Reference no: EM133424114
Network Design and Evaluation
Background
The following extract is part of the report1 on the reason for the collapse of Barings, an international investment bank.
The management of Barings broke a cardinal rule of any trading operation - they effectively let Leeson settle his own trades by putting him in charge of both the dealing desk and the back office. This is tantamount to allowing the person who works a cash-till to bank in the day's takings without an independent third party checking whether the amount banked at the end of the day reconciles with the till receipts.
The back-office records, confirms and settles trades transacted by the front office, reconciles them with details sent by the bank's counterparties and assesses the accuracy of prices used for its internal valuations. It also accepts/releases securities and payments for trades. Some back offices also provide the regulatory reports and management accounting. In a nutshell, the back office provides the necessary checks to prevent unauthorised trading and minimise the potential for fraud and embezzlement. Since Leeson was in charge of the back office, he had the final say on payments, ingoing and outgoing confirmations and contracts, reconciliation statements, accounting entries and position reports. He was perfectly placed to relay false information back to London.
Abusing his position as head of the back-office, Leeson suppressed information on account '88888'. This account was set up in July 1992 - it was designated an error account in Barings Futures Singapore system ... But Barings London did not know of its existence since Leeson had asked a systems consultant, Dr Edmund Wong, to remove error account '88888' from the daily reports which BFS sent electronically to London. This state of affairs existed from on or around 8 July 1992 to the collapse of Barings on 26 February 1995...
Error accounts are set up to accommodate trades that cannot be reconciled immediately. A compliance officer investigates the trade, records them on the firm's books and analyses how it affects the firm's market risk and profit and loss. Reports of error accounts are normally sent to senior officers of the firm.
Barings' management compounded their initial mistake of not segregating Leeson's duties by ignoring warnings that prolonging the status quo would be dangerous. An internal auditor's report in August 1994 concluded that his dual responsibility for both the front and back offices was "an excessive concentration of powers." The report warned that there was a significant general risk that the general manager (Mr Nick Leeson) could override the controls.
The audit team recommended that Leeson be relieved of ... duties: supervision of the back-office team, cheque-signing ... and bank reconciliations. Leeson never gave up any of these duties even though Simon Jones, regional operations manager South Asia and chief operating officer of Barings Securities Singapore, had told the internal audit team that Leeson will "with immediate effect cease to perform the[se] functions."
Assumptions
From this article we can identify a number of banking roles as follows. You may assume that each will be supported by a software application and related data.
a. Dealer (i.e. selling and buying)
b. Accountant ('settling trades' - actually moving the money, verifying trading partners, recording transactions in the bank ledgers)
c. Compliance Officer (reviewing the risk associated with 'error' trades)
d. Reporter (reporting to management)
You may ignore other roles, such as system management.
Questions
You are tasked with designing a networked system for a business with the roles listed above. You are required to answer the following questions, and provide a clear explanation that justifies your answers:
- Provide an analysis of the business system described in the above report. You MUST include a system diagram of your designed network that clearly shows different roles, assets, and their interaction in the system with explanation.
- (ii) Apply a structured security design process to the above analysis to describe the primary security features and functions of your resulting network design including the function of each subnet and justification for the controls that you propose.
- (iii) Evaluate how your design would have successfully prevented the problems described in the above report.