The perils of direct entry uploading into a database are well known \u2026 and the recent revelation by CBI on the modus operandi used in Satyam to book invoices is a grim reminder of this.<\/p>\n
\u00a0<\/p>\n
CBI has claimed to have unravelled through cyber forensic technique the modus operandi of Satyam in generating false invoices to show inflated sales.\u00a0<\/p>\n
\u00a0<\/p>\n
Investigations revealed that Satyam Computer Services Limited (SCSL) had got a regular application flow for generation of invoices. This regular flow, it was found, has a series of applications like Operational Real Time Management (OPTIMA) for creating and maintaining the projects, Satyam Project Repository (SRP) for generating the project ID, an application to key-in the man hours put in by the employees called Ontime, and a Project Bill Management System (PBMS) for generating the billing advices from the data received from the Ontime and from the rates agreed upon with the customer. Based on the billing generated by PBMS, the Invoice Management System (IMS) generates the invoices.\u00a0\u00a0<\/p>\n
\u00a0<\/p>\n
Apart from the regular application flow, Satyam had another method of generating invoices through Excel Porting <\/strong>wherein the invoices could be generated directly in IMS, bypassing the regular application flow by porting the data into the IMS. This application was actually meant to be used sparingly for emergency requirements.<\/p>\n \u00a0<\/p>\n Investigation revealed that in order to perpetrate the fraud, the accused had surreptitiously got a subroutine incorporated in the Source Code of IMS application, wherein a new user ID called Super User <\/strong>got created and this Super User had the power to hide\/unhide <\/em><\/strong>the invoices generated in IMS. By logging in as Super User, the accused were hiding some of the invoices that were generated through Excel Porting. Once an invoice was hidden, the same would not be visible to the other divisions of the company, but only to the sales team in the Finance division of Satyam. As a result, the business circles concerned would not be aware that such invoices existed.\u00a0\u00a0 These invoices were also not despatched to the customers.<\/p>\n \u00a0<\/p>\n And thus the drama of Satyam continues.<\/p>\n \u00a0<\/p>\n The solution to prevent such frauds is not to stop direct data uploads completely.\u00a0 In every business there is a need to upload bulk data through a data porting utility into the database, and hence every application vendor needs to provide such a utility.\u00a0 To minimize the risk of misuse of this facility, some of the basic controls that various organizations may consider are<\/strong>:<\/p>\n The perils of direct entry uploading into a database are well known \u2026 and the recent revelation by CBI on the modus operandi used in Satyam to book invoices is a grim reminder of this. \u00a0 CBI has claimed to have unravelled through cyber forensic technique the modus operandi of Satyam in generating false invoices … <\/p>\n\n