If 5% of employees are responsible for 95% of theft, what does this imply for control strategies?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the ASIS Protection of Assets (POA) Security Management Exam. Prepare with multiple choice questions, explanations, and insights. Get ready to excel in your exam!

Multiple Choice

If 5% of employees are responsible for 95% of theft, what does this imply for control strategies?

Explanation:
This reflects a risk-based approach to controls guided by the idea that a small group drives most of the risk. If only 5% of employees are responsible for 95% of theft, concentrating screening, monitoring, and access controls on that high-risk group yields far more impact than spreading resources evenly. Why this is the best approach: targeting resources where the theft risk is concentrated maximizes prevention with less wasted effort. You can tailor measures to the specific risks those employees pose—enhanced background checks, tighter access to valuable assets, more rigorous verification, separation of duties, and continuous monitoring—while keeping general controls lighter for the rest. This leverages data to reduce overall risk more efficiently. Context for implementation: identify high-risk individuals through risk indicators such as past incidents, job role and access level, unusual patterns in behavior or transactions, and network or asset access logs. Then apply layered controls around those assets and processes, and periodically reassess as patterns shift. Other options fall short because they dilute focus and miss ongoing risk: spreading controls evenly wastes scarce resources on low-risk workers; ignoring data and relying solely on external audits leaves gaps between audits where theft can occur; limiting controls to management ignores the fact that non-management staff can access, handle, or process valuable assets as well.

This reflects a risk-based approach to controls guided by the idea that a small group drives most of the risk. If only 5% of employees are responsible for 95% of theft, concentrating screening, monitoring, and access controls on that high-risk group yields far more impact than spreading resources evenly.

Why this is the best approach: targeting resources where the theft risk is concentrated maximizes prevention with less wasted effort. You can tailor measures to the specific risks those employees pose—enhanced background checks, tighter access to valuable assets, more rigorous verification, separation of duties, and continuous monitoring—while keeping general controls lighter for the rest. This leverages data to reduce overall risk more efficiently.

Context for implementation: identify high-risk individuals through risk indicators such as past incidents, job role and access level, unusual patterns in behavior or transactions, and network or asset access logs. Then apply layered controls around those assets and processes, and periodically reassess as patterns shift.

Other options fall short because they dilute focus and miss ongoing risk: spreading controls evenly wastes scarce resources on low-risk workers; ignoring data and relying solely on external audits leaves gaps between audits where theft can occur; limiting controls to management ignores the fact that non-management staff can access, handle, or process valuable assets as well.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy