The incidents of IT-based frauds are rising in organisations, raising concern among corporate houses and external key stakeholders on how to detect and prevent fraud as companies lose heavily.
Companies should select “right people with integrity and competency” to detect and prevent fraud, Abdulqader Obaid Ali, President, UAE Internal Audit Association, told CIOMajlis.
Addressing the CIOMajlis at Godolphin Ballroom, Emirates Towers, in Dubai, on the topic ‘Information Technology - Fraud, Prosecution and Prevention’, Abdulqader said: “Whenever you hire somebody in your organisation you hire the person for two things: Integrity and Competency. Invest more in people, educate them and select the right people is what you really need to do. For any organisation, that is the most important thing.”
The talk was in the context of various IT-based fraud scenarios surfacing in organisations. This raised concern among corporate houses and external key stakeholders on how to prevent, detect, and ensure a safe and resilient business environment to conduct business.
As technology advances, so do schemes to commit fraud. Technology can not only be used to perpetrate fraud, but also to prevent and detect it. Using technology to implement real-time fraud prevention and detection programs will enable organizations to reduce the cost of fraud by lessening the time from which a fraud is committed to the time it is detected.
“Fraud comes in different ways. When you take something that does not belong to you, or when you abuse your authority or access to information for personal gains, frauds are perpetrated,” he said.
Technology is moving very fast. It's very difficult to catch up with it. CIOs are in the middle of a lot of people who do not understand the need for protection.
For example, people give out the pin number of credit cards to gas station attendants, trusting them, but they can misuse them. This system is in place to protect the people, but unfortunately they don’t give attention. Although the Central Bank made the mandate that all credit card users must use pin number, people give it out trusting others. Then what’s use? So people are the weakest link.
CIOs should go the extra mile and educate people about not to share passwords. But you make it in a way that people understand the purpose. When you say you have to change your password every three months, they may not like nor do they appreciate the need for it. It is important to invest in people and create awareness.
“CIOs have a crucial role in detecting fraud in their organisations. They can educate the people about what is happening in their organisations because CIOs spend a lot of time and effort in protecting their system using firewalls, etc.” Abdulqader, who is also Chief Executive Officer of Smartworld, said.
“If you have competent people with integrity they would not be tempted to do any fraud, bringing losses to the organisation. Organisations should spend more time in investing and introducing the culture of security.”
Ahmed Al Mulla, Chairman of CIOMajlis, who is also Senior Vice President, IT, Emirates Global Aluminium, said: “Today most companies depend on IT. Most of your applications run actually on the systems. The role of CIOs is actually to facilitate the systems so that they can actually detect fraud, looking at patterns, looking at repetitions, dummy employee or dummy transactions. Many companies use dummy transactions on their systems.”
“Technology is the challenge before a CIO. Technology in fact is the support. The challenge is in the human. No matter what you do, you can always work outside the system. The CIO's role is to ensure that nothing happens outside the system. Then the system can support that,” he said.
The topic is how you can help prevent fraud. Companies put up systems, all the auditors ask whether you are following systems. If you cannot do, you cannot identify patterns.
For example, sometimes in sales department, you can create a dummy customer and make the transaction coming through this dummy customer. This customer is not a real customer. The beneficiary may be the staff himself.
Generally, in a company everybody has to work together, with the finance department, or procurement or human capital. The CIO has to lead that. He is responsible to create the culture of really detecting and preventing fraud.