Strategies to Prevent and Detect Occupational Fraud in Small Retail Businesses

Davis, Marquita V

01 January 2019

Business owners' lack of strategies to prevent and detect occupational fraud in small retail businesses in the United States could result in substantial financial losses or insolvency. Grounded in Cressey's fraud triangle, the purpose of this multiple case study was to explore internal control strategies 6 owners of small retail businesses in southeastern Pennsylvania used to prevent and detect occupational fraud. Face-to-face interviews, observations, and documentation are the data collection techniques I used in this study. Data were transcribed, coded, analyzed, and member checked to identify emergent themes. Six themes emerged from the thematic analysis: financial impact, transaction responsibility and monitoring, networking and business models, communication, separation of duties, and training. The results of this study indicated areas for action that owners of small retail businesses could take to prevent and detect occupational fraud. Strategies business owners could implement to protect their businesses from occupational fraud include monitoring, employee identity documents to track employee activity, separation of duties, and communication with employees. The implications of this study for positive social change include the potential for social entrepreneurship because small business owners create employment opportunities for members of the community, including high school students with the desire to run small retail businesses. Small business owners serve their communities by focusing on wealth distribution, including donations to local charities that foster economic stability with positive effects on society.

Business strategies

Fraud

Fraud triangle

Occupational fraud

Separation of duties

Accounting

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Damrau, Adelaide

01 May 2023

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions.

Role-Based Access Control

Principle of Least Privilege

Separation of Duties

Permission

Risk

Role Explosion

Databases and Information Systems

Information Security

Other Computer Sciences