Fraud, third-party supplier risk and data breaches are all operational and potential brand killers for any company. And preparing for fraudulent activity is no easy feat. It’s hard enough to run an oil and gas business in today’s uncertain times. It’s even harder mitigating fraud risk and preparing your company to handle a fraudulent action.
Companies are vulnerable right now as they look to manage their teams, customers, partners and suppliers. In March, the FBI issued warnings against increased fraud, advanced persistent threats and phishing attempts related to COVID-19.
Given the vast profits that the biggest oil and gas companies generate, it’s no surprise that fraud has wrought the industry since it began. Most owners and leadership teams think it may never happen to them, and that only the biggest companies are targets. This mindset can make a company vulnerable to fraud, leaving the door wide open for an employee or bad actor to take advantage and misappropriate the company’s assets.
What types of fraud are we talking about?
The Association of Certified Fraud Examiners (ACFE) estimates that fraud costs more than $990 billion annually. The ACFE defines fraud as:
“The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.”
Fraud has four essential elements:
Deterring fraud takes dedicated vigilance on management’s part and must be a top-level priority at all times. Our team of oil and gas accountants and experts have outlined automated and high-touch processes for companies of any size.
Create and define your alerts
Triggering alerts based on changes that are automated and mobile can often be the first line of defense to respond quickly.
Defining your alerts is the first step. You’ll want to bring key management executives and company stakeholders together to discuss and set the policy as to what tasks are priority. You can give each alert an identifier and a description, as well as when and how you get notified.
You also need to determine the number of users required to respond to the alerts, as well as whether or not those alerts should be combined based on the rules you set.
Following is a list of task definitions to consider for monitoring:
These tasks then need parameters defined. Examples can include:
Secure Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is any information or data that could potentially identify an individual. PII can be either sensitive or non-sensitive. Sensitive PII is information that has the potential to harm the individual. Non-sensitive PII is information found in public forums such as websites, public records and phone books.
No company wants sensitive PII compromised in any way. When this happens, not only is the data compromised but the company’s reputation can be damaged irreparably.
You should secure PII through user level security, specific security for PII, approvals processes, company and user level passwords, as well as your defined alerts. Examples include:
Education and culture are the best prevention
Industry statistics cite that the number one way companies are hit with fraud and breach attacks is user error. And more often than not, the error is not malicious. In order to achieve a culture of transparency and compliance, any and all fraud prevention practices should come from the executive team. If leadership is practicing its internal controls on a daily basis, the company will follow suit much faster.
Ways companies can create a strong culture of transparency and compliance include:
Planning for the unknown is never easy. And the different fraud prevention avenues you may take will be based on your company’s needs and policies. The key to a strong approach is to incorporate a well thought out plan that can be easily implemented, monitored, adopted by employees and updated on an ongoing basis. The more fraud prevention becomes part of your company’s DNA and standard operating procedure, the better prepared you will be to deter and mitigate any situation with respect to fraudulent activities.
WolfePak Software is committed to ensuring a secure and safe operating environment for data and financial reporting. For more information about how WolfePak can evaluate and support your fraud prevention efforts, email us at sales@pakenergy.com