CFO Blog: Commentary and Opinion

You are here: Home : CFO Blog : Société Générale's Blind Spot

RISK MANAGEMENT

Société Générale's Blind Spot

Posted by Marie Leone | CFO.com | US

February 22, 2008 7:23 AM ET

Add a simple, but telling, illustration to the volumes of analysis that is being written about Société Générale's $7 billion trading scandal. Two risk management firms, armed with 20/20 hindsight, offer an interesting take on the Jerome Kerviel saga, identifying six red flags that went unnoticed by company officials.

The companies, SailPoint Technologies and Enterprise Management Associates, created a timeline depicting Kerviel's actions, and the alleged internal control failures that followed. The experts who created the timeline point to identity and access data risks as the culprits, which makes sense because Sailpoint offers fixes to those problems. EMA is an IT industry research and consulting firm.

Nevertheless, if the timeline is correct, the warnings signals that SocGen's missed point to a breakdown in seemingly rudimentary internal controls. For example, after switching jobs within SocGen, Kerviel retained access to systems that he no longer needed; trading system user names and passwords were easily compromised; and user activity logs were not monitored.

Perhaps pulling off the biggest trading scam in history was relatively simple. Which makes me think that I should stop complaining about my company's IT security protocol of changing passwords at regular intervals. It's the least I can do to thwart a billion dollar scandal.

Comments (1)

Comments | Post a Comment

What if we had a way to make the words "trustworthy" and "honest" part of the definition of our company?s employees?

We put systems in place to electronically discover, prevent, manage, notify of, react to and respond to any number of security issues for our customers. But do we have a similar system in place for hiring, promoting and managing people that identify security issues in our own companies on the ?People? side? Why not?

All too often, we consider a background check "that system," if we do even that. And it's usually not universally deployed so there is plenty of room for employees to fall through the cracks. Today, the integrity of your employees has become extremely important as catastrophic events and lawsuits have been shown us.

We need to make the words trustworthy and honest synonymous with employee.

Currently, that's not the case in the majority of workplaces.

In fact, we know a majority of applicants stretch the truth on applications and resumes!

? More than half, 55%, lied about length of past employment.
? Past salaries, 52%
? Criminal records, 45%
? Former job titles, 44%
? Former employers, 34%
? Driving records, 33%
? Degrees, 28%
? Credit, 24%
? Schools attended, 22%.
? Some 15% percent falsify their social security numbers!
While background checks can reveal a number of discrepancies between a candidate's resume and reality, we don?t do background checks on every applicant. Also, it would be prohibitive in cost. Worse, the traits that may cause security issues or disgruntled employees are behavioral traits and are not revealed in background checks at all.

And..What about other candidate "realities" that are not apparent but will present "security or integrity risk" if hired like:

? The Great Pretender - he is not who he pretends to be
? A Low Integrity Candidate - he justifies minor theft and will do so regularly
? The Worker Who Is ?Absent? - not reliable
? A Substance Abuser - and more likely to be coaxed into a "slight" breach of security
? A Slacker Who Won?t Accept Supervision - or worse, might get agitated or angry when supervised

So, what's out there for us folks that can help us make sure our people are not " security issues"?

There is a readily available, reliable and tested tool for doing exactly this.

Called an SOSll, this online pre-hire or employee assessment tool is very unique and accurate in revealing and predicting these attributes ? use it in the job-application process, way before you even decide to interview, and screen out the bad risks upfront. It's an on line assessment tool that any job applicant can take in about 20 minutes from any computer that can reveal these negative and potentially dangerous hidden traits and behaviors in an applicant.

It reveals the core traits and behaviors that make up a person and the kind of conduct you can anticipate from them. It defines them, shows the conflicting input to key questions about integrity, theft, even drug use issues, with answers coming directly from the applicant. It helps you see what's below the tip of the iceberg before you interview.

Neil Licht
www.ucanpreventbadhires.com
answers@ucanpreventbadhires.com

Posted by Neil Licht | February 22, 2008 09:10am


	MOST RECENT POSTS

		Are the Big Four 'Too Big to Fail?'

		Fuzzy Accounting Principles

		Homespun Wisdom about Bank Pay

		Let's Halt the Equality Game

		A New Foil for CFOs' Upward Ambitions?


	ABOUT THE CFO BLOG

		FAQ