grading system access risk and control - uwg | home · unauthorized individuals gaining access to...
TRANSCRIPT
![Page 1: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/1.jpg)
Grading System Access Risk and Control
The risk of inappropriate grade changes.
Grading System - Access Risks and Controls 1
- Department of Internal Audit
- Department of Information Security
![Page 2: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/2.jpg)
Risk Related to System Access Are you who you say you are? Does your position requirements create a separation of duties conflict? Can you perform tasks outside of your required duties?
Access Controls Include Use of unique login user name Association of user name to identifiable individual Use of user password related to specific username Limitation on length and complexity of user password Limitation on length of time between required password changes Limitation on the activities allowed by each user name Limitation on the number of concurrent logons allowed for a single user name
Grading System - Access Risks and Controls 2
Risk and Access Controls
![Page 3: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/3.jpg)
Unauthorized individuals gaining access to grading systems and altering the grade earned.
Related risk events. Are you who you say you are?
Can you alter data in excess of required duties?
Is this fraud? Yes. Fraud can be defined as:
An intentional act against a person or entity made by another for monetary or personal gain.
Grading System - Access Risks and Controls 3
Improper Grade Changes
![Page 4: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/4.jpg)
Rationalization Fraud schemes require that the individual be able to rationalize the activity.
Mitigation An effective control to reduce the impact of this element is an organization’s emphasis on ethics, conflict of interest and hiring standards.
Opportunity Fraud schemes require that the individual be able to execute the activity.
Mitigation An organization’s internal control structure is the most effective method of limiting the opportunity for fraudulent activity to occur.
Incentive Fraud schemes require that the individual
be reacting to some existence of need.
Mitigation An organization’s best method to mitigate this element of fraud is to monitor the working environment and the morale within the department or work group.
The Fraud Triangle
Grading System - Access Risks and Controls 4
![Page 5: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/5.jpg)
Risk Mitigation can Include: Prevention – Take action to make the fraud more difficult to
execute.
Detection – Implement monitoring procedures to assist in the detection of red flags.
Transference – Contractually transfer the risk to another party.
Avoidance – Eliminate the activity or function which was related to the specific risk of fraud
Acceptance – Acknowledge that the fraud may occur but that any mitigating activities would be cost prohibitive.
Grading System - Access Risks and Controls 5
Mitigation of Fraud Risk
![Page 6: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/6.jpg)
Recent cases of manipulation of the grading systems involve:
Use of technology (key loggers)
Breaking and Entering
Computer Hacking
Social Exploitation?
Lets view a couple of news stories.
Grading System - Access Risks and Controls 6
How are these frauds occurring?
![Page 7: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/7.jpg)
Grading System - Access Risks and Controls 7
Purdue University – West Lafayette, IN
WISH-TV 8 Indianapolis, IN
![Page 8: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/8.jpg)
Grading System - Access Risks and Controls 8
![Page 9: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/9.jpg)
Grading System - Access Risks and Controls 9
![Page 10: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/10.jpg)
Schools making the news in the past few years for grade changing include: Georgia Tech (2) - 2012
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
Albany State University - 2012
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
How easy is it to obtain these?
Grading System - Access Risks and Controls 10
Closer to Home
![Page 11: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/11.jpg)
Grading System - Access Risks and Controls 11
![Page 12: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/12.jpg)
Grading System - Access Risks and Controls 12
![Page 13: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/13.jpg)
Rationalization Mitigation could include better focus, training, and awareness on ethical
behavior.
Incentive Improved counseling and assessment.
Opportunity Improved Security
2 factor authentication- e.g., e-mail for changes Improved awareness and monitoring
System Monitoring Changes occurring at unusual times Changes originating outside expected IP addresses Required confirmation of late changes
Grading System - Access Risks and Controls 13
Could these have been better mitigated?
![Page 14: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/14.jpg)
Ask Questions
University of West Georgia has multiple ways to report suspicion.
Management
Ombudsman - http://www.westga.edu/ombuds/
Internal Audit - http://www.westga.edu/auditor/
Information Security - http://www.westga.edu/infosec/
Hotline - https://westga.alertline.com/gcs/welcome
Grading System - Access Risks and Controls 14
Actions if you suspect this has occurred.
![Page 15: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you](https://reader030.vdocuments.us/reader030/viewer/2022040311/5d5308e288c9930e668b9f6b/html5/thumbnails/15.jpg)
Grading System - Access Risks and Controls 15
Questions?