Information Governance: A Case Study of Fraud at HH Hospital
VerifiedAdded on 2023/06/04
|7
|2187
|313
Case Study
AI Summary
This case study examines a fraud incident at HH Hospital, attributing it to technical, organizational, and people-related factors. The failure to delete a former employee's vendor file, a violation of nepotism policies, and the CFO's disregard for potential risks all contributed to the fraud. The internal audit manager could have addressed the situation by acquiring, managing, and disseminating information on the fraud, as well as managing various fraud schemes. Effective information governance, including accountability, integrity, availability, transparency, and compliance, is crucial for healthcare institutions to improve quality, reduce costs and risks, and increase operational efficiency. An information audit plan should include understanding the organization's functions, ascertaining resource allocation, choosing a methodology, developing a communication strategy, and enlisting management support. Ethical dilemmas, such as nepotism and overlooking employee backgrounds, should be handled through incorporating multiple interviewers, strictly observing the code of ethics, and thoroughly vetting employee backgrounds. Desklib offers solved assignments and past papers for students.
Information Governance 1
INFORMATION GOVERNANCE
Student Name
Name of the Course
Professor Name
Name of the School
City or State located
Date
INFORMATION GOVERNANCE
Student Name
Name of the Course
Professor Name
Name of the School
City or State located
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information Governance 2
Question 1
Fraud is considered a deliberate course of deception with the aim of gaining an unfair
advantage (Lotich, 2017). Over the years, employee fraud has led to the loss of billions of
dollars. According to the Association of certified fraud examiners, about 2.7 billion dollars is lost
daily (Lotich, 2017). Fraud is a common occurrence and therefore, organizations that fail to deal
with the threat end up facing increased vulnerability to fraud.
In the case in HH hospital, the following reasons contributed to the prospect of the fraud;
One, we have technical reasons. After Matt Harris lands another new job from the company, his
accounts payable vendor file was not deleted by his boss Tracy Downs. This provided an
opportunity for Matt to forge about six disbursement authorization forms without much struggle.
For example, Max was able to input the data in his fraudulent forms into the accounts payable
accounting module that was under his vendor account. Another technical issue that promoted his
fraudulent activity was being left in charge of semi-weekly cash disbursement. This allowed
Matt to conduct his activities without suspicion.
Secondly, we have organizational reasons. According to the hospital's policies, it was
prohibited for members of the same family to be working together in a sensitive department. This
is because, it could negatively impact the integrity or safekeeping of corporate documents and
assets. Matt Harris who was to be hired as the accounts payable clerk was a son to Sharon Harris
who was the senior accounts, payable clerk. At first, this was considered a red flag since it
indicated an environment suitable for a potentially fraudulent activity. However, when Mr.
Walters, the internal audit manager brought the issue to the James Smith, the CFO, he
disregarded the matter even though it was against the company’s policy.
Lastly, we have people related reasons. Since Matt’s mother was one of the most
dedicated members in the accounts payable department and had won numerous employee awards
as the best employee, the CFO, James Smith saw no problem with Matt working under the same
sensitive department with his mother. He felt since Matt’s mother was honorable, his son would
be like her mother. Even after being warned it was a ground that could encourage fraud, James
did not agree to reassign Matt to another department. Also, when Sharon Harris recommended
her son to Tracy Downs for employment, she immediately hired him without considering other
Question 1
Fraud is considered a deliberate course of deception with the aim of gaining an unfair
advantage (Lotich, 2017). Over the years, employee fraud has led to the loss of billions of
dollars. According to the Association of certified fraud examiners, about 2.7 billion dollars is lost
daily (Lotich, 2017). Fraud is a common occurrence and therefore, organizations that fail to deal
with the threat end up facing increased vulnerability to fraud.
In the case in HH hospital, the following reasons contributed to the prospect of the fraud;
One, we have technical reasons. After Matt Harris lands another new job from the company, his
accounts payable vendor file was not deleted by his boss Tracy Downs. This provided an
opportunity for Matt to forge about six disbursement authorization forms without much struggle.
For example, Max was able to input the data in his fraudulent forms into the accounts payable
accounting module that was under his vendor account. Another technical issue that promoted his
fraudulent activity was being left in charge of semi-weekly cash disbursement. This allowed
Matt to conduct his activities without suspicion.
