Analyzing Information Governance Failures: HH Hospital Case Study
VerifiedAdded on 2020/03/23
|9
|2258
|92
Case Study
AI Summary
This case study analyzes a case of internal fraud at HH Hospital, where an employee exploited weaknesses in the information system to steal $80,000. The assignment explores the technical, organizational, and people-related factors that contributed to the fraud, highlighting the lack of security checks, departmental linkages, and breaches of company regulations. It proposes an information audit plan to address these weaknesses, outlining steps such as notifying legal counsel, informing senior management, and conducting an internal inquiry. The study also examines the principles of information governance, including disposition, availability, accountability, and protection, and how these principles can be applied to prevent future incidents. Furthermore, the case study discusses the ethical dilemma surrounding the actions to be taken against the employee, considering the theories of rights and duties and consequentialism, and suggesting a course of action. Finally, it emphasizes the importance of a robust information governance framework and an internal audit plan to control and manage information, ensure compliance, and mitigate risks within organizations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Case study 1
INFORMATION GOVERNANCE
Author
Course
Professor
University
City, State
Date
INFORMATION GOVERNANCE
Author
Course
Professor
University
City, State
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Case study 2
INFORMATION GOVERNANCE
Internal fraud within organizations is common and results in loss in terms of revenue and
at times that of reputation. If not handled in a timely manner, it can lead to future occurrences
and sets a bad precedent. The case at HH involved an employee who was employed for a
relatively short period and the fraud perpetrated led to the loss of $80,000. He was able to take
advantage of the internal organizational weaknesses of the hospital. In order to prevent such a
fraud being repeated in the future, an information audit plan is recommended which will seek to
remedy the institutional gaps currently manifest at the institution.
Question one
Technical- The technical reason that contributed to the prospect of fraud was the
information system used at HH. The system shows the weakness of not having incremental
security checks in order to ensure security protocols are not broken (Seago 2016). The ideal
system should have started with the account payable clerks feeding the system with data about
vendors. It should ideally have directed to one senior clerk who is tasked with counter-checking.
The assistant manager should have counter checked for accuracy and finally ended with the
approval of the manager. The incremental security protocols of checking and counter-checking
would have reduced the prospect of fraud.
Organizational- The hospital shows the weakness of having little or no linkage between
the different departments that deal with accounts and finances ( Mercuri & Neumann 2016).
Transactions from the accounts payable department should have been availed to the general
accounting desk that is tasked with analysis. Their analysis of monthly revenue and expenditure
should have raised a red flag when they notice there was an increase in expenses. The high turn-
over at the accounts payable department creates the possibility of an employee committing fraud
INFORMATION GOVERNANCE
Internal fraud within organizations is common and results in loss in terms of revenue and
at times that of reputation. If not handled in a timely manner, it can lead to future occurrences
and sets a bad precedent. The case at HH involved an employee who was employed for a
relatively short period and the fraud perpetrated led to the loss of $80,000. He was able to take
advantage of the internal organizational weaknesses of the hospital. In order to prevent such a
fraud being repeated in the future, an information audit plan is recommended which will seek to
remedy the institutional gaps currently manifest at the institution.
Question one
Technical- The technical reason that contributed to the prospect of fraud was the
information system used at HH. The system shows the weakness of not having incremental
security checks in order to ensure security protocols are not broken (Seago 2016). The ideal
system should have started with the account payable clerks feeding the system with data about
vendors. It should ideally have directed to one senior clerk who is tasked with counter-checking.
The assistant manager should have counter checked for accuracy and finally ended with the
approval of the manager. The incremental security protocols of checking and counter-checking
would have reduced the prospect of fraud.
Organizational- The hospital shows the weakness of having little or no linkage between
the different departments that deal with accounts and finances ( Mercuri & Neumann 2016).
Transactions from the accounts payable department should have been availed to the general
accounting desk that is tasked with analysis. Their analysis of monthly revenue and expenditure
should have raised a red flag when they notice there was an increase in expenses. The high turn-
over at the accounts payable department creates the possibility of an employee committing fraud
Case study 3
and leaving the organization. This should have raised a red flag and have been investigated to
find the root cause.
People- Sharon Harris should not have suggested her son to come and work in the same
department as this was against the company regulations. The accounts manager should also not
have accepted to hire Harris on the same argument and additionally failed to undertake a
background check when she confirmed his employment as being permanent. The accounts
payable manager also broke organizational requirements of not interviewing other candidate and
hired Harris at her discretion (Van Vugt 2017). There was breach of organizational protocols by
the chief financial officer due to sentimental reasons, even after the matter was brought to his
attention.
