of ethics among Indian business firms: A cross-sectional analysis of its incidence, role and compliance. Sage, 20 (1) 14–35. McNeil, BF. & Brian, BD. 2007. Internal corporate investigations. 3rd edition. Chicago: ABA . Marais, CW. & Van Rooyen, HJN.1992. Crime Investigation. Silverton: Promedia. McNeil, BF. & Brian, BD. 2007.Internal Corporate Investigations. Chicago: American Bar Association. Montgomery, RJ. & Majeski, WJ. 2005. Corporate Investigations. 2nd edition. USA Lawyers and Judges Publishing Company. Newburn, T, Williamson, T. & Wright, A. 2008. Handbook of Criminal Investigation. UK: Willan. Raguz, I.V. & Matic, M. 2015. Business students’ attitudes towards business ethics: evidence from Croatian universities. Management Journal, 21, 189–205. Reuland, M.M. 1997. Information management and crime analysis. Washington DC: Police executive research forum. Olzak,T. 2008. Three security investigations pitfalls to avoid. IT Security. From: http://blogs.techrepublic.com (accessed 14 February 2011). Rose-Hulman Institute of technology. Machovec, F. 2006. Private investigation and Security science (A scientific approach). USA: Charles C Thomas. South Africa. 2006. South African Police Service Disciplinary Regulations (Government Notice R 643 of 2006) Government Gazette. South Africa. 2002. Explanatory manual on the code of conduct for the public service: A practical guide to ethical dilemmas in the workplace. 1st edition. Pretoria: Government Gazette. South Africa. 1996. The Constitution of the Republic of South Africa, Act 108 of 1996. Pretoria: Government Printer. South Africa. 1995. South African Police Service Act 68 of 1995. Pretoria: Government Printer. Unisa. 2010. Corporate Investigations 11: Only study guide for SEP2603. Pretoria. Unisa. 2008. Corporate Investigations 1: Only study guide for SEP1503. Pretoria. Unisa, 2005. Advanced Corporate Investigations 1 V: Study guide A for ACI401S. Pretoria. Unisa. 2004. Criminal Investigation B: study guide SEP221B. Pretoria. Unisa, 2004. Advanced Corporate Investigations 1V: Reader for ACI 401 S. Pretoria. 60 Learning unit 3: INVESTIGATION OF NON-COMPLIANCE Van Rooyen, H.J.H. 2008. The practitioners guide to forensic investigation in South Africa. Pretoria: Henmar. Van Rooyen, H.J.H. 2004. Investigation The A–Z Guide. Pretoria: Henmar. Van Rooyen, H.J.H. 2001. Practical guide for private investigators. Pretoria: Henmar. FOR3702/1 61 Learning unit 4 INVESTIGATION BASED ON PREVENTION STRATEGIES 4.1 Learningunit4 INTRODUCTION Crime prevention improves quality of life for every community. The major goal of crime prevention is to provide communities, local government, private sector partners and faith-based organisations with information on crime prevention that will enable them to create safer, more secure, and more vibrant communities. Crime prevention is said to be a proactive – rather than a reactive – mechanism in fighting crime in the public and private environments. The focus of crime prevention is on reducing the threat of crime and enhancing the sense of safety and security, on positively influencing the quality of life in our society, and on developing environments where crime cannot flourish. Proactive policing attempts to prevent crime from occurring in the first place, whereas, reactive policing responds to crime after it has occurred. The learning unit discusses the theory of crime prevention, crime prevention strategies, a multidisciplinary approach to investigation and the outcomes of effective investigation. 4.2 TYPES OF CRIME PREVENTION ● Punitive – – – – – criminal law law enforcement courts jail and prisons crime stoppers ● Corrective – – – – – employment education counselling mentoring giving people a head start ● Protective – – – – – neighbourhood watch community policing public education CPTED home security ACTIVITY 4.1 Discuss the different types of crime prevention. 62 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES FEEDBACK ● Punitive: criminal law, law enforcement. courts, prisons, crime stoppers ● Corrective: employment, education, counselling, mentoring, giving people a head start ● Protective: neighbourhood watch, community policing, public education, CPTED, home security 4.3 ● ● ● ● ● ● CRIME PREVENTION PROGRAMMES CPTED Neighbourhood watch Workplace safety Post evacuation Training of employees Protecting computers and other fixed and portable electronic devices, etc. 4.4 THEORIES OF PREVENTION The theory of crime prevention through environmental design (CPTED) is based on one simple idea – that crime results partly from the opportunities presented by physical environment. This being the case, it should be possible to alter the physical environment so that crime is less likely to occur. Crime prevention through environmental design advances a comprehensive set of guidelines to reducing opportunities for crime in the built environment, with these guidelines being intended to guide the police or investigators, town planners and architects. It is an approach to changing the physical environment and, thus, the opportunities for committing crime. The intention is that, if crime is not reduced entirely through CPTED, it will be displaced to some other time, place and target. 