Over the past few months, I have been presented with some very disturbing situations.
The conversations have started almost exactly the same in all cases. A business owner calls and informs me that something is bothering him/her. We arrange to meet up at an off-site location (anywhere other than their office.)
This type of situation is quite normal in my line of work, but I never know exactly what I’m stepping in to. More often than not, the meeting will be to discuss the results that are being achieved as it relates to technology, and ideas that I might have about how to do better.
In these last couple of months, however, the situations have been WAY more disturbing.
Since the beginning of time, some individuals have had to wear many hats in organizations out of necessity. Most of the time it is due to the lack of correct headcount or the inability to afford to hire a qualified individual to fill a certain void.
The result of this staffing decision sometimes leads to not being able to separate the roles of certain departmental functions. Separation of roles in an organization is practiced to create a secure balance of power that decreases the opportunity for fraudulent practices by employees.
The situations that have been presented to me in several cases this last month were directly related to the separation of roles.
Many times Information Technology (IT) Management and other departments are combined. I see the role shared by an individual in accounting, sales, operations, office management, or human resources. This overlap creates the opportunity for people to commit all types of fraud. I have seen acts of cash embezzlement, inventory theft, hiring of fake employees, and worse.
Preventing these situations is simple if you analyze why they happen.
If you combine the IT function with some of the others mentioned, you create the ability for user accounts and access to be shared by a person that should not be allowed to do so.
It is easy to close this gap just by making sure the IT function of enabling and disabling user accounts is done by someone other than the member of the same department. If you want to be even more secure, make sure the function of user administration is outsourced.
In the examples I have witnessed, companies have lost hundreds of thousands of dollars. Don’t let this happen to you!
Related: 4 Technology Tips to Prevent Fraud and Embezzlement in Small Businesses