Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
All too often trusted insiders, such as long-standing staff members, use their privileged positions to defraud their employer. Such risks can be notoriously difficult to prevent, let alone stop. To stand any chance of protecting your organisation from insider-initiated fraud, it’s critical that you develop a strong fraud awareness culture within your accounting department.
In this blog, we explore some of the steps you can take to foster a culture where staff understand the risks of fraud, and have the awareness needed to identify potential instances of insiders engaging in fraudulent activity against your organisation.
According to Standards Australia, all levels of your organisation, from the C-suite, through mid-management to rank and file employees, should have a high level of fraud awareness. They should understand what behaviours constitute fraud and how these represent a risk to your organisation.
The goal of fraud awareness is to ensure every person in your organisation knows what behaviours are expected of them. Fraud awareness should also help encourage individuals to report suspected or detected fraudulent behaviour by others.
Awareness levels can be heightened through the development and implementation of a fraud awareness program.
A fraud awareness program should be an organisation-wide, ongoing program that seeks to ensure all staff understand the activities that constitute fraud, the risks posed to the organisation by fraud and how staff can be empowered to help identify and stop fraud.
Whilst a fraud awareness program may be developed and implemented by the Human Resources department, Accounts Payable (AP) departments face some specific fraud risks given their access to the organisation’s finances. It may therefore be necessary to adapt a generic fraud awareness program to meet the specific needs of the AP department. An AP-specific fraud awareness program should be developed jointly by the HR team and the CFO or AP Manager.
All fraud awareness programs should focus on the different types of fraud risks the organisation is most likely to face, as well as clearly defined steps staff should take if they suspect colleagues are engaging in fraudulent activities.
Some of the elements that should be included in a fraud awareness program include:
An AP-specific fraud awareness program may also include specific risks around misappropriation and outright theft of funds. It should also outline the internal controls within the AP function that mitigate fraud risks.
A fraud awareness culture exists when the people in your department or organisation evolve into assets that help in the fight against fraud.
Once you have a fraud awareness program in place, you can begin the process of creating and embedding a culture of fraud awareness with these three initiatives:
Preventing internal threats is a collaborative effort. As a CFO or AP Manager, you are responsible for ensuring malicious staff don’t have any opportunities to engage in fraud. That requires close cooperation with your IT team. Work closely with the IT team to determine the user roles that should exist for people in your department, as well as the privilege levels for each role. Access to sensitive folders and files should be restricted to specific roles based on a ‘Need to Know’ principle. Implement a system to ensure the IT team is always updated with any personnel changes within your department, so user roles can be adjusted accordingly.
When fostering a fraud aware culture within your organisation, you need to forge an atmosphere of trust between management and rank and file staff. After all, the goal is to encourage staff to become an extension of your eyes and ears across the organisation. Staff will be uniquely placed to identify the signs of any fraudulent practices. However, there needs to be a safe environment that allows them to escalate concerns around any suspicious activity, particularly if they suspect that more senior individuals are engaged in improper conduct. Measures need to be in place to protect whistle-blowers, so staff know that reporting concerns will not result in any negative consequences for them.
It’s important that all the people within your organisation buy into the mission to prevent internal fraud. Staff training programs should be developed that help generate a sense among employees that they are empowered to identify and safely report suspected misdemeanours by others. Focus on the many ways fraud can negatively impact the organisation, such as undermining its financial viability and growth plans, which in turn could impact staff members’ career paths. Once staff embrace the mission to stop fraud, they’ll be far more engaged and cooperative.
When it comes to the fight against internal fraud, your people have the capacity to play an indispensable role. With the right culture in place, staff can become your eyes and ears across the entire organisation. However, they cannot do it alone!
Your organisation needs the right tools that make it harder for malicious insiders to engage in fraud. With Eftsure sitting on top of your accounting processes, you’ll be protected against one of the most common types of insider fraud – payment redirections.
Payment redirections occur when insiders manipulate supplier payment information in invoices or ABA files, resulting in outgoing funds being transferred to a bank account they control. Payment redirections can also occur when AP staff collude with suppliers to submit duplicate or inflated invoices.
Not only does Eftsure help mitigate such risks, it also maintains a detailed audit log of all transactions, making it easier to identify any malicious activity.
Speak with us today for a comprehensive demo of the many ways Eftsure keeps you secure!
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.