Weekly Blog #2

Policies, Principles and Frameworks for managing fraud risk are not superfluous and ensuring that IT systems are well protected through Access Control measures is not all an organization needs to do. While Access Control measures are useful for managing fraud risk by restricting access, it does not stop those who do have higher levels of access from committing such actions as evidenced by Joseph Hikairo Barlow during the Queensland Health Fraud (Crime and Misconduct Comission, 2013). Additionally, Access Control measures alone can be prone to hacking or the theft of passwords, PINs and biometric data (Citrix, 2022). My family has been victims of such occurrences when in 2021 my sister’s banking details including her password and PIN were somehow leaked and although she had found this out in under 24 hours, she lost over $500 that was not able to be recovered.

Rather than relying on Access Control measures alone to protect their IT systems, companies and firms can use COBIT 5. The COBIT 5 framework is thoroughly recognised and widely used set of guidelines that any company can utilize and consists of a process reference model and a series of governance and management practices. Additionally, part of the COBIT guidelines also consists of 7 enablers to support the governance of an organization and help prevent fraud through end-to-end coverage of a company’s processes and external factors. Policies, Principles and Frameworks are one of the 7 enablers (Tapia, 2015).

Citrix. (2022). What is access control?. Citrix. https://www.citrix.com/en-au/solutions/secure-access/what-is-access-control.html#:~:text=Access%20control%20identifies%20users%20by,to%20verify%20a%20user's%20identity.

Crime and Misconduct Comission. (2013). Fraud, financial management and accountability in the Queensland public sector.

Tapia, D. (2015). COBIT 5 Principles and Enablers Applied to Strategic Planning. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2015/cobit-5-principles-and-enablers-applied-to-strategic-planning

 

Useful Links

Link to YouTube on the 7 Enablers: https://www.youtube.com/watch?v=_FtKV4CQ60k&ab_channel=OrbusSoftware

Comments

Post a Comment

Popular posts from this blog

  Weekly Blog #4 I do not agree with the statement that Boards of Directors and CEOs should not be accountable for their employee’s actions. In fact, it precisely because of these higher ups within companies that employees may be led to commit fraudulent acts. According to the banking Royal Commission many banks had fostered flawed working cultures that could have for example rewarded aggressive sales tactics. Investigation into the misconduct of NAB revealed that the actions of their employees were a consequence of unachievable targets set for them and a flawed incentive-based remuneration design (Yeates, 2018). This pressure placed upon workers by their higher ups is one of the aspects of the fraud triangle. I have experienced this type of pressure before when I was younger. During tennis class a competition was held, and the winner would receive a prize I highly coveted. I played my heart out and at times heavily considered cheating or using underhanded tactics but instead fel...
Read more