United States

Strengthening internal controls to prevent and mitigate cyberfraud

SEC crackdown on cyberfraud looms large

INSIGHT ARTICLE  | 

Download article

On Oct. 16, 2018, the U.S. Securities and Exchange Commission (SEC) issued a report stating that inadequate prevention of cyber-related fraud risk may violate the internal accounting control provisions of the Exchange Act of 1934. This report summarized the SEC’s investigation of nine issuers that lost millions of dollars due to cyberfraud. The report reminded companies of their control requirements and left open the potential for enforcement actions.

The SEC made it clear that public companies subject to section 13(b)(2)(B) of the Securities Exchange Act—the federal securities law provision covering internal controls—have an obligation to assess and calibrate internal accounting controls for the risk of cyberfrauds and adjust policies and procedures accordingly.

Given the comments made by the SEC, what should a public company be doing?

RSM has compiled a list of the key areas to focus on for prevention and detection of cyberfraud and to mitigate potential reputational harm, financial loss or potential enforcement actions. 

To combat a cyberattack like the one described within the SEC’s report, an organization needs to ensure specific prevention measures relating to internal controls are in place. These general preventative measures range from creation of a fraud risk management program to mandating all employees receive security awareness training.

In addition, there are preventative measures that should be considered around payroll and disbursements to mitigate the occurrence of fraud.

Although these cyberattacks begin with computer skills and social engineering techniques, having the proper internal controls in place can limit the financial damage and reputational concerns that a company may face. By staying aware of emerging fraud techniques—and their impact on the company—you can better prepare yourself to avoid such issues in the future.

Read the article.


Additional insights that may interest you

INSIGHT ARTICLE

SEC crackdown on cyberfraud looms large

After new SEC guidance, companies should evaluate cybersecurity risk and prevention processes to avoid potential enforcement actions.

INSIGHT ARTICLE

Combatting cyberattacks: 5 steps to managing cyberrisks

RSM provides insight into the growing threat of cyberattacks to organizations and how to manage such attacks. Learn more.

Three ways to identify and combat vendor fraud

INSIGHT ARTICLE

Three ways to identify and combat vendor fraud

Vendor fraud is one key fraud category to watch. Learn three practices to help detect and prevent fraud in your vendor management process.

INSIGHT ARTICLE

Be proactive: A guide to internal fraud investigations

Learn how to identify early signs of fraud and apply best practices in an internal investigation to reduce the financial impact of fraud.

Steps to help prevent and mitigate occupational fraud

INSIGHT ARTICLE

Steps to help prevent and mitigate occupational fraud

Learn four quick steps you can take in an effort to reduce and mitigate occupational fraud in your organization.

AUTHORS


How can we help you?

To discuss how our team can help your business, contact us by phone 800.274.3978 or