Do you know what applications your employees have access to and what they’re actually doing with that access? NJ Transit is yet another organization that found out the hard way what can happen if you don’t. An NJ Transit supervisor just pleaded guilty to stealing $2.1M by creating vendors and then paying them. These vendors turned out to be in on the scheme to bill NJ Transit for services not rendered and then kick back money to the supervisor. The supervisor had the ability to not only create the vendors, but also approve payments up to $5000 at a time.
The payments occurred for several years until an internal audit in October 2015 uncovered them. It took until September 2019 for the supervisor to plead guilty. It took until August 21, 2020 for him to be sentenced.
But NJ Transit was fortunate to uncover this threat. After all, the Association of Certified Fraud Examiners estimates that outside auditors discover only about 3% of organizational frauds, while internal audit departments find a little over 14%.
This makes it very clear that the potential for losing millions in revenue has never been greater if you continue monitoring transactions the same manual way you’ve been doing it all along. In the NJ Transit case, they would have quickly uncovered these fraudulent transactions if they used a solution to automatically monitor business controls to uncover Segregation of Duties (SoD) violations.
It’s not enough to determine who has the potential to commit an SoD violation. Organizations have to know who actually committed one so that they can quickly prioritize the risks that must be addressed first. Instead of $2.1M in fraudulent transactions being paid out by NJ Transit, an automated solution would have uncovered the first violation in real time.
Another compelling benefit of automation is that it not only protects a business from SoD violations throughout the year, it also exposes SoD risk in dollar values that the business can clearly understand and prioritize. A review of SoD for many organizations is a manual process performed once a year. Not only does this take a long time to complete but these companies have no visibility into what happens the rest of the year.
Hear how Chevron automates SoD controls to ensure their business environment is always compliant and audit-ready, whether employees are remote or on-site. Click here to view the on-demand webinar now.
Share
Many organizations focus on external threats when it comes ...
Insider Threat Definition An insider threat is a securit...
The largest concentration of sensitive data within an enter...
For many publicly traded companies, complying wit...