We raised several matters with entities relating to:
• controls over information systems
• financial delegations
• conflicts of interest for procurement processes, asset valuations and payroll monitoring.
Information systems continues to be the area in which we identify most issues. In particular, these relate to user access to systems and governance over the transfer of information to new systems. We commonly find that employees are given system access beyond that required to perform their role, and that entities are not regularly monitoring employee access and activities to ensure it is consistent with their job responsibilities and is appropriately approved.
There was an increase in fraud attempts this year, mostly relating to requests to change employee and supplier bank account details. Entities must ensure they check all change requests with an independent source. Where frauds occurred, the requests had not been checked effectively.