-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
How is independence maintained when working for the company as an internal auditor?
First of all, in order to maintain their independence internal auditors should only report those in charge of governance (Audit committee). If they were to report to their direct supervisor it would have compromised their objectivity. then, internal auditors…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Next week we have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?
What is the expected timeline for an audit?
Can the auditors assist with the implementation of their recommendations?
What are typical fraud questions?
How do the auditors gain an…[Read more] -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Actually, your post made me realized that the real problem is human. In fact, both inaccurate and repetitive data are the result of humans as they are the one generating or creating those data. And, as you said repetitive data can lead to inaccurate the data. The cause of that is that at some point someone made a mistake. My point is, it is not…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Paul,
Theoretically you are right. However, do not forget that SOD also works within a department. That being said, it wouldn’t be wise to allow Account Payable to create vendor account. Their job is to pay the vendor, they have nothing to do with vendor account creation.
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Annemarie,
Interesting! I think having access to that specific transaction can lead to an abuse of power. In fact, people who have the privilege of assigning roles in the system can basically do what they want. I would just like to know what are their job title in the organization and what are their day-to-day activities.
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Sean,
I agree with you 100%. Also, I think there should be a second group that would validate the new/modified bank account. In that way, people who are granted access to transaction FI12 would not be able to commit fraud. -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Good point Sean and Josh! I would just like to add that the accounting department is like the last step of the process. As Sean mentioned it, “[master records] deal with money paying out for, paying out to, or coming in from transactions that relate to the data those records store”. It is imperative then that the accounting department assure the…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Sean,
It makes sense to me. In fact, sometimes excessive data can lead to inaccurate data. And your example illustrates perfectly the situation. However, as I said in my original post there are tools that can be used to get rid of excessive data. In your example, you talked about multiple addresses. Some businesses allow you to update your…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Sean,
I agree with you on that one. In fact, it increased the probability of fraud if the same person manages the material and controls the master data. Those duties need to be segregated, especially that monetary transactions are involved.
And let’s even forget about fraud. The person who manages the materials can make mistake, it always…[Read more] -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
1. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I think inaccurate data is more of a risk to a company than excessive repetitive data. There are many tools that can be used to filter and get rid of repetitive data, whereas there are few tools to detect and/or correct inaccurate data.
Data are…[Read more] -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Forrester’s 3 things to consider when planning information security budgets
According to Forrester Research, 78% of businesses, including healthcare organizations, have implemented anti-malware technology while 11% t plan to implement the technology by year’s end 2016.
In the report, “The 2016 State Of Endpoint Security Adoption,” analy…[Read more] -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Fred,
This also shows that ‘we cannot live without technology”. Even if Mr. Surkov decided not to have an email address, hackers were able to get to him. Technology has become part of our day to day activities, and we are more and more dependent of it. Most people see only the good sides of technology, and do no think of the downsides.…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Ian,
I will definitely comply with Russia’s requests. Let’s not forget that Russia is a powerful country. I bet Russia acts that way for political reasons. There is a fine line between business and politics, especially if you are doing business in an international level..
Also, I think Russia is right. If LinkedIn want to operate in Russia, i…[Read more] -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Paul,
Great post! The way you explain it, I see AM as segregation of duties. So, depending on his (Franck) duties he can only access marketing applications/folders.
With AM, users are only able to access the portion of the system they are allowed to access. It is a control that can be used to prevent frauds. -
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
After reading your post. I realized that SoD is only effective at the bottom of the chain. When you think about it, upper management has access to almost facets of the system. For example, a CFO would have access to all transactions in SAP. He/she can post or change a transaction in the system as he/she want. What controls are used to prevent…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Sean,
I think the smaller the organization is, the easier it is to commit fraud in that organization. In fact, in small businesses one person can have many roles and responsibilities. The same person who makes financial transaction is the same person that reconciles the accounts. In that case it is easy for that person to commit fraud. Also, in…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Sean,
Very very true! However, I think in SAP there is a way to trace and find who made a specific transaction. I am not sure how, but I remember that in one of my internship my boss was able to find the author of a transaction. At first, he thought it was me. As I told him that I have never made the transaction, he went to the system and was…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
That reminds me of a company I have worked for. In fact, I was an intern for 3 months. At the beginning of my internship, they created my profile on SAP. And depending of my tasks, I was able to make just a certain type of transactions. My username and password were scheduled to expire 24 hours after the end of my internship.
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
Annemarie,
I agree that the person responsible for security must be able to talk a language that everyone can understand. Generally, managers do not understand security terminology. They need someone who is able to translate that complex language in a business language. It is really important that that person has the capability to talk to…[Read more]
-
Said Ouedraogo posted a new activity comment 7 years, 11 months ago
What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?
Segregation of duties separates tasks that could be used together to produce an undesirable result, like fraud. The goal is to prevent one person to have sole control of a task or process.
It is a commonly used…[Read more] - Load More