Shared post: How to commit fraud and get away with it

This short article (http://www.macroresilience.com/2013/12/04/how-to-commit-fraud-and-get-away-with-it-a-guide-for-ceos/) reinforces my view that audits should focus more on understanding and evaluating the logic and parameters fed into any automated system (or even a manual process for that matter), and only then ensuring that it is taking action and producing reports as expected. If not, it will just be a case of GIGO. (It reminds me of an ex-colleague who would diligently run a spelling and grammar check. Sadly, his English was so poor that he had no clue what edits to accept or reject, so he would simply accept all suggestions.)

In addition, for the audit process — whether it involves people in Business/ Operational Risk, internal/ external Audit or Compliance — it will help to implement a continuous audit on the entire system (not just on the output), thus ensuring that algorithms are not tweaked just before or after an audit.

I will have more to say about fraud in a future post — a case I observed — it seemed so easy!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s