4.4.1 Approaches to crime prevention through environmental design There are three distinct approaches or theories that come under the general heading of crime prevention through environmental design. The first approach concerns the biological and environmental determinants of crime. The theory says prevention ought to be focused on factors related to the biology of crime. Such an exposure to the biological factors of crime leads to delinquency in children. The second approach falling under crime prevention through environmental design is the “defensible space” theory of architecture. This theory places much of the blame for the high crime rates in public housing “projects” on their layout and design. Huge stark designs made it seem to residents that no-one cared about them and such projects tended to be located in what were already high-crime neighbourhoods. In addition, the large buildings made it difficult for residents to know who the other residents were and who the intruders were. These factors conspired to attract criminal predators who could commit their crimes with little fear of arrest. Such problems can be resolved by enacting a wide range of detailed design suggestions that have been made to change these conditions and to make housing safer, and also by encouraging natural territorial behaviour on the part of residents by enabling them to have surveillance of the public areas around their individual residences. The argument advocates the abandonment of tower block buildings, as they are potentially criminogenic. The third environmental design approach is situational crime prevention. Unlike CPTED and “defensible space” this approach is not concerned principally with architectural design and the built environment. However, it is a general approach to reducing the opportunities for FOR3702/1 63 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES any kind of crime, occurring in any kind of setting and including corruption and fraud, public violence and domestic violence, as well as the conventional predatory offenses. Situational crime prevention operates on the concept of offender choice by identifying ways to manipulate immediate situations so that offending appears less attractive. Situational crime prevention rests on the notion that in order to understand criminal intent it is sufficient to understand its situational contingencies, at least for the purpose of preventing crime. 4.4.2 Displacement Displacement is described as a shift of crime from one area to another. It takes place when criminal activity is shifted by the improved crime prevention strategies in place to another nearby organisation or business where weak/unimproved policies are still in place. Criminals are often attracted by these unimproved policies and weaknesses to commit crimes. If the organisation protects its assets very well, criminals will not bother to try to steal these assets as they will be unlikely to succeed in doing so. ACTIVITY 4.2 Discuss the three approaches falling under CPTED. Explain the situational crime prevention theory in relation to crime problem in South Africa. FEEDBACK The answer to these questions can be found at point 4.4.1 above. They are biology and environmental determinants of crime, defensible space and situational crime prevention. Situational crime prevention operates on the concept of offender choice by identifying ways to manipulate immediate situations so that offending appears less attractive. Situational crime prevention rests on the notion that, in order to understand a criminal event, it is sufficient to understand its situational contingencies, at least for the purpose of preventing crime. This theory is also relevant to South Africa’s crime problem. 4.5 OPPORTUNITY THEORIES It is widely recognised that most traditional criminological theories are theories of criminality and not theories of crime. Traditional theories deal with the factors that cause people or groups to be disposed to criminal action. In other words, they deal in behavioural tendencies and not behaviour itself. Behaviour is the product of the interaction between the person and the setting. To put this in the language of criminology, crime (a behaviour) is a product of the interaction between a criminal propensity and a criminal opportunity. While it is necessary to understand the factors that result in criminal dispositions, this alone does not explain the occurrence of crime. To explain crime, one must also explain the interaction between disposition and opportunity. This is what most traditional criminology has failed to do. Instead, it has assumed that explaining criminal disposition is the same as explaining crime. Criminologists are beginning to take an interest in developing not just theories of criminality, but what are called “theories of crime” (opportunity theories). The two best known of these are routine activity theory and the rational choice perspective. The two theories are complimentary, and deal with somewhat different questions. 64 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES 4.5.1 Theories of crime Theories of crime explain why criminals commit crime. The crime theories that will be discussed here are Routine Activity Theory and Rational Choice Perspective. Routine activity theory seeks to explain how changes in society in the numbers of “suitable targets” for crime, or in the numbers of “capable guardians” against crime can lead to more or less crime. The rational choice perspective tries to understand crime from the perspective of the offender. The questions that are often asked are: What is the offender seeking by committing crime? How do offenders decide to commit particular crimes? How do they weigh the risks and rewards involved in these crimes? How do they set about committing them? If prevented from committing them, what other crimes might they choose to commit? The rational choice perspective is directly concerned with the thinking processes of offenders, how they evaluate criminal opportunities and why they decide to do one thing rather than another, Indeed, why they choose to obtain their ends by criminal and not legal means. This perspective has helped to explain why displacement does not always occur. It has also been helpful in thinking about different ways to reduce opportunities for crime. Different ways to reduce opportunities for crime are described in situational crime prevention and are listed under the objectives that form part of the