The risk of internal fraud 

Are you ready to stop an inaccurate or criminal transaction? Whether you’re a Risk Manager, Business Standards or Compliance Officer or perhaps even a Director, Chief Financial Officer or small business owner, the issues of internal or occupational fraud will be familiar to you. The ‘people’ aspect of a business is arguably the most important contributor to success. Having said that, it should come as no surprise that the ‘people’ you trust the most in your organisation can also turn out to be your worst nightmare when they act against the business's interests – especially where there are limited or non-existent internal controls in place. 

According to the ACFE’s 2020 occupational fraud report, they analysed 2,504 cases and the sum of their losses due to fraudulent activity exceeded $3.6 billion – that means approximately 5% of each organization’s total annual revenue was lost. Asset misappropriation accounted for the largest percentage of cases at 86% with the highest risk being billing schemes and check and payment tampering. When it comes to industry exposure, it would be safe to assume that no sector is immune. However, it was identified that the most cases reported came from banking, finance, and manufacturing industries.

Preventative measures and compliance

Although it was reported that the above industries faced a higher risk of internal fraud occurring, it’s important to remember that these represent only the cases that were detected and did not go unnoticed. This is because the organizations in question already had established preventative measures in place that helped them to monitor and identify fraudulent activity. Most public organisations will have these in place at some level to ensure legal compliance with regulatory acts. For example, Sarbanes-Oxley (SOX) in the US was introduced to protect investors by creating a legal framework that governed the accuracy and reliability of financial disclosures. While private organizations may not be held to the same laws as public ones, they are still at risk of exposure to internal fraud. Indeed, they shouldn’t ignore the consequences as it can cost them money, reputation and even lead to criminal charges in the worst-case scenario. 

Nevertheless, preventative measures can differ depending on the approach. Some organizations will attempt to shape company culture through training and awareness of fraud while others often rely on strong internal control structures including internal auditors and risk controllers to ensure compliant processes are maintained. Having said that, most organizations will agree that a key foundation of any internal control environment is the concept of Segregation of Duties (SoD) whereby no individual should have access to execute transactions across your business without appropriate controls in place. For example, one individual would not be able to create a supplier, issue an invoice, and create a payment freely without any internal controls. 

Risk mitigation in JD Edwards

When it comes to ERP systems, fraud is an ever-growing threat and minimizing risk is the result of two things: Appropriate controls that restrict access to prevent risk and robust reporting processes to identify weaknesses and possible exposure. Put simply, how do you implement something like SoD without disrupting your business and taking up valuable resources? In JD Edwards it can be difficult to navigate security and compliance complexities given the multiple programs, menus, users, and role permissions. Simplifying your work, achieving best-practice, implementing compliant processes, and ensuring your JD Edwards environment is secure and fraud-proof is achievable with the tools and expertise of ALLOut Security. To find out more about ALLOut E1 Security solutions, take a look at our products now. 

Do you want to arrange a demo? Contact hazel.jackson@alloutsecurity.com