Firstly I disagree with the owners view that IT governance
controls are too costly. Whilst they have a cost element to them they will save
the business more money than they cost in the long run. For instance the
chances are that the business would have prevented the fraud from occurring if
control measures were in place.
However I would not recommend a small business to implement
COBIT 4.1 due to size issues discussed in week one. Although I would recommend
elements that would be practical to a small business setting. The most the two
most crucial of these elements would be evaluating IT risk and setting controls
on those risks. If risk is not evaluated and controls set in place in the
planning stage of implementing IT to a business it is destined to fall into a
trap such as fraud.
This scenario has also proven the fraud triangle to be true.
The employee had been given opportunity to commit fraud with the passwords
required; and due to her age of 18 she could’ve been under financial pressure.
Hence this built pressure and stress with opportunity gives rise for fraud to
occur.
Therefore I recommend that small businesses evaluate
potential IR risk and put controls in place. This will prevent an opportunity
arising for desperate employees to pounce on.
No comments:
Post a Comment