COBIT 5, Products and their Enablers - Week 2

 AYB115 WEEK 2 - COBIT 5, Products and their Enablers


"Policies, Principles and Frameworks for managing fraud risk are superfluous. All an organisation needs to do is to ensure their IT systems are well protected through Access Control measures. Everything else is just a waste of time and resources."



The idea of policies, principles and frameworks being superfluous is and that all that’s needed is protected IT systems through Access Control measures is completely incorrect. There’s no doubt that the security of IT systems is crucial in this day of age, it most definitely isn’t the sole protection against fraud.

 

Even though IT systems help prevent fraud from occurring there are factors that can potentially bypass up-to-date Access Control measures, the most prominent of them being the human factor. Fraud can easily occur within employee manipulation or collusion, which can bypass IT controls altogether. Detection and response mechanisms are also necessary in detecting potential fraud when it occurs and being able to appropriately respond to threats with fraud management frameworks that work beyond IT systems. Regulatory compliance is also made mandatory by regulatory bodies within the industry, and by using policies, principles and frameworks like COBIT-5 help companies meet compliance standards and mitigate them from coming into trouble with those industry bodies.

 

Fraud prevention is a holistic and multi-layered approach that encompasses other factors such as monitoring, employee training, internal controls such as policies, principles, and frameworks. It is recommended that companies should follow this holistic approach and use the fraud frameworks like COBIT-5 which further helps prevent fraud from occurring in harmony with physical prevention activities like IT systems and Access Control measures.


Comments

Popular posts from this blog

IT Governance Frameworks - Week 1

Criminal Fraud and the Law - Week 4

Criminal Fraud and the Law - Week 5