Culturally aligned security in banking : a system for rural banking in Ghana

Kwaa-Aidoo, Ephrem Kwaku

January 2010

This thesis is an investigation into the unique rural banking system in Ghana and the role of information systems in fraud control. It presents a robust information security and internal control model to deal with fraud for the banking system. The rural banking industry has been noted for poor internal control leading to fraud. This has resulted in poor performance and even the collapse of some banks. The Focus of the study was on the processes used to deliver banking services. To design a protection system, a number of rural banks were visited. This was to understand the environment, regulatory regimes and the structure and banking processes of the industry and banks. Systemic vulnerabilities within the industry which could be exploited for fraud were found. The lack of structures like an address system and unreliable identification documents makes it difficult to use conventional identification processes. Also the lack of adequate controls, small staff numbers and the cross organisational nature of some transactions among other cultural issues reduces the ability to implement transaction controls. Twenty fraud scenarios were derived to illustrate the manifestation of these vulnerabilities. The rural banking integrity model was developed to deal with these observations. This protection model was developed using existing information security models and banking control mechanisms but incorporating the nature of the rural banking industry and culture of its environment. The fraud protection model was tested against the fraud scenarios and was shown to meet the needs of the rural banking industry in dealing with its systemic vulnerabilities. The proposed community-based identification scheme deals with identification weaknesses as an alternative to conventional identity verification mechanisms. The Transaction Authentication Code uses traditional adinkra symbols. Whilst other mechanisms like the Transaction Verification Code design v internal controls into the banking processes. This deals with various process control weaknesses and avoids human discretion in complying with controls. Object based separation of duties is also introduced as a means of controlling conflicting tasks which could lead to fraud.

658.05

Culturally aligned security in banking. A system for rural banking in Ghana.

Kwaa-Aidoo, Ephrem K.

January 2010

This thesis is an investigation into the unique rural banking system in Ghana and the role of information systems in fraud control. It presents a robust information security and internal control model to deal with fraud for the banking system. The rural banking industry has been noted for poor internal control leading to fraud. This has resulted in poor performance and even the collapse of some banks. The Focus of the study was on the processes used to deliver banking services. To design a protection system, a number of rural banks were visited. This was to understand the environment, regulatory regimes and the structure and banking processes of the industry and banks. Systemic vulnerabilities within the industry which could be exploited for fraud were found. The lack of structures like an address system and unreliable identification documents makes it difficult to use conventional identification processes. Also the lack of adequate controls, small staff numbers and the cross organisational nature of some transactions among other cultural issues reduces the ability to implement transaction controls. Twenty fraud scenarios were derived to illustrate the manifestation of these vulnerabilities. The rural banking integrity model was developed to deal with these observations. This protection model was developed using existing information security models and banking control mechanisms but incorporating the nature of the rural banking industry and culture of its environment. The fraud protection model was tested against the fraud scenarios and was shown to meet the needs of the rural banking industry in dealing with its systemic vulnerabilities. The proposed community-based identification scheme deals with identification weaknesses as an alternative to conventional identity verification mechanisms. The Transaction Authentication Code uses traditional adinkra symbols. Whilst other mechanisms like the Transaction Verification Code design v internal controls into the banking processes. This deals with various process control weaknesses and avoids human discretion in complying with controls. Object based separation of duties is also introduced as a means of controlling conflicting tasks which could lead to fraud.

Rural banking

Ghana

Fraud control

Security systems

Banks and banking industry

Vulnerabilities

Community-based identification

Identity verification mechanisms

Organizace kontrol ve vybrané části centra sdílených služeb / The organization of controls in the specific area of shared service centre

Sedmíková, Tereza

January 2010

This diploma thesis is a practical excursion into the organization of controls in a particular shared service centre. The work deals with the company relation to the section 302 and 404 of Sarbanes-Oxley Act and describes the company's internal control system according to the COSO "Integrated framework - Internal control" issued in 1992. More detailed description is provided within the company's fraud risk assessment process and within yearly testing process of control activities in order to meet section 404 of Sarbanes-Oxley Act. The specifics of external audit when performing audit in shared service centre, the shared service centre influence to foreign accounting entities from internal control system perspective are the other topics taken in consideration. Finally, there are highlighted benefits of automated system for processing travelling expenses in relation to the COSO "Integrated framework - Internal control" issued in 1992 and in relation to necessary assurances requested by U.S. SEC for the purpose of preparing financial statements under U.S. GAAP. The company's relation to anti-corruption laws (such as the FCPA) intersect in the analytical section, whose purpose is to find internal control gaps in the department processing travel reports in terms of their content and process.