Everything is connected, is it?

If one wants to have a robust controls framework one can not chose to leave any area out of the scope. It starts from controls around hiring (background checks, sourcing of profiles, vendor payments, staff referrals etc), how the processes are designed (you don't want to provide opportunities by having deficient processes)- number of controls doesn't matter, it's the effectiveness which matters most -prevention/detection related controls should be part of process design, procurement function (vendor selection, transparent bidding etc), IT controls & most importantly when a new system is being bought/old system being replaced, a comprehensive UAT covering all the aspects, you don't want to leave anything to chance. Above all a well designed process which allows staff/vendors to report wrong doing,  & action to be taken in case a event happens.

I think designing controls is just half the work & unless these are periodically tested, one can not provide assurance to stakeholders about their effectiveness. One control failure could have a domino effect, as they say a chain is as strong as it's weakest link. 

Comments

Popular posts from this blog

Fraud Prevention-Line or support function

How to Defend Your Online Reputation: Five Tips