Secondly, we have organizational reasons. According to the hospital's policies, it was
prohibited for members of the same family to be working together in a sensitive department. This
is because, it could negatively impact the integrity or safekeeping of corporate documents and
assets. Matt Harris who was to be hired as the accounts payable clerk was a son to Sharon Harris
who was the senior accounts, payable clerk. At first, this was considered a red flag since it
indicated an environment suitable for a potentially fraudulent activity. However, when Mr.
Walters, the internal audit manager brought the issue to the James Smith, the CFO, he
disregarded the matter even though it was against the company’s policy.
Lastly, we have people related reasons. Since Matt’s mother was one of the most
dedicated members in the accounts payable department and had won numerous employee awards
as the best employee, the CFO, James Smith saw no problem with Matt working under the same
sensitive department with his mother. He felt since Matt’s mother was honorable, his son would
be like her mother. Even after being warned it was a ground that could encourage fraud, James
did not agree to reassign Matt to another department. Also, when Sharon Harris recommended
her son to Tracy Downs for employment, she immediately hired him without considering other
Information Governance 3
candidates or even understanding why he was laid off from a similar job he was holding before
at a manufacturing company.
Question 2
Before the fraud happened, the Internal Audit Manager had detected some red flags that
provided an environment for fraudulent activity. This could have been of assistance to the
organization, but the CFO disregarded the idea. The Internal Audit Manager can handle the
situation through various ways. One, we have acquisition of the information on fraud. This will
include either a testimony from the victim of information found during the process of auditing
(Matriciani, 2014). Secondly, we have the management of the information relating to the fraud.
This will involve the strategies on how the fraud will be addressed on the basis of the
information collected.
Thirdly, we have the management of the database of information on fraud. Since the
transactions that were carried out included cash disbursements through the information system,
managing the information in the system is crucial. This would help determine other vulnerable
areas that are difficult to identify. Fourthly, we have dissemination of the audit report. This
would help the interested parties understand the source and reason for the fraud. It would also
pinpoint areas that need to be reevaluated in order to prevent such incidences (Botha, and Boon,
2003, pg. 34). Lastly, we have the management of various fraud schemes. This would ensure that
fraud prevention is key since when the red flags are identified in different organization practices,
the risk of fraud incidences would be eliminated.
Question 3
Information governance is a crucial aspect in all organizations since it assists with
controlling information through supporting organizational activities hence ensuring the
compliance to duties. Information governance establishes accountability for managing
information, policies, and protection of informational assets thus making it vital for healthcare
institutions (Primeau, 2018). Information governance assists in improving healthcare quality,
reduction of costs and risks and lastly increase operation efficiency.
The various information governance considerations in a hospital include; One, we have
accountability. The governing body of a healthcare organization is responsible for ensuring the
candidates or even understanding why he was laid off from a similar job he was holding before
at a manufacturing company.
Question 2
Before the fraud happened, the Internal Audit Manager had detected some red flags that
provided an environment for fraudulent activity. This could have been of assistance to the
organization, but the CFO disregarded the idea. The Internal Audit Manager can handle the
situation through various ways. One, we have acquisition of the information on fraud. This will
include either a testimony from the victim of information found during the process of auditing
(Matriciani, 2014). Secondly, we have the management of the information relating to the fraud.
This will involve the strategies on how the fraud will be addressed on the basis of the
information collected.
Thirdly, we have the management of the database of information on fraud. Since the
transactions that were carried out included cash disbursements through the information system,
managing the information in the system is crucial. This would help determine other vulnerable
areas that are difficult to identify. Fourthly, we have dissemination of the audit report. This
would help the interested parties understand the source and reason for the fraud. It would also
pinpoint areas that need to be reevaluated in order to prevent such incidences (Botha, and Boon,
2003, pg. 34). Lastly, we have the management of various fraud schemes. This would ensure that
fraud prevention is key since when the red flags are identified in different organization practices,
the risk of fraud incidences would be eliminated.
Question 3
Information governance is a crucial aspect in all organizations since it assists with
controlling information through supporting organizational activities hence ensuring the
compliance to duties. Information governance establishes accountability for managing
information, policies, and protection of informational assets thus making it vital for healthcare
institutions (Primeau, 2018). Information governance assists in improving healthcare quality,
reduction of costs and risks and lastly increase operation efficiency.
The various information governance considerations in a hospital include; One, we have
accountability. The governing body of a healthcare organization is responsible for ensuring the
Information Governance 4
adoption of information governance practices (Ahima.org., 2014). The policies adopted aid in
guiding the workforce and ensuring the work operations can be audited and improved. In
addition, the information governance program should be able to remediate identified issues and
designate qualified personnel for the for implementing the program.
