According to a 2014 report by the Association of Certified Fraud Examiners (ACFE), the median loss caused by the 1,483 fraud cases studied was US$145,000. Survey participants also estimated that organisations typically lose 5 percent of their revenues annually to fraud.
IT usually bears the blame for fraud cases. While Marcel Huijskens, managing director of XS Control Asia, agreed that IT might "increase the opportunity for fraud by increasing the vulnerability of functionality and data", he believed that it also "offers automated and precise internal control measures" to prevent fraud.
Fraud origins and prevention
Fraud is motivated by three factors: opportunity, justification, and pressure, Huijskens told the audience at the Institute of Internal Auditors Singapore Annual Conference on 16 October 2014.
Opportunity is the only factor that is affected by IT, he added. This is because the opportunity factor depends on the strength of internal controls that will deter fraud. He thus advised organisations to "implement preventive measures in enterprise resource planning (ERP) softwares to better address and prevent fraud."
The justification factor depends on the company's staff management — in terms of how well it cares for its employees' well-being. Huijskens claimed that there are cases in which fraudsters commit fraud as an act of revenge against their company or bosses for ill-treating them.
The pressure factor seems to be the main motivator for at least 60 percent of the fraud cases, stated Huijskens. He explained that this factor is dependent on the fraudster's desires, in terms of how urgently he/she needs or wants the money.
Since IT is only able to prevent one of the three fraud motivators, organisations should ensure that they have the right detection controls and tools that enable them to spot suspicious transactions, suggested Huijskens. "For instance, analytics can be used to interrogate the relevant data to find out potentially suspicious transactions," he said.
To conclude his presentation, Huijskens advised organisations to plan in advance on how to deal with fraud should it occur.
Sign up for Computerworld eNewsletters.