Upload File

grading system access risk and control - uwg | home · unauthorized individuals gaining access to...

  • Home
  • Documents
  • Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you
15
Grading System Access Risk and Control The risk of inappropriate grade changes. Grading System - Access Risks and Controls 1 - Department of Internal Audit - Department of Information Security

Upload: lydiep

Post on 14-Aug-2019

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System Access Risk and Control

The risk of inappropriate grade changes.

Grading System - Access Risks and Controls 1

- Department of Internal Audit

- Department of Information Security

Page 2: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Risk Related to System Access Are you who you say you are? Does your position requirements create a separation of duties conflict? Can you perform tasks outside of your required duties?

Access Controls Include Use of unique login user name Association of user name to identifiable individual Use of user password related to specific username Limitation on length and complexity of user password Limitation on length of time between required password changes Limitation on the activities allowed by each user name Limitation on the number of concurrent logons allowed for a single user name

Grading System - Access Risks and Controls 2

Risk and Access Controls

Page 3: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Unauthorized individuals gaining access to grading systems and altering the grade earned.

Related risk events. Are you who you say you are?

Can you alter data in excess of required duties?

Is this fraud? Yes. Fraud can be defined as:

An intentional act against a person or entity made by another for monetary or personal gain.

Grading System - Access Risks and Controls 3

Improper Grade Changes

Page 4: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Rationalization Fraud schemes require that the individual be able to rationalize the activity.

Mitigation An effective control to reduce the impact of this element is an organization’s emphasis on ethics, conflict of interest and hiring standards.

Opportunity Fraud schemes require that the individual be able to execute the activity.

Mitigation An organization’s internal control structure is the most effective method of limiting the opportunity for fraudulent activity to occur.

Incentive Fraud schemes require that the individual

be reacting to some existence of need.

Mitigation An organization’s best method to mitigate this element of fraud is to monitor the working environment and the morale within the department or work group.

The Fraud Triangle

Grading System - Access Risks and Controls 4

Page 5: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Risk Mitigation can Include: Prevention – Take action to make the fraud more difficult to

execute.

Detection – Implement monitoring procedures to assist in the detection of red flags.

Transference – Contractually transfer the risk to another party.

Avoidance – Eliminate the activity or function which was related to the specific risk of fraud

Acceptance – Acknowledge that the fraud may occur but that any mitigating activities would be cost prohibitive.

Grading System - Access Risks and Controls 5

Mitigation of Fraud Risk

Page 6: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Recent cases of manipulation of the grading systems involve:

Use of technology (key loggers)

Breaking and Entering

Computer Hacking

Social Exploitation?

Lets view a couple of news stories.

Grading System - Access Risks and Controls 6

How are these frauds occurring?

Page 7: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 7

Purdue University – West Lafayette, IN

WISH-TV 8 Indianapolis, IN

Page 8: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 8

Page 9: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 9

Page 10: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Schools making the news in the past few years for grade changing include: Georgia Tech (2) - 2012

http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/

Albany State University - 2012

http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/

How easy is it to obtain these?

Grading System - Access Risks and Controls 10

Closer to Home

http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://atlanta.cbslocal.com/2012/07/18/former-georgia-tech-student-pleads-guilty/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
http://www.albanyherald.com/news/2012/aug/29/former-asu-student-pleads-guilty-grade-changing/
Page 11: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 11

Page 12: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 12

Page 13: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Rationalization Mitigation could include better focus, training, and awareness on ethical

behavior.

Incentive Improved counseling and assessment.

Opportunity Improved Security

2 factor authentication- e.g., e-mail for changes Improved awareness and monitoring

System Monitoring Changes occurring at unusual times Changes originating outside expected IP addresses Required confirmation of late changes

Grading System - Access Risks and Controls 13

Could these have been better mitigated?

Page 14: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Ask Questions

University of West Georgia has multiple ways to report suspicion.