Question two
The first step that needs to be taken by the auditor is to notify the legal counsel department
(Bayuk 2009). This department will give advice on how to protect the reputation of the hospital.
Further counsel will be given so as to safeguard against lawsuits that may be instituted by the
party concerned. The counsel is also important in preparing the charges that may be instituted
against the employee who has committed the fraud. In the event that the employee involves their
private legal representative, the company counsel will represent it. The employee may also
decide to confess and write a confession which needs to be recorded according to the stipulations
set out by the law.
The second step is to inform the board and senior management of the hospital. The board and
senior management are the ones with authority to take disciplinary action or suspend employees.
The manager and her assistant could be asked to go on temporary leave as further investigations
are undertaken in the accounts payable department. They are also tasked with authorizing an
and leaving the organization. This should have raised a red flag and have been investigated to
find the root cause.
People- Sharon Harris should not have suggested her son to come and work in the same
department as this was against the company regulations. The accounts manager should also not
have accepted to hire Harris on the same argument and additionally failed to undertake a
background check when she confirmed his employment as being permanent. The accounts
payable manager also broke organizational requirements of not interviewing other candidate and
hired Harris at her discretion (Van Vugt 2017). There was breach of organizational protocols by
the chief financial officer due to sentimental reasons, even after the matter was brought to his
attention.
Question two
The first step that needs to be taken by the auditor is to notify the legal counsel department
(Bayuk 2009). This department will give advice on how to protect the reputation of the hospital.
Further counsel will be given so as to safeguard against lawsuits that may be instituted by the
party concerned. The counsel is also important in preparing the charges that may be instituted
against the employee who has committed the fraud. In the event that the employee involves their
private legal representative, the company counsel will represent it. The employee may also
decide to confess and write a confession which needs to be recorded according to the stipulations
set out by the law.
The second step is to inform the board and senior management of the hospital. The board and
senior management are the ones with authority to take disciplinary action or suspend employees.
The manager and her assistant could be asked to go on temporary leave as further investigations
are undertaken in the accounts payable department. They are also tasked with authorizing an
Case study 4
exhaustive internal inquiry of the departments involved. Releasing the information involving the
fraud to the public is also at their discretion. The internal auditor should also inform the internal
security officer so that steps can be taken to protect the evidence gathered.
Question three
The information governance within a hospital helps to control and manage the information that
supports the organizations activities and ensures compliance within it. It helps to establish the
hospital policy and prioritizes values and investments (American Health Information
Management Association 2014).Information is protected and insulated from organizational or
individual bias and this ensures that it operates within the legal requirements set out by the law.
This leads to reduced organizational risks and costs, increases quality of care and efficiency at
the hospital (Glandon, Slovensky & Smaltz 2014). It is the foundational framework that guides
the strategy and operational outlook adopted by the hospital.
It is guided by eight principles: disposition, availability, accountability, compliance, protection,
retention, transparency and integrity (Lazer & Mayer-Schonberger 2007). The principle of
disposition states that an organization should dispose information no longer required to be
maintained by law in a manner that is appropriate and secure (American Health Information
Management Association 2014).Availability principle requires that information should be
maintained in a manner that ensures it can be retrieved efficiently, accurately and timely.
Accountability requires that a person of seniority in leadership should oversee the information
governance program or delegate that authority appropriately. The principle of compliance states
that the program on governance of information should comply with applicable laws as well as
organizational policies (Tallon, Ramirez & Short 2013).
exhaustive internal inquiry of the departments involved. Releasing the information involving the
fraud to the public is also at their discretion. The internal auditor should also inform the internal
security officer so that steps can be taken to protect the evidence gathered.
Question three
The information governance within a hospital helps to control and manage the information that
supports the organizations activities and ensures compliance within it. It helps to establish the
hospital policy and prioritizes values and investments (American Health Information
Management Association 2014).Information is protected and insulated from organizational or
individual bias and this ensures that it operates within the legal requirements set out by the law.
This leads to reduced organizational risks and costs, increases quality of care and efficiency at
the hospital (Glandon, Slovensky & Smaltz 2014). It is the foundational framework that guides
the strategy and operational outlook adopted by the hospital.
