Making use of ERP to combat fraud in the workplace
With a high percentage of fraud originating from within company ranks, businesses have to tighten the reins on employees and smooth out their processes to combat the scourge. Typically, technology holds the key to curtailing employee freedom without putting a spanner in the works and using erp to combat fraud is the easiest way to increase control.
“Although companies recognise the havoc fraud can cause for them – both from a financial and reputational perspective – a lot of organisations have failed to gain control over the most sensitive areas of their business. This means that even with heightened awareness of fraud, they are still ill-equipped to prevent it from happening.
“Businesses have to walk a fine line between allowing enough slack so that employees are able to do their jobs, and maintaining the level of control needed to stop internal fraud. It’s hard to achieve without the help of technology,” says Leo Dreyer, Operations Manager at Bluekey, which specialises in the implementation and support of SAP Business One.
Manual systems are wide open to manipulation and therefore more open to fraud. This is why companies are increasingly turning to technology and ERP to combat fraud. However, Dreyer says a lot of technologies also allow employees too much freedom and are vulnerable to abuse as well.
“This addresses the need for better control over employee functions as a way of preventing fraud from happening in the first place, and also addresses the need to be able to re-trace transactions after a fraud has taken place.
“Of course, prevention is always better than cure, but companies have to be realistic. Few systems are fool proof and fraudsters make it their business to work around them. So, it is important to have a business management tool in place that enforces the segregation of duties and strict authorisation mechanisms to help stop employees from performing functions that they are not authorised to.
“At the same time, the system should offer full traceability and comprehensive audit trails, which allows companies undertaking forensic audits after the fact to analyse transactions and activities taken by employees to pin point who did what and at which point,” he says.
According to Dreyer, SAP Business One can be used as a tool for mitigating fraud. Through automation of processes, authentication controls and segregation of duties, it prevents the backdating of transactions; payments being made to people without services or products being delivered; the creation of false entries in the general ledger; and the manipulation of user settings and authorisations on any business documents by unauthorised people.
“The solution has approval procedures built into the application as standard. These can also be set up for any business rule on any document according to the company’s needs. When any action or function is undertaken outside of normal procedure or by an unauthorised user, a red flag is immediately raised and sent to management. “This enables management to take initiative about stopping fraudulent actions before they go any further,” he says.
“Most notably, the solution allows for full traceability (history audit) on almost any document or posting. If there is a discrepancy and money is moved around, it is easy to see who made the changes and follow up on them. The audit trail allows management to see who created the original posting, on what date, and who made subsequent changes to the posting. The system can display the original and doctored document changes.
Dreyer concludes: “Technology certainly makes it much easier for businesses to gain greater control of particularly sensitive areas of the business and information. However, they cannot become complacent even with the very best business tools and IT security software in place.
“Just like a house alarm system is pretty useless if there is no response team ready to spring to action in the event of the alarm being activated, so a company should have plans and procedures in place to respond when alerts are raised on their systems. There is no replacement for the investment in ERP to combat fraud”