Management

Ombudsman - http://www.westga.edu/ombuds/

Internal Audit - http://www.westga.edu/auditor/

Information Security - http://www.westga.edu/infosec/

Hotline - https://westga.alertline.com/gcs/welcome

Grading System - Access Risks and Controls 14

Actions if you suspect this has occurred.

http://www.westga.edu/ombuds/
http://www.westga.edu/ombuds/
http://www.westga.edu/auditor/
http://www.westga.edu/auditor/
http://www.westga.edu/infosec/
http://www.westga.edu/infosec/
https://westga.alertline.com/gcs/welcome
https://westga.alertline.com/gcs/welcome
Page 15: Grading System Access Risk and Control - UWG | Home · Unauthorized individuals gaining access to grading systems and altering the grade earned. Related risk events. Are you who you

Grading System - Access Risks and Controls 15

Questions?


UWG Brand Identity - University of West Georgia...UWG GUIDELINES UWG PROCEDURE NUMBER: 5.6 - UWG POLICY NAME: Brand Identity UWG Brand and Visual Identity Program The University of

UWG Strategic Plan December, 2007

Lessons Learned on Credit Risk Grading Model …. Tahrima.pdfLessons Learned on Credit Risk Grading Model Designing Tahrima Faruq*, ... Camellia House, 22, Kazi Nazrul Islam Avenue,

CREDIT RISK GRADING MANUAL BANK - Bangladesh … ·  · 2012-09-13Credit Risk Grading Manual - BANK 5 Enclosed: MS Excel file named, CRG - Score Sheet - Bank in CD ROM for use. Table

CREDIT RISK GRADING MANUAL NBFI Non Banking … Risk Grading Manual - NBFI 1 CREDIT RISK GRADING MANUAL NBFI Non Banking Financial Institution JUNE, 2007

UWG Volume 1

UWG India Ppt

The UWG Coliseum · 2019. 2. 6. · The UWG SPMG Society held an all-star basketball game featuring current players and UWG Staff. MAR. The Coliseum FY16 Page 6 Additional Storage

UWG General Guidelines for Formatting and Processing · Thesis & Dissertation The University Handbook was adapted, with permission, from the UWG Ed.D. in School Improvement Handbook

UWG Strategic Plan

Space Science and Engineering Center University of Wisconsin-Madison LANCE UWG Meeting November 16, 2010 UWG Member: Liam Gumley Space Science and Engineering

Cornerstone: First Year Experience UWG 1101 Chapter Ten: Understand

Risk Assessment Grading

1 LANCE UWG Meeting, November 16, 2010 UWG Member: Robert Brakenridge Affiliation: University of Colorado Director, Dartmouth Flood Observatory

NISDC UWG Annual Meeting Minutes for August 9 … UWG...1 NISDC UWG Annual Meeting Minutes for August 9-10, 2016 1.0 Summary The NSIDC User Working Group met on August 9-10, 2016 at

Risk analysis – FMEA Workshops. FMEA 1 Simple risk assessment process!! Identifying risk Simple method for grading risk Determines appropriate risk

Yan Yang - UWG

Reliability ofthe Guide to Pregnancy Risk Grading of the Ontario

Uwg vk ckf

Corporate Presentation - Fullerton India · Corporate Presentation September - 2015 1. 2. 3. ... operational risk Approves risk appetite and credit policies ... • Risk Grading

UWG Purchasing 101 6/1/2015. UWG Purchasing 101 Goal of Presentation Review various procurement methods Complete an Informal Request for Quote Required

UWG 2013 Meeting PO.DAAC Data Stewardship Status

Arable Production 2018 - UWG

CREDIT RISK GRADING MANUAL

Cornerstone: First Year Experience UWG 1101 Chapter Twelve: Relate

SAVE THE DATE - UWG

Credit Risk Grading Aziz.pdf

A snapshot of UWG

Growing Pains- UWG Wolves Club Baseball | The West Georgian

Cornerstone: First Year Experience UWG 1101

UWG 2013 Meeting Publish-Subscribe (Datacasting)

Credit Risk Grading-Apex Tannery

QUALITY ADJUSTMENT AND SAMPLING/GRADING OVERVIEW Risk Management Agency

Community Based Initiatives GES DISC UWG 2011 Meeting

Credit Risk Grading