We have been repeating this sentence like a "mantra" for over 10 years. Moreover, we will definitely continue to do so until we are sure that we have done everything to increase the awareness of the management in this regard. Although the need to ensure the system access security and proper segregation of duties is currently growing, unfortunately, actions in this area are taken late (after the audit), or even too late (when someone has already misused the extensive powers).
Examples of illegal use of rights do not circulate on the Internet like hit news, because they concern sensitive areas of business operations. However, that doesn't mean they don't happen.
In recent days, we've heard a lot about the abuse of a facility supervisor at a large American transportation company, who had the power to approve payments to subcontractors, thanks to which he successfully siphoned over $ 2.1 million. How did this happen? Well, this employee (63) fulfilling his daily duties, approving payments to subcontractors, until the audit made an unexpected discovery. It turned out that some of the subcontractors cooperating with the employer of the unreliable supervisor of the facility are fake, and the transfers approved by him are credited to his account.
Such frauds can be prevented at the stage of planning the segregation of duties matrix and implementing tools to track the correct construction of authorizations.
As GRC Advisory, we specialize in the field of GRC (including SoD), based on our experience and knowledge of the best industry practices, we help in the safe growth of our clients business and increase the chance of avoiding such a situation in your company.