Businesses are reminded to strengthen their online banking and payment processes, after an audit revealed the Royal Australian Mint misplaced more than $1 million last year due to unauthorised payments that were made from its bank accounts by a former employee.
An audit report on information security reveals $1.095 million in unauthorised payments were made from the Mint’s online banking portal over four instalments, reports Fairfax.
The audit report stated while two individuals had to authorise payments from the Mint’s banking portal, this “was not configured with dollar limits on transactions or protocols for who is an appropriate independent second authoriser,” according to Fairfax.
The Mint told Fairfax it had been “subject to an external fraud” and the incident has been reported to the Federal Police. The Mint said it did not have anything further to add when SmartCompany contacted it this morning.
It is not only large organisations that are vulnerable to misuse of their bank accounts, with one fraud expert telling SmartCompany small businesses are regularly hit by unscrupulous use of their banking platforms. This mean it’s incredibly important to get the processes right.
Brett Warfield of forensic accounting firm Warfield and Associates says from reports of the Mint case, it appears the employee had bypassed the first step of payments process because the transfer was made directly from the online banking platform, rather than from the financial management software that would have been used for payments.
While two people were required to sign off on a transfer from the banking platform, there were no transfer limits in place.
Warfield recommends all businesses ask themselves who has access to their accounts for payment, how many people have to sign off on a transfer, and what their levels of seniority are.
“What I say to all my clients is one of the key areas of risk in your organisation is your online payment processing system,” Warfield told SmartCompany.
“In terms of dollar value limits, you would be looking at this based on the person’s authority level,” he says.
“With the second person [signing off on payments], as the dollar value goes up, more senior levels would be required to sign off.”
Given transfers into personal bank accounts are more prevalent than many businesses might think, Warfield says it’s important to consider who has access to your accounts in the usual course of business.
“Whether it’s an employee, or a contractor, or a bookkeeper, there are really a lot of people,” he says.
Once you’re comfortable with who can sign off on payments, consider how you track what’s going in an out of accounts so nothing slips past undetected.
“One thing to ask is ‘how often am I doing a bank reconciliation?’” Warfield says.
“If you’ve got good controls and are doing a daily bank reconciliations, then you should see [issues]. But people might not being doing them that often.”