Two, we a have integrity. The information governance program should be able to provide
a reasonable guarantee of reliability and authenticity on the information generated (Schweber,
2015). For the healthcare industry, integrity is crucial since it determines the trust of information.
Adherence to the integrity of information should include aspects such as reliability of
information, compliance with organization policies, reliable information control systems and
suitable workforce training.
Three, we have availability. A healthcare organization should be able to maintain
information in such a way that it ensures accurate, timely and efficient retrieval (Ahima.org.,
2014). Stakeholder trust depends on the organization's ability to ensure efficiency of
informational availability. By having the right information available when needed will depend on
the organization’s capability to address various demands. Since many transactions occur
electronically, an organization should determine levels of contingencies, failover, and
redundancy in order to ensure critical information availability.
Four, we have transparency. A healthcare organization’s governance practices must be
documented verifiably. Documentation of the same should be available to all interested parties
primarily within legal limitations. The clearest evidence of the transparency of an organization’s
operations is reflected in the organization’s records and information (Ahima.org., 2014). Lastly,
we have compliance. The information governance should be compliant with regulations and
standards. For example, compliance to laws concerning fraud, privacy and confidentiality are
crucial for a healthcare organization.
Question 4
An information audit determines a current information environment through mapping
aspects such as how the information is maintained and delivered, what information is available
and where the information is stored (Dubois, 1995). The information auditing plan for HH will
include the following elements;
adoption of information governance practices (Ahima.org., 2014). The policies adopted aid in
guiding the workforce and ensuring the work operations can be audited and improved. In
addition, the information governance program should be able to remediate identified issues and
designate qualified personnel for the for implementing the program.
Two, we a have integrity. The information governance program should be able to provide
a reasonable guarantee of reliability and authenticity on the information generated (Schweber,
2015). For the healthcare industry, integrity is crucial since it determines the trust of information.
Adherence to the integrity of information should include aspects such as reliability of
information, compliance with organization policies, reliable information control systems and
suitable workforce training.
Three, we have availability. A healthcare organization should be able to maintain
information in such a way that it ensures accurate, timely and efficient retrieval (Ahima.org.,
2014). Stakeholder trust depends on the organization's ability to ensure efficiency of
informational availability. By having the right information available when needed will depend on
the organization’s capability to address various demands. Since many transactions occur
electronically, an organization should determine levels of contingencies, failover, and
redundancy in order to ensure critical information availability.
Four, we have transparency. A healthcare organization’s governance practices must be
documented verifiably. Documentation of the same should be available to all interested parties
primarily within legal limitations. The clearest evidence of the transparency of an organization’s
operations is reflected in the organization’s records and information (Ahima.org., 2014). Lastly,
we have compliance. The information governance should be compliant with regulations and
standards. For example, compliance to laws concerning fraud, privacy and confidentiality are
crucial for a healthcare organization.
Question 4
An information audit determines a current information environment through mapping
aspects such as how the information is maintained and delivered, what information is available
and where the information is stored (Dubois, 1995). The information auditing plan for HH will
include the following elements;
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information Governance 5
i. Understanding the organization’s functions.
This element is critical since it determines the success of an information audit. The areas
to be understood in the organization will include culture, structure, relationships and
communication issues (Henczel, 2000, pg. 218). This will help minimize obstacles hence
maximizing opportunities. In this step, I will seek to majorly understand the functions of
sensitive departments such as finance and IT department. This will help detect early signs of
organization irregularities that may promote fraud.
ii. Ascertaining the scope of resource allocation.
This step will involve determining whether the resources needed for conducting the audit
process are available and also areas within the organization that will be audited. Determining the
scope may involve physically deciding areas in the organization that will be included in the audit
(Henczel, 2000, pg. 219). In my case, more emphasis will be on the compliance to organization
policies. This is because, if the Chief Financial Officer had agreed there was a flaw in the
recruitment of Matt, no fraud could have arisen. Resource allocation, on the other hand, will
include elements such as technical resources, people, time and money.
iii. Choosing a methodology.
This will involve the structure that will aid in conducting the information audit. This is
because, data must be collected, analyzed and evaluated (Buchanan and Gibb, 2008, pg. 5). I will
also put more emphasis on this area because if the information is collected and analyzed
wrongly, the findings will misdirect.
iv. Developing a communication strategy.
