Forum Discussion

ChilliPalmer's avatar
ChilliPalmer
Cover User
3 years ago

Employee Fraud/Theft Prevention

It stuns me that there are almost no discussion threads in here about employee fraud (theft) prevention.

Can someone please tell me, apart from the email alert that advises a new/changed bank account (which is the minimum possible "smarts" on this matter, rather than a functional solution) how do I identify a fraudulent act?

 

We are a medium sized business with 5 or 6 team members needing MYOB access and in their routinely. I don't have the time to personally carry out ongoing fraud detection activities in software (AccountRight) that makes it extremely difficult to identify it anyway.

 

Why doesn't the email alert advise me who made the change?

 

What if a staff member changes a Supplier's bank details to their own (less likely to be scrutinised) and processes a payment?

 

What if a User changes the name on their own card to a Supplier's name and processes a payment (no bank account alert email).

 

I understand that I can lock down individual User permissions, which I have, but with multiple MYOB files that is extremely time-consuming and tedious and so not as valuable/functional is it should be. Plus it needs constant attention as Users change the work they do over time and do leave relief work for other Users. There's no central portal for me to change one User in all my files, or to duplicate custom User Roles across multiple files.

 

I also understand that reconciling supplier statements (which we do) should eradicate one of the scenarios above, but the chances of an extra transaction in MYOB being missed is high if all the transactions on the statement are okay.

 

We're in the real world here, where I shouldn't have to rely on my staff to constantly be thinking about internal fraud, and also expecting them to be perfect. We're all human and make mistakes and errors of judgement.

 

It seems my only option (which won't address all the scenarios above and those I haven't thought to mention) is to print out every bank account change email I get, create a register so none of them get "lost", and get my team to show me supporting evidence for each one. I get about 20 of them per month and the time for this process would be not be cheap - but clearly needs to happen if there's no other solution!

 

In my mind, MYOB AccountRight is woefully inadequate when it comes to internal controls and security.

Am I missing something???

 

Really appreciate any clues as to features I may not be utilising in the software that "smartly" helps me prevent fraud.

 

Many thanks!

  • Hi ChilliPalmer 

     

    Thanks for your feedback

    As you have indicated, when the company file is stored online, AccountRight will send an automated email to the AccountRight Live Owners to alert them that the employee or supplier bank accounts have been changed. This is intended to alert the AccountRight Live Owners to changes in the company file to action requests that don't seem like they should have occurred. As you have indicated, these don't contain the user information that completed the request, rather it is designed to alert the user to changes that have occurred. There are certain situations like you have supplied that may where it would be more beneficial to see additional information in those.

     

    We do also encourage users to check out Ways you can protect your AccountRight company file which outlines some key tips to protect your file. This mostly is aimed at external ways but can also contain some information for internal users.

    In saying that thank you for your feedback, I have capture that so it can be shared with our teams.