It is guided by eight principles: disposition, availability, accountability, compliance, protection,
retention, transparency and integrity (Lazer & Mayer-Schonberger 2007). The principle of
disposition states that an organization should dispose information no longer required to be
maintained by law in a manner that is appropriate and secure (American Health Information
Management Association 2014).Availability principle requires that information should be
maintained in a manner that ensures it can be retrieved efficiently, accurately and timely.
Accountability requires that a person of seniority in leadership should oversee the information
governance program or delegate that authority appropriately. The principle of compliance states
that the program on governance of information should comply with applicable laws as well as
organizational policies (Tallon, Ramirez & Short 2013).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Case study 5
Protection ensures that that there are appropriate levels of protection from breaches, loss and
corruption. It also ensures that information is kept confidential and classified. The principle of
retention posits that information shall be stored or maintained for an appropriate time according
to the regulatory and legal requirements (American Health Information Management Association
2014). Transparency requires that an organization shall document its activities and processes in a
verifiable and open manner. The last principle of integrity states that information about an
organization has reliability and authenticity that is reasonable. This is with regards as to how the
information is generated and managed.
Question four
1. Step one-Establish the plan using the control objectives which will form the basis of
testing the audit as well as acting as the checklist. Cascarino (2007) states that this is
defined by the management and provides resources for the audit plan.
2. Fieldwork - this step involves the identification of the persons, process and technology
that will be audited. In this situation, the following will be involved in the audit plan:
accounts payable personnel, the financial systems manager, the controller and the chief
financial officer.
3. Findings- If no evidence is found that corresponds to a given control objective, this will
be labeled as a finding. The finding should include the condition, criteria, cause and
effect and concluding with the recommendation.
4. The report giving assessment- The audit should conclude with a formal report which
gives the opinion of the auditor. It should also include the objective, methodology used
and opinion of the auditor (Bayuk 2009). It may also include recommendations to the
management.
Protection ensures that that there are appropriate levels of protection from breaches, loss and
corruption. It also ensures that information is kept confidential and classified. The principle of
retention posits that information shall be stored or maintained for an appropriate time according
to the regulatory and legal requirements (American Health Information Management Association
2014). Transparency requires that an organization shall document its activities and processes in a
verifiable and open manner. The last principle of integrity states that information about an
organization has reliability and authenticity that is reasonable. This is with regards as to how the
information is generated and managed.
Question four
1. Step one-Establish the plan using the control objectives which will form the basis of
testing the audit as well as acting as the checklist. Cascarino (2007) states that this is
defined by the management and provides resources for the audit plan.
2. Fieldwork - this step involves the identification of the persons, process and technology
that will be audited. In this situation, the following will be involved in the audit plan:
accounts payable personnel, the financial systems manager, the controller and the chief
financial officer.
3. Findings- If no evidence is found that corresponds to a given control objective, this will
be labeled as a finding. The finding should include the condition, criteria, cause and
effect and concluding with the recommendation.
4. The report giving assessment- The audit should conclude with a formal report which
gives the opinion of the auditor. It should also include the objective, methodology used
and opinion of the auditor (Bayuk 2009). It may also include recommendations to the
management.
Case study 6
Emphasis of the plan should focus on the audit trail within the accounts payable department. This
is because it is the primary focus where the fraud took place (Harvard University 2017). The
sequence of events should be reconstructed, examined and reviewed. The computer record
showing system activity such as log-ins should be analyzed. This will reveal security violations
and breaches. It will also reveal who had access and what operations were performed.
The focus on the accounts payable department will help improve the data governance and
ensure that data quality within HH is improved upon. The focus should be done within the
context of analyzing the information lifecycle that captures vendor information (Bayuk 2009).
from gathering to disposing and how it can be improved. The interoperability of different
systems between departments will reveal whether or not the hospital should upgrade its current
information systems.
Question five
The ethical dilemma in this case involves the action to be taken against Harris. The
outcomes of any action taken will yield outcomes which will be negative. If the hospital decides
to sue Harris, there is a dilemma of what moral reasoning will justify instituting legal action
against him (Lo 2013). It was the duty of the hospital according to the theory of rights and duties
to exercise due diligence before employing him. Despite knowing his family links with his
mother, the hospital still proceeded to hire him. Figar & Dordevic (2016) asserts that using the
theory of consequentialism, will his dismissal and result in minimizing harm and maximizing
benefit to the hospital or not.
