While data breaches have dominated the news cycle, The Wall Street Journal’s “Risk and Compliance Journal,” reports that fraud is actually much more common, even if it generates fewer headlines.
In the fiscal year ending March 31st, 2015, instances of retail fraud averaged a 94% increase from the prior year when calculated by average loss of revenues. Industry reaction to this news has been relatively predictable: as many companies have decided to devote a higher percentage of their budget to preventing fraud. However, the cost of blindly applying risk mitigation activities has resulted in an unacceptable 1.32% reduction in total revenue. Indiscriminately applied screening and cookie cutter control implementations means more red flags, and more red flags means more time and resources expended evaluating potential problems.
The inability for organizations to manage the risk-reward trade-off related to their fraud detection and prevention strategies has resulted in inefficient mitigation activities, more false alarms, unnecessarily harassed customers, and ultimately has translated into less revenue.
Why Best Practice Risk Assessments are Needed
To both prevent fraud and maintain high efficiency levels, organizations need to adopt a best practice risk assessments and frameworks to first identify and assess the risks they face on a daily basis. By prioritizing controls with more effective risk assessments, red flags that are in actuality benign won’t waste time and money.
So why have these bad-for-business, knee-jerk relations been implemented? Visibility is the answer. Data breaches are very often news-worthy because of their potentially major implications and headline value, they’re the classic high impact, low likelihood risk. Fraud, in contrast, occurs incrementally and has a cumulative effect, meaning there is usually no single, cataclysmic event that captures everyone’s attention, but the results can be equally devastating to the business.
The conclusion? Fraud, even though it doesn’t necessarily culminate in a bang like a big data breach can, poses just as much of an organizational threat. The numbers show that attempting to mitigate cybersecurity and fraud without first adopting and conducting best practice risk assessments, will lead to increased inefficiency. The first step to minimizing fraud is using a root-cause risk library to prioritize and escalate concerns across business silos.
To learn more about identifying specific risks and aggregating information at the strategic level with best practice risk assessments, download our popular eBook, “5 Steps for Better Risk Assessments.”
Comments
Unless & until, the risk assessment goals are defined in accordance with the organizational objectives, till such time it may amount to playing in the dark. Also, the Risk Assessment Policy in place plays a greater role in determining the areas that need to be concentrated upon to evaluate the threats/risks and to understand the vulnerabilities in the business. Awareness has to be created for fraud prevention within the set up. Frauds cannot be predicted. Frauds happen when detected. Therefore, Best Practices for Risk Assessment play an important role in many ways and also help in enhancing revenues as areas causing income leakage can be identified. I have observed that in banking industry, Risk Based Internal Audit (RBIA) has helped to a larger extent thereby enhancing efficiency and profitability since it ensures as to how best the Best Practices in Risk Assessment are implemented.