NAIROBI, Kenya, Aug 16 – Local institutions were schooled on the importance of strengthening risk management mechanisms as part of a joint workshop hosted by IT firm SAP and PricewaterhouseCoopers (PwC) on Tuesday.
Dealing with issues of Governance, Risk and Compliance (GRC) the event focused on fraud risks and the necessary tools to mitigate occurrences.
PwC Director Nancy Onyango said though there has been an increase in awareness regarding the need for risk management, most Kenyan organisations are still in the infancy stages of implementing effective policies.
“With governance, risk and compliance it’s not comprehensive and people look at it in silos, so you’re not getting the full benefit. The synergies of looking at it holistically are not being realised. On the issue of awareness even the minimum level of a basic understanding needs to be consistent across the patch,” she said.
According to a 2009 global economic survey conducted by PwC, Kenya reported the third highest incidences of fraud cases.
SAP Solution Manager for GRC and Sustainability Lynette Shaw said in order for companies to better safeguard themselves against fraud incidents, internal controls must be fortified.
“Access control or access risk is one of the risks that you should be managing. There are lots of other risks, some studies have mentioned that 87 percent of risks are not financial. Our solutions cover all areas of GRC,” she said.
In December 2010, bank fraud cost Kenyan financial institutions nearly Sh500 million in losses for the month, an amount authorities say reflect a fraction of actual losses suffered by banks.
Due to recent automation, bank fraud by employees due to lack of segregation of duties, has become very difficult to pin down, as concrete evidence is lacking.
SAP Accounting Executive Kenneth Ringera said SAP’s Business Objects Access Control application helps provide an audit trail that gives a basis for proving such activities, through collaborating business managers, IT security and auditors.
“Through that collaboration we are able to address any issues around risk as a whole. What you typically find in an environment where business is not involved is IT has all the accesses and is driving the process. Whereas what you want is a situation where business is driving the compliance of all the processes,” he said.
According to experts, about half the time fraud is detected by the victim, whereas institutions detect a loss 25 percent of the time.
Hence, Ms Onyango says, the biggest challenge for Kenya’s banking sector, is getting people who possess the right skills in the area of GRC as well as being more proactive in responding to losses.
“They play catch up. They lean more towards detecting as it is happening or when a loss has occurred. I think they really need to go into preventative. Rather than waiting until a problem has occurred, especially in this age of technology. The loss could be so significant it could wipe you out,” she said.
Ms Onyango says as our society becomes more sophisticated, ultimately, organisations should get to the place where mitigating controls are evolving at the same speed.