Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Recently, we\'ve been asked by Audit Dpt. to have financial risks controls in ou

ID: 659915 • Letter: R

Question

Recently, we've been asked by Audit Dpt. to have financial risks controls in our ERP (fraud-like incidents). Our question is if this request is covered by the scope of Information Security Dept? If so, I think a set of tests should be developed with IT and Finance Dpt.

So, What are the competencies of a Information Security Office related to financial risks? Is there any certification or academic path Information Security professional should follow in order to develop skills to respond to financial risks (like fraud)? Does CRISC cover this type of risks for instance?

Explanation / Answer

This is certainly security related and if the transactions involved are done by electronic means, then it is certainly part of estimating risk and determining appropriate security measures that should be taken. Information Security doesn't exist in a vacuum. It is dependent on all the surrounding factors, all the way down to physical security of the building that the computers are located in.

Fraud is a type of security incident from misuse of your system, having systems to limit the risk of such incidents is well within the bounds of Information Security documentation, though the exact acceptable level of risk likely needs to come from finance or management.

Many technical measures (such as identity and/or credit checks) may also come in to place to prevent fraudulent activity as well, so Information Security needs to be specifically involved in the process rather than being brought in at the last minute.

I don't think that it is necessary to expect an Information Security person to have in-depth knowledge of particular financial fraud risks (that is why there is a finance department) but it is important to get how systems and policies should respond to those threat documented in a consistent response plan for the entire organization.

Related Questions

Recently, a university surveyed recent graduates of the English Department for t
Question #3295867
Recently, an endogenous brain neurotransmitter called gelanin has been discovere
Question #3393263
Recently, attention has been drawn to a common chemical, dihydrogen monoxide. It
Question #159925
Recently, commentators on an ESPN show, College Football Final, half-joked that
Question #2931967
Recently, commentators on an ESPN show, College Football Final, half-joked that
Question #3335562
Recently, debate has intensified over the “problem” of selective samples in psyc
Question #3443351
Recently, facial recognition has been touted as a possible method for, say, iden
Question #3756843
Recently, i had to understand the design of a small program written in a languag
Question #639185

Navigate

Previous
Recently, we worked with a graphic designer (arranged by the client) to provide
Next
Recently, when the cost of oil was ~$100/barrel the US made a significant invest

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.