November 2, 2016 at 10:46 am
All cheaters get caught eventually because they can't keep their mouth shut.
November 2, 2016 at 11:26 am
As Granny used to say... "Figures can lie and liars figure". ๐
--Jeff Moden
Change is inevitable... Change for the better is not.
November 3, 2016 at 8:24 am
Eric M Russell (11/2/2016)
kiwood (11/2/2016)
Eric M Russell (11/2/2016)If IT was providing executive management with reports indicating an unusual spike in the number of new accounts opened and fees generated, then they have done their due diligence. IT's job is to produces accurate information from data. It's executive management's job to interpret and act on that information.
There seems to be a fundamental belief that the data had unusual spikes. But the information available suggests otherwise. All information suggests that they added a single extra account here and there to customers over an extended period of time.
Because there is mounting evidence that he knew or should have known what was happening, there are calls for the CEO to face criminal charges. Given that so many people who worked in the office believed fraud was normal I fail to see how IT is going to magically stop it.
As for the due diligence comment - I am a bit shocked. It is not the job of IT to setup monitoring for internal fraud without input or guidance from management. Suggestions otherwise are a bit frightening.
By "due diligence", I simply meant that IT has a responsibility to provide executive management with accurate reports.
Even if IT did provide Wells Fargo management with accurate reports, it sounds to me as though at least some Wells Fargo management wasn't willing to pay the reports heed.
Kindest Regards, Rod Connect with me on LinkedIn.
November 3, 2016 at 9:08 am
Rod at work (11/3/2016)
Eric M Russell (11/2/2016)
kiwood (11/2/2016)
Eric M Russell (11/2/2016)If IT was providing executive management with reports indicating an unusual spike in the number of new accounts opened and fees generated, then they have done their due diligence. IT's job is to produces accurate information from data. It's executive management's job to interpret and act on that information.
There seems to be a fundamental belief that the data had unusual spikes. But the information available suggests otherwise. All information suggests that they added a single extra account here and there to customers over an extended period of time.
Because there is mounting evidence that he knew or should have known what was happening, there are calls for the CEO to face criminal charges. Given that so many people who worked in the office believed fraud was normal I fail to see how IT is going to magically stop it.
As for the due diligence comment - I am a bit shocked. It is not the job of IT to setup monitoring for internal fraud without input or guidance from management. Suggestions otherwise are a bit frightening.
By "due diligence", I simply meant that IT has a responsibility to provide executive management with accurate reports.
Even if IT did provide Wells Fargo management with accurate reports, it sounds to me as though at least some Wells Fargo management wasn't willing to pay the reports heed.
I totally don't blame IT for any of this.
NPR did an interview with a former WellsFargo branch employee who says he raised the issue to his manager, and the bank responded by firing him, falsely accusing him of misconduct, and then black listing so he couldn't get hired in the industry again. My wife has worked in the financial services industry, and I am surprised by some of the stories she's told. I think the industry is attracting all the wrong type of people. There are a lot of hustlers, sociopaths, sycophants, and schmucks in suits.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
November 3, 2016 at 9:35 am
Rod at work (11/2/2016)
David.Poole (11/2/2016)
Terry Pratchett described how the city of Ankh Morpork dealt with a plague of rats by paying a bounty on dead rats delivered. Despite this the rat problem kept getting worse until the city Patrician solved it by saying "tax the rat farms".You get what you bonus for.
Daniel Pink described the phenomenon in some detail in his book "Drive". You have to be so careful when you design an incentive scheme or benefits system. If it can be gamed it will be gamed. How well did Bankers Bonuses work out for us all by the way?
If anything a bonus system does more harm than good because in addition to skewing the system performance drops to a lower level than when you started when the bonus system is removed.
Unfortunately for me I've never worked at a place that offered bonuses. (It's sometimes amusing when talking with recruiters. "What? You haven't any bonus??") But I would hope that not every place that has a bonus will give in to fraudulent activity. I still hope to one day work at a company that offers bonuses.
The issue is really around what you incentivize. It doesn't really matter if the incentive shows up in the form of bonus, or advancement or even simply an appreciative attitude from management, if you incentivize the wrong things (or the right things in the wrong way), someone will eventually look to game the system. And while I'd love to get on the bandwagon that IT is above those practices, we ultimately aren't.
Case in point - we had a bad problem with projects delivering late a few years back, so new "incentives" were put in place on managers to ensure that improved. So guess what - for the year following that mandate, every project "went live" on schedule, bar none. Never mind that "going live" was often saddled with disastrous issues and ugly data fixes, disruption to customer service, etc... that sucker went in when the schedule said that it would. Now we've got a more measured directive to ensure that *some* level of service quality is present, but it took multiple close calls with "extinction level events" for those directives to change.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
November 3, 2016 at 10:13 am
Rod at work (11/2/2016)
David.Poole (11/2/2016)
Terry Pratchett described how the city of Ankh Morpork dealt with a plague of rats by paying a bounty on dead rats delivered. Despite this the rat problem kept getting worse until the city Patrician solved it by saying "tax the rat farms".You get what you bonus for.
Daniel Pink described the phenomenon in some detail in his book "Drive". You have to be so careful when you design an incentive scheme or benefits system. If it can be gamed it will be gamed. How well did Bankers Bonuses work out for us all by the way?
If anything a bonus system does more harm than good because in addition to skewing the system performance drops to a lower level than when you started when the bonus system is removed.
Unfortunately for me I've never worked at a place that offered bonuses. (It's sometimes amusing when talking with recruiters. "What? You haven't any bonus??") But I would hope that not every place that has a bonus will give in to fraudulent activity. I still hope to one day work at a company that offers bonuses.
