"Skelton, an auditor for the supermarket chain, had authorised access to its entire payroll while KPMG was auditing the company accounts"
Given that auditors are generally assumed to be trustworthy, and it's quite tricky to properly audit a company without access to its 'books' and data, what the heck were Morrisons expected to do? Have two auditors from another company physically standing at Skelton's shoulder 24/7 until he had finished and had his access revoked?
Or maybe they should have provided anonymised and filtered data to Skelton? Who could not then trust the data, as the person preparing the secure extract may be the one fiddling the books?
What 'honesty' checks did the audit company do on their employees?
Skelton was a crook. He abused trust. He goes to jail. That's it.
What's next? Home-owners liable for burglary because they installed breakable glass in their windows?
Biting the hand that feeds IT
