Information Governance Case Study: Fraud Detection and Prevention

Verified

Added on 2023/06/04

AI Summary

This case study examines employee fraud within Healthy Hospital, highlighting critical breakdowns in information technology and management controls, including the falsification of business records and a lack of segregation of duties. The analysis explores the reasons contributing to the fraud, the auditor's role in handling the situation, and crucial information governance considerations such as system documentation, change management, and long-term information use. An information auditing plan is outlined, emphasizing preliminary assessments, knowledge gathering, and staff interviews. The case also addresses the ethical dilemmas that arise and provides recommendations for fraud prevention, including improving employee awareness, implementing robust internal controls, and promoting a positive corporate culture. The importance of monitoring vacation balances and segregation of duties is emphasized to deter future fraudulent activities.

INFORMATION GOVERNANCE 1
Name:
Course:
Professors name:
Institution:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INFORMATION GOVERNANCE 2
Introduction
Information systems provide dishonest employees holding key job positions an
opportunity to implement and develop a fraudulent scheme. Acccording to Surdak (2014, p. 56)
overriding internal controls may create a conducive environment for fraud to occur hence the
need for internal auditors who are specialized in information systems who can identify fraudulent
acts that are taking place in the company. This allows the company to put some preventative
measures in place to reduce the possinle occurrence of fraud. But if fraud has already taken
place, internal auditors are the ones who are tasked with leading the investigations.
This article analyzes fraud by a certain employee, involving falsification of the records
of the business, breakdown of management controls and internal information technology and
failure to segregate duties. Its main purpose is to introduce us to an employee fraud that is very
common and show us how we can use professional guidance to deal with such a situation.
Case summary
Healthy hospital has an internal audit department with two auditors specialized in
information systems. One of the hospital’s standard operating procedures was to run a
background investigation when hiring employees who are to hold sensitive positions in the
organization. Also, the hospital’s policies prohibited members from the same family to work in
sensitive departments as it would impact the integrity of the company’s documents. Otherwise,
this should be a red flag that the internal auditors should raise as such situations create a
conducive environment for potential fraudulent acts.
The internal auditor is the tasked to start fraud investigation in case it occurs. He starts
by analyzing all copies of relevant reports on the information system and review of the

INFORMATION GOVERNANCE 3
department involved in the fraudulent activities procedures so as to discover all loopholes that
led to the fraud. Also, for the successful investigation of fraud, the internal auditor requires total
cooperation from other departments if required. This is because; accounting information systems
provides information necessary for the internal auditor to prevent, and in the case of occurrence,
to detect fraudulent practices in the organization. This is to inform all the management personnel
about the fraud and inform them about the potential legal and disciplinary actions to take.
1. Reasons contributing to the prospect of this farud
The occurrence of this fraud shows that the Hospital’s internal controls have made fraud
minimization and detection difficult therefore making it easy for employees to commit this kind
of a crime. It also shows that this accountant had the requisite knowledge and skills to commit
this kind of irregularity and to preserve the evidence. This shows that the hospital requires a
more sophisticated approach from detection to prevention, to be able to cab these frauds. The
occurrence of his fraud also shows that when controls are broken down, fraud is likely to occur
and in most cases, it might go undetected for a longer period.
Where one can perform multiple duties involved in a transaction, fraud risk increases.
This is perfectly shown in our case where the perpetrator carried out different duties by himself,
therefore, no obstacle towards committing the fraud. This indicates that if there was a separation
of duties in the first place, chances of this fraud occurring would have declined dramatically.
Also, the fact that the hospital’s documents could be easily modified inclines the employees
more to engage in this kind of irregularity. In this case, several documents were forged and also
printing and mailing checks which were used in this act. We can also see that, when the
accountant supervisor was on vacation, it allow the accountant time to commit and try to

