-
Said Ouedraogo wrote a new post on the site MIS5208 Spring 2017 8 years, 2 months ago
IRS: Scam Blends CEO Fraud, W-2 Phishing
According to the U.S. Internal Revenue Service, scammers are now sending e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization i […] -
Said Ouedraogo posted a new activity comment 8 years, 2 months ago
Abhay,
You had the right reaction. Unfortunately, everybody is not as lucky as you were. I know people who had fallen for this scam. After, the call they immediately sent the money via Western Union. The worse thing in that story is that they realized it was a scam only months later when the university sent an email regarding the issue.…[Read more]
-
Said Ouedraogo wrote a new post on the site MIS5208 Spring 2017 8 years, 3 months ago
My name is Said Ouedraogo, a young dynamic entrepreneur from Burkina Faso (West Africa). I basically did everything at Temple; from my English program (IELP) to my graduate studies. And I am currently working for […]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Given the information shared – why would Dow Chemical company approve such a large investment?
I just think that it is a strategic move. The company has certainly conducted a cost-benefit analysis and found out that the benefits will be greater than the cost. And frankly, I don not think they would have approve such a large investment than t…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
I agree with you guys. As I said in one of my post, management is at the same time the defrauder and the victim. The C-suite are victims because they are under pressure from the board and shareholders ( who can be us). They are pressured to make profit and increase stock price…However, this is where moral comes into play. And as you said Paul,…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Magaly,
I agree with you. I would jut like to add that it also depends on the amount of money an organization is willing to spend on automated controls. Most of them, will conduct a cost-benefit analysis to decide if they should go for it or non. And yes, it depends on the size of the company. I will recommend that a small company invest it…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
You are absolutely right about leaders being greedy. When you think about it those guys were only victims of their own greed. I am not saying that what they did is justified, but they are not the only one to be blamed. In order, to have fraud there must be pressure, opportunity and rationalization (Triangle fraud). Well, those leader were…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
True…but sometimes doing the right think can be hard. What if as an auditor your are asked to hide some findings? If you don’t do it you will get fire. We all have integrity but sometimes we can encounter situations where doing the right thing is wrong for us. I think that sometimes auditors face some situation where they just close their eyes.…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Sean,
I totally agree with you. I just want to add that an auditor reputation also depends on his/her results in the field. You can have integrity and everything else, but if you do not provide good services to your clients your reputation will take a hit. In this industry, ethic is not enough. You will have to prove yourself by offering…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Why would an implementation take this long and cost so much?
I think the implementation was long and costly because of the size of Dow Chemical. The company does business in 180 countries. I imagine that implementing an ERP system that would consolidate the company data would take long. First, they will have to try it on small scale; probably…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Hey Priya!
Thank you for sharing that. But don’t you think that could bring new risks to the company. What if someone interferes with the RF terminals or the bar codes?
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Great post Daniel,
I agree with you. I just want to add that sometimes the cost of implementing a compliance control are so high that some companies can’t afford it. And the ones who take the risk to spend huge amount of money into compliance controls are not sure to see the positive results in the long run. Let’s take your pharmaceutical…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Hey Daniel,
I think employee training can be a double edged sword to the extent that during training employee will find eventually some flaws to the system that they will use to commit fraud. Don’t get me wrong, I am not saying that employee training shouldn’t be in place. Quite the contrary, I think it should be mandatory.
However, I also…[Read more] -
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
Sean,
I agree that the aspect of compliance that an organization should put the most effort into ensuring its controls are adequate are those aspects relating to statutory or regulatory requirements. In fact, an organization must meets local, national and international laws and regulations. As you said failing to do so can lead to financials…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 4 months ago
The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think what can differentiated one ERP system to another is the level of customization and the availability of the system. In fact, more and more companies are looking to customize…[Read more]
-
Said Ouedraogo wrote a new post on the site Auditing Controls in ERP Systems 8 years, 5 months ago
Ball State University
-
Said Ouedraogo posted a new activity comment 8 years, 5 months ago
Sean,
I don’t think that would change anything. Matter of fact, I the problem is the role and the function of the job that is problematic and not the person doing it. The job requires to be objective and tell the truth. Even in a rotation based, internal auditors will be seen as “the bad guys”, and that can affect them. They will tend to go…[Read more]
-
Said Ouedraogo posted a new activity comment 8 years, 5 months ago
Right Alex! But even that causes conflict of interest. As yo said “They can contribute to strategy by examining the things that need to go right for strategy to be executed—and the things that could go wrong—and advising management on those’. What if management implement their advises?
Internal auditors are the one who will audit again the nex…[Read more] -
Said Ouedraogo posted a new activity comment 8 years, 5 months ago
Alex, I definitely think that outsourcing is the best solution; but at the time I think publicly traded companies are required to have internal auditors. So, outsourcing is not quiet the solution.
Sean, I am not sure but I think it would make sense that the same law applies to IT Audit. In fact, it is the same principle. If a company external…[Read more] -
Said Ouedraogo posted a new activity comment 8 years, 5 months ago
Right Alex! However, at the same time I wonder how internal auditors keep their objectivity. After all, they are also part of the company. And in order to fit in their corporate culture, they would definitely need to develop personal and professional relations with their colleague. I just think it is not feasible. It is either they keep their…[Read more]
- Load More
Said,
I like your suggestion about checking to see if something is legit, but in order for your suggestion to work, the CEO has to create an environment where employees feel comfortable calling them. Also, it not be feasible for a large company, as you need the CEO to focus on their job responsibility. I would recommend setting up a system where if people are unsure of the authenticity of an email, they could contact someone in the IT security office to determine if this is legit. I think that some organizations provide this service to their customers already.
Nice post Said, this is like the spear phishing. social engineering knows your name, your email address, and at least a little about you (from social networks). he sends the CEOs an email and is likely to be personalized, “hi Bob” instead of “Dear sir”. The emails seems to come from someone they know, and they may be less vigilant and give them the information they ask for.