Croixstone Consulting is partnering with the Association of Certified Fraud Examiners (ACFE) to serve the organization’s annual “International Fraud Awareness Week” event. As an official “Supporting Organization” of this year’s #FraudWeek (November 17-23, 2024), Croixstone is joining the global effort to minimize the impact of fraud by promoting anti-fraud awareness and education.
In support of Fraud Week, we posed 5 questions to Ed Ritter (who leads Croixstone’s Risk & Compliance practice) to explore practical ways to minimize the impact of fraud.
Question #1: As a CEO of a mid-sized business, what should I be doing to mitigate risk of fraud?
Lead by example. Ensure fraud awareness and mitigation are a part of your everyday culture. “Care and Feed” this aspect of your culture throughout the year and throughout your company. Invest in training programs that help employees identify phishing campaigns which help to identify suspicious emails. Practice password hygiene and implement email filtering and multi-factor authentication solutions. Incorporate end user expectations into the company Code of Ethics and onboarding programs. Empower employees to take a pause and ask questions or escalate suspicious activity. Implement self-assessment programs, which enable employees to identify areas of weakness in the prevention, detection and mitigation of fraud. Provide timely investment and resources to remediate weaknesses where the impact of a fraud event would be above the firm’s risk-taking capacity.
Question #2: What can leaders do to mitigate fraud related to money movement?
Ensure dual controls exist for money movement activity (e.g., wires, ACH transactions, checks). Require separation of duties to initiate and authorize money movement. Add a second authorization for moderate and large dollar transactions. Ensure these types of controls are monitored with continuous reporting of daily activities to the responsible parties. Early detection mitigates the impact of events. Finally, expect the controls to be independently tested for effectiveness with findings being escalated to proper levels for remediation.
Question #3: How can a small company implement protections against fraud without breaking the bank?
Make risk management and mitigation part of the company culture – appoint a company ‘czar’ to drive continuous education and awareness. Implement multi-factor authentication. Invest in fraud awareness training for all employees to educate employees on phishing campaigns, the ever-evolving fraud schemes involving gift cards, ‘urgent’ requests from the owner or attempts to extract confidential and/or private information. Create a culture that includes fraud awareness as part of everyday activities. Use the free resources provided by the Association of Certified Fraud Examiners as part of its annual International Fraud Awareness Week event. ACFE’s “Fraud Protection Check-Up” is a simple yet powerful tool to test your company’s fraud health.
Question #4: How important is it to conduct regular security audits, and what should they include?
Regular security audits are crucial for identifying and addressing vulnerabilities before they can be exploited. These audits should include an assessment of network security, review of access controls, evaluation of endpoint security measures, and testing of incident response plans. Audits help ensure that security policies are up to date and effective.
Question #5: What steps should a company take if it falls victim to ransomware?
Immediately isolate affected systems to prevent the spread of malware, notify law enforcement and relevant regulatory bodies, and engage cybersecurity experts to investigate and remediate the breach. Companies should also have robust backup and recovery procedures in place to restore affected data without paying the ransom.
About Ed Ritter
Ed Ritter leads Croixstone’s Risk & Compliance Practice. He excels in helping the firm’s clients accelerate transformational and strategic initiatives by developing pragmatic solutions which are integrated into culture to enable the sustainability of business outcomes.
Additionally, Ed helps to elevate our client’s leaders through collaborative discussions, constructive challenge, and honest coaching. Ed leverages more than 30 years of expertise with top 10 global banks (including Bank of America and Wells Fargo) to assist clients in resolving complex, enterprise-wide issues in Risk Management, Technology, Cyber Security, Mortgage, Consumer Bank and Corporate and Commercial Bank.
Contact: eritter@croixstone.consulting
