Question

What preventative and detective controls can be put in place to prevent scandals like the Wells Fargo scandal from happening again?

Answer 1

Controls become absolutely necessary so as to provide a reasonable assurance that undesired events will be prevented, detected and corrected. In the recent scandals and scams that are taking place, it has been observed that controls are either not adequately established, or the assessment and effectiveness of the controls are not evaluated by management.

Specifically taking Wells Fargo scandal into consideration, the opening up of fake accounts by employees so as to enable them to achieve their sales quotas and monthly targets, led to a gigantic scandal taking place. The access rights to systems that even the low wage workers had, eventually emerged as one of the biggest mishaps. Particularly emphasising on the Preventive controls, which are designed to prevent an error. omission or malicious act from occuring, the access rights that employees have to change or modify system data must be looked into. Furthermore,

• employing qualified personnel,
• proper documentation and surprise audits of the same on a regular basis,
• segregation of duties such that the maker checker rule is overdrawn,
• proper establishment of access controls,
• authorisation of transactions by higher authorities before they are processed,
• validation controls etc, must be installed.
• For the purpose of restricting unauthorised entry into the software applications, the computer set ups must be in secured locations where only authorised personnel are allowed to enter and access the system and also,
• it must be ensured that only those entries that are verified and checked are processed. To ensure the same,
• User IDs must be created,
• Passwords and Smart cards must be unique to each user,
• Biometrics must be installed in data premises to allow only relevant appropriate personnel to be able to modify the information of an entity which is its most important asset.

Throwing light into Detective Contols that are designed to detect errors and omissions and malicious acts that are occuring and report the incidence,

• duplicate checks must be carried out,
• intrusion detection system must be installed,
• cash counts and bank reconciliation areas must be paid attention to,
• internal audit functions must be checked,
• Surprise checks must be conducted by supervisors,
• Interaction and establishment of a mechanism to communicate with the Preventive controls staff so as to prevent such acts from occuring must be designed,
• arrangements must be proper so that unlawful activites are reported to the appropriate persons for relevant actions,
• lawful activities must be clearly understood so as to demarcate them from unlawful ones.

Thus, the above listed controls must be put in place to prevent scandals and scams from happening.