Internal fraud is back in the business headlines as a major corporate concern: a recent European study found that one in five organizations consider employee theft to be “the most serious threat to information security” that the organization faces. Yet in all of the ERP industry’s talk about the security of cloud ERP vs. on-premise, the risk of data loss or compromise, and the disruption to business operations caused by hacking attacks, there remains puzzling little mention of the danger of an organization’s employees capitalizing on their employers’ weaknesses to line their own pockets or how ERP systems can prevent this type of situation.
While an ERP system alone cannot and will not protect companies from this kind of malfeasance, processes that ensure an ERP system is properly installed, utilized and monitored can provide the checks and balances necessary to discover inappropriate activity quickly. A corporate environment that encourages truth and openly disparages dishonesty and fraud also is important. When it comes to preventing problems — and achieving returns — someone needs to be minding the store, so to speak. The following tips should be considered a starting framework for discussing both security and ERP benefits realization:
1. Develop and implement clear, standardized business processes. An ERP implementation is perhaps the best possible time to streamline and standardize an organization’s functions. By blueprinting business processes, companies can provide a clear baseline against which to study results and determine points of suspicion and areas of improvement in functions including cash/receivables, inventory management, purchase orders/procurement, returns and so forth. If an ERP system is already in place but processes are not yet documented or standardized, consider it a critical next step.
2. Hire a third-party firm to perform an Independent Validation and Verification (IV&V). Panorama provides IV&Vs of both ERP systems and business processes that can be invaluable to uncovering existing fraud and preventing future occurrences. The more oversight (both internal and external) a company has, the less risk it runs of rogue acts going unnoticed. IV&Vs also serve as a deterrent to would-be thieves as frequent system inspection and monitoring can give pause to even the most deviant criminal mind.
3. Implement anti-fraud measures into an Organizational Change Management Plan. A key tenet of organizational change management (OCM) is creating a dialogue with end-users about their experiences and issues with the ERP system. Facilitating an atmosphere of trust and clearly explaining the company’s position on fraud within these dialogues, and as prescribed by an OCM plan, also can provide benefits when it comes to staff members reporting fraudulent activities. Employees should be encouraged to anonymously inform management of any suspicion of fraud. A respected employee should be tasked with investigating the claims and determining culpability from an unbiased point of view.
When implemented, managed and measured in the proper way, the data that ERP systems provides can be used to find and prevent fraud within organizations. The best way employers have to take advantage of the system is by utilizing its capabilities to know exactly what’s happening in the organizations. Thieves have an uncanny way of capitalizing on vulnerabilities, so the more expert a company can become in its own processes and systems — and the more trustworthy and collaborative an environment it can create — the fewer “open windows” will be present to tempt employees and the more benefits the company will achieve.
If you’re concerned that your company isn’t utilizing its ERP system in the best possible way, contact Panorama today to discuss your specific needs and concerns and discover how we can start alleviating them immediately.