The importance of permissions and approval workflows in a supplier ordering system

We might think that in large organizations with computerized systems and extensive bureaucracy, it would not be possible to carry out malicious actions because everything is monitored and documented, but it seems that precisely because the process is long and complex, sometimes the head does not see what the body is doing, and fraud can be carried out that may harm the organization.

For example, the article here discusses a manager at Bank Leumi who, according to the reports, appears to have abused the authority granted to him regarding the approval of purchase orders and subsequently the approval of delivery notes and tax invoices submitted by the supplier.

According to the article, it appears that the manager had broad permissions that allowed him to issue and approve orders without additional oversight. If the permissions had been granted more precisely, the embezzlement might have been prevented. In any case, what can be learned from this going forward is the importance of emphasis and caution when granting permissions to users.

What is generally accepted is to give the user the minimum and add additional permissions only as needed.

This way, each user receives only the permissions required, which can prevent problems as mentioned in the publication.

Head of department at Bank Leumi suspected of embezzlement totaling 6 million shekels

The bank filed a lawsuit against the employee as early as September 2019, and the prosecution will have to decide whether to file an indictment against him ■ According to the suspicion, he created fictitious orders from suppliers, who passed on part of the funds to him