INFORMATION GOVERNANCE 4
preserve the evidence indicating that the accountant's integrity was questionable as he took the
first chance he got to commit the fraud making it a natural deterrent.
2. How the auditor should handle the situation
The internal auditor is required to help the hospital to reduce the risk of fraud by
evaluating and examining internal controls also point out the hospitals role in the risk of fraud
management and then examine how effective they are. In this case, the hospitals management
overrode one of their policies which prohibit same members of a family working in the same
department, especially in sensitive departments, as this compromised the integrity of any work
that they do. And it would also increase the potential occurrence of fraudulent activities in the
future.
The existence of appropriate and sufficient detective methods of control is a strong
deterrent to any fraudulent activities. These methods are used together with preventive methods
to increase the effectiveness of the program of managing fraud risk by providing evidence that
the methods of prevention are working so as to detect fraud that may occur. But as we can see
from this fraud that occurred in Healthy Hospital, detection controls may prove that fraud has
occurred but they didn’t prevent the irregularity from occurring. Reason being, internal control
methods are made to provide warnings and evidence that fraudulent activities are taking place or
they have already occurred. Therefore, the auditor needs to come effective internal methods of
control which the strong and can actually prevent or reduce fraudulent procedures or conducts.
Also after this incident, the auditor should now be aware of any control deficiency in
the organization and should raise practical recommendations so as to reduce the opportunity of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INFORMATION GOVERNANCE 5
any other fraud from occurring in the future as these deficiencies in the controls provide
fraudsters with an opportunity to perpetrate fraud.
3. Information governance considerations
One of the considerations is for the hospital to assess their system documentation
requirements need. Information about the systems may be critical for their management and also
for the ongoing use of these systems. It also important to have point in time representations to be
able to identify the rules and processes present at any specific point in time. Second
consideration should be to manage and plan any change that may occur. When the hospital
decides to deploy new systems, effective training and change management is required for the
organizational culture maintenance valuing information management.
Third consideration is to be aware of the impact of information-related system change.
This is to make sure that important information which would still be useful beyond the hospital’s
immediate needs is captured the same way after implementing new systems. Fourth
consideration is planning for the hospital’s information’s stability and long-term use. Reason
being that some information that is in the current systems might outlive these systems, and may
be needed in the future, therefore, that information should remain useable and accessible.
4. Information auditing plan for Healthy Hospital
First carry out preliminary assessments as the results of this assessment will provide the
auditor the basis in determining the type and extent of subsequent testing. If the auditor obtains
evidence that certain control procedures or policies are ineffective, he may find reevaluating
earlier conclusions and other decisions made based on these conclusions necessary. Secondly, is
to gather knowledge and input on the criticality of the hospitals information system. This will

INFORMATION GOVERNANCE 6
help in evaluating the policies and procedures which if not adhered to will have a serious impact
on the hospitals management and may also lead to creating a conducive environment for
fraudulent activities to take place. This is one area where the auditor should put more emphasis
on because it is one of the reasons why the irregularity at Healthy Hospital happened in the first
place.
Thirdly, is to visit and interview key staff members in various departments with the aim
of gathering as much information as needed about financial and inherent risks that they may be
facing in their respective departments. This will help the internal auditor to identify potential
problems that may arise and also come up with measures to prevent them from happening or any
fraudulent activity that might be carried out in those departments.
5. How to handle the ethical dilemma
The ethical dilemmas in this case have risen because of breaking the law as the law is
very straightforward on what is allowed and what is not. Therefore the resolution to these
dilemmas is clear as well. All the employees are expected to follow the law, so stealing money
from the hospital for personal use is not allowed; therefore disciplinary action should be taken on
that specific employee and any other person who might be involved.
That being the case, it is important not to fire that employee in a rush as outline protocol
should be followed. I could start by restricting the employees his duties, pending investigation,
as we wait to determine whether the employee actually intentionally broke the law, and then call
the authorities.

INFORMATION GOVERNANCE 7
Recommendations
From this case, the management should know their employees better. Reason being,
listening and observing to the employees could help the hospital’s management to identify any
potential fraud risk. Hence, it is important for the management to take time and get to know their
employees and be involved with them. Secondly, make employees and everyone in the
organization aware of all types of fraud and their consequences. This is to make those planning
to engage in fraudulent acts that the management is observing them and hopefully be deterred by
it. This will also make honest employees aware of possible fraud signs. Thirdly, to implement
internal controls so as to safeguard the hospital’s assets and also ensure accounting records
integrity and deter any fraudulent activity. Segregation of duties is a key internal control
component that reduces the risk of fraud occurrence.
Fourth, monitor vacation balances as there could be some employees who haven’t
missed work even in a single day in years. While this can be a good thing, it could also mean that
the employee is hiding something and is afraid that someone might detect their fraud if they are
out (Steve 2013, p. 68). It might also be a good idea to apply employee rotation to various jobs
within the organization. Fifth, is to live the corporate culture as a good working environment
may prevent fraud or theft by the employees. The organization structure, fair employment
practices, written policies should be clear. An open-door policy could be a great fraud hindrance
system as employees will have open communication with the management. Senior management
and business owners should lead by example by holding employees accountable for their own
actions.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION GOVERNANCE 8
References
Steve, F. (2013). Corporate Governance and Information Content of Stock Trades: Evidence
from S&p 100 Companies. The International Journal of Business and Finance Research, 7(3),
65-78.
Surdak, C. (2014). Data Crush: How the Information Tidal Wave Is Driving New Business
Opportunities. New York: AMACOM