Don't Let Your Guard Down. Organizations Still at Risk for Payments Fraud
A payments fraud breach can be costly. Do you know if your organization is at risk? Ted Flom, Member in Charge, Risk Advisory Services, answers some frequently asked questions about payments fraud and offers some advice on how to stay a step ahead of fraudsters.
The Association for Financial Professionals has issued the 2013 AFP Payments Fraud and Control Survey. While the survey indicates an overall decrease in payments fraud, it is still a very significant risk for companies. Sixty-one percent of organizations indicated they experienced attempted or actual payments fraud resulting in an average loss of over $20,000.
As the survey indicates, companies need to vigilantly protect their valuable assets. Have you taken a hard look at where your organization may be exposed to payments fraud? Here are some frequently asked questions about payments fraud risk exposure:
1) Is my industry a target for payments fraud?
All industries are at risk. In fact, the survey points out that a majority of companies experienced attempted or actual payments fraud. But, businesses and organizations that have a high volume of monetary transactions and payment accounts are prime targets for payments fraud schemes.
2) Where are companies most exposed to monetary loss?
In general, all payment methods present opportunities for individuals, both internal and external to the company, to attempt fraud. Check fraud continues to be a significant source of fraud attempts, but other electronic payment methods such as corporate purchasing cards, wire transfers and automated clearing house transactions(ACH) are seeing increased exposure.
3) What should companies do to reduce their exposure to payments fraud?
The first step is to understand all the different places where money can leave the organization. For some organizations it can be a challenge to identify all the payment methods and accounts. This information is critical for an organization to identify so it can take focused action. From there, an organization should assess the types of policies, procedures and tools that it has in place to prevent or detect errors and fraud from occurring. Then, it should verify these are working the way they are designed.
4) How do I know I have the right internal controls?
Unfortunately, there is not a one-size-fits-all approach to internal controls. Your internal controls should be tailored to your unique environment and different payment methods. These risks can be mitigated in a variety of ways:
- Review and reconcile accounts in a timely manner—Transaction irregularities may be an early sign your payment systems have been compromised. If you aren’t reviewing and reconciling your transactions in a timely manner, you may give criminals weeks or months to pilfer your accounts before you even know. Timely review may tip you off to wrongdoing before too much damage has been done. Timely review may tip you off to wrongdoing before too much damage has been done.
- Assign duties to several people to minimize risk—It’s never a good idea to have one individual performing an entire process. For example, make sure the employee responsible for initiating transactions isn’t also responsible for approving transactions. If you don’t have the internal resources to divide these critical duties, consider hiring a CPA to provide outsourced accounting services.
- Consult your financial institution— Banks have been securing monetary assets since the beginning of time. They typically are able to provide meaningful information about what other companies are doing and many offer services to help organizations reduce risks. Tap into their knowledge and find out how they can help you.
- Seek assistance from an independent advisor—Your CPA, banker and other professional advisors can help you assess your organization’s risk for payments fraud. Engage a professional to conduct fraud and control assessments to help identify exposures and risk management strategy for your organization.
Ted Flom, CPA, CISA, CIA leads the Risk Advisory Services practice at Brown Smith Wallace. Click here to contact Ted or to learn more about risk advisory services.