Continual adaptability and mutation of fraud means that organisations need to consistently assess whether the fraud and risk mitigation that they have in place is adequate to protect their organisation from both external and insider threats.
The Kroll Global Fraud and Risk Report highlights a number of key points that are essential for an organisation to understand its global risk landscape and actions necessary to assess and update mitigation response.
If we take leaks of information, data theft, fraud by internal parties and corruption as key incidents that have significantly affected organisations in the last year, then the insider threat is the most prevalent risk that organisations should refocus on.
The survey additionally highlights that a minimal percentage of incidents are committed by unknown actors and that threats can originate from any point in the web of an organisations relationships.
Tasked with verifying the veracity of an insider threat report, corruption risk and whether the allegations received about a member of staff were true. Consideration was to be given to the impact to the organisation and whether the individual was working alone or part of a bigger network. As part of the initial assessment, purchasing data was provided for the procurement that the individual was involved with to assess whether there were specific patterns or influence towards an identified supplier.
Initial data and fraud risk analysis revealed no specific patterns that would indicate an insider threat between individuals and suppliers. Due to the volume of single source procurement carried out by the organisation, financial information was requested on these purchases for the period concerned that included company information, payment details and bank account information. The analysis of this information established a number of patterns that included individuals involved in the change of information including suppliers payments diverted to personal accounts.
In addition to the suspected fraudulent conduct, the analysis further identified that the finance gatekeepers were understaffed and so missed opportunities to identify risk and that due to the urgency of a high percentage of procurement, measures were introduced to expedite procurement without suitable governance procedures. These findings and recommendations were reported and introduced into the organisation to support its anti-fraud culture change that included a full review of procurement and finance procedures.