Fraud Prevention and Detection:
When the Internet first became widely used and accepted, everyone needed a firewall to protect their computers from hackers. If the firewall was configured for maximum security you couldn’t use half the websites on the Internet, so you’d have to create enough permissions (often referred to as holes in the firewall) to allow you to leverage valuable websites. To cover the risk from these holes, companies deployed intrusion detection software to identify any hacker activity. This blend of preventive controls (firewalls) and detective controls (intrusion detection) struck the balance between risk and getting business done.
Fraud response responsibility should be allocated as below,
– Managers, who should take responsibility for detecting fraud in their area.
– Finance Director, who has overall responsibility for the organisational response to fraud including the investigation. This role may be delegated to a fraud officer or internal security officer.
– Personnel (Human Resources Department), who will have responsibility for disciplinary procedures and issues of employment law and practice.
– Audit committee, which should review the details of all frauds and receive reports of any significant events.
– Internal auditors, who will most likely have the task of investigating the fraud.
– External auditors, to obtain expertise.
– Legal advisors, in relation to internal disciplinary, civil or criminal responses.