rational choice perspective. The crime prevention techniques are the following: ● ● ● ● ● ● To increase the perceived difficulty of crime Increase the effort To increase the perceived risks of crime To reduce the anticipated rewards of crime Reduce provocation To remove excuses for crime ACTIVITY 4.3 Which crime theories do you know of? Discuss them in detail FEEDBACK ● Routine activity theory ● Rational choice perspective Rational choice perspective tries to understand crime from the perspective of the offender. The questions that are often asked are: What is the offender seeking by committing crime? How do offenders decide to commit particular crimes? How do they weigh the risks and rewards involved in these crimes? How do they set about committing them? If prevented from committing them, what other crimes might they choose to commit? Rational choice perspective is directly concerned with the thinking processes of offenders, how they evaluate criminal opportunities and why they decide to do one thing rather than another, Indeed, why they choose to obtain their ends by criminal and not legal means. 4.6 CRIME PREVENTION STRATEGIES Crime prevention strategies are intended to prevent crime from happening in a particular organisation and or in society in general. The strategies are categorised as short term and long term. The following is an explanation of these strategies. FOR3702/1 65 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES 4.6.1 Short-term crime prevention strategy Security is viewed as a short-term crime prevention strategy because security measures cannot attend to the basic causes of crime that are inherent in society and the individual. For example, high walls protecting a factory cannot by themselves change a person’s desire to commit a crime such as burglary or arson. High walls, as a physical barrier, can merely reduce the opportunity to commit the crime by limiting access to the premises concerned. A criminal who has the desire to commit a crime might not have the physical ability to climb over the wall. Can you think of other examples? Inside the organisation or businesses, investigators do not have much influence over the factors that cause crime. However, with top management’s approval and support, they do have some control over the occupational environment. ACTIVITY 4.4 Read the following scenario and respond to the question that follows. Your top management committee asks you to explain to them why crime levels are high in the external environment in which their client base is situated. They further question why the security department cannot provide solutions to this problem. Very briefly explain to them why security measures are viewed as only a short-term crime prevention measure. FEEDBACK Your answer will include the following aspects: ● The environment in which the business or organisation operates may influence the level of crime that affects the business or organisation; for example, industrial firms next to an informal settlement with a large number of unemployed people ● The business or organisation’s policy does not fully support the security policy if there is one in place. Protective security is seen as another expensive commodity that is costly for the organisation, ● Security measures that are in place, if any, are installed and implemented without a proper security risk assessment exercise as proof that they protect what is supposed to be protected. 4.6.2 Long-term (primary) crime prevention strategy Long-term crime prevention strategies are aimed at preventing crimes from occurring in communities or in society. Long-term crime prevention strategies are aimed at reducing the predisposing factors in an individual. The positive roles played by a healthy environment (family, school, church, friends, sport and work) in preventing crime are factors to study when you consider long-term crime prevention strategies. Examples of long-term or primary crime prevention measures are the following: ● ● ● ● ● Improving education systems and encouraging people to attend schools Encouraging people to practice their religious faith Encouraging, creating and maintaining healthy relationships in the family and society Encouraging people to participate in extra mural activities and sport Creating sustainable jobs Do you think there are other ways in which crime can be prevented by using the long-term crime prevention strategy? The long-term crime prevention strategy advocates the fact that people 66 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES must be encouraged to comply with the values, discipline and norms associated with a healthy and moral society so that they can be good citizens. When people are kept busy they often do not have time and opportunity to plan evil. Do you agree? Explain. 4.7 THE RESULTS OF CRIME THAT WILL MAKE A WOULD BE CRIMINAL FEARFUL TO COMMIT CRIME The consequences of crime should be made known to all staff members by means of a corruption prevention programme. The following are some of the personal consequences of corruption: ● Going to prison and being incarcerated with hardened criminals (and possibly being assaulted while in prison) (conviction on a white- collar crime [non-violent] does not mean going to a “soft” prison where fellow inmates are in for the same non-violent crime) ● Being fired from employment ● Bringing disgrace to family name and family after being “named and shamed” ● Loss of respect among friends and family (social rejection) ● Feelings of depression, regret and humiliation at having acted in an ignorant, foolish, irresponsible, negligent and criminal manner ● Corruption accused and even committing suicide (having lost their self-esteem) ● Being saddled with a criminal record and not being eligible for a security clearance (this criminal record will in all likelihood play a role in