COBIT 5, Products and their Enablers - Week 2
AYB115 WEEK 2 - COBIT 5, Products and their Enablers
"Policies, Principles and Frameworks for managing fraud risk are superfluous. All an organisation needs to do is to ensure their IT systems are well protected through Access Control measures. Everything else is just a waste of time and resources."
The idea of policies, principles and frameworks being
superfluous is and that all that’s needed is protected IT systems through
Access Control measures is completely incorrect. There’s no doubt that the
security of IT systems is crucial in this day of age, it most definitely isn’t
the sole protection against fraud.
Even though IT systems help prevent fraud from occurring
there are factors that can potentially bypass up-to-date Access Control
measures, the most prominent of them being the human factor. Fraud can easily
occur within employee manipulation or collusion, which can bypass IT controls
altogether. Detection and response mechanisms are also necessary in detecting
potential fraud when it occurs and being able to appropriately respond to
threats with fraud management frameworks that work beyond IT systems. Regulatory
compliance is also made mandatory by regulatory bodies within the industry, and
by using policies, principles and frameworks like COBIT-5 help companies meet
compliance standards and mitigate them from coming into trouble with those
industry bodies.
Fraud prevention is a holistic and multi-layered approach
that encompasses other factors such as monitoring, employee training, internal
controls such as policies, principles, and frameworks. It is recommended that
companies should follow this holistic approach and use the fraud frameworks
like COBIT-5 which further helps prevent fraud from occurring in harmony with
physical prevention activities like IT systems and Access Control measures.
Comments
Post a Comment