Interestingly, this past weekend's WSJ had an article ("Ex-Trader's Gambit Bites Goldman") which discusses how a former Goldman and Morgan Stanley trader "using a manual system typically for trades done over the counter or those handled by a floor broker, entered 60 false 'sell' trades to make it look as if he was reducing his position." Does this not speak to the need for some form of "best practices"?
At our Spring Forum meeting (which we expect to be held in Boston) we will address this subject. Here are a few quick thoughts (you're invited to chime in with your own):
- Avoid having manual or spreadsheet based systems when packaged software can accomplish what you require
- KNOW what systems exist within your organization. Construct an inventory of all systems, who built them, who's responsible for their maintenance, who uses them, and what they're used for
- Know what data is used by these systems and what data comes out of them, to be used by other systems
- Identify the controls that are in place to ensure integrity of the information
- Put in place a process by which such systems must go through a testing process before they can be implemented...
- ...also, for changes!
- Identify systems that are used as an alternative to programmed/packaged systems
As you might expect, this is one of the areas we look at when we conduct our operational reviews. It's not uncommon to find spreadsheet based systems that pose huge threats to the integrity of the firm's data.