Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Combating fraud and cyber risks: more management impetus needed

Reuben Khoo, Asean Leader, Fraud Investigation & Dispute Services, EY | May 20, 2016
If the current regulatory enforcement environment and market reaction to instances of alleged fraud and cyber breaches are signs of greater accountability to come, it is time that organizations take a harder look at their risk preparedness – and this has to begin with a mindset change right from the top.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The escalating threats of fraud, corruption and cybercrime over the last few years have increased pressure on governments to act - and consequently compelling organizations to place greater emphasis on tackling these issues.

Even as pockets of progress have been observed in the combat against fraud and cybercrimes, which in many instances could be inter-related, occurrences of unethical conduct continue to be prevalent, according to the EY 14th Global Fraud Survey 2016: Corporate misconduct - individual consequences report.

Close to 40% of the surveyed executives believed that bribery and corrupt practices happen widely in their country and a concerning 42% admitted that they could justify unethical behavior to meet financial targets.

Lagging perceptions of cybercrime risks

What is perhaps more alarming is that more than half of the CFOs surveyed saw cybercrime as a low risk. This suggests that senior finance executives seem to be oblivious of the mounting threats in the evolving cyber environment, which could open up fault lines for fraud perpetration.

The repercussions are many. For example, as businesses begin to address the risks associated with the cyber theft of information such as intellectual property or customer data, finance executives must increasingly understand the financial and reputational risks associated with these sensitive information.

Effective risk management should concentrate not only on prevention but on the overall ability to "detect-and-respond" to breaches. Over time, the focus on securing the perimeters, and the under-investments in measures to detect, respond and properly investigate breaches, has increased the level of cyber risks faced by organizations. The growing complexities of operating in a digital environment and increased sophistication of fraud and cybercrimes mean that tackling these arising threats will require sophisticated tools.

Traditional channels like whistleblowing will still have its place. Whistleblowing continues to remain as a hygiene measure and a critical source of information on alleged misconduct. However, the efficacy and utility of whistleblowing channels may be limited, given that survey respondents cite loyalty to colleagues and company as deterrence to lodging reports.

In an environment where employees are reluctant to proactively flag unethical conduct, other approaches will be needed for organizations to effectively detect and prevent fraud. The data that a company has in its systems could well hold the key to identifying instances of potential impropriety.

Increasingly, regulators are harnessing sophisticated tools such as forensic data analytics (FDA), including social media, web monitoring and data visualization in combination, to identify rogue activities, patterns and trends through available structured and unstructured data.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.