- Is your organisation vulnerable to payments fraud?
- How robust are your internal Accounts Payable controls?
- Do you know whether your internal controls are fit-for-purpose or need strengthening?
These are all critical questions that every CFO and Accounts Payable manager should be asking on a regular basis. Protecting your organisation from fraud is an ongoing challenge. With fraudsters constantly adapting their tactics, every organisation should be constantly reviewing its internal controls, refining and updating them to accommodate an evolving threat landscape.
Pressure Testing is a methodology that helps you determine whether your organisation has the right internal controls in place to ensure you remain secure and resilient in the face of a growing range of financial threats.
In this blog, we will explore how you can implement Pressure Testing in your Accounts Payable department to prevent your organisation becoming a victim of fraud and scams.
What is Pressure Testing?
Pressure Testing is an internal process that is designed to determine whether you have appropriate policies, processes and procedures in place to mitigate a particular risk. Through Pressure Testing, an organisation should be able to determine where vulnerabilities exist in its existing controls, paving the way for remediation activities that strengthen the organisation’s capacity to mitigate that risk.
Pressure Testing was widely introduced into the banking sector following the 2008 Global Financial Crisis as a way to determine whether a bank had sufficient capital reserves to withstand major economic shocks, such as a deep recession or a financial market crash.
In some respects, a Pressure Test is similar to a risk assessment. Whereas a risk assessment identifies potential risks and what controls are required in response to the severity of a particular risk, the Pressure Test is focused more on your policies, processes and procedures, and determining whether they are fit-for-purpose.
Why Should Accounts Payable Conduct Pressure Testing?
The recent release of AS8001:2021, the standard issued by Standards Australia for fraud and corruption control, makes clear that organisations should embrace Pressure Testing as a way to assess the operational effectiveness of their internal controls.
Pressure Testing may involve either internal or external individuals or teams initiating a series of test transactions to assess whether the organisation’s internal controls are effective in preventing fraud.
This is one of the most effective ways to determine whether your policies, processes and procedures are adequate, or require strengthening.
- Policies – These are the internal rules you establish within your organisation. Think of policies as the law which gives direction for how individual employees, departments, or the organisation as a whole, should operate. With clear policies in place, it is possible to ensure that the entire organisation operates in a way that is consistent with certain strategic goals. In the context of Accounts Payable, the broad policies should be established by upper management including the CFO.
- Processes – These build upon the organisation’s policies by providing a high-level overview in terms of what, who and when. Processes should be developed by management, including the Accounts Payable manager, and detail what specific tasks need to be executed, who has responsibility for executing each specific task, and when each task needs to be executed.
- Procedure – Whereas a process is a high-level overview, your organisation’s procedures are more granular. Procedures outline the step-by-step approach to how a task needs to be executed. Due to the fact that procedures have the most direct impact on how an employee carries out their function, many organisations seek input from staff when drafting their procedures.
When Pressure Testing your Accounts Payable function, testers will carry out certain actions to ascertain whether or not your policies, processes and procedures are successfully operating as intended. The goal is to determine whether or not, in a real-world scenario, your organisation would be able to identify and prevent potentially fraudulent activity.
Types of Pressure Testing Activities for Accounts Payable
There are multiple ways your organisation could undertake Pressure Testing to determine your ability to prevent fraud.
- Testers may send fictitious emails to your Accounts Payable team in which they spoof your organisation’s CEO or CFO and request an urgent payment be processed.
- Testers may send fictitious emails to your Accounts Payable team in which they spoof one of your suppliers and request that banking details be updated.
- Testers may deliberately send invoices with manipulated phone numbers to your Accounts Payable team to determine whether the necessary call-back controls are being adhered to.
- Testers may deliberately send fake invoices to your Accounts Payable team for goods that were never ordered or delivered to determine whether 3-way matching is being adhered to.
- Testers may deliberately send multiple invoices to your Accounts Payable team to determine whether duplicate invoice checking is taking place.
- Testers may send invoices with false GST or ABN details to determine whether regulatory compliance checking is taking place.
- Testers may phone your Accounts Payable team, pretending to be a supplier, and ask for their bank details to be modified.
This is just a selection of the types of tests that can occur when Pressure Testing your Accounts Payable team. The range of tests that are implemented will depend upon the specific risks that your organisation is most likely to face.
4 Benefits of Pressure Testing for Accounts Payable
When undertaking regular Pressure Testing of your Accounts Payable function, you can expect to achieve a range of benefits including:
1 ) A stronger awareness of the risks that exist within your Accounts Payable function, and how these may impact your broader organisation.
2 ) An understanding as to whether or not the internal controls that you have established are fit-for-purpose in mitigating your exposure to the risk of fraud.
3 ) Enhancing staff awareness of fraud. This helps your staff, who are your forward line of defence in the fight against fraud, to actively help protect your organisation.
4 ) Pressure Testing identifies weaknesses and vulnerabilities in your internal controls, so you can implement the necessary remediation measures that strengthen your resilience to a rapidly adapting threat landscape.
It is critical to remember that when testers undertake Pressure Testing, measures are in place to ensure your organisation does not experience any actual loss of funds as a result of the testing activities.
How Can eftsure Help?
Many organisations struggle to ensure their internal controls are fit-for-purpose. This is particularly so when those internal controls are supposed to protect the organisation from fraudulent activities that are constantly adapting to take advantage of potential vulnerabilities.
Ensuring your internal controls are sufficiently robust requires ongoing monitoring and vigilance. This is a challenge for any organisation, particularly when internal controls are overly manual in nature.
By embracing automatic internal controls, you can leverage technology in a way that strengthens your policies, processes and procedures, thereby providing your organisation with a far more robust anti-fraud posture.
With eftsure integrated into your Accounts Payable processes, you benefit by having a technology solution in place that ensures that all outgoing funds are being remitted to the intended recipient. Irrespective of what tactics a fraudster may adopt to try and deceive your Accounts Payable team, eftsure provides critical assurance that such activities will not result in losses for your organisation.
Contact us today for a full demonstration of how eftsure can protect your organisation from fraud.