His dismissal and subsequent legal actions against Harris does not yield any tangible
benefits to the hospital. On the other hand, it may create unnecessary friction between the
accounts payable manager and the mother of Harris who will work while harboring a grudge
Emphasis of the plan should focus on the audit trail within the accounts payable department. This
is because it is the primary focus where the fraud took place (Harvard University 2017). The
sequence of events should be reconstructed, examined and reviewed. The computer record
showing system activity such as log-ins should be analyzed. This will reveal security violations
and breaches. It will also reveal who had access and what operations were performed.
The focus on the accounts payable department will help improve the data governance and
ensure that data quality within HH is improved upon. The focus should be done within the
context of analyzing the information lifecycle that captures vendor information (Bayuk 2009).
from gathering to disposing and how it can be improved. The interoperability of different
systems between departments will reveal whether or not the hospital should upgrade its current
information systems.
Question five
The ethical dilemma in this case involves the action to be taken against Harris. The
outcomes of any action taken will yield outcomes which will be negative. If the hospital decides
to sue Harris, there is a dilemma of what moral reasoning will justify instituting legal action
against him (Lo 2013). It was the duty of the hospital according to the theory of rights and duties
to exercise due diligence before employing him. Despite knowing his family links with his
mother, the hospital still proceeded to hire him. Figar & Dordevic (2016) asserts that using the
theory of consequentialism, will his dismissal and result in minimizing harm and maximizing
benefit to the hospital or not.
His dismissal and subsequent legal actions against Harris does not yield any tangible
benefits to the hospital. On the other hand, it may create unnecessary friction between the
accounts payable manager and the mother of Harris who will work while harboring a grudge
Case study 7
against the hospital. Chaplais, Mard & Marsat (2016) asserts that the best course of action would
be to dismiss him without instituting legal action against him in light of his medical status. On
the other hand, the CFO and the accounts payable manager should be held liable to pay the loss
of $80,000. This will serve as an example that will ensure managers act in compliance with
hospital regulations.
Internal fraud within organizations is common and results in loss in terms of revenue and
at times that of reputation. In order to avoid cases of fraud being repeated, an internal audit plan
is important in leading to proper recommendations for future action. The audit plan should be
guided by the information governance adopted by an organization. The information governance
structure will ensure that certain principles such as accountability and availability of information
are adhered. In cases where fraud leads to an ethical dilemma, using organizational ethics will
assist the management in making an ethical decision.
against the hospital. Chaplais, Mard & Marsat (2016) asserts that the best course of action would
be to dismiss him without instituting legal action against him in light of his medical status. On
the other hand, the CFO and the accounts payable manager should be held liable to pay the loss
of $80,000. This will serve as an example that will ensure managers act in compliance with
hospital regulations.
Internal fraud within organizations is common and results in loss in terms of revenue and
at times that of reputation. In order to avoid cases of fraud being repeated, an internal audit plan
is important in leading to proper recommendations for future action. The audit plan should be
guided by the information governance adopted by an organization. The information governance
structure will ensure that certain principles such as accountability and availability of information
are adhered. In cases where fraud leads to an ethical dilemma, using organizational ethics will
assist the management in making an ethical decision.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Case study 8
References
American Health Information Management Association, 2014, Information governance
principles for healthcare, viewed 22 September, < www.ahima.org/~/media/AHIMA/Files/HIM-
Trends/IG_Principles.ashx>
Bayuk, J, 2009, Information systems audit: the basics, viewed 22 September, <
https://www.csoonline.com/article/2124025/it-audit/information-systems-audit--the-basics.html>
Cascarino, R, 2007, Auditor's guide to information systems auditing, Hoboken, N.J., John Wiley
& Sons. http://www.123library.org/book_details/?id=5989.
Chaplais, C, Mard, Y, & Marsat, S, 2016, 'The auditor facing ethical dilemmas: the impact of
ethical training on compliance with a code of conduct', [L'auditeur face auxdilemmes ethiques :
l'impactd'une formation a l'ethiquesur la conformite au codede deontologie], Comptabilité
Contrôle Audit (English Edition), vol. 22, no. 1, pp. I-XXX.
Figar, N, & Đorđević, B, 2016, 'MANAGING AN ETHICAL DILEMMA', [UPRAVLJANJE
ETIČKOM DILEMOM], Economic Themes, vol. 54, no. 3, pp. 345-362.
Glandon, GL, Slovensky, DJ, & Smaltz, DH, 2014, Information Systems for Healthcare
Management, Eighth edition, Health Administration Press, Chicago, IL.
