Risk Control in the Post-Pandemic Era
Nobody can predict the future, but there are things you can do to prepare for it. Why is fraud on the rise, and why is it essential that organizations implement robust internal controls? The COVID-19 pandemic, current socioeconomic and political instability has changed the landscape of global business and work practices. Looking towards this post-pandemic age, it’s key to kickstart your Internal Control Health Check, beginning with monitoring SoD practices.
As most organizations have experienced, the world is in a constant state of flux: a truth reflected by industry experts:
ACFE’s Occupational Fraud 2022 global study states that we are facing an upward trend in occupational fraud regarding Asset Misappropriation, Corruption, and Financial Statement Fraud. The good news is that even though this trend will likely continue as businesses mobilize employees via long-term remote and hybrid work environments, proactive internal control tools result in frauds “being caught faster and causing smaller losses.”
However, this ‘new normal’ makes businesses more susceptible to what Donald Cressey identified as the fraud triangle (motivational factors contributing to fraud): pressure, opportunity, and rationalization. In fact, ISACA’s July 2022 report claims: “the disruption caused by the Covid-19 pandemic means that all elements of the fraud triangle have been heightened.”
So with conditions conducive to fraud on the rise, there’s never been a better time to redefine your internal controls environment, starting with a Segregation of Duties (SoD) Health check.
What is SoD?
Segregation of duties (SoD) is a fundamental internal control principle that divides tasks between people across a specific process. By restricting power, access, and responsibility, the SoD principle helps prevent unauthorized and fraudulent actions and human error.
5 SoD Tips to Strengthen Internal Controls and Minimize Fraud
1. Awareness
Establish a reliable management control framework by ensuring that your organization operates within an advanced internal control system. Use the roles and responsibilities function within software applications effectively to adhere to an SoD matrix. This proactive risk-management tool will become your most valued asset that prevents unilateral actions from being carried out during key tasks, reducing the possibility of fraud and its financial implications.
2. Identify where your SoD risks are coming from
Define and determine in which departments and during what transactions SoD risks are taking place. Risk assessment is key to preventing the following example scenarios whereby a user can:
Inappropriately access personal data held by the organization.
Set up a fictitious supplier through which to process payments.
Create a “customer” and initiate refunds.
Change the sourcing of a product to favor a particular supplier.
Create false employee records and initiate payments to them.
Make unauthorized changes to the composition of a product.
3. Document SoD
Enhance communication efficiency with your IT department by strengthening a document and report culture that provides an accurate landscape of your organization’s level of risk when it comes to SoD exposure. Ensure that you are documenting SoD occurrences and managing the associated risks in a way that your intended audience can act upon.
4. Prioritize risk
Utilizing the evidence and information gained from the aforementioned steps, prioritize SoD conflicts according to the level of risk they pose to your secure control environment, both internally and externally.
5. Commit to an ongoing SoD process
Maintaining a healthy control environment is a continuous activity involving both reactive remediation and proactive efforts. Be sure to align your business practices with the actionable elements discussed above via regular reviews. Vigilance is key to sustaining best business practices with positive long-term impacts.
Was this article helpful? Get in touch with our ALLOut Experts today to find out more!
Discover our industry leading expertise
Industry Insights
GDPR – An Ongoing Process of Compliance
For many organizations, preparing for the European Union’s (EU) General Data Protection Regulation (GDPR) has been a time-consuming endeavor. Unfortunately, the work is not over.