further criminal convictions involving dishonesty) ● Travel restrictions in respect of overseas travel to certain countries because many countries refuse to provide a visa to anyone with a criminal record (in such cases immigration is also out of the question) ● Lack of a medical aid fund due to not being able to meet the payments, ● In certain circumstances accused’s spouse instituting divorce proceedings ● Children being ridiculed at school for the sins of their parents ● Not being able to serve as a director of a company in terms of the Companies Act because of having a criminal record ● Not being able to serve as a member of parliament ● Not being able to obtain credit due to being unemployed, ● Not being able to be a private investigator or security officer due to not being able to register with PSIRA 4.8 STRATEGIC OVERVIEW OF ANTI-CORRUPTION STRATEGIES WITHIN THE SOUTH AFRICAN PUBLIC SERVICE South Africa introduced the Public Service Anti-Corruption Strategy specifically for the Public Service to give effect to the expressed commitment of government to fight corruption in the Public Service. The Public Service Anti-Corruption Strategy contains the following interrelated and mutually supportive considerations: A review and consolidation of the legislative framework, improving access to report wrongdoing and protection of whistle-blowers and witnesses, prohibition of corrupt individuals and businesses, improving management policies and practice, managing professional ethics, social analysis, research and policy advocacy, training, awareness and education of the people dangers of crime. In addition, South Africa has a National Development Plan 2030 which also stipulates how the goal of zero tolerance for corruption will be achieved by 2030. The goal is planned to be achieved by building a resilient anti-corruption system, strengthening accountability and responsibility of public servants, and creating a transparent, responsible and accountable public service that is able to efficiently service its people. The following are indicators that measure the success in the fight against crime in the public service: FOR3702/1 67 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES ● ● ● ● ● ● ● Percentage reduction in incidents of corruption in the public service Percentage increase in finalised cases (administrative and criminal), Number of cases successfully concluded Percentage increase in the time it takes to finalise cases Percentage reduction in the level of negative perception of corruption Percentage increase in amounts of money recovered Number of cases reported 4.8.1 Designing a corruption prevention programme for organisations or businesses Crime breeds and flourishes in an environment where there is a lack of management control measures. Furthermore, where management control measures are in place, these are generally not enforced. An investigator must have the support of top management if a corruption prevention programme is to succeed. Management commitment is the number one anti-corruption requirement. Top management needs the psychological will or commitment to have a corruption prevention programme drafted, approved and enforced within a company or organisation. Without the commitment of top management the investigator will face an uphill battle to implement and enforce a corruption prevention programme. Generally, top managers become committed (convinced) only after their organisations or businesses have fallen victim to a serious case of corruption or fraud and have suffered millions if not billions in losses. A corruption prevention plan must have been timeously submitted to top management in writing. This will ensure that a paper trail is kept and will protect the drafter of the plan in the event of a risk occurring. An effective corruption prevention policy must be established in a proactive way. This corruption prevention policy may form a part of the security policy, the investigative policy, the purchasing policy and even a part of the internal audit policy. This is informed by the reality that procedures flow from policies. A policy must be in place if the dictates of corporate governance and due diligence are to be met. 4.8.2 Fraud prevention policy The fraud prevention policy is an institution's statement on its commitment and or stance in managing the threat of fraud and corruption. The fraud prevention policy informs the fraud prevention strategy of such an institution and therefore any major changes in the operations, structures and or legislation that affects fraud risk management will require a review of the policy. The institution can also include a provision on the review of the policy to ensure relevance at all times. The statement can include the following: ● ● ● ● ● Anti-fraud programmes adopted by the institution Policy and procedure for reporting of fraud Mechanisms in place to prevent, detect and investigate fraud Recovery of financial losses Anti-fraud culture and values of the organisation 4.8.3 Fraud prevention strategy The fraud prevention strategy is a detailed plan on how the institution will implement the measures to address the risk of fraud and corruption. The institution should review the strategy annually to address the emerging fraud risks. The strategy should include detailed information on the following: ● Identification and assessment of vulnerable areas ● Ownership of fraud risk 68 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES ● Response plan ● Anti-fraud culture ● Legal framework 4.9 EFFECTS OF EFFECTIVE INVESTIGATION Investigation may be seen as a proactive function within the sphere of crime management. For example, where a thorough investigation is being conducted in an organisation, staff members may be made aware of this activity. If a staff member is subsequently convicted in a criminal court and