FoxPointe Security Hub

The Impact of Internal Controls on Fraud Prevention

Changes to the New York State Department of Financial Services Cybersecurity Regulation

Fraud Prevention

All fraud begins with a line of thinking that follow three major factors: Opportunity, Rationalization, and Pressures. Rationalization is the excuse an individual uses to provide comfort or assurance that they need to commit fraud. An example of this could be: “I’ll put the money back, I just need it on loan” or “This company makes so much money, they won’t miss a few dollars here and there”. Pressures are represented by an external factor that would drive a person to steal money from a company. Examples of pressures include pay-cuts, medical issues/expenses, or addictions. The final factor is opportunity. This describes the individual’s ability to create fraud. For example, an employee’s position, responsibilities, or access can provide opportunities for employees to steal from a company. This is the only factor that companies have complete control over and can be mostly remediated with strong internal controls.

The Association of Certified Fraud Examiners (ACFE) performed a global study in 2020. In this study, they discovered that a lack of internal controls contributed to 33% of all reported fraud (pg. 5). Additionally, they discovered that a lack of internal controls and the ability to override weak internal controls contributed to 50% of all internal controls related fraud (pg. 36).

How SOC Assessments Can Help

SOC assessments are designed to test a company’s internal controls. These assessments can find gaps in organizations’ internal controls, which, if remediated, can reduce the opportunity for fraud within the organization. Reducing the opportunity for fraudsters will discourage most fraud. Additionally, SOC assessments encourage organizations to train employees in security awareness and fraud prevention. Completing an assessment that tests internal controls will help an organization identify gaps that could have been used to commit fraud.

FoxPointe Solutions is Here to Help

To learn more about SOC Reporting and how FoxPointe Solutions can help your organization get started, visit our SOC Reporting page or contact us today.

Learn More