Fraud and technology risk management in Stanbic Bank Uganda

Abstract

The purpose of this research was to examine fraud and technology risk management in Stanbic Bank Uganda. It was undertaken in the wake of the rampant technology-assisted incidents of fraud that were reported at the Bank amounting to over 13.4billion shillings in recent times alone.

The study adopted a cross sectional design. Qualitative research techniques were employed and secondary data also reviewed. The study sample constituted 182 members of staff in Kampala who were selected using stratified sampling and simple random techniques. Data was collected using self-administered questionnaires and tested for validity and reliability. It was then analyzed using SPSS software Version 16.0 and results presented based on the study objectives.

The results revealed that staff feel that there are several loopholes in the way fraud and technology risk are managed at the Bank. These include; seldom rotation of staff, seldom replacement of software, the existing policy on fraud and technology risk management is never up to date with the current times, untimely follow-up by the company’s Board of Directors on reported issues of noncompliance with this policy, and minimal collaboration of the internal audit department with the other internal control organs of the bank when planning for and assessing risks. Challenges noted to effective fraud and technology risk management included; most of the staff work past the normal working hours specified within the human resource policies, frequent disruption of the network, sharing of passwords amongst some employees, and sharing of confidential customer information with unauthorized third parties by some employees. The study concluded that no single factor determines the occurrence of fraud and technology risk in Stanbic Bank, but rather a combination of factors. These encompass the control environment, the nature of control activities and risk assessment practices in place. While there are measures seemingly in place to ensure adequate fraud and technology risk management, they are not updated in a timely manner to ensure effectiveness. The researcher recommended that the Board should make timely follow-up on reported issues of noncompliance with the Bank’s policy on fraud and technology risk management, frequent rotation of staff should be done to prevent complacency and ensure that staff do not get too familiar with any loopholes in the Bank’s systems, and the Bank should also continuously train its employees to deal with the fraud and technology risk management.