discharged, and has his or her assets are confiscated, this could send a clear message to all the employees that crime does not pay. The investigation has thus had a proactive function in that other staff are deterred from committing similar crimes. Can you think of other ways staff can be prevented from committing crimes against the employer? When employees join a company they subject themselves to the disciplinary policies and procedures of the organisation. This is done when they sign the employment contract. That is why, when a transgression that impacts upon the work of the company takes place, the company has the right to act against the individual concerned. This is where the task of corporate investigators starts as they are employed to investigate any allegations of a transgression and to submit a report on their findings to the Human Resource department or division or a member of a Disciplinary Committee. The task of the Disciplinary Committee is to consider the report and to decide on appropriate steps to be taken. Private investigators, on the other hand, have no rights or powers to rely on when they do an investigation unless they have been specifically mandated by their client. Their powers are those of a private person and they are at risk most of the time because they need to take serious note of the laws that protect an individual’s right to privacy. Such investigators need to take note of the dangers and pitfalls that are present when doing investigations where they do not enjoy the protection of the law. The bottom line is that all investigators are bound by the parameters of the laws under which they have been appointed and in terms of which they operate. ACTIVITY 4.5 Read the following scenario and respond to the question that follows. You are the investigator for JOA Ltd, and you have been requested to draft a fraud response plan for the business. What essential elements will you include in the fraud response plan? FEEDBACK Every fraud response plan should include elements such as identification and assessment of vulnerable areas, ownership of fraud risk, fraud response plan, anti-fraud culture in the business or organisation and the legal framework. 4.10 THE MULTI-DISCIPLINARY APPROACH TO INVESTIGATION In South Africa there are bodies which are established to regulate, investigate and report on crimes such as cyber-crimes, fraud and corruption incidents. These bodies can also be used as FOR3702/1 69 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES partners in the investigation of crime, as they store information that may assist in the investigation of a case. The organisation and institutions are as follows: 4.10.1 Department of Trade and Industry The National Treasury is responsible for managing South Africa's national government finances. Supporting efficient and sustainable public financial management is fundamental to the promotion of economic development, good governance, social progress and a rising standard of living for all South Africans. The Constitution of the Republic (Chapter 13) mandates the National Treasury to ensure transparency, accountability and sound financial controls in the management of public finances. Information that can be harvested from the Department of Trade and Industry (DTI) could be business registrations such as type of business and subsidiaries, directors of companies, shareholders amongst others. 4.10.2 South African Revenue Services The South African Revenue Services (SARS) administers a number of tax Acts in terms of which money (taxes, duties and levies) are collected and paid into the National Revenue Fund. SARS also collects money on behalf of other departments under their legislation, which is then also paid into the National Revenue Fund. The South African Revenue Services website has a portal for the reporting of tax crimes. Tax crimes can lead to identity fraud, which is theft of a human individual identity. The portal further describes the types of identity fraud that can occur, such as phishing, in which conmen use e-mail scams requesting individuals to provide private and confidential information via a website link tool. Another type of fraud is refund scams in which an identity thief can use a legitimate taxpayer's identity to fraudulently file a tax return and claim a refund. Identity theft involves taxpayers being phoned by a person claiming to be a SARS employee and informing them that SARS owes them money. However, SARS will never notify taxpayers about refunds by telephone. Fake SARS auditors and scam artists pretending to be SARS auditors also contact businesses to inform them that they are under investigation and that an audit is going to be conducted. SARS has reporting channels for identity theft and fraud for the public. The channels include tollfree telephone numbers, walk-ins, and the Anti-corruption and Fraud Hotline toll-free number. Victims of tax crimes should notify SARS and the South African Police Services and close all their bank accounts. SARS also provides some guidelines as to what people should have at hand when they report identity theft and fraud. The guidelines include having the identity number, a tax reference number and the vehicle registration number of the person being reported. The person reporting the offence may choose to remain anonymous. Lastly, the person reporting should be aware that SARS will not revert back to him or her, as SARS does not share a person's tax affairs with anyone else except with that person's consent. SARS also advises people to protect themselves from identity theft and identity fraud by registering personal information with the South African Fraud Prevention Services if they have lost their identity document or passport or had either of these stolen. 