IT professionals are usually in charge of an organization’s cybersecurity. They know all the technology and vulnerabilities that a cybercriminal would try to exploit. But what do they know about financial operations, and all the traditional ways that criminals have been trying to get your money since the dawn of time?
Fraud has existed for a long, long time. Technology just gives criminals new opportunities to perpetrate bigger frauds more quickly than ever before. Input from the CFO is absolutely required to thoroughly understand the vulnerabilities and fraud opportunities that can be controlled by technology.
CFOs care about cybersecurity as much as the IT chief. Ideally, the CFO and the head of IT will collaborate in these three areas to fight against cybercrime:
- System Access
Preventing one person from having too much control over a financial transaction, called segregation of duties, is best accomplished by setting up system access controls. Each user’s unique system identification and password can be defined to restrict that user’s activities within the system. For example, the system can be set up to prevent a user from originating and approving the same transaction.
- Automated Workflows
One traditional way to defraud an organization of its funds is to intercept and alter documents, such as invoices, contracts, and time sheets. By building an automated workflow within a system, information and documents images are only routed to an authorized person who is the intended recipient. System history files can provide an activity trail that reflects which actions were taken by each system user, and when.
- Exception Reporting and Follow-up
Systems can be configured to identify and report any transaction or activity that is an exception to policy, standard procedures, or good business practices. Items that are considered “exceptions” must be defined, agreed upon, and built into the system. Reported exceptions should be routed in the system to the appropriate person to assess and take action on each reported item.
Cybersecurity efforts are usually led by the IT chief and her or his team. CFOs care about cybersecurity, too. Modern technology and traditional knowledge about the ways that criminals defraud organizations of their money can collaborate to build strong system controls that prevent and detect fraud.