Cyber-thieves know the exact location of your organization's cash. What is not certain is whether you are working harder than the thieves to protect your organization's most vulnerable asset. This article encourages organizations to assess the controls they have in place around their cash operations. It describes in detail a variety of general controls over cash, including adequate segregation of duties, explicit authorization approval requirements, and physical access controls. The article then describes several information technology (IT) application controls (including lockboxes, positive pay, ACF Fraud Blocker, and zero balance accounts) that can help you protect your organization's cash against fraud and cyber-attack.