Cyber Incident Response and Little League Baseball: It’s all about the Follow Through

Responding to a cyber incident isn’t just about getting the systems back up and running (very important) but rather performing in sequence a set of mechanisms that improve the overall cyber incident response effectiveness. The set of sequences or as they are known in the sporting world, the follow through, is key to the most successful incident response and might not be as straightforward as you assume. Read on for a follow-through formula designed for efficient incident response here.

The Perfect Storm: Lack of Internal Controls & Financial Pressures

According to the Association of Certified Fraud Examiners (ACFE) 2016 Report to the Nations on Occupational Fraud and Abuse, an organization’s lack of internal controls is the number one weakness contributing to fraud; while living beyond one’s means is the number one behavioral red flag of employees engaging in fraudulent activities.

Like many other fraud examinations, there was a recent fraud loss at an organization due to their lack of internal controls and an executive with the financial pressures to take advantage of those lack of internal controls. The following chart reflects the behavior red flags displayed by perpetrators according to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse. The executive in this situation displayed the top 5 behavioral red flags.

erics-bloh

The organization had been going through financial difficulties, all while the executive was engaging in lavish spending for his/her personal benefit with business funds and excessive purchases for the organization. The executive was able to conceal the organization’s financial difficulties and their fraud scheme of personal expenses with business funds by controlling what information was shared with board members, the lack of internal controls regarding job duties and the organization not having the proper policies in place for documenting business’ purchases.

This organization lost hundreds of thousands of dollars and it all may have been prevented/detected earlier with some proper internal controls and additional oversight by board members and/or staff.

Take a minute to reflect on your organization to identify any weaknesses you have in your internal controls and do you have any employees displaying behavioral red flags? If so, address those concerns immediately before it’s too late!

 

What’s next? Do I need an audit? Who can help me?

You find yourself in a bad situation – you are concerned that an employee has taken advantage of your organization and mishandled company funds. Now what? Do you need to bring in auditors? What is the different between an audit and one of those, what do you call it, fraud examinations?

Financial audits are recurring reviews of financial statements. They provide an independent opinion on whether financial statements are presented fairly but are NOT designed to detect fraud. Often they are completed to give a level of comfortability to stakeholders.

If you are looking to answer the questions of whether fraud has occurred or is occurring, who might be responsible, what amount was taken and having documentation prepared to move forward, you need a fraud examination. Fraud examinations are nonrecurring examinations of financial records designed to detect fraud and resolve specific allegations, without any opinion on financial statements.

capture-1capture2

 

Fraud Facts

Fraud Facts

Eide Bailly’s Forensic Accounting team provides services in preventing, detecting and investigating fraudulent behavior and financial crimes. Our services include fraud detection and investigation, internal controls examinations, fraud awareness training, employee background checks and hotline reporting.