Do a quick web search on business fraud and cybercrime and you'll find story after story, including many New Zealand ones. The initiators are not all internal. For example, here's a recent headline 'Cybercrime a $600 billion-a-year headache'.

From the article:

• 'Chief financial officers have been targeted this year, with one woman sending $100,000 offshore at the request of what she thought was her chief executive.

• The New Zealand Fire Service got scammed out of $52,000, once again believing their boss was asking for the money.


• Business email compromise, fake invoices and CEO/CFO style phishing have been big this year.'

In the two examples above, the internal staff weren't corrupt. They made genuine mistakes. However, sadly some employees are untrustworthy around money, as we so often hear.

Netsafe and other sources say that most fraud cases never see the light of day; businesses want to sweep things under the carpet and move on quickly, afraid of reputational damage.

So how can we combat these various forms of fraud? And how can we protect key employees from clever attacks, risk and danger?

It's such a specialised area that very few business owners or senior executives are trained on how to prevent it.

It might help to think of it as financial health and safety - where's your plan, how are you reporting and how can you minimise financial hazards and risk? Who and where are the experts to help?

I'm always on the watch for technology as well as tips that save time and make us more productive. So when I recently came across technology that goes a long way towards helping keep companies and employees financially secure, I dug a bit deeper. Anything that helps keep us focused on 'business as usual' instead of fighting fires has to be worthy of review.

The disruption to your business and the loss of time is often more costly than the loss of hard cash.


Dorian Scott, CEO of ecentre, Massey University's business incubator, was tasked by his board to provide and maintain a Risk Register. In the search for a solution he discovered a fairly new Kiwi product called Vigilance. In simplistic terms - any exceptions or unusual variations shout at you before the money leaves the bank. Once the money's gone it's pretty much too late!

Here's what Scott said:

"Vigilance provides on-demand reporting and alerts me to any unusual transactions," says Scott.

"My Audit and Risk report is automatically generated and sent to board members each month, highlighting our risk profile around transactions. This is extremely helpful from a governance perspective as it answers many of their questions and gives them peace of mind before I get to the board meeting.

"Also, when it comes to the monthly creditor payments, I get a secure, online payments schedule detailing proposed payments as prepared by ecentre accounts. Any exceptions are right at the top of the Vigilance report and I can drill down on transaction detail if I need to. I can approve payments while out of the office on my phone, so I'm not holding up the payments process. It would be a poor use of my time to check all the payees" names and bank account numbers.

Ironically only a very small percentage of businesses use any form of data analytics to help combat this threat.


"Vigilance acts as a separate set of eyes, checking for consistency and accuracy while offering a separation of duty that our auditors love."

The ecentre found that it didn't require any integration to existing systems and there was no learning curve or disruption to processes. In fact it greatly improved their processes by speeding up the time it took to approve payments and report.

Sam MacGeorge, CEO and founder of Vigilance says, 'If you haven't experienced fraud it's not top of mind and that's why it comes as such a shock when it happens.

The top four accounting firms have all recently published reports on fraud and cybercrime. The single biggest factor contributing to fraud is the lack of robust payment systems and controls. One of the biggest culprits is technology; it allows the perpetrators to use their intimate knowledge of the business systems to commit fraud in the first place.

"Ironically only a very small percentage of businesses use any form of data analytics to help combat this threat. I suspect this is because businesses would have to build their own system and to do so they are going to need to understand what they are looking for in the first place."

The disruption to your business and the loss of time is often more costly than the loss of hard cash.