I sometimes hear about IT shops that attempt to measure productivity based on the number of lines of code written. Although I've never understood it to be a good measure of actual productivity, if I ever work for such a shop that actually incentives based on how many lines of code I write, then I'm going to put my SQL auto-formatter tool to good use. I mean, if something like how I choose to break lines on commas, expressions, and joins can translate into more $,$$$, then I'm all in. That's a game changer. ๐
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
November 3, 2016 at 10:43 am
Wells Fargoโs Stars Thrived While 5,000 Workers Got Fired
November 3, 2016 at 10:45 am
kiwood (11/2/2016)
I think to even suggest that the IT department could/should have prevented the mess at Well's Fargo is dangerous and perhaps unethical. Consider the news: people who pointed out the fraud were routinely fired.I do think that IT can play a role in helping detect employees gaming the system. I think much of business could be improved by partnering with the IT department to make things better. But... I also think this is a long way from becoming the norm. And I don't believe that it is likely to change anytime soon.
That, in and of itself, is a problem. I would hope whistleblower laws would help here, or perhaps some legislation that protects workers somehow when they find illegal activity.
November 3, 2016 at 10:58 am
Ralph Hightower (11/2/2016)
I don't think that a computer system could have detected the fraudulent activity at Wells Fargo. This was a systemic problem across the branches from the account representatives up through the branch managers. The employees were gaming the system to artificially make their sales quotas.
I agree, but auditing could help. I get notices when anything changes in my accounts, and certainly IT should have ensured those were going out, separately from what account managers do.
November 3, 2016 at 11:01 am
ZZartin (11/2/2016)
I don't feel it's the job of IT to play vigilante and hunt down people potentially abusing the system, unless you work in InfoSec and are just an evil person.
Part of IT is InfoSec. This isn't necessarily a sysadmin or DBA job. The job in IT isn't to be vigilante, but protect the systems, which means notifying people of anomalies.
However.
As a sysadmin, I always think about where I might compromise, or another sysadmin might, and I try to build in checks that are independent of me or any one person.
In financial, or most systems, there ought to be some analysis that looks for changes. So if bonuses go up dramatically, someone should have a flag raised and pass this on to others to review if these are legitimate. In this case, that wouldn't help as managers were involved.
IT systems could have notified customers, which is the idea.
November 3, 2016 at 11:09 am
Where I work, we actually have to sign off on a monthly notice as to whether or not we are aware of anything "questionable" that could lead to the proverbial "black eye" for the company.
--Jeff Moden
Change is inevitable... Change for the better is not.
November 3, 2016 at 11:23 am
I don't buy the "it's not IT's responsibility to report spotted fraudulent behaviour" as it is EVERY employee's duty to do so. Where I would agree is that is isn't necessarily IT's remit to actively look for it.
Generally, I have found IT professionals to be a little bit more compliant with rules thus less likely to commit fraud even when the opportunity sits before them. Where this falls down is the individual. My statement was a generalisation so, if true, it is less likely for an IT professional to commit fraud. That's only probability. Even if statistically true it doesn't apply to each and every IT professional so may not apply to the IT professional in front of you.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
November 4, 2016 at 9:28 am
Steve Jones - SSC Editor (11/3/2016)
Ralph Hightower (11/2/2016)
I don't think that a computer system could have detected the fraudulent activity at Wells Fargo. This was a systemic problem across the branches from the account representatives up through the branch managers. The employees were gaming the system to artificially make their sales quotas.I agree, but auditing could help. I get notices when anything changes in my accounts, and certainly IT should have ensured those were going out, separately from what account managers do.
I agree. However, if IT is also in on the bad behavior, then they can help game the system. If, for example, there's a trigger or something like that in place in a database somewhere which will initiate a routine to email the account holder on a change in account status, such as a new sub-account being created, it would be easy enough to disable that trigger, create the new fraudulent sub-account and then put it back in place. It may be possible to do this so none's the wiser.
(And I'm certainly not advocating anyone do this!)
Kindest Regards, Rod Connect with me on LinkedIn.
November 4, 2016 at 10:22 am
Steve Jones - SSC Editor (11/3/2016)
ZZartin (11/2/2016)
I don't feel it's the job of IT to play vigilante and hunt down people potentially abusing the system, unless you work in InfoSec and are just an evil person.As a sysadmin, I always think about where I might compromise, or another sysadmin might, and I try to build in checks that are independent of me or any one person.
IT systems could have notified customers, which is the idea.
This might be what I disagree with, my job is to work with technology processes not business processes.
I don't have a complete understanding of why certain business processes are in place or even an understanding of what is technically legal and if I started worrying about it or trying to enforce what I happen to feel is right I would A) have no time to do my actual job B) likely find myself unemployed.
There are certainly a huge amount of checks IT could put in place if that's what the company wants them to do.
November 4, 2016 at 1:10 pm
Rod at work (11/4/2016)
Steve Jones - SSC Editor (11/3/2016)
Ralph Hightower (11/2/2016)
I don't think that a computer system could have detected the fraudulent activity at Wells Fargo. This was a systemic problem across the branches from the account representatives up through the branch managers. The employees were gaming the system to artificially make their sales quotas.I agree, but auditing could help. I get notices when anything changes in my accounts, and certainly IT should have ensured those were going out, separately from what account managers do.
I agree. However, if IT is also in on the bad behavior, then they can help game the system. If, for example, there's a trigger or something like that in place in a database somewhere which will initiate a routine to email the account holder on a change in account status, such as a new sub-account being created, it would be easy enough to disable that trigger, create the new fraudulent sub-account and then put it back in place. It may be possible to do this so none's the wiser.
(And I'm certainly not advocating anyone do this!)
If the users and IT are in on bad behavior, give up. There's nothing to be done.
Viewing 15 posts - 16 through 30 (of 33 total)
You must be logged in to reply to this topic. Login to reply