4.10.3 Financial Intelligence Centre The Finance Intelligence Centre (FIC) has been established to maintain an effective policy and compliance framework and operational capacity to oversee compliance. It also aims to provide high quality, timeous financial intelligence for use in the fight against crime, money-laundering and terror financing in order for South Africa to protect the integrity and stability of its financial system, develop economically and be a responsible global citizen. Some of the requirements for financial institutions as stipulated in the Finance Intelligence Centre Act 38 of 2001 include a "Know-your-client” checklist which allows financial institutions to verify 70 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES clients' personal information before they proceed with business. This checklist assists financial institutions in eliminating those potential clients that do not comply with the Act as potential fraudsters within the system. Institutions or organisations registered with the Finance Intelligence Centre (FIC) as Accountable Institutions must comply with section 11 of the FICA Act 38 of 2001. The Act stipulates that persons who carry on with the business of lending money against the security of securities are obligated to report any suspicious financial transactions or cash deposits over the set limit. The reason for this is to determine whether the said financial transactions or cash deposits constitute the crime of money-laundering in terms of the FICA Act. FIC also interacts with the SAPS, SARS, National Prosecuting Authority (NPA) and the Special Investigation Unit (SIU). 4.10.4 The Public Protector The Public Protector is an independent chapter nine institution established under section 182 of the South African Constitution. It receives reports from any person who has a complaint of fraud or corruption that involves government departments, agencies or officials who violate their ethical codes or codes of conduct, as long as it is not a criminal case. The cases are investigated and recommendations are binding and subject only to a court review. Reports can be made in person at any of the Public Protector's offices in each province or through its website. 4.10.5 The South African Police Service Cases of fraud and corruption that involve criminal offences can be reported at any police station. The SAPS investigates cybercrimes, fraud and corruption cases and other crimes in South Africa. After a case is opened at a police station, it may be referred to one of the specialist units for further investigation. The local police station where the case is reported must communicate the progress of the case to the person who reported the case and, thereafter, the investigating officer who is handling the case will liaise with the complainant – such as an internal investigator within the reporting organisation or company. 4.10.6 The Public Service Commission The Public Service Commission (PSC) is an independent institution established under Chapter 9 of the Constitution and that oversees the public service. One of its functions is to receive complaints from individuals regarding, among other things, financial misconduct by government employees. The Commission hosts the National Anti-Corruption Hotline for the Public Service, which receives and compiles reports on fraud and corruption and refers these reports to investigators. 4.10.7 National Anti-Corruption Forum South Africa established the National Anti-Corruption Forum (NACF) during 2001, to focus on combating and preventing corrupt activities, building integrity and raising awareness. The NACF is divided into three sectors, namely civil society, business and government. The NACF was meant to find common ground between sectors, harmonise the sectors' strategies against corruption, and to provide advisory services on the implementation of strategies to combat corruption (National Anti-Corruption Forum, 2014). Over the years, the NACF has hosted summits in regard to corruption. Certain commitments have been made in respect of combating the corruption that was corroding the national culture and ethos of democracy and good governance at all levels of society. Recommendations have also been made to stamp out corruption at every level of society by developing a culture of zero tolerance against corruption and by educating the people to that effect (National Anti-Corruption Summits, 2014). FOR3702/1 71 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES At the first of the National Anti-Corruption Summits, held in Cape Town in 1999, a commitment was made to combat corruption and to protect persons who expose corrupt and unethical practices from being victimised in terms of the Protected Disclosures Act 26 of 2000 (South Africa, 2000). The National Anti-Corruption Hotline (South Africa. Public Service Commission, 2004) was put in place to facilitate the reporting of corrupt practices in all sectors. At a later stage, in 2004 the National Anti-Corruption Hotline Toolkit (South Africa. Public Service Commission, 2006) was also implemented so that the public could know how, when and what to report and not to report. The Second National Anti-Corruption Summit was held in March 2005 in Pretoria. Some of the resolutions drawn from the summit were that corruption was an obstacle to development and that all sectors represented there should unite in preventing and combating corruption. Further, in the fight against corruption, a commitment was made to ensure that the South African legal framework would comply fully with the international conventions of the United Nations, the African Union and the Southern African Development Community (SADC) in respect of corruption. After this summit, the National Anti-Corruption Programme was developed. This Programme is aimed at coordinating key problem areas and projects with specific outputs, timeframes and budgets. The Third National Anti-Corruption Summit was held in August 2008 in Johannesburg. Some of the resolutions were that the NACF would establish a task team to urgently consolidate and articulate the National Integrity System. The Fourth National Anti-Corruption Summit was held at the Sandton Convention Centre on 8 and 9 December 2011. The original (2001) vision of the NACF, as set out in the Memorandum of Understanding on its establishment, was that the NACF must be the primary platform for the development of a national consensus through the coordination of sectorial strategies against corruption (National Anti-Corruption Summits, 2014). 