Ensuring an efficient communication channel allows for the effective running of the
audit. By ensuring everyone understands the objective of the audit will ensure everyone
understands his or her role in data collection (Henczel, 2000, pg. 219).
v. Enlisting Management Support.
Having the support of the management is crucial. By having a structured business case
for the audit will ensure the approval of the allocation of resources. This ensures other steps in
the audit process are worked through effectively (Henczel, 2000, pg. 220).
i. Understanding the organization’s functions.
This element is critical since it determines the success of an information audit. The areas
to be understood in the organization will include culture, structure, relationships and
communication issues (Henczel, 2000, pg. 218). This will help minimize obstacles hence
maximizing opportunities. In this step, I will seek to majorly understand the functions of
sensitive departments such as finance and IT department. This will help detect early signs of
organization irregularities that may promote fraud.
ii. Ascertaining the scope of resource allocation.
This step will involve determining whether the resources needed for conducting the audit
process are available and also areas within the organization that will be audited. Determining the
scope may involve physically deciding areas in the organization that will be included in the audit
(Henczel, 2000, pg. 219). In my case, more emphasis will be on the compliance to organization
policies. This is because, if the Chief Financial Officer had agreed there was a flaw in the
recruitment of Matt, no fraud could have arisen. Resource allocation, on the other hand, will
include elements such as technical resources, people, time and money.
iii. Choosing a methodology.
This will involve the structure that will aid in conducting the information audit. This is
because, data must be collected, analyzed and evaluated (Buchanan and Gibb, 2008, pg. 5). I will
also put more emphasis on this area because if the information is collected and analyzed
wrongly, the findings will misdirect.
iv. Developing a communication strategy.
Ensuring an efficient communication channel allows for the effective running of the
audit. By ensuring everyone understands the objective of the audit will ensure everyone
understands his or her role in data collection (Henczel, 2000, pg. 219).
v. Enlisting Management Support.
Having the support of the management is crucial. By having a structured business case
for the audit will ensure the approval of the allocation of resources. This ensures other steps in
the audit process are worked through effectively (Henczel, 2000, pg. 220).
Information Governance 6
Question 5
HH hospital practices incorporate various ethical dilemmas. In handling the ethical
dilemmas, I would employ the following ways; One, incorporating other interviewers in case of a
job opening. I would ensure Matt is part of other interviewers even after being recommended by
the mother. This would provide the other people equal chances to participate which is a crucial
aspect of ethics (Romanelli, 2018, pg. 120). Two, observance of the code of ethics. For example,
the hospital's policy is against nepotism. However, the Chief Financial Officer overlooked this
aspect. I would ensure the code of ethics in the organization is followed strictly without failure.
Thirdly, I would ensure that every employee’s background details are known. For example,
Matt’s reasons for being laid off from his earlier job could be determined hence reducing the
chances of his fraudulent activity. Also, his health condition could be determined and appropriate
help administered.
Question 5
HH hospital practices incorporate various ethical dilemmas. In handling the ethical
dilemmas, I would employ the following ways; One, incorporating other interviewers in case of a
job opening. I would ensure Matt is part of other interviewers even after being recommended by
the mother. This would provide the other people equal chances to participate which is a crucial
aspect of ethics (Romanelli, 2018, pg. 120). Two, observance of the code of ethics. For example,
the hospital's policy is against nepotism. However, the Chief Financial Officer overlooked this
aspect. I would ensure the code of ethics in the organization is followed strictly without failure.
Thirdly, I would ensure that every employee’s background details are known. For example,
Matt’s reasons for being laid off from his earlier job could be determined hence reducing the
chances of his fraudulent activity. Also, his health condition could be determined and appropriate
help administered.
Information Governance 7
References
Ahima.org. (2014). INFORMATION GOVERNANCE Principles for Healthcare (IGPHC).
[online] Available at:
http://www.ahima.org/~/media/AHIMA/Files/HIM-Trends/IG_Principles.ashx [Accessed 20
Sep. 2018].
Botha, H. and Boon, J.A., 2003. The information audit: principles and guidelines. Libri, 53(1),
pp.23-38.
Buchanan, S. and Gibb, F., 2008. The information audit: Methodology selection. International
journal of information management, 28(1), pp.3-11.
Dubois, C. (1995). The information audit: its contribution to decision making. [online]
Emeraldinsight.com. Available at:
https://www.emeraldinsight.com/doi/10.1108/01435129510093746 [Accessed 20 Sep. 2018].
Henczel, S., 2000. The information audit as a first step towards effective knowledge
management: