Embed Size (px)
Citation preview
Martin Capuder
Goal: IT Project Deliverables that are Fraud-Resilient
Foundation Concepts
Three major frameworks
IT Project Plan Overview
o Seat at the Table!
o Imagineering
o Fraud risks types
© 2019 ConsultantC.Services LLC
© 2019 ConsultantC.Services LLC
Migrate to New Hardware
Infrastructure
Migrate to New IT Service
Provider – such as THE CLOUD
Application
IT Security Solution
Implement Mobile Solutions
New Technology Risk
Fraud-Risk Factors
Volume of Transactions
Speed of Transactions
Transactions’ Value
Internal / External Processing
Source:
https://www.forescout.com/wp-content/uploads/2016/10/iot-enterprise-risk-report.pdf
Source:
Source:
© 2019 ConsultantC.Services LLC
The ONLY Fraud Framework
Comprehensive IT Governance Framework
GOLD STANDARD for Project Management
The Institute of Internal Auditors AICPA Association of Certified Fraud ExaminersThe COSO Fraud Risk Management Guide may be purchased from the following organizations:
Internal Control –Integrated Framework
1992, 2013
Enterprise Risk Framework2004, 2017
Fraud RM
ITNon- IT
PM
Current Systems
Fraud
2016
Integrated Framework1992, 2013
25“Action(s) Required”
All Current State ActionsP – Primary ResponsibilityS – Secondary ResponsibilitySR – Shared Responsibility
12 Potential Responsible Stakeholders
Board Executive Management Mid / Line Management Risk Management Legal Internal Audit Finance / Accounting Financial Investigations Unit (FIU)
/ Corporate Security HR / Employee Relations PR IT Business Unit / Line Personnel
COBIT 2019
IT
Non- IT
PMCurrent Systems
Fraud
http://www.isaca.org/COBIT/Pages/COBIT-2019-Publications-Resources.aspx
40 Core Governance
& Management Objectives
Main forIT PM
OthersRelated to
IT PM
RACI Chart
- Responsible
- Approve
- Consult
- Inform
The
Gold Standard
For
Project
Management
(PM)
PMBOK
ITNon- IT
PM
Current Systems
Fraud
https://www.pmi.org/pmbok-guide-standards/foundational/pmbok
https://www.pmi.org/learning/thought-leadership/pulse/pulse-of-the-profession-2018
9
“Knowledge Areas”
Management of Project:
1. Integration
2. Scope
3. Schedule
4. Costs
5. Quality
6. Resources
7. Communications
8. Risk
9. Procurement
10.Stakeholders
49 Processes
5 Project Management Process Groups
Initiating Planning Executing Monitoring and Controlling Closing
IT
Non- IT
PM
Current Systems
Fraud
Imagineering
Requirements risk is the potential for losses due to a project's requirements themselves or the requirements manage process. …
1. Missing StakeholdersThe requirements management process fails to identify or to engage all stakeholders. …
Source: https://simplicable.com/new/requirements-risk
Moral of the story: Fraud examiners and auditors, GET YOUR SEAT AT THE TABLE toreduce the fraud risk of IT project deliverables!
Source: https://simplicable.com/new/requirements-risk
We see from prior research that the top
three reasons for project failure—
which are:
a change in organization’s priorities,
a change in project objectives, and
erroneous requirements
gathering
contribute to uncontrolled scope.
The following roles and organizational structures have been defined in the context of COBIT® 2019:• Board• Executive Committee• Chief Executive Officer• Chief Financial Officer• Chief Operating Officer• Chief Risk Officer• Chief Information Officer• Chief Technology Officer• Chief Digital Officer• I&T Governance Board• Architecture Board• Enterprise Risk Committee
• Chief Information Security Officer• Business Process Owner• Portfolio Manager• Steering (Programs/Projects) Committee• Program Manager• Project Manager• Project Management Office• Data Management Function• Head Human Resources• Relationship Manager
Fraud ExaminersInternal Auditors
Reserve Earn Fight for
Can an Internal Auditor have a seat at the table
in an IT Implementation Project?
consulting (.C) services.
Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. …When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility.
https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards.aspx
The name “Imagineering” combines imagination with engineering.
Building upon the legacy of Walt Disney, Imagineers bring art and science together to turn fantasy into reality and dreams into magic.
Source: Disney Imaginations https://disneyimaginations.com/about-imaginations/about-imagineering/
Imagineering
Dream · Define · Deploy
Building upon the legacy of my day dreaming, Fraud Examiner Imagineers imagine what a proposed process will look like, define appropriate fraud controls and deploy as part of the implementation team.
Fraud Imagineering
This is the FRAUD RISK of the IT Project Deliverable.
Other FRAUD RISKs:
Risk of Fraud During the Project
Fraud Risk in Current Environment
To minimize requirements risk.
An element of project risk – risks that could may cause a project objective not to be met…
Fraud ImagineeringIf you can assist with only one phase of IT Project Implementation…
Participate and Win
TEST!Be Part of IT Project Team Meetings
www.consultantc.services
813-374-5160
