As a company that works with risk management and compliance operations, we know that it is often difficult to really argue why you should focus on risk prevention, especially as it is often intangible. Furthermore, it can be difficult for employees to approach their leadership to explain why they should invest in risk management tools. Because while risk management tools ideally should result in preventing malicious things from happening, it also means that a good and well-functioning risk management tool actually ends up being less visible in the organization. In other terms, it does a lot of important work without showing off, meaning that it often does not get the credit that it warrants.
Does this mean that it is completely intangible? Absolutely not. At ComplianceNow we have always looked at good risk management tools and processes as a form of insurance – meaning that they are necessary to have but difficult to place a value on. However, let’s take some evidence and statistics from different fraud cases, and maybe this can help contextualize what you are trying to prevent with SAP risk management tools and place a tangible value on the tools.
Statistical background
The ACFE compiled an interesting report in 2020 wherein they presented a study based on 2504 fraud cases. They found that these cases alone represented a loss of 3.6 billion USD, and it is estimated that more than 4.5 trillion USD is lost to fraud each year – in percentages that translate to organizations losing an estimated 5% of revenue to fraud each year on average. The same statistic tells us that this equals an average loss of 1.5 million USD per fraud case. In the investigated cases, this was the average loss, while the median loss was 125.000 USD. This is certainly something that most companies would like to avoid. However, the most interesting part in relation to SAP risk management processes lies in the types of fraud and how fraud is usually discovered (or not discovered)
Asset misappropriation is the most frequent type of fraud and represents 86% of occupational fraud cases – ranging from skimming to billing fraud. Especially risky asset misappropriation is check and payment tampering and billing fraud. Furthermore, the perpetrators attempt to conceal the fraud by altering electronic documents (27 % of the cases) or by creating fraudulent electronic documents (26 % of the cases). In other words, something that could be prevented with segregation of duties and internal controls – or at the very least could be easily tracked and discovered.
It is additionally very interesting, that most fraud cases are discovered by leadership being tipped, and very little is discovered by internal controls due to a lack of implemented internal controls in the organization. A lack of internal controls contributed to nearly 1 out of every 3 fraud cases!
Our beliefs and values
We in ComplianceNow believe that having good and efficient risk management processes starts by having the right tools. Tools are necessary, as business landscapes are more and more complex. You simply cannot have a compliant, risk free and transparent organization without the right tools. As this blog has documented, having segregation of duties and internal controls are a very necessary part to prevent fraud and staying compliant. Remember that segregation of duties tools and internal control are not limited to only help with fraud cases, but as demonstrated, if we only look at fraud, these tools already have a great business case in most organizations. In addition to preventing fraud, the tools also help you with reducing costly human error, general overview of documentation, paper trails for auditing and more effective and less costly auditing processes. In fact, all major auditing houses recommend implementing a segregation of duties tool in your organization.
If you are interested in hearing more about CN: Access Control or CN: Internal Control, then contact us for a free 1-hour demo
Follow us on LinkedIn and get instant access to our latest articles and posts on SAP and compliance.