In a rapidly changing world, risk prevention and the anticipation of change play even a greater role, and financial management and payroll administration are no exception to this. Risk management has traditionally been seen as a technical problem that can be solved with different systems and technical measures.
In reality, risk management is much more than that and, in terms of financial management and payroll administration, it requires expertise in data protection, technical information security solutions, quality management, internal supervision and leadership. How many out there are on top of all of these issues? For this reason, it is worth discussing risk management also with a financial management and payroll administration expert.
Systems, tools and humans – the greatest risks are posed by humans
Imperfect processes, attempted fraud and pure laziness. Just to mention a few examples of why humans are the weakest links when it comes to financial management and payroll administration risks. Processes must be effective and familiar to everyone. If not, it can feel like the Wild West and prone to attempted fraud.
An accountant’s rights and payment transaction rights must be differentiated from each other, and the supply chains for purchase invoice approval must be reviewed by several pairs of eyes. In other words, human-related risks are managed by diversifying potentially dangerous work combinations among several people, regularly implementing continuity planning and securing substitute arrangements, i.e. resources for exceptional situations.
Remote work may well have been such an exceptional situation for many companies, which could not have been anticipated with regard to risk management. For example, information security at the home office does not correspond to actual office conditions or internal supervision has not been adequate. When employees are physically separated, collegial support and control is lacking.
Behavioral norms and culture in lone working are not as strongly present as they are in office work, which means that job rotation may be a more feasible way of avoiding misuse than a technical solution.
Although employees have become more familiar with email hoaxes and phishing, such attempts at fraud tend to evolve and become more plausible, which means they are harder to identify. The clearer the financial management and payroll administration processes are, the less likely these attempts at deception are to succeed. In addition to establishing and continuously developing processes, they must also be complied with and their compliance monitored.
Check how well you know the basics of data protection
The significance of data protection cannot be over-emphasised, as personal data in the wrong hands may cause massive loss to the individual as well as to the company. The EU’s General Data Protection Regulation and Finnish legislation create a solid foundation, which will serve us well when combined with common sense.
Check that at least the following matters are properly managed in your company:
- Logging in to a work computer requires multi-factor authentication, and passwords are changed regularly.
- Personal logins are created for all financial management and payroll administration system users and default passwords are changed immediately.
- Special attention is paid to information security when handling the main user level logins of the system.
- Users only have access to necessary information and user levels.
- Systems are updated regularly and the success of updates is monitored. Systems that have not been updated and sloppy practices among main users are the greatest risks to security breaches and leaks.
- Backup copies are made at regular intervals and the successful creation of backup copies is monitored. Event logs should also be generated and monitored as they enable the subsequent verification of events.
- The importance of data protection is constantly communicated and the participation of personnel in data protection training is monitored.
Outsourcing – multiplying or minimising risks?
Outsourcing financial management and payroll administration is often a way to manage risks as the supplier has already addressed problem situations in advance and created functional processes. Before outsourcing, remember to ask the supplier how they have prepared for potential risks and how responsibility is shared between the parties. Azets serves 6,000 client organisations in nearly all sectors, so we are already familiar with different financial management and payroll administration practices.
Risks related to financial management and payroll administration can be managed, although not all the risks can be excluded. As the detriment caused by risk management may not be greater than the received benefit, we must find the balance between an acceptable level of risk and the resources required by risk management. However, we must start somewhere. Our experts are happy to help you find the balance!