Management Must Work with IT for Internal Controls to Work

Lora Bentley

Computeworld's Frank Hayes made an interesting observation regarding the Socit Gnrale scandal on Monday. He says management let IT down in that instance:

In IT, we think of implementing controls as our job, whether they're for financial traders or Sarbanes-Oxley or HIPAA or anything else. We spec out the software, we secure the systems, we manage the operations. And we tear our hair out when someone steals a password or exploits a security hole. We take it seriously. We take it personally. ... And the people we're working for? They don't. At least, some of them don't.

If you haven't kept up with the story, the French bank announced late last month that it lost roughly $7.2 million cleaning up the mess left by trader Jeremy Kerviel. From his job on the futures desk, the Associated Press says, Kerviel "invested the bank's own money by hedging on European equity market indices -- making bets on the future performance of the markets."


And as Hayes notes in Computerworld:

[Kerviel] knew how the [bank's] controls worked. And he knew they were designed to prevent traders from stealing from the bank, not to stop cheating that might score bigger profits.... [and] he knew that other traders were routinely cheating in similar ways and that management ignored it as long as the results were profitable in the end.

Even if IT puts the controls in place, he says, they do nothing if management won't control how they're used or abused.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.