Fraud & Security Risk
Unless you know what the signs of fraud are it is highly likely that that you may not know that fraud is going on inside the business. Experienced fraud investigators will tell you that there are some very common characteristics of the typical fraudster and being aware of them is an essential ingredient of prevention.
A recent survey conducted by PricewaterhouseCoopers (PwC) found that 33% of NZ businesses admitted to being the victim of some type of fraud and, according to KPMG, accounting fraud is the most common.
The Omni Risk Integrity and fraud assessment tool will identify any weaknesses in business fraud and security processes. It will also identify any potential exposure to fraud and breaches of security and, if there are, they can be rectified before it becomes too late.
THE FIRST LINE OF DEFENCE AGAINST FRAUD, BRIBERY, CORRUPTION AND CYBER SECURITY
According to OECD estimates, corruption equals more than 5% of global GDP at over $US 2.6 trillion of which, $US 1 trillion is paid in bribes. Further, the Association of Certified Fraud Examiners (ACFE) estimates that a typical enterprise loses 5% of annual revenue to fraud. And according to the Clearswift Insider Threat Index (CITI), 78% of all Information Technology (“IT”) breaches originate from within an enterprise.
So how do you know if an enterprise is exposed to any of these threats or risks? Most enterprises only discover these threats or risks once they materialize and by then, it is generally too late, with the inevitable consequences of:
- Loss of enterprise value
- Loss of jobs
- Loss of reputation
- Exposure to potential legal action (both civil and criminal)
Introducing the OMNI INTEGRITY RISK ASSESSMENT
A risk assessment designed to determine if an enterprise is exposed to any threats or risks that might arise from:
- Poor Governance practices such as the nondisclosure of related party or conflicts of interest.
- Not “Knowing Your Employee” (“KYE”) and thus missing simple fraud “red flags” like the person who lives beyond their means, for some reason seems reluctant to take holidays or has a very close non-enterprise relationship with a customer or supplier. Or perhaps the employee has misrepresented their skills and qualifications to the enterprise in their CV.
- Not “Knowing Your Customer (“KYC”) and unknowingly exposing the enterprise to an involvement in Money Laundering or false invoicing, resulting in financial loss. And, if the enterprise handles cash or uses a Point-Of- Sale (“POS) system, are the procedures robust enough to prevent, or at the very least, keep losses to a minimum.
- Not “Knowing Your Supplier” (“KYS”) and being unaware of the supplier that has a close relationship with an employee or board (governance) member, where the possibility of bribery or corruption might exist.
- Poor Internal Controls with no real separation of duties between accounts payable, accounts receivable and the management of inventory, thereby creating the opportunity for a person to commit fraud. A person under financial pressure and given the opportunity (no separation of duties, as an example) is at a high risk of committing fraud. Poor or antiquated systems in place allowing Fraud and bad practices to develop without appropriate checks and balances.
- Information Technology (“IT”) policies that are either not enforced or not-existent. Is the enterprise exposed to threats by allowing remote access to the IT system? What about threats that might arise from people that use the enterprise IT assets for personal use? And what about the enterprise password policy? Does it have one, is it enforced and how easily can passwords be “hacked”?
- Bribery and Corruption – A failure to recognise poor ethical standards either by individuals within the enterprise or the enterprise itself, thus increasing the chance of involvement in corrupt business practices. Does the enterprise transact business with other enterprises located on countries with a poor record of transparency or high levels of corruption?
WHAT WILL THE OMNI RISK INTEGRITY RISK ASSESSMENT REPORT?
- A Total Risk Score across all the areas of the enterprise that takes into account:
- The enterprises assessment of its capabilities;
- Independent verification of enterprise policies, processes and procedures;
- Any history of non-compliance with standards or losses from risks and threats.
- The total risk score is reported in the format used by ISO 31000 (www.iso.org).
- Individual risk scores for each separate area included in the risk assessment (Governance, KYE, KYC, KYS etc.) reported in the same format as the Total Risk Score.
- Key fraud financial analytics calculated from data provided by the enterprise and then compared with internationally recognised standards.
- All non-compliant or sub-standard policies, processes and procedures.
- Recommendations for improvement.
- And most importantly “PEACE OF MIND”
FOR PEACE OF MIND
PHIL JONES
phil@omnirisk.me
Mobile: +64 (0)21616651
Phone – 0800 666446
“I kept six honest serving men, they taught me all I knew; their names are What and Why and When and How and Where and Who”