Harvard University, 2017, Information systems audit, viewed 22 September, <
https://rmas.fad.harvard.edu/pages/information-systems-audit>
Lazer, D, & Mayer-Schönberger, V, 2007, Governance and Information Technology : From
Electronic Government to Information Government, The MIT Press, Cambridge, Mass.
Lo, B, 2013, Resolving ethical dilemmas a guide for clinicians. Philadelphia, Pa, Lippincott
Williams & Wilkins. http://meded.lwwhealthlibrary.com/book.aspx?bookid=823>
References
American Health Information Management Association, 2014, Information governance
principles for healthcare, viewed 22 September, < www.ahima.org/~/media/AHIMA/Files/HIM-
Trends/IG_Principles.ashx>
Bayuk, J, 2009, Information systems audit: the basics, viewed 22 September, <
https://www.csoonline.com/article/2124025/it-audit/information-systems-audit--the-basics.html>
Cascarino, R, 2007, Auditor's guide to information systems auditing, Hoboken, N.J., John Wiley
& Sons. http://www.123library.org/book_details/?id=5989.
Chaplais, C, Mard, Y, & Marsat, S, 2016, 'The auditor facing ethical dilemmas: the impact of
ethical training on compliance with a code of conduct', [L'auditeur face auxdilemmes ethiques :
l'impactd'une formation a l'ethiquesur la conformite au codede deontologie], Comptabilité
Contrôle Audit (English Edition), vol. 22, no. 1, pp. I-XXX.
Figar, N, & Đorđević, B, 2016, 'MANAGING AN ETHICAL DILEMMA', [UPRAVLJANJE
ETIČKOM DILEMOM], Economic Themes, vol. 54, no. 3, pp. 345-362.
Glandon, GL, Slovensky, DJ, & Smaltz, DH, 2014, Information Systems for Healthcare
Management, Eighth edition, Health Administration Press, Chicago, IL.
Harvard University, 2017, Information systems audit, viewed 22 September, <
https://rmas.fad.harvard.edu/pages/information-systems-audit>
Lazer, D, & Mayer-Schönberger, V, 2007, Governance and Information Technology : From
Electronic Government to Information Government, The MIT Press, Cambridge, Mass.
Lo, B, 2013, Resolving ethical dilemmas a guide for clinicians. Philadelphia, Pa, Lippincott
Williams & Wilkins. http://meded.lwwhealthlibrary.com/book.aspx?bookid=823>
Case study 9
Mercuri, RT, & Neumann, PG, 2016, 'The Risks of Self-Auditing Systems', Communications of
the ACM, vol. 59, no. 6, pp. 22-25. Available from: 10.1145/2909877. [22 September 2017].
Seago, J, 2016, 'A Unified Approach to Compliance: Businesses benefit from a proactive
partnership between internal audit and the compliance function', Internal Auditor, vol. 73, no. 5,
pp. 49-53.
Tallon, PP, Ramirez, RV, & Short, JE, 2013, 'The Information Artifact in IT Governance:
Toward a Theory of Information Governance', Journal of Management Information Systems, vol.
30, no. 3, pp. 141-178. Available from: 10.2753/MIS0742-1222300306. [22 September 2017].
Van Vugt, M, 2017, 'Evolutionary psychology: theoretical foundations for the study of
organizations', Journal of Organization Design, vol. 6, no. 1, pp. 1-16. Available from:
10.1186/s41469-017-0019-9. [22 September 2017].
Mercuri, RT, & Neumann, PG, 2016, 'The Risks of Self-Auditing Systems', Communications of
the ACM, vol. 59, no. 6, pp. 22-25. Available from: 10.1145/2909877. [22 September 2017].
Seago, J, 2016, 'A Unified Approach to Compliance: Businesses benefit from a proactive
partnership between internal audit and the compliance function', Internal Auditor, vol. 73, no. 5,
pp. 49-53.
Tallon, PP, Ramirez, RV, & Short, JE, 2013, 'The Information Artifact in IT Governance:
Toward a Theory of Information Governance', Journal of Management Information Systems, vol.
30, no. 3, pp. 141-178. Available from: 10.2753/MIS0742-1222300306. [22 September 2017].
Van Vugt, M, 2017, 'Evolutionary psychology: theoretical foundations for the study of
organizations', Journal of Organization Design, vol. 6, no. 1, pp. 1-16. Available from:
10.1186/s41469-017-0019-9. [22 September 2017].
1 out of 9
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.