Blog

Does your company use Gift Cards? Beware!

During a recent HR function audit, I discovered that a company purchases store gift cards for ad-hoc awards and employee recognition.  The problem however was that the process was totally uncontrolled.

Continue reading

Purchasing Card Program Red Flag

If you’ve designed your card program, or it has evolved to the point where supervisory review of transactions is diluted, you may well be at more risk for fraud.   This occurs because at some point, busy Managers are only able to robustly review a limited number of transactions per month, for example.

Continue reading

Internal Audit Awareness Month – Will we always need it?

May was International Internal Audit Awareness month!  This is a worthy cause to market the value that the profession can deliver.   However, it occurs to me that other highly regarded careers don’t have such a campaign.  Have you ever heard of an attorney awareness day, or an engineering awareness month?  I’ve not.

These professions have a higher profile and well understood value proposition to its customers – internal audit is trying to more widely establish itself with its customers and stakeholders: boards, management, organization employees and 3rd parties.

Continue reading

Controlling Purchasing Card Risk

This is presentation from recent webinar on P Card program fit, risk, controls. audit and reporting, delivered through Lorman Education Services:

Controlling Purchasing Card Risk

 

Don’t rely on your Auditor to detect Fraud!

Many companies and organizations point to their external auditors as a watchdog to find fraud.  According to reporting done over several years by the Association of Certified Fraud Examiners (ACFE), external audits are among the least likely means to discover fraud. Continue reading

Cybercrime: A fast growing risk for Purchasing Card programs

A recent New York Times story reported that a Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records included confidential material gathered from 420,000 websites, including household names, and small Internet sites.  Most of the companies affected didn’t even know they were hacked, and the security firm that discovered the theft indicated “most of these sites are still vulnerable”.

These cope of these events makes it more critical that organizations take proactive measures as part of their card programs, including:

  • Educate employees and modify card policy around about safe commerce practices and secure website identification/use.
  • Enhanced vetting of suppliers by purchasing organizations for frequently visited ecommerce sites used for order placements (e.g. for “ghost” accounts).
  • Enforce requirements for frequent and monthly transaction review and reconciliation by users.
  • Use of continuous monitoring software or reporting to spot transaction anomalies quickly.

Ongoing vigilance like never before is a key countermeasure

Most common mistakes by nonprofits allowing fraud to take root

Published in VIS Connections for Risk Managers:

http://www.cimaworld.com/wp-content/uploads/2013/10/Fall-2013-VIS-Connections.pdf

 

 

Fraud Presentation – 2013 Risk Summit

I gave this presentaton on occupational fraud at the 2013 Risk Summit in Boston and feel it’s instructive to any industry and organization:

Managing_Fraud_Risk_

 

A Smart Person once said:

A Smart Person once said

“Somebody is doing something today  … that you and I would be unhappy about if we knew of it. That’s inevitable: … the chances of … getting through the day without any bad behavior occurring is nil.     Continue reading

Necessary but not sufficient … how it applies to Internal Audit services

I remember back when taking standardized entrance exams, questions were based on a described condition.  You had to describe how two concepts were related to each other.   One of the answers was X is necessary, but not sufficient for Y.   This applies to internal auditing today as well.

Continue reading

Contact

(T) 508.878.5570

Email Us

Testimonials

loading Loading

    • " I highly recommend Alan's consulting, internal audit and management capabilities!  He was innovative, results focused, generated meaningful improvements, and a valuable resource that worked well with all parties.   It was a pleasure working with him."        

      — Chief Financial Officer & Treasurer, decentralized services company

    • “Alan worked for our company providing an audit of our department. His participative, non-threatening approach during the interview process, along with his thoroughness, resulted in a successful compilation of data that enabled a list of audit recommendations that were value added and meaningful." Top qualities: Personable, Expert, High Integrity

      — Director of Purchasing, fast growing services company

    • “Alan has performed many consulting reviews for (us)..., including risk assessments, compliance auditing, and program reviews. He has always come through with the expectations of our contract, and I gladly look to Alan for future assistance. He is a true professional! " Top qualities: Great Results, High Integrity, Creative

      — Associate Vice President & Director, Audit Services of leading higher education organization

Twitter: Follow Us