What Is SAP GRC? SAP Governance, Risk, and Compliance (S...
From Scalped Super Bowl Tickets to Fake Invoices at Microsoft
One employee can do a lot of damage. Just look at the headlines the other day from Microsoft. A grand jury indicted Microsoft’s former director of Sports Marketing and Alliances, Jeff Tran, for allegedly trying to create fake invoices for up to $1.4 million and scalping the company’s Super Bowl tickets for $200,000.
Tran helped build Microsoft’s strategic relationship with the NFL that allowed the company to buy Super Bowl tickets for its employees. Instead of handing them out to his co-workers, Tran allegedly sold 62 tickets for $200,000. The stakes got higher soon after that.
As part of Tran’s responsibilities, he was allowed to approve invoices from certain vendors. According to the indictment, Tran submitted a fraudulent invoice for $775,000 invoice s through one of the company’s vendors, approved the invoice, and diverted payment to his own bank account. He then allegedly made the bold move of submitted another fraudulent invoice for $670,000. That’s when vendors reportedly contacted Microsoft and an investigation was launched.
The internal threat is real and you never know who may be lurking in the shadows waiting to take advantage of weaknesses in processes. In Tran’s case, he was able to approve and pay invoices from specific vendors. So how do you protect yourself from the inside threat?
With Pathlock’s Access Violation Management solution in place, one Global 1000 company uncovered $10M in fraudulent transactions from a lifelong employee in one of its offices in South Africa. It provides real-time visibility of materialized user risks and the financial exposure those risks have on the business. Click here to learn more by reading the Forrester report The Total Economic Impact of Pathlock’s Access Violation Management Solution. It measures the value of reducing manual mitigating controls and quantifying your financial exposure from access management risks.