Story image

Four major business risks you should watch out for

14 Nov 18

As businesses digitise their operations it’s good news for efficiency and accuracy, but they do come with internal and external risks.

Fraud is one of those risks, according to SAP Concur. The company says it's important that businesses take steps to be aware of key risks and mitigate threats.

Commenting on PWC research on global economic fraud and crime, SAP Concur managing director for A/NZ, Matthew Goss says:

"In terms of scammers, the biggest threat to businesses comes from their own employees, who are responsible for 52 per cent of economic crimes versus external actors.” 

“While security technology can prevent many cyber attacks, financial fraud is different. It’s essential for businesses to monitor human behaviour, and apply and enforce policies consistently. The alternative is to lose large amounts of unrecoverable money as a result of people’s actions."

SAP Concur shares four major financial fraud risks:

1.    Double invoice processing 

Whether by design or by accident, companies often pay the same invoice twice. This is usually due to a lack of comprehensive accounts payable systems that would pick up the duplicate invoice. 

"When businesses have reliable, modern accounts payable systems in place, duplicate invoices are identified before the business pays, preventing losses," Goss says.

"These systems can match up invoices to purchase orders to ensure that all invoices are legitimate and the expenses have been incurred before the business pays. An automated approach means this double-checking can happen without any additional work required. The cost savings can be enormous."

2.     Fraudulent expense claims 

Whether by accident or because people feel they’re entitled to a little bit extra, fraudulent expense claims can quickly add up. Often, perpetrators start small and, if their actions remain undetected, they escalate their activity until they’re stealing significant sums from the business through fraudulent claims. 

“Managers want to trust employees and the vast majority of employees are indeed trustworthy," Goss explains. 

"It’s essential to create a culture in which people feel valued because they’ll be less likely to deliberately steal from the organisation. And it’s important to put strong policies and procedures in place to catch fraudulent claims before they’re approved."

3.    False billing 

False billing occurs when a cybercriminal sends an invoice to a company for an expense the company never incurred. When accounts payable processes are manual and burdensome, false bills are often paid without question, leading to significant losses. Or, they may try a phishing approach where they email the company to advise of a change in payment details. 

"It’s crucial for organisations to educate employees about these scams and have a response procedure in place if the company is targeted," Goss says.

"This can be as simple as advising all employees that they should never comply with an emailed request without confirming it directly with a manager or the supplier." 

4. Phishing scams 

While phishing, or social engineering, can form a component of various scams, the one thing all phishing scams have in common is a reliance on human error. For example, the man-in-the-middle approach involves gaining access to the corporate email server, intercepting emails, and building a picture of the legitimate activity that happens in the organisation.

The cybercriminal uses this information to create a convincing cover story that lets them trick unsuspecting staff members into making payments or transfers, or exposing sensitive information such as passwords and account details. 

"Because most people are inherently honest, they tend to assume that others are too. Instead, businesses must train their employees to be somewhat cynical and take the time to confirm if requests are legitimate before responding," Goss concludes.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."