Regular identification and control of IT risks would have significantly helped to prevent the recent security breach at the Post Bank that took place between 1 and 3 January 2012.
That’s the view of Michiel Jonker, senior manager, IT Advisory at Grant Thornton Johannesburg.
“What’s more concerning,” says Jonker, “is that the breach not only resulted in financial losses for the business, but it also caused negative publicity.”
The Post Bank security breach was allegedly caused by a lack of proper IT controls which directly resulted in an estimated R42 million being stolen in just three days.
Jonker emphasises that the King III Corporate Governance report clearly outlines that it is the Board of Directors’ responsibility to govern all business risks, including IT risks, as well as all vital technology investments, for publically listed organisations as well as government institutions.
There is no doubt that the explosive use of information systems has resulted in higher effectiveness and efficiency in organisations, especially in recent decades. But Jonker stresses that it is possible for organisations to implement cost effective IT and manual controls and solutions in order to minimise the potential negative impact of IT threats.
Jonker cites the benefits and power that medical scheme administrators have gained through electronic data interchange (EDI) for claim submissions as an example of how automated information systems directly improve business operations and opportunities.
“Large South African medical schemes today are able to process the majority of their claims electronically – without any human involvement,” says Jonker. “Faster processing, improved accuracy in claim assessments and a streamlined staff component are some of the benefits experienced by these institutions.”
“With the implementation of automated and manual controls, Post Bank officials would have been able to prevent and detect the occurrence of identified risks and reduce the impact of these risks through various correction procedures before they occur,” says Jonker.
Many incidents can be prevented by controls addressing normal day-to-day issues and risks. Simple controls such as the prevention of password sharing among users, the sound management of user accounts in order to disable dormant accounts from a system in a timely manner, the active promotion of security awareness among employees and the regular implementation of important policies, procedures and standards would have added significant security to the information systems.
“It is a well-known fact that many security exploits on the Internet and within company networks could have been prevented in the past but that it was as a result of neglecting to update basic operating and application security systems as well as the timeous implementation of available patches, that these security incidents did occur – many times with devastating results,” Jonker concludes.
Notes to editors
You may quote freely from this publication, provided you acknowledge the source. This publication is an outline for information purposes and should not be relied upon for detailed planning. Readers are advised to consult professional advisors for guidance relating to new or existing legislation which might affect their business and personal decisions.
About Grant Thornton South Africa
Grant Thornton South Africa is a member firm of Grant Thornton International Ltd (Grant Thornton International). Grant Thornton South Africa was founded in 1920 (previously Kessel Feinstein). We are leaders in our chosen market, providing assurance, tax and specialist business advice to dynamic organisations – listed companies, large privately held businesses and private equity backed organisations.
We employ 673 people in South Africa with 76 partners and directors. Grant Thornton has a national presence with offices in Bloemfontein, Cape Town, Durban, Johannesburg, Nelspruit, Port Elizabeth, Pretoria and Rustenburg. South Africa is a major force in Africa, alongside 18 member firms on the continent. We operate in Algeria, Botswana, Egypt, Gabon, Guinea, Ivory Coast, Kenya, Mauritius, Morocco, Mozambique, Namibia, Nigeria, Senegal, Togo, Tunisia, Uganda, Zambia and Zimbabwe and are ideally positioned to facilitate clients’ expansion plans in these countries.
About Grant Thornton International Ltd
Grant Thornton is one of the world's leading organisations of independent assurance, tax and advisory firms. These firms help dynamic organisations unlock their potential for growth by providing meaningful, actionable advice through a broad range of services. Proactive teams, led by approachable partners in these firms, use insights, experience and instinct to solve complex issues for privately owned, publicly listed and public sector clients.
Over 35,000 Grant Thornton people, across more than 100 countries, are focused on making a difference to clients, colleagues and the communities in which we live and work.
Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered independently by member firms, which are not responsible for the services or activities of one another. Grant Thornton International does not provide services to clients.
Grant Thornton International is the fastest growing global accountancy network and has recently been awarded 2013 'Network of the year’ by The International Accounting Bulletin (IAB). The International Accounting Bulletin awards are designed to celebrate accounting achievements over the past year by emphasising the individuals and businesses that have moved the industry forward. To win the ‘Network of the Year’ award, firms had to demonstrate strength across a number of key areas which included evidence of top-level network-wide audit quality, a strengthened position in strategically important markets and a strong industry leadership.