5 best internal controls over vendor master file
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
In a world of cloud-computing and web applications, we often assume that any compromise of supplier data will occur following a digital-attack. But, is the anonymous hacker, sitting in the dark with a hoodie over his head, really the most likely source of fraud?
All too often, data breaches and fraud occur because of lax physical security.
Getting your physical security right is a critical internal control that every CFO and Accounts Payable manager needs to focus on.
In this blog, we will focus on some of the key considerations for ensuring your Accounts Payable function has appropriate physical security in place to mitigate the risk of supplier data manipulation and fraud.
The first line of defence for any Accounts Payable department is the physical perimeter around your premises.
It is critical to ensure that unauthorised individuals do not have access to your office areas, particularly at times when they are unattended. As a CFO or Accounts Payable manager, you have oversight of a department that is the custodian of highly sensitive information, including supplier banking data. Any breach that results in a compromise of this information could result in serious fraud, with long-term financial and reputational consequences for your organisation.
That’s why ensuring the security of your department’s physical perimeter is critical. You need to know precisely who is accessing your premises at all times.
As a rule, Accounts Payable offices should only be accessed by staff members. Access for any other visitors, including contractors, should be restricted unless they receive permission by an authorised manager.
Ensuring only approved individuals have physical access to your Accounts Payable offices may seem straight forward, yet many organisations fail in this simple control. In many cases, all it takes is to ensure only those possessing a key or swiper card can gain entry. More risk-averse departments may also require some form of biometric access. Whatever control you select, make sure you have a system in place for keeping track of who is granted access, and a mechanism for cancelling access privileges whenever an employee leaves your department.
Once you have secured access to your physical premises, you also need to consider access to equipment.
Often, the greatest risk comes from unauthorised access to computers, laptops and mobile devices. Simple steps, like ensuring computer screens are not visible to passers-by, can help ensure sensitive information remains confidential.
Accounts Payable staff should receive ongoing awareness training in what they can do to secure the devices they work on. For example, staff should always lock monitors every time they step away from the device, even momentarily. Laptops and mobile devices should either be locked to a desk with a locking cable, or securely stored in drawers or filing cabinets when not in use.
Additionally, you also need to restrict unauthorised physical access to servers, which should be locked away in a dedicated server room. Even the cables that connect your IT infrastructure need to be secured. Criminals have been known to tamper with cables to access sensitive data.
It’s one thing to secure your Accounts Payable equipment whilst it’s in the office. However, with so many staff working remotely, you also need policies in place to secure your equipment whilst it’s off-premises.
Accounts Payable staff need awareness in the risks that may inadvertently arise whilst using company equipment at home. If other members of their households use their laptops or mobile devices, they may unknowingly gain access to sensitive corporate data. Even with no malicious intent, they may run software or connect to insecure networks that compromises the device. That’s why work equipment should never be used by anyone other than the authorised Accounts Payable employee.
With many staff also working in public spaces, such as coffee shops, extra caution must be taken. Not only are there concerns about the security of public Wi-Fi networks, but leaving laptops or mobile devices unattended, even for a moment, may give a thief an opportunity to steal the device, gaining access to your sensitive data.
Ensuring unauthorised individuals cannot physically access confidential supplier data must be a key priority for all CFOs and Accounts Payable managers.
That’s why it’s essential to implement a Clear Desk and Clear Screen policy.
By ensuring all members of your Accounts Payable team follow these steps, you will help mitigate your organisation’s risk of malicious actors gaining access to confidential supplier data.
Ensuring all members of your Accounts Payable team follow this Clear Desk and Clear Screen policy will help prevent unauthorised physical access of confidential supplier data, thereby mitigating your organisation’s risk of data manipulation and fraud.
Of course, in a digital world, physical controls are just one component in preventing attempts to manipulate supplier data. For a comprehensive technology solution to secure your supplier payments, contact eftsure: get.eftsure.com.au
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
The vendor master data cleansing process is a critical activity every AP team should periodically undertake to stop payment errors and fraud.
Establishing vendor master file best practices is the first step to cleaning your how your supplier data should be handled and maintained.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.