Many organisations use an exit checklist when an employee and/or volunteer leave. However, it needs to be comprehensive so that it covers all areas that could cause detriment to the organisation.
When employees and / or volunteers leave the organisation, it is important that they no longer have access to the organisation’s information and no longer have possession of assets of the organisation.
The risk is that someone who leaves uses their previously provided information and/or assets to cause detriment to the organisation. This can be done in a number of ways. For example:
- Remotely accessing a member list and deleting important information or obtaining a copy of the information for future use;
- Remotely access client information that should remain confidential and allow that information to be released to the public damaging the reputation of the organisation;
- Accessing the organisation’s premises to cause physical damage;
- Keeping assets they are not entitled to keep; or
- Incurring expenses after they have ceased employment.
Methods to Mitigate the Risk
A checklist should be established for when an employee (and in some instances a volunteer) leaves the organisation. The checklist should include all items that need to be returned to the organisation, all authorisations that need to be cancelled and any other matters that should be addressed. This is so an ex employee (or volunteer) cannot defraud the organisation after they leave.
The following is a list (but not an exhaustive list) of matters that should be included:
· Items to be handed back to the organisation:
o Corporate Credit Card
o Laptop / computer / modem / AV equipment etc
o Thumb drives / external hard drives and any other external storage devices
o Mobile phones and accessories
o Internet connection equipment
o Car and car keys (including all items that should be in the car (eg. First aid kit)
o Fuel card
o Keys / access card to the building, office, cupboards and filing cabinets
o Security tokens for online banking, email access and any other remote access requirements
o Staff identification card and name tag
· To be changed / closed
o All computer access restricted both in the office and remotely
o Taken off the bank accounts as a signatory
o Password for online banking cancelled
o Security codes for access to the office / building cancelled
It must be remembered that the above are examples only, and a full list of items included on an Exit Checklist will vary from organisation to organisation.