Do the controls around “exceptions” open up your entire program?
“College Admissions Scandal Relied on More Students Using SAT Accommodation,” The Wall Street Journal, March 19, 2019. Making allowances for a small group allowed cheaters to prosper.
You spend a lot of time developing controls to address the major risks. I imagine that SAT and ACT both spend a lot of time to prevent cheating in the normal exam-taking process. But what happened when they allowed exceptions? Were the controls as robust as they needed to be?
Do you have any exceptions to your normal control processes around Information? Should this be a wake-up call to review them? Do procedures around those exceptions need to be at least as robust as those around your base case? Do the granting of the exception and handling those “exceptional” students? What percentage of the total do the exceptions represent?
infogovnuggets 