Global finance professionals in the Asia Pacific region are challenged by time-consuming and error-prone manual data entry, and implementing financial controls with enhanced security against fraud and cybercrime. With increasing danger of loss from fraud and difficulty of tracking data across multiple tools and spreadsheets, management is asking treasury for a solution to better manage and protect their organisation. The problem is that many organisations are using spreadsheets as their primary treasury management tool in spite of their lack of security, controls, and auditability.
Transitioning from spreadsheets to a solution with proper controls is not the challenge today that it may have been five years ago. Technology innovation and implementation best practices have reduced the implementation process from years to months, and the cost of a treasury management system is far less expensive because of the cloud. The value of implementing technology is different for each organisation, and for those who are exploring the possibility of bringing on a treasury system for the first time, we have outlined several key points to protect the organisation and limit the risk of fraud.
User ID and password aren’t enough to protect your systems, especially when payments are being initiated and approved. Multi-factor authentication, IP filtering, virtual keyboards and single-sign-on (SSO) help ensure that only authorised users are accessing treasury systems and information. The right cloud solutions will also offer safeguards that spreadsheets or on-premises solutions simply cannot do at scale, such as full data and application level encryption. Decisions on what safeguards to employ should be made in alignment with the CIO/CTO/CISO to ensure that treasury conforms with information security policies.
Treasury will also be asked to conform with organisational policies around business continuity planning (BCP), whether treasury systems have been evaluated for penetration testing and what sort of SLAs exist to support treasury’s 24×7 operation. Treasury will also be asked to supply a SOC2 Type II audit report for each treasury system vendor, so IT can assess the security behind each vendor’s controls. These are the standards of security a best-in-class technology vendor can provide at an economical cost, and one reason why the cloud is so popular information security experts.