All organisations, regardless of size, territory and business sector, are vulnerable to fraud.
Fraud can take many forms;
Theft of cash, stock or other assets
In most cases this type of fraud can go on for many years and is often discovered purely by chance. The financial impact on a business can be devastating, but what can be overlooked is the resulting threat to an organisation’s processes and how such an event erodes the integrity of your employees and tarnishes your reputation.
It can be hard to accept that you require guarding against the inside job. Unfortunately, however, the truth is that the most well concealed fraud systems may be set up by the most trusted staff.
Social Engineering is a growing risk that many organisations are facing, as fraudsters develop increasingly sophisticated methods to defraud companies. Typically, fraudsters pose as legitimate individuals, such as a company director or senior managers. Other approaches include imitating both a supplier and/or a customer that is known to the business. They then leverage the social status or business relationships of the individual to gain money or information from an unwitting victim.
It would take almost a miracle to eliminate the risk of such fraud. However, like anything, there are risk management controls that, if adopted consistently, can assist organisations in reducing their risk. Listed below are some examples of measures which can be introduced to reduce the chance of loss:
Dual controls for all payment types – ensures processes are in place so that no one person controls payment or data-change procedures.
Authentication of invoices prior to payment being made, including email and call-back confirmations.
When any changes to supplier, employee or client details are requested, a consistent robust verification process is followed – this may include a phone call, written documentation or even a different format on the first payment change.
Regular independent review of generation reports showing all changes.
Maintain secure storage, release and/or dispose of all sensitive or confidential information which could be used by fraudsters.