Organizations were urged last week to be proactive in preventing IT-related crimes.

 “As more and more organizations digitize the information that they have and as the Internet becomes more and more ingrained as the way we do business, [IT-related crime] is going to continue,” said Lawrence Lewis, a partner in Deloitte Bahamas.

Lewis, a certified public and chartered accountant, spoke June 26 to delegates attending the Institute of Internal Auditors (IIA) Bahamas Chapter one-day seminar on fraud and anti-money laundering.

Lewis said that persons committing fraud can be internal staff (or vendors) using IT access during day-to-day activities, internal staff (or vendors) using unauthorized access or other outside individuals using access gained through hacking or other methods.

“With limited resources, companies often walk a tight rope, having to find a balance in their IT budget between security and anti-fraud type projects and ongoing operations and other priority areas,” he said.

“Organizations are still struggling with some of the challenges, the whole cost element and what we actually do,” said Lewis, a Certified Information Systems Auditor (CISA), who currently works with leading organizations in identifying risks, developing appropriate risk management approaches and testing and monitoring associated controls. 

For smaller organizations with less resources, Lewis recommends outsourcing for IT fraud prevention initiatives.

“It takes a lot of skillsets, a lot of training and continually upgrading to keep up on the issues that we are facing,” he said.

“It’s important for organizations to evaluate their security posture for risk and plan their response before an event happens.”

Through the one-day seminar, the IIA aimed to sensitize its members on how to prevent and detect fraud, in addition to assessing the impact of fraud-related activities on the cost of doing business.

The session is held every two years.

tblair@dupuch.com