The Threat Loop: Fraud, Compliance and Cyber Risk
Rarely a day goes by without a powerful new story about fraud, compliance, or cyber risk emerging.
On occasions, it even involves all three. The scope for incidents related to fraud, compliance or cyber risk grows exponentially as businesses transition increasingly towards more online transactions.
While these issues may have become more common recently, the tolerance for them in governments, regulators, investors, and customers, is quickly diminishing. They expect companies to have adequate safeguards to prevent these types of problems. Companies experiencing fraud, compliance issues, or cyber-attacks can expect little sympathy generating reputational harm, loss of contracts and investments, theft, or fines.
This dynamic was neatly captured in the recent KPMG Fraud Outlook 2022 report, which explores the current situation in a survey conducted with over 600 executives in North America and Latin America. While focused in these two regions, many of the lessons will be familiar to business executives and decision makers anywhere.
The Threat Loop
A crucial theme the survey explores was how the issues of fraud, compliance, and cyber risk – the Threat Loop – are significantly interrelated. A few years ago, these areas were a niche interest to separate teams in the business, likely hidden away in the IT or the audit function.
The integrated and digital nature of business has changed all of this. A flaw in a compliance system, for example, opens a business to the potential for internal and external fraud and cyber risks. The survey states how remote working, adopted over the last couple of years, has exacerbated the situation for many. It also highlights the scale of the problem:
- 83% of respondents have experienced a cyber-attack
- 71% have experienced fraud
- 55% have been subject to regulatory action
All of the above, during the last year alone. One can only speculate as to the costs to the businesses, but modest they are not.
Programs to support fraud, cyber, and compliance risk management
One of the key issues was the variation in how programs to support fraud, cyber, and compliance risk management were implemented in many businesses. Some respondents maintained that their processes met international standards, but the majority felt that their programs barely met their national requirements or sometimes even failed to achieve those standards.
In fairness, this scale of variation is not unexpected as the pace of change in many industries has caught out many competent businesses. While one might expect financial services businesses to be well represented in those following best practices; other sectors, such as retail or hospitality, typically have less access to the skills, resources, and budgets they need to meet their requirements. While these organizations understand what is expected of them, achieving their desired objective is a different question. This situation exposes many to the significant costs highlighted before.
The right documentation at the right time
In part, it is an issue of simply accessing the right documentation at the right time. The relevant documentation for specific standards that people need to follow and adopt must be distributed across multiple servers and intranet sites. Version control can be an issue too – how do the users and the risk or compliance teams know that the right version of a risk or compliance standards document is being used across the business?
Bandwidth amongst the risk and compliance experts
Another issue is bandwidth amongst the risk and compliance experts in a business. It seems that very often there can be an isolation issue that divides the risk and compliance teams with their colleagues on the front line. Risk and compliance teams often find themselves being sucked into a constant round of meetings and emails, as they seek to guide, influence, and inform project managers under pressure to deliver results on time and within budget.
Mitratech’s GRC Platform enables proactive risk and compliance across the enterprise.
To address the need to deliver a better risk management and compliance regime all while reducing costs, many organizations are turning this dynamic on its head. Mitratech’s cutting-edge SaaS technology can enable capabilities that allow companies to centralize the policy management of their GRC requirements, all while enabling users to proactively review and understand the requirements and obligations they must adopt, as they build and adapt their critical business processes and systems. As well as providing education and guidance, these systems also provide attestation capabilities that support the insight and feedback that risk and compliance teams need, to ensure that the right policies and procedures are being followed.
Mitratech offers an array of AI-driven, next generation capabilities that can help business leaders transform processes. Fast to deploy and human-focused for maximum user adoption, enable your organization for success today.
Learn more here.