Some of the most enterprising and creative people in the world today are the fraudsters who are determined to raid your organisation’s funds. Accurate data on the cost of fraud to businesses is hard to come by, because many in the private sector either don’t know how much it affects them or decide not to disclose it.
However, a conservative estimate – by Crowe, Peters & Peters and the University of Portsmouth – put the loss to the UK private sector at £157.8bn in 2021, up 12% from five years earlier.
The biggest threat to any organisation is from outside, but employee fraud is a big problem too. It was estimated to be costing businesses £40m a year when accountancy firm RSM obtained figures under a Freedom of Information request in 2017.
Internal fraud – even when classed as low value – can cost a great deal more than the amount originally stolen. The “hidden” costs include the resources devoted to internal investigations, suspensions, disciplinary procedures and hiring new staff, not to mention the potential reputational damage.
The industry body UK Finance has estimated that a fraud of under £1,000 costs, on average, £19,793 to deal with.
A lot of time and money is rightly spent on making employees aware of common security threats. It’s impossible to overestimate the value of having staff who know enough about fraud to be constantly vigilant.
But almost anyone can be deceived if they come up against the most convincing of fraudsters – and in an expensive minority of cases, the employee is the fraudster.
The best way to arm your organisation against fraud is always going to be a combination of human awareness and sound systems, including the right software.
The workflow approvals processes embedded in true cloud accounting software can put in place the kind of checks and protections that prevent fraudulent activity.
Prevent invoice fraud through separation of duties
An invoicing process is an opportunity for fraud to enter the system. An employee can process an invoice that appears to come from a genuine supplier, but which actually will see the money going to the fraudster’s account.
However, with true cloud accounting software, it is possible to ensure separation of duties. An invoice cannot be paid until it has been approved by someone other than the person who put it into the system. Different rules can be set up so that invoices of a certain kind, or above a particular value, need to be approved by several people.
Using workflow processes to prevent invoice fraud and mandate fraud
Another kind of invoice fraud involves someone within your organisation going into the finance system and entering their own bank account details – or those of a conspirator – in place of the details for a trusted supplier. Then, after a payment run has been completed, they can change the account back to the way it was.
A similar thing happens when the company is the victim of “mandate fraud” from outside. In this case, someone claiming to be the supplier will write or phone to say their bank account details have changed.
Either way, it could take months before your organisation is alerted to the problem by the real supplier chasing an unpaid invoice.
But with true cloud software such as iplicit, protections can be set up to make sure no suppliers are added to the system – and no bank account details are amended – without a second person checking and approving the change.
Tracking who’s done what in the system
The inability to properly control access to the finance system is one of the key weaknesses in non-cloud arrangements.
True cloud systems include secure, auditable measures for the approval, control and processing of payment runs and other changes to the system.
This means it is always possible to trace what changes have been made to the system and who was involved in making and authorising them.
All the approvals processes can be configured to the user’s requirements to ensure the appropriate rules are in place for each kind of transaction.
Computer systems everywhere have to stand up to constant attempts by hackers and fraudsters to crack the owner’s security.
Only cloud finance systems offer the reassurance that professionals are constantly testing security, assessing risk and applying the latest fixes and updates seamlessly in the background while users continue working. At the user level, these systems incorporate measures such as multi-factor authentication (MFA) and single sign-on (SSO).
The result is that cloud finance systems offer the same level of security as online banking. This gives you the highest possible level of protection from the attempted thefts which can come at an organisation from any direction.
To find out more about iplicit and how it helps protect against fraud, take a quick tour of the software or book a 1:1 demonstration tailored to your needs. Alternatively, discover how we help organisations such as Yorkshire Wildlife Trust transform their finance operations in our case studies section.