Strengthening internal controls to prevent and mitigate cyberfraud
SEC crackdown on cyberfraud looms large
INSIGHT ARTICLE |
On Oct. 16, 2018, the U.S. Securities and Exchange Commission (SEC) issued a report stating that inadequate prevention of cyber-related fraud risk may violate the internal accounting control provisions of the Exchange Act of 1934. This report summarized the SEC’s investigation of nine issuers that lost millions of dollars due to cyberfraud. The report reminded companies of their control requirements and left open the potential for enforcement actions.
The SEC made it clear that public companies subject to section 13(b)(2)(B) of the Securities Exchange Act—the federal securities law provision covering internal controls—have an obligation to assess and calibrate internal accounting controls for the risk of cyberfrauds and adjust policies and procedures accordingly.
Given the comments made by the SEC, what should a public company be doing?
RSM has compiled a list of the key areas to focus on for prevention and detection of cyberfraud and to mitigate potential reputational harm, financial loss or potential enforcement actions.
To combat a cyberattack like the one described within the SEC’s report, an organization needs to ensure specific prevention measures relating to internal controls are in place. These general preventative measures range from creation of a fraud risk management program to mandating all employees receive security awareness training.
In addition, there are preventative measures that should be considered around payroll and disbursements to mitigate the occurrence of fraud.
Although these cyberattacks begin with computer skills and social engineering techniques, having the proper internal controls in place can limit the financial damage and reputational concerns that a company may face. By staying aware of emerging fraud techniques—and their impact on the company—you can better prepare yourself to avoid such issues in the future.
Additional insights that may interest you
After new SEC guidance, companies should evaluate cybersecurity risk and prevention processes to avoid potential enforcement actions.
RSM provides insight into the growing threat of cyberattacks to organizations and how to manage such attacks. Learn more.
Vendor fraud is one key fraud category to watch. Learn three practices to help detect and prevent fraud in your vendor management process.
Learn how to identify early signs of fraud and apply best practices in an internal investigation to reduce the financial impact of fraud.
Learn four quick steps you can take in an effort to reduce and mitigate occupational fraud in your organization.