In today’s world of ever-evolving and increasingly sophisticated technology, a common business challenge revolves around IT controls, specifically with regards to fraud prevention. Nearly every day one can open a newspaper to find yet another story about a company losing large sums of money to an employee whose access to sensitive financial information proved to be too much of a temptation. It’s become obvious that without the proper internal controls in place, a company’s entire well-being is put at risk.
How Does Financial Fraud Occur?
Thanks to technology, all businesses–regardless of size or industry–can enact multiple financial transactions with the click of a button. Furthermore, there are various modes of transferring cash, both in terms of inflows and outflows:
- Accepting credit card payments
- Accepting Automated Clearing House (ACH) payments
- Sending ACH payments
- Internet banking
- Treasury management
Fraud Case Study
A recent example of IT-related fraud occurred when a West Virginia woman was found guilty of embezzling more than $1 million from her Cincinnati employer, a computer consulting company. The CFO for two years, she worked from home and implemented a variety of techniques to commit wire fraud. She used a company credit card to pay for personal items, wired funds and wrote checks from company accounts into her personal accounts, and even added a relative to the company payroll in secret. She spent the money on herself and her family, in addition to using it to fund her since-failed spa business.
In this case, a number of questions are raised in terms of the company’s IT controls and legal options:
- Was the CFO a trusted employee merely taking advantage of the owners?
- Was there a system designed to segregate duties that had been usurped?
- Who was qualified to oversee the CFO’s role and determine appropriate controls?
- Was the IT department reporting to the CFO?
- What forensic evidence is available to determine the extent of the damages?
- What jurisdiction applies in terms of legal action?
- What are the IRS reporting implications for the company?
Information Systems Controls Checkup
As is made clear in the case study, it is absolutely critical for companies to not only have controls in place to prevent this type of behavior, but also to have a knowledgeable third-party provide a fresh perspective and ensure against missing controls.
Barnes Dennig’s Information Systems Controls Checkup does just that; through interviews with top management, review and documentation of the control environment and testing of key controls, we’re able to customize each checkup based on the particular needs of each organization. By providing a second set of eyes as well as extensive expertise in the IT security field, we can help safeguard your business against the high costs incurred when just one control is weak or overlooked completely.
Nobody wants to be the subject of a fraud case study–contact us today to learn about our IT controls checkups and how we can aid in preventing the unthinkable from happening to your livelihood.