4.10.8 Special Investigating Unit The Special Investigating Unit (SIU) was established by the President of the Republic of South Africa in terms of the SIU and Special Tribunal Act 74 of 1996 (South Africa, 1996). Its primary mandate is to recover and prevent financial losses to the state caused by acts of corruption, fraud and maladministration. The SIU also assists departments with systemic improvements to improve service delivery. The SIU is a public entity with powers of investigation and litigation (Special Investigating Unit and Tribunals Act, 74 of 1996). 4.10.9 Auditor-General of South Africa The Auditor-General of South Africa (AGSA) is the Supreme Audit Institution of South Africa. As such, it has a constitutional mandate and exists to strengthen our country's democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence. Corrupt activities are frequently uncovered during audits and reported by AGSA to the relevant authorities. 4.10.10 The National Prosecuting Authority The National Prosecuting Authority has the power to: Institute and conduct criminal proceedings on behalf of the State; carry out any necessary functions incidental to instituting and conducting such criminal proceedings (this includes investigation) and to discontinue criminal proceedings. ACTIVITY 4.6 Read the following scenario and respond to the question that follows. The owners of JOB (Pty) Ltd have committed fraud at ABC bank. ABC bank has opened a case of fraud at the Pretoria SAPS Specialised Commercial Crime Unit. The case is assigned to you to conduct an investigation during which you will need to obtain 72 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES information regarding the owners of the business. Which body and what other information will you have access to? FEEDBACK The investigator can approach the Department of Trade and Industry (DTI) for assistance. Information that can be harvested from the DTI includes, among other things, business registration details, the type of business and its subsidiaries and the identity of directors of companies, shareholders and so on. 4.10.11 The Public Service Anti-Corruption Unit The launch of the Public Service Anti-Corruption Unit (SACU) is part of a broader anti-corruption strategy for the public service driven by the Minister for Public Service and Administration. Established to assist departments with managing corruption cases, from investigation stage to conclusion, the Unit operates using a multi-agency approach which includes coordination of anticorruption initiatives within the public sector with key stakeholders such as the SIU, the Auditor General of South Africa, the National Treasury and the PSC. The Unit primarily investigates officials with undeclared business interests, officials who do business with government without disclosing their business interests, officials who perform remunerative work outside the public service without permission, officials who solicit and/or receive bribes in return for performing or not performing official duties, and officials receiving grants or benefits unlawfully. The key functions of the Unit include: ● Conducting, facilitating and coordinating the investigation of high profile cases ● Referring investigation outcomes for corrective action to relevant authorities ● Conducting, coordinating and facilitating the management of disciplinary proceedings for high profile cases ● Monitoring and evaluating the consistency and efficacy of the implementation of disciplinary outcomes and corrective action taken 4.11 LEGISLATIVE AND POLICY FRAMEWORK ADDRESSING CRIME IN SOUTH AFRICA The policies and directives discussed below act as the legislative framework governing the fight against corruption in South Africa. 4.11.1 The Prevention and Combating of Corrupt Activities Act 12 of 2004 The South African Prevention and Combating of Corrupt Activities Act 12 of 2004 (South Africa 2004) was put in place to provide for stronger measures to prevent and combat corrupt activities and to bind persons in positions of authority to report such activities. The Act is supported by other Acts such as the Local Government Municipal Finance Management Act 56 of 2003 that also contribute to the fight against corruption. These supporting Acts assist in securing sound and sustainable management of the financial affairs within municipalities and other institutions in local governments. The Acts also establish treasury norms and standards and any related matters to that effect. 4.11.2 The Promotion of Administrative Justice Act 3 of 2000 The Promotion of Administrative Justice Act 3 of 2000 (South Africa, 2000c) makes the administration effective and accountable to people for its actions. FOR3702/1 73 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES 4.11.3 The Promotion of Access to Information Act 2 of 2000 The Promotion of Access to Information Act 2 of 2000 (South Africa, 2000a) allows the constitutional right of access to any information held by the State and any information held by another person and that are required for exercising or protecting any rights; and to provide for matters connected therewith. 