by Jane Gray, Marketing Manager – Analytics, SAP UK & Ireland
It’s a worrying thought, but the biggest threat to your business may not come from external forces such as low-wage competitors in emerging markets, political and economic instability, man-made disasters, industry scandals or even disruptive cyber-threats such as hacktivists. The danger often lurks within.
While you’re focused the obvious risk and compliance priorities – financial reporting, credit risks or import-export regulations – myriad small-scale but cumulatively significant fraudulent acts could be happening right under your nose. Actually, the economic climate has plenty to do with it: as employees are forced to work harder or longer hours to keep their jobs, facing pay freezes, lay-offs or zero-hours contracts, some may feel increasingly disgruntled or entitled. The temptation to skim a little from the company can prove irresistible – bordering on rational, even.
It’s easily done. Over-reaching access privileges to enterprise systems can lay a business wide open to, at best, inadvertent errors, and at worst, deliberate fraud. Let’s say an individual with budgetary responsibility (plus a grudge and/or oppressive levels of personal debt) is authorised not only to set up new vendors in your purchasing system of record, but also to approve payments. It doesn’t take a criminal mastermind to exploit the company’s failure to provide adequate segregation of duty (SoD), in order to drip-feed modest sums into a real account for a fictitious supplier over time.
Many companies have themselves partly to blame in taking a somewhat patchy approach to risk management and compliance. Often, departments or business units may be independently tasked with identifying and measuring their respective risks, and implementing and enforcing policies to address them.
Various tools and technologies can automate and help you win the war on internal fraud on an enterprise-wide basis. For example, a robust access control solution could swiftly detect our hypothetical SoD violation and retract the individual’s permission to perform one of the conflicting functions. In-memory analytics can enable something akin to “predictive policing” by continuously monitoring mitigating controls and providing visibility into trends and patterns buried in massive amounts of data. This approach can identify when suspect activity is being attempted, or even intercept wild, risky financial behaviours only one step removed from gambling, which might bring the company into disrepute or attract stern treatment from the regulators.
Given that it looks like we’re in for a sustained period of austerity, such analytical tools are likely to become ever more crucial in mitigating the risk of impropriety within your business and safeguarding your good corporate name.
To find out more on risk management, check out these Top Tips.