A risk management expert has advised organisations to automate or electronically program control activities to identify fraud.
Nature Mogotsi said using systematic detective tools such as IT controls, surveillance and monitoring resulted in security breaches lasting a shorter time and with the lowest median losses. Mogotsi who is a risk manager in the banking sector was speaking recently at the annual ACFE Africa Conference & Exhibition.
While presenting on fraud risk control identification & testing she said automated controls and tools can reduce the cost of managing fraud risks versus manual intervention adding that the speed and method of fraud detection and investigation affects the magnitude of the fraud and loss thereof.
“Control testing must be an ongoing process through combined assurance,” she said noting that when fraud-detection systems become more accurate, fraudsters change the patterns of the schemes over time and invent new, sophisticated and undetectable ones. “Control activities should be conducted more frequently.”
Turning her attention to embedding controls in processes, she said fraud controls should not be an after-thought or a ‘tick box’ but rather be part of the day-to-day business processes. On monitoring & reviewing of controls, she opined that if analytical techniques like machine learning and Artificial Intelligence (AI) controls are not well-calibrated, they will lead to false positives, false negatives, inaccurate analysis and wasted effort. Forensic tools require regular rule tuning and maintenance to be effective.
The control environment is so dynamic and rapidly changing. Mogotsi observed that most digital forensics tools have proven ineffective in analyzing data from cloud computing environments which is an emerging avenue for criminals. She advised that organizations must introduce real-time fraud management tools to detect fraud instantly. She said implementing advanced forensic tools needs skilled personnel for both real and virtual environments; fraud Investigators need to have a technological expertise, enhanced IT training and deductive reasoning in order to solve emerging fraud schemes.
Mogotsi has also advised organizations must have a collaborative approach in terms of monitoring and leveraging the whole combined assurance with all stakeholders playing a part in managing fraud risks. Fraud risk governance establishes anti-fraud policies and provides guidance on detecting and investigating fraud. Mogotsi said risk management teams must have direct access to the board to ensure timely review. Corporate governance obligates the board of directors and senior management to uphold high integrity and ethical values regarding fraud management. Mogotsi believes governance can be fostered by tone at the top and accountability through appointing board members who are knowledgeable in Fraud Risk Management (FRM).
Unlike with traditional crimes, she said the management of emerging fraud risks requires robust strategies and policies make it difficult for criminals to exploit loopholes. “Organizations are not yet fully prepared for the demands of the 4IR and robust FRM strategies are required to rescue them from the risks posed by the digital revolution,” she said observing that many organizations still fail to enhance their fraud risk management strategies by investing in adequate cyber security defences for their technological infrastructure.
