Professional Documents
Culture Documents
Slide 2 of 22
Why should we worry?
Slide 3 of 22
The Main Problem
Manual process flow:
Lots of automatic controls based on many people seeing the
transaction.
Lots of controls to avoid manual data entry errors also control
fraud.
Separation of duties well understood and controlled.
IFMIS process flow:
Single point of failure
Vulnerable to anyone with low-level access to system
Slide 4 of 22
Manual Process
Slide 5 of 22
IFMIS Process
Enter transaction
Print
IFMIS Check
Approve payment
Approve transaction
Slide 6 of 22
Why is this problem not widely
discussed?
Slide 7 of 22
Controlling Risk
Control/Exposure Matrix
Exposures
Invalid Data entry Coding Error Developer
Transaction error Introduced
Fraud
Periodic Medium Medium High None
Audit
Controls
that are ignored, bypassed, faked, or not
implemented
Accountants stay up all night to “sign” documents.
Electronic sign-offs that are not intrusive.
Users demand bulk approvals.
Separation of duties
Everyone trusts the “system.”
Meaningless validations
System auto-calculates footing total.
Slide 9 of 22
New Controls Needed
Artificialseparation of duties
Inefficient manual steps
Particularly on cash transfers
Comprehensive control system audit
Functional controls that go around the system
Slide 10 of 22
Exposure Risks Increased
by IFMIS
Data Entry Errors Total loss of data
Fraudulent Physical system
Transactions failure
Especially collusion HUGE frauds
frauds Outsider access to
Subtle Process Errors system
Computer Everyone is virused
Professional Fraud System hacking
Internet exposure
Slide 11 of 22
Decreasing Risks (1)
Slide 12 of 22
Decreasing Risks (2)
Fraudulent Transactions
Same controls as data entry errors
More levels of review
Random assignment of review
Explicitly audit for fraud
Slide 13 of 22
Decreasing Risks (3)
Slide 14 of 22
Decreasing Risks (4)
Slide 15 of 22
Decreasing Risks (5)
Slide 16 of 22
Decreasing Risks (6)
Huge Frauds
Don’t automate cash transfer
Don’t automate cash transfer
Don’t automate cash transfer
Don’t automate cash transfer
Don’t automate cash transfer
Slide 17 of 22
Decreasing Risks (7)
Slide 18 of 22
Decreasing Risks (7)
System Hacking
Get a security audit by leading expert
Slide 19 of 22
Conclusions
Slide 20 of 22
Dulcian’s BRIM® Environment
Slide 21 of 22
Contact Information
Dr.Paul Dorsey – paul_dorsey@dulcian.com
Dulcian website - www.dulcian.com
Latest book
Oracle PL/SQL for Dummies
Slide 22 of 22