4.11.4 The Public Finance Management Act 1 of 1999 The Public Finance Management Act 1 of 1999 (South Africa, 1999) regulates the management of finances in national and provincial government by providing protocol in all revenue, expenditure, assets and liabilities in order to secure transparency, accountability and sound financial management in government and public institutions. 4.11.5 The Protected Disclosures Act 26 of 2000 Having realised that one of the reasons that corruption was on the rise could be the fear of victimisation, South Africa introduced the Protected Disclosures Act 26 of 2000 (South Africa, 2000b). The Act is meant to protect employees in the public and private sectors from occupational detriment should they “blow the whistle” on instances of corruption. South Africa also created guidelines into the Acts to make them easy to understand and implement. According to Mkhize (2012), some of the significant South African legislation relevant to combating corruption includes the Promotion of Administrative Justice Act, the Prevention of Organised Crime Act, the Financial Intelligence Centre Act, the International Cooperation in Criminal Matters Act, the Criminal Procedures Act, the new Companies Act and the Protection of State Information Bill. 4.12 CONCLUSION The approach to crime prevention dealt with in this module is short-term crime prevention through the implementation of short-term security risk control measures. Claims made for crime prevention through environmental design were that the physical environment plays a major part in crime causation. Despite these claims, some criminologists do not support the crime prevention through environmental design theory as it relates to contributory factors in crime causation. Much of this criticism was misplaced because supporters of the theory had generally not recognised that their theories were concerned mostly with the development of criminal dispositions, not the occurrence of crime. There is no doubt that crime prevention through environmental design will increasingly be used to help protect society from crime. Growing evidence about the role of opportunity in crime has encouraged the development of some new “opportunity” theories, including routine activity theory and the rational choice perspective. The latter in particular has provided the theoretical basis for situational crime prevention, which has now accumulated a solid record of crime reductions achieved in many different contexts. Displacement has not proved as great a threat as once thought and there is growing evidence of a diffusion of benefits from crime prevention projects. The prevention of corruption is a relatively inexpensive and simple matter. However, the investigation of a case of corruption that has already been committed is a very expensive matter that can drag on for months and even years. In such a case, losses have already occurred and investigations and court cases are horrifically expensive. Various aspects which should be considered in designing a corruption prevention programme for large organisations have been noted here. 74 Learning unit 4: INVESTIGATION BASED ON PREVENTION STRATEGIES SELF-ASSESSMENT QUESTIONS What are the effects of effective investigation? Differentiate between short-term and long-term prevention strategies. Questions for reflection Carefully consider the following questions. This will assist you in monitoring your progress. ● ● ● ● What have you learnt in this learning unit? How will you apply your new knowledge and skills in the workplace? Which area(s) of learning have you found difficult? Why? What steps can you take to overcome these difficulties and improve your knowledge and skills? 4.13 BIBLIOGRAPHY Ciampa, M. 2007. Security awareness: Applying practical security in your world. 2nd edition. Thomson. Special Investigation Unit. 2009. Annual report for 2009. Pretoria: Special Investigating Unit. Special Investigating Unit. 2010. Regulation 27 of 2010 in accordance with the Special Investigation Units and Special Tribunals Act 74 of 1996. Pretoria: Government Printer. South Africa. 2005b. Public Service Commission. Fighting corruption together: Past achievements, future challenges. A report of the second National Anti-Corruption Summit, 22–23 March 2005. Pretoria: Government Printer. South Africa. 2002. Department of Public Service. Code of Conduct for Public Servants. Pretoria: Creda Communications. South Africa. 2000. Protected Disclosures Act 26 of 2000. Pretoria: Government Printer. South Africa. 1998. Prevention of Organised Crime Act 121 of 1998. Pretoria: Government Printer. South Africa. 1998. Prevention of Organised Crime Act 121 of 1998. Pretoria: Government Printer. South Africa.1995. Police Service Act 65 of 1995. Pretoria: Government Printer. South Africa, 1996. National Crime Prevention Strategy (NCPS), Pretoria: Department of Safety and Security. South Africa. 1999. Public finance Management Act 1 of 1999. Pretoria: Government Printer. University of South Africa. 2015. Security risk control measures 111. Study guide for SEP3704. Pretoria: University of South Africa. University of South Africa. 2015. Applied security risk management. Study guide for SEP3701. Pretoria: University of South Africa. University of South Africa. 2011. Security technology and information security 111. Study guide for SEP3705. Pretoria: University of South Africa. University of South Africa. 2010. Corporate investigation 111. Study guide for SEP3703. Pretoria: University of South Africa. FOR3702/1 75 LEARNING UNIT 4: INVESTIGATION BASED ON PREVENTION STRATEGIES University of South Africa. 2005. Advanced corporate investigations IV: Study guide A for ACI401S. Pretoria: University of South Africa. University of South Africa. 2004. Criminal investigation B: study guide for SEP221B. Florida: Technikon SA. 76
0
advertisement
Related documents
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users