Monday, July 26, 2010

Is Fraud Really a Risk?

Respondents to our new PPB Not-for-Profit Risk Survey were asked if their organisation takes into account a number of different risks, including fraud.  Where did fraud rank?

58% of organisations stated that they considered fraud was a risk to their organisation.  However, fraud ranked 7th.  The order of risks was as follows:

Financial Risk - 89%
Compliance Risk - 77%
Public Liability Risk - 71%
Human Risks - 69%
Security Risk - 65%
Project Risk - 64%
Fraud Risk - 58%
Technological Risk - 56%
Financial literacy of key staff - 46%
Natural hazard / disaster risks - 46%
Risk of Insolvency - 43%

While 58% of respondents take into account fraud as a risk, it was interesting to note that while 89% of organisations consider financial risk, just under half (43%) consider the risk of insolvency.

Sunday, July 11, 2010

Protecting sensitive information

All organisations will, over time, hold information that is considered sensitive (eg. Information about clients or students, information about donors, grant information). This information needs to be protected. Examples of ways to protect sensitive information include:
  • Personal data of employees, volunteers, clients etc should be held in accordance with relevant data protection legislation that is relevant to the organisation’s jurisdiction.
  • All data should be stored securely and adequately backed up.
  • Audit logs should be maintained so as to know who accessed data and when it occurred. These audit logs needs to be maintained and backed up appropriately also.
  • Spot checks should be undertaken to confirm that access to the records were for legitimate reasons.
  • Determine who should have access to the data and ensure they are the only ones who have access.