Cyber fraud risk is a significant issue faced by nearly all organisations, increasing year on year as the use of and investment in technology grows. It is not just an issue that impacts an entity’s IT operations, but also a business risk that should be taken seriously and requires visible leadership engagement.
In a recent ‘sector focus’ published by Not for Profit news outlet Civil Society, attention is given to the importance of improving, managing, and monitoring internal systems in defending an entity against cyber fraud. It also highlights the necessity for a proactive approach to build resilience and sustain trust in an increasingly digital landscape.
A key starting point for any organisation is governance, risk ownership, and culture. Awareness and ownership is required by the organisation as a whole and therefore a culture should be created that empowers employees to be aware of and report suspicious activity. In addition, regular training, communications and engagement is required to show higher resilience against fraud.
In order to set up internal systems in the best way, organisations should map the cyber threats, identifying the weak spots, and understanding the exposure. Therefore, an effective risk assessment that integrates cyber-specific scenarios should be regularly reviewed and updated to reflect the changing environment. Gaining an understanding of this area will help an organisation identify where internal controls are required, and how best to implement them. It is also important to review policies and procedures to ensure controls documented are actually being followed in practice and are indeed well-designed security measures. Key factors to consider include: segregation of duties, user access management, multi-factor authentication, and alerts and exception reporting.
Other key areas discussed in the article include: carrying out simulations and testing to make improvements, engaging internal audit assurance, and considering technology investments with risk priorities.
Not for Profit
Read more about Not for ProfitRead morePutting a formalised process in place can help prevent fraud and ensure that fundraising is successful. Ultimately, it is in everyone’s interest that charitable collections are well-managed and beneficial to the cause. Standardising the approach will create a positive experience for donors and assist in maintaining the public’s confidence in the causes they choose to support.
