Information systems for Decision Making

Discussion:

“Fraud and Risk Factors”

Find an example of insider fraud related to IT from the last 10 years. Do not repeat an example from the textbook or one that has been posted by another student. Please respond to the following in not more than 250 words:

• The textbook lists four fraud risk factors on page 288. Which of these enabled the fraud?
• How was the fraud detected?
• What IT policy could have prevented the fraud or detected it earlier?

Then, in separate posts, follow up to one or more of your fellow students in substantive posts of up to 200 words that further the discussion. For example, you may support or politely challenge a post with your own insights or experience, make a suggestion, or ask probing follow-up questions.

Support your positions with explanations and/or sources, as appropriate.

Question 2:

The internal auditor’s function is to assure that the organization has solid internal controls. That certainly includes financial records, but it is much broader. The Institute of Internal Auditors (n.d.) says that auditors “evaluate and improve the effectiveness of risk management, control, and governance processes.” Even the best-managed companies have some degree of risk in their processes. Auditors must determine how much risk the organization faces.

This week, I’d like you to work backwards, starting from an actual insider fraud case. Which of the four risk factors was present to allow the fraud in the first place? Someone detected the fraud eventually, or you would not be reading about it. How did that happen?

Finally, recommend an IT policy that could have detected the fraud earlier, or prevented it entirely. Please focus on “reasonable” policies, because it is counterproductive to apply expensive and intrusive controls to low-risk scenarios.

Definition of Internal Auditing. (n.d.). Retrieved from https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx