In-House Fraud Goes Undetected
A new survey by Attachmate Corporation and Ponemon Institute on the ‘Risk of Insider Fraud’ reveals that companies need to be more aware of the possibility of an employee being fraudulent. This survey was administered to over 700 organizations and exposed some shocking results:
- Over 75% of respondents claimed that high-ranking people within their company either have, or were likely to, turn off or modify application controls to alter sensitive information – then reset those controls to hide their tracks.
- 81% said that individuals at their organization have, or were likely to, use other staff member’s favourable credentials to gain prestige or avoid separation of duty controls.
- Respondents also stated that their institutions experienced more than one episode of employee-related fraud per week (53 per year on average). Additionally, one quarter of respondents claimed there has been more than 100 in-house fraud incidents within their institution in the past 12 months.
- On average, a fraud incident takes 89 days for an organization to discover, along with another 96 days to uncover the cause of the fraud and the financial loss to the company.
- More than half (62%) of respondents admit they are unsure of their ability to access the large financial impact and severity of fraud.
- Around two-thirds of investigations on internal fraud incidents do not result in actionable evidence.
Larry Ponemon, the founder and chairman of Ponemon Institute claims, “this data demonstrates that employee actions across an enterprise are not visible” and “While organizations may have policies in place that are meant to curtail insider fraud, what’s on paper doesn’t necessarily lead to compliance.”
In fact, over half (52%) of respondents felt they do not have sufficient technology in-house to either prevent or detect insider fraud quickly, as well as detect misuse of IT resources. Usually, IT departments within a company will review log files to monitor employee activity. However, 78% of respondents consider the manual review of these log files to be inadequate in terms of detecting suspicious employee behaviour.
According to this study, another possible explanation to why insider fraud is so common may be because it is not considered an organizational priority for many CEOs and other upper level management. A mere 16% of returned surveys claimed that their companies CEP adequately recognized the risk of insider fraud as significant.
