Presentation on theme: "Investigation in Computerised Environment. Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise."— Presentation transcript:
Investigation in Computerised Environment
Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise of supervisory powers Breach of security protocol- physical, software Non maintenance of secrecy of passwords
Difficulties in carrying out investigation in computerised offices Lack of technical/application knowledge amongst inspectorial staff Poor data security leading to easy deletion of data Same user having different levels of access Universal knowledge of passwords Lack of knowledge for collection of evidences from Electronic data Legal issues
Difference between the documented procedures (manuals and volumes) and revised procedures in the electronic environment. MODOW not matching the actual work distribution Secrecy of password Lack of knowledge for collection of evidences from Electronic data
Precautions in Physical security Server should be kept under lock and key Maintenance of log book for accessing the server. Preventing unauthorised persons to handle systems in the office Access to systems after the office hours should be under proper permission only
Precautions in electronic security Server and systems should be password protected Creation of individual user name and password for all users in the windows environment and applications. Avoiding common user names like PA1, PA2,etc., Deletion/disabling of old users. Disabling of CD drives and USB ports. Use of licensed software
Precautions in electronic security Use of up-to-date anti virus software Restrict use of internet to the required extent. Ensure that the operators log off or lock the screen when they leave the seat for some reason or the other. Ensure that there is no programming language/un authorised software loaded in any of the systems.
Precautions in data security Proper installation of SQL server. Protection of SQL with username and password. Back up to be taken only by authorised persons. Maintenance of log book for accessing the server noting the purpose for access.
Common methods of frauds in computerised offices Parallel package Point of sale – booking of articles as if stamps are affixed Sanchay Post – access to database through SQL to raise or manipulate the balance Sanchay Post- access through ‘Data entry’ module to raise or manipulate the balance Meghdoot - access to database through SQL to manipulate the data like mode of postage payment
Precautions with Meghdoot Administrator powers (like user modifications, deletion of log file, deletion of data) in point of sale should only be exercised by the Head of the Office. Supervisory powers (like configuration of postage rates) should only be exercised by the supervisors Ensure that tariffs configured is correct Generation of prescribed records on day to day basis. Back up of MBD files in respect of each module.
Precautions with Meghdoot Checking the log files to see that there are no unnecessary access to options by anyone. (like change in tariff by supervisor) Ensure that proper denominations of currency are entered in the treasury module Ensure that proper weight of cash bag is mentioned in the sub accounts module
Precautions in Sanchaypost All the data entry modules are disabled. The discrepancy reports are checked regularly. Eg: Accounts without address, Without names, with minus balance, signature scan, etc., Ensure that the accounts standing open at each BO stands tagged to the concerned BO. This will help in generation of list of last balance of accounts standing open in a BO in case of a fraud or cent percent verification.
Precautions in Sanchaypost Ensure preservation of LOTs and other important reports relating to SB at SOs. Ensure that the supervisors authorise the transactions then and there and not at the end of the day. Enter the common number is written on all the vouchers. Ensure that the latest updation of negative list has been made.
Precautions in Sanchaypost Ensure the stock of certificates is maintained in the system and issued through the system. Ensure that the stock of pass books is maintained in the system. Ensure that there is no manual operation of any transaction in the office. Ensure that agents lists are posted up to date.
Difference between Investigation in a computerised and non computerised office The main difference is in identifying the electronic evidences. Securing electronic evidences Preserving electronic evidences Creation of valid supporting documents out of the electronic evidences – Apart from the above all other features of investigation are the same for a computerised and non computerised offices
Investigation in computerised environment Investigation will be conducted in the normal manner. Data back up as on that date should be taken and copy sealed in the presence of independent witnesses(if possible delinquent can be a witness for this process). One copy to be preserved in the Divisional office and another copy to be available with the investigating officer.
Investigation in computerised environment If need be the server should be secured separately by making alternate arrangements for normal functioning Check whether any unauthorised software or programming language is installed Try to understand the modus operandi If need be get the help of experts in software/ applications to understand the intricacies.
Investigation in computerised environment Check the security options available in the software/ application which will help in investigation. Eg: (a) Taking a copy of log file in the departmental software and SQL (b)Checking archived forms in Sanchay Post Check for any differences in the format of reports preserved with the standard format of the software Check the log on patterns of the PAs, Supervisors, PMs and System Administrators.
Investigation in computerised environment Collect physical documents relevant to the case available in the office Prepare relevant documents through the software and get it attested by respectable officer. Eg: Copy of Ledger card Record statements from witnesses and delinquent Take follow up in the normal course.