Company security has been redefined as an integral part of the business function because the scale of the problem is pervasive. In the United States, for example, research indicates that 30 to 40 percent of employees steal from their employers. The American Management Association gives a figure of $40 billion in business losses yearly due to employee theft. The starting point in dealing with corporate security should be a thorough investigation of the company and its employees, including fraud and illegal access to computer files. Auditors should consider all areas of risk but commit resources in areas where the biggest savings can be made. Access controls and information monitoring will reduce the risk of illicit entry to computers or computer rooms. Risk audits can identify areas of vulnerability and evaluate procedural security systems. Pre-employment and staff screening can be used to assess integrity. It is pointed out that criminal trends of the 1990's are moving away from traditional robbery and toward extortion. Security consultants must be able to apply a wide range of expert disciplines and demonstrate an understanding of the organizational complexity of a company and the commercial, legal, and legislative environment in which it functions.