Story image

Four major business risks you should watch out for

14 Nov 2018

As businesses digitise their operations it’s good news for efficiency and accuracy, but they do come with internal and external risks.

Fraud is one of those risks, according to SAP Concur. The company says it's important that businesses take steps to be aware of key risks and mitigate threats.

Commenting on PWC research on global economic fraud and crime, SAP Concur managing director for A/NZ, Matthew Goss says:

"In terms of scammers, the biggest threat to businesses comes from their own employees, who are responsible for 52 per cent of economic crimes versus external actors.” 

“While security technology can prevent many cyber attacks, financial fraud is different. It’s essential for businesses to monitor human behaviour, and apply and enforce policies consistently. The alternative is to lose large amounts of unrecoverable money as a result of people’s actions."

SAP Concur shares four major financial fraud risks:

1.    Double invoice processing 

Whether by design or by accident, companies often pay the same invoice twice. This is usually due to a lack of comprehensive accounts payable systems that would pick up the duplicate invoice. 

"When businesses have reliable, modern accounts payable systems in place, duplicate invoices are identified before the business pays, preventing losses," Goss says.

"These systems can match up invoices to purchase orders to ensure that all invoices are legitimate and the expenses have been incurred before the business pays. An automated approach means this double-checking can happen without any additional work required. The cost savings can be enormous."

2.     Fraudulent expense claims 

Whether by accident or because people feel they’re entitled to a little bit extra, fraudulent expense claims can quickly add up. Often, perpetrators start small and, if their actions remain undetected, they escalate their activity until they’re stealing significant sums from the business through fraudulent claims. 

“Managers want to trust employees and the vast majority of employees are indeed trustworthy," Goss explains. 

"It’s essential to create a culture in which people feel valued because they’ll be less likely to deliberately steal from the organisation. And it’s important to put strong policies and procedures in place to catch fraudulent claims before they’re approved."

3.    False billing 

False billing occurs when a cybercriminal sends an invoice to a company for an expense the company never incurred. When accounts payable processes are manual and burdensome, false bills are often paid without question, leading to significant losses. Or, they may try a phishing approach where they email the company to advise of a change in payment details. 

"It’s crucial for organisations to educate employees about these scams and have a response procedure in place if the company is targeted," Goss says.

"This can be as simple as advising all employees that they should never comply with an emailed request without confirming it directly with a manager or the supplier." 

4. Phishing scams 

While phishing, or social engineering, can form a component of various scams, the one thing all phishing scams have in common is a reliance on human error. For example, the man-in-the-middle approach involves gaining access to the corporate email server, intercepting emails, and building a picture of the legitimate activity that happens in the organisation.

The cybercriminal uses this information to create a convincing cover story that lets them trick unsuspecting staff members into making payments or transfers, or exposing sensitive information such as passwords and account details. 

"Because most people are inherently honest, they tend to assume that others are too. Instead, businesses must train their employees to be somewhat cynical and take the time to confirm if requests are legitimate before responding," Goss concludes.

Need the perfect flatmate? AI can help
A Kiwi entrepreneur has developed a flatmate-finding service called Mogeo, which is an algorithm that matches people to the perfect flatmates.
GoCardless to double A/NZ team by end of year
With a successful E round of investment and continuing organic growth globally, the debit network platform company aims to expand its local presence.
NZ’s Maori innovators are on the rise
“More iwi investors need to recognise that these sectors will provide the high-value jobs our children need."
Phone ringing? This biohack wants you to bite down and ChewIt
So your phone’s ringing, but instead of swiping right or pushing a Bluetooth button you bite down on a tiny piece of tech that sits in your mouth.
How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.