How Do Banks Investigate Unauthorised Transactions?
Unauthorised transactions, whether due to fraud or errors, can be a stressful experience for consumers. When a bank customer notices an unfamiliar …
Internal controls are absolutely critical for all Accounts Payable (AP) departments. Without them, AP departments face a much greater risk of financial losses, whether due to fraud or error. However, the fact is that no set of controls is foolproof.
In this blog we explore 5 reasons why internal controls fail, and why you need another layer of security to ensure you are not exposed when that occurs.
Whenever an organisation begins the process of developing its internal controls, it must begin with an assessment of the risks it is seeking to mitigate through their controls. However, many organisations fail to take into consideration the fact that risk is dynamic. Risk levels are constantly evolving due to changes taking place both within the organisation, as well as outside it. As risk levels evolve, so too must the controls you have in place that are designed to mitigate those risks.
Organisations should develop a process whereby risk levels are assessed on a regular basis in order to determine whether the internal controls need calibration.
Not every conceivable scenario will be covered by internal controls. Situations will arise that require judgement calls to be made. It is therefore necessary to ensure that you have a principles based approach to internal controls, rather than an overly prescriptive approach.
AP management and staff should have a strong understanding of the principles that underpin the internal controls you have in place. This will help ensure they have the ability to know how to respond to novel situations that may not be explicitly covered by your policy manuals.
This is among the hardest internal risks to detect and stop. AP officers may collude with suppliers to inflate invoices, or submit false invoices. It is essential that you have a range of internal controls to mitigate the risk of collusion, including regular audits, segregation of duties (ensuring multiple people need to approve outgoing payments), and rotation of duties (rotating staff between different functions) wherever possible.
When it comes to internal controls, remember that the policies you have in place are a means to serve an end goal – which is protection of your organisation from losses due to fraud or error. If the means are not achieving the desired end, then the means must change. Sticking rigidly to internal controls and policies that are not fit-for-purpose is pointless. Make sure a system is in place that allows internal controls to be adjusted if required.
Internal controls can be an impediment to efficiency. They can result in additional layers of red tape that slow down staff and make delivering business outcomes more cumbersome. It is critical that you have the balance right between internal controls and efficiency. AP staff should not take it upon themselves to override internal controls simply because they are inconvenient or annoying. If, for whatever reason, it is widely believed that internal control settings are too strict, have a system in place where management can make adjustments to the controls so that they don’t impose too much of a burden on staff and don’t impact efficiency too significantly.
Getting your internal controls right is a major challenge. If they are too rigid, they can undermine your team’s efficiency and productivity. If they are too weak, they can expose you to losses through fraud or error.
It is also true that no system of internal controls is foolproof. A determined adversary, whether external or internal, will always find a way to circumvent them.
That’s why you need a multi-layered approach to protecting your organisation. A technical security layer that ensures only authorised transfers are sent to authorised beneficiaries is essential.
Eftsure sits on top of your accounting processes and verifies outgoing payments in real-time, ensuring only approved funds are being sent to the intended recipient. When internal controls fail, Eftsure is in place to ensure you don’t suffer major financial losses.
Speak with Eftsure today for a full demonstration of how we can protect your organisation.
Unauthorised transactions, whether due to fraud or errors, can be a stressful experience for consumers. When a bank customer notices an unfamiliar …
For years, industry experts have been making predictions about what the finance function would look like in 2025. Many of the reports, …
The finance industry is extremely susceptible to data breaches. In fact, in 2023, it was the most breached industry and accounted for …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.