Wednesday, 18 March 2015

COBIT 5 for 'Risk'

With the advances of technology at an influx, risks associated with the IT Governance of organisations have multiplied; where every business activity generates some sort of risk (Crime Bulletin, 2009, p. 1).


COBIT 5 addresses ‘risk’ by providing specific guidelines for the effective management of:
  • Risk Management Process(es)
  • Risk Scenarios
  • How COBIT 5 enablers can be used to respond to unacceptable risk scenarios (Akkeren, 2015)
COBIT 5 available on  http://www.isaca.org/cobit/pages/risk-product-page.aspx

By enabling a holistic approach in fraud risk assessments, it becomes essential for businesses to understand information security as a set of related components and not as an individual system because the system alone cannot deliver reliable risk assessments (Harmer, 2014).

Today many companies still face countless forms of fraud. I recently heard on the news about the ASX-listed K&S Corporation involved in another corporate fraud scandal for the misappropriation of $7.1 million of funds. This surprised me, as they did not learn their lesson after the first incident where K&S has not properly applied fraud risk assessments or considered addressing COBIT 5 for possible scenarios.

Organisations, such as K&S, can minimise fraud by:
  • Risk mitigation – implementing a number of IT controls
  • Risk assessment procedures – steps for risk management, responding to scenarios
  • Internal/External controls and reporting –fraud becomes trickier to conceal
  • Segregation of duties – implementing two+ employees checking and signing off financial documents
  • Staff education and awareness – adequate training provided for all staff about potential risk/fraud (see video below)                                                                                     (Crime and Misconduct Commission, 2005, p. 6 – 10).


References:

Akkeren, J. V. (2015). AYB115 Governance Issues and Fraud: IT Governance and Management Responsibility [Lecture Notes]. Retrieved from https://blackboard.qut.edu.au/webapps/blackboard/content/listContent.jsp?course_id=_116816_1&content_id=_5376704_1&mode=reset

Crime and Misconduct Commission. (2005). Fraud and Corruption Control: Guidelines for best practice, 1(1), 5 – 16.

Crime Bulletin. (2009). Organised fraud in Queensland: A strategic assessment. Crime Bulletin Series, 10(1), 1 – 3.

Harmer, G. (2014). Governance of Enterprise IT Based on COBIT 5: A Management Guide (1st ed.). IT Governance Publishing. Retrieved from http://www.ccc.qld.gov.au/research-and-publications/publications/prevention/fraud-and-corruption/fraud-and-corruption-control-guidelines-for-best-practice-1.pdf/download
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)