“It helps us demonstrate that we’ve got our system set up well and it shows to our staff, customers and suppliers that we actually take the subject of fraud very seriously.”
Marine and Industrial Transmissions Ltd (MIT) is a major supplier of driveline and propulsion equipment and solutions to all parts of the marine, off-
highway, quarry, rail, military and associated industries. A UK SME, recently acquired by Swedish industrial giant, Axel Johnson, MIT has offices in Kent and Yorkshire, and focuses on the UK and Ireland as it’s primary markets.
Since its inception in 1974, MIT has expanded from being a transmissions company, to a supplier of complete driveline systems and solutions. This means that today, a fire truck can come in for a bumper-to-bumper refit; everything from changing the tyres, the blue lights, the wiring glow plugs to finally giving it a full overhaul. Many of these vehicles are integral to operations and it’s essential that they have minimal downtime. MIT aims to return vehicles to their place of work as soon as possible.
We spoke to finance director, Peter Fenton from his office in Queenborough Kent.
What motivates a driveline supply company like yours to certify to a counter fraud scheme? When we were acquired by Axel Johnson a couple of years ago, we already had Cyber Essentials due to the work we did with the MOD. We also achieved our ISO9001 accreditation in 2002, and hold the IASME Governance certification, so we see value in demonstrating compliance.
Each year, the requirements for information security changes and evolves as you’d expect with the ever changing threats. This year, as we were re-certifying to Cyber Essentials, I noticed that there was a new counter fraud certification scheme. Like most companies, we’ve been bitten by fraud in the past, so, when I saw the Counter Fraud Fundamentals scheme, I thought that it would be a valuable route for us to take. I hoped that it would signpost us to show where we could tighten up some of our processes. I printed off the list of questions and, when I read through them, it confirmed that we already cover most of the requirements. With that in mind, you might ask why we would need to certify. Firstly, it helps demonstrate that we’ve got our systems set up well, and secondly, it shows to our staff, customers and suppliers that we actually take the subject of fraud very seriously. We are certainly serious enough to get a certification to show that our processes are as robust as we can make them at this moment in time.
How do you stay up to date with the latest threats? I sit on a number of forums which each cover discussion on different topics. One of the forums, for example, is focused on manufacturing businesses in Kent. Another is with our auditors, one with our lawyers and one is with our bankers. We bring up all sorts of different issues, from training to recruitment of staff. Cyber security comes up as a regular issue, particularly in discussion with bankers. They update us about things they’ve seen happening, and by logging onto regular webinars, we get some training about the latest threats.
In our company, the IT function falls under finance, so that impacts my team. We outsource all our IT to a company that has ISO 27001, and we have also
started to think more seriously about fraud and how it impacts the finance team in particular. We did a lot of work on GDPR when it came in and, although most of the data we keep is company information and publicly available, we wouldn’t ever want out client data to be breached. Any data breach would be unlikely to have a significant impact on the data subjects, but it would impact our reputation. We are keen to show that we are protecting our reputation and doing the right thing.
What advice would you give to other businesses? I would say that, even if you don’t want to achieve the certification, print off the assessment questions, and look at them. It will help you understand some of the processes that you need to have in place to help protect your organisation. If anybody asked me, I would say, go and do the certification, it’s well worth doing it. Even if you struggle to pass, it highlights lots of areas for you to improve.
For more information about Marine and Industrial Transmissions (MIT), visit their website.
Find out more about the Counter Fraud Fundamentals scheme here.