Page 15 - Internal Auditor M.E. - June 2019
P. 15

TO cOMMenT on the article,
              eMail the author at mkjallad@hotmail.com                                            Fraud risk
































            2-   Check for changes                             6-   Practice caution
            Try as much as possible to communicate directly by phone   Make sure that you always fully alert and focused on
            with the other party to confirm the payment, especially if   payments to be transferred, in particular the payments
            you have a certain doubt where you are provided with a   that the beneficiary is required to be completed with
            new banking account number or changed any information   urgency or forced circumstances, or may act with you
            about the company name or location.                aggressively if you ask him/her for more information and
            3-   Verifying unique requests                     data. Often the cause of urgency is fear by the second
                                                               party of fraud detection. Always take your time and do all
            Such as when the other party sends an email asking you   the means to avoid making mistakes.
            to transfer the amount to a bank account in an outside
            country, or any other not familiar requests, in this case ,   7-   Beware of confidentiality
            it is important to directly communicate with the second   In the event where the beneficiary requests the payment
            party to confirm such requests.                    to be confidentially processed without disclosing any
            4-   Double checking email addresses               information, you must communicate directly with the
                                                               responsible parties in your company to confirm the
            The most common fraud method is by fabricating e-mail   request and then communicate with the beneficiary
            addresses and manipulating them with very simple   company itself by telephone for confirmation.
            modifications that a person might not notice if he/she
            did not give them enough focus and double-checking.
            For example, email may be manipulated from ahmed@  Conclusion:
            abccompany.com to become ahmed@acbcompany.com   Many fraudulent cases of remittances were caused by
            as we can see, the change may be so simple that you did   negligence of the financial department staff who are
            not notice it and you may communicate with the wrong   responsible for making the transfers. Simple additional steps
            person, resulting in a money transfer to non-eligible   should be taken to confirm and validate that the beneficiary’s
            entities.                                       address and data were changed by making a simple telephone
                                                            call with the other party and communicating with other
            5-   Forward instead of Reply                   departments in the company as further proof.
            If you receive any email from a second party (clients,   The company should also raise awareness of its employees
            suppliers, etc.), Forward the message and then use   about this type of risk by attending specialized training
            the addresses stored in your company’s address list to   courses and continuously guiding staff.
            make sure you are communicating with the legitimate
            beneficiary to avoiding contact with wrong email   Muhammed Khalil Jallad  an accounting and auditing expert cur-
            addresses.                                      rently working in a leading institution in Kuwait

          JUNE 2019                                                           INTERNAL AUDITOR - MIDDLE EAST     15
   10   11   12   13   14   15   16   17   18   19   20