Although it’s impossible to achieve 100% protection from financial fraud, Will Jordan from PS Financials, explains how the following measures will help to significantly reduce your organisation’s threat exposure.
The long-term ramifications of fraud can be devastating, so it’s paramount that you become aware of the evolving risks – what the latest scams are and the preventive solutions now available, so that it’s managed and minimised at every level.
Organisations of all shapes and sizes face increasingly sophisticated, targeted, fraud that can be categorised into two types – internal and external. External fraud involves an outside body attempting to extract money. For example, this could include issuing and receiving payment from a false invoice, unauthorised expenditure under the organisation’s name and phishing emails.
Internal fraud is committed by a connected party – it could be an employee in a senior position within the organisation, or any person who has access to the financial systems or assets. Scenario examples could include siphoning away or running off with significant funds, wrongful access to finance systems and distribution of funds, or staff claiming false expenses. However, there should be a clear distinction between fraud and poor internal controls that may give the appearance of fraud – but actually turn out to be either a compliance issue, or a procedural policy not being followed.
You should have finance policies in place to minimise the risk of fraud and ensure that relevant controls are implemented and accountability measures are introduced at every management level. However, typically these controls are only tested retrospectively, so the potential for fraud is still high. Proactively countering the scope for fraud is a much more effective option than retrospective testing.
Increasingly, organisations are turning to multi-featured, finance systems, to help them fulfil organisation-wide requirements. These systems can help you put in place and enforce highly effective measures and financial controls to deter fraudsters.
Theses systems should enforce three key areas: staff access limited to their authorised duties, segregation of duties and control over any changes to master records. If an employee has access to all aspects of an organisation’s financial data, the potential for fraud is greatly increased. Controlling access security to particular processes or modules within your finance system, helps align system needs with the prescribed tasks across the job roles throughout your finance team.
Implementing segregation of duties ensures that a single finance team member can’t complete all stages of a particular process – whether it’s a payment or receipt, so at least two team members become responsible for this action.To achieve this, you must choose a financial management system with a workflow management engine to restrict staff completing the combination of actions required to make a payment or transaction.
Workflows can be initiated from a number of different places within your finance system, on an event trigger, an accounting rule, or an action. Therefore, approval scenarios can be created and predetermined actions performed, to make your financial processes secure – with a full audit trail.
A workflow engine also protects master records, limiting the number of users who can access and edit master records – eliminating any unauthorised access. You can also design a system workflow to ensure that all changes are verified by at least one administrator. A good finance system will also provide secure password encryption and regular forced password changing as a standard, reducing any unauthorised access to the system – internally and externally.
Monitor and detect
Proactively analysing financial data and identifying anomalies holds huge importance when it comes to detecting fraud, active monitoring helps deter fraudsters, so you gain better control of their finances.
With a modern, integrated finance system, real-time insight can be gained on financial information through one source, enabling senior staff members to dig deeper into data to prevent and detect fraud. Budget checking is made a lot easier and efficient too. Budget holders can self-serve and obtain specific reports, receive email alerts regarding budget notifications – enabling them to discover anomalies far quicker than the norm – so swift, preventative action can be taken.
Key actions checklist
- Implement access security – ensure that staff members can only access areas of the system that they need, no blanket ‘one size fits all’ approach
- Implement system authorisation or multi-staff process for changes to master records e.g. supplier/staff bank details
- Verification process must be adhered to changes made to master records, e.g. Independently contact supplier/staff and request written confirmation for changes
- Segregation of duties – staff members must be restricted so that they are unable to complete all stages of a particular finance process. If this is not possible due to staffing structures, SLT authorisation and review is vital
- Regularly review processes for potential loop holes and random spot-checking of audit trails to ensure compliance
- Re-assure staff that these controls are in place to protect them – rather than doubting their integrity