Fraud losses cost companies billions of dollars every year. According to the Nilson Report, payment card fraud losses reached $27.85 billion in 2018. That is just one type of fraud!
There are multiple types of fraud, including internal fraud (i.e., caused by employees or those facilitated by employees) as well as traditional external fraud. There are ways to cut down on these losses, however. Find out how to use a fraud prevention audit and IT security processes to cut your fraud losses.
What Is A Fraud Prevention Audit?
A fraud prevention audit is a structured investigation that looks at all of the processes, technology and programs you have in place to stop fraud. Typically, this type of engagement would be undertaken by a professional with specialized credentials such as Certified Internal Auditor (CIA) or a Certified Fraud Examiner. If you do not have that type of expertise inside your company, consider hiring a consultant to provide help.
There are many ways to investigate fraud, so it is crucial to define a clear scope. Start with the numbers! If your company has five divisions, then focus the audit on one or two divisions that report the highest fraud losses. If you do not have detailed fraud loss data, we recommend looking for groups with the highest sales volume or most employees instead.
Designing A Fraud Prevention Audit For Your Goals
As you continue to plan your fraud prevention audit, here are a few areas to describe in your scope document or plan.
● Technology. Examine how the technology currently in place either prevents, detects, or collects fraud-related data. If technology has gaps, fraud is much more likely to occur.
● Processes. Consider how current processes may influence fraud levels. For example, investigate whether all employees have taken vacation time in the past year. According to the Association of Certified Fraud Examiners: “A common red flag of occupational fraud is the unwillingness to use paid time off. This is sometimes incorrectly attributed to a diligent work ethic when it is a way for rogue employees to ensure no one will uncover their schemes.” Besides, consider if employees are properly observing a segregation of duties approach regarding approvals for reports, transactions and payments.
● Sampling Approach. In most situations, it is not feasible to evaluate every single transaction in a department. After all, your company may have thousands or millions of transactions every year. Therefore, you will need to design a robust sampling methodology to detect fraud. For example, you might choose to use a random number generator to determine which account numbers to check. Further, make sure you check a representative set of files to cover all of the products or office locations in scope for the audit.
● Employees Interviews. Examining data and systems will reveal much, but not the entire story. You also need to set up individual meetings to question staff and management about their fraud prevention efforts. If you are conducting this fraud audit remotely, use VPN security to protect confidential information.
As you conduct your fraud audit investigation, it is crucial to maintain meticulous records. When you present findings to management, you need to be able to defend your findings.
How To Use A Fraud Audit Report Effectively
Merely completing a fraud report takes a great deal of effort and planning. However, the report itself will not do much to prevent losses. It would help if you committed to taking a long, hard look at the report and find ways to improve your processes. This may mean approving a business case for multi-factor authentication. You may need to provide password management training for employees. In some cases, you may need to terminate employees.
Use the following guidelines to make the most of your fraud report.
● Audit Ratings. Most audit and fraud reports will use a classification system to present findings such as major, minor or observations. Carefully read through every example provided. Minor issues may sometimes indicate the beginning of a more severe problem.
● Evaluate the Need for Further Investigation. As mentioned above, fraud prevention audits typically only look at a sample of files. As you review the report, consider whether or not you need to dig deeper. The audit report may have only scratched the surface!
● Employee Training Needs. In reviewing the report, look for patterns that may link back to employee training needs. For example, a rapidly growing company may not have put energy into developing checks and balances when it was small. Now that you are running a larger operation, it makes sense to close those gaps by providing more training. For example, create new corporate policies on fraud prevention and train employees on how to implement these principles into their daily work.
● IT Security Software Gaps. Inadequate software for IT security management can be a direct or indirect cause of fraud losses.
Two Ways IT Security Software Solutions Reduce Fraud Costs This Quarter
Fraud prevention audits will only take you so far. You also need to invest in the software that proactively makes fraud less likely and reduces the size of your losses. Here are two ways you can use security software to cut your losses. These improvements will play a role in swiftly reducing fraud losses while you implement other changes.
Reduce Employee Password Sharing
When it is difficult to get a new user account or get a password change, employees are going to hunt for workarounds. Unfortunately, some staff may decide to share passwords! Shared passwords and accounts make fraud more difficult to prevent and investigate because it is tough to find out who used an account to perform an action. Use a software tool like Apollo to make password resets easy.
Reduce Inactive User Account Risk
Picture this scenario: You fire an employee for unethical conduct. Later that day, they download a copy of company records and use the data to commit fraud, like opening a fraudulent business credit card. Find out how to stop this type of threat by cutting inactive user account risk.