Discussion in 'Current Affairs' started by FlagWagger, Jan 22, 2010.
The heart of the site is the forum area, including:
Looks like some people can get JPA to work!
Tip of the iceberg.
The problem isn't just a JPA problem, anyone remember the Writer from Collingwood (If I recall correctly) who stole thousands from the imprest account and did a runner because he thought he was dieing?
The problem is even with the best protected systems with lots of safeguards those trusted as administrators have a lot of scope for mischief.
I suspect the JPA system auditing and the scrutiny applied to HR staff will be increased as a result of this. I don't see it as the earth shattering news, though no doubt some will.
Agreed - however, the system should be better designed to reduce or ideally remove "single points of failure" that put people in a position where they have a suitable temptation to breach their trust. In this case, two people were tempted and have paid the price - will there be any remedial action applied to the system to prevent others being put in this position or will it simply be a case or more stringent checks? Its far better to remove the source of the problem than putting in barriers to detect wrongdoing.
See above - speaking as a systems engineer, removal of the cause is far better than detection of the problem.
One of those bright sparks was on our Squadron. He raised suspicions when he bought a house, then 1 week later turned up to work in a brand new BMW!
Edited: Apologies - I read a different link, that had not published the finding of the case, which is no longer sub judice.
Surely if they've been sentenced it's not sub judice?
A question - not an argument I hasten to add
Nothing new, you read about bank workers doing the same thing all the time. Now the MP's who have managed to get away with fraud is another matter.
The system, in terms of auditing and security enforcing functionality is the same as all Oracle HRMS implementations. I guess its hard to defeat/prevent two admins operating in tandem who are working to defraud the system.
Temptation(-Controls) x (Fingers + Pies) = S & S
Er... no, actually. How the system is deployed will determine where audit and security can be enforced. For example, my current company uses Oracle for expenses with user management being controlled centrally - local admins can't therefore create phantom user accounts for claims or authorisation purposes. The problem with the JPA installation is that central control of users would not work and has to be devolved to "trusted" users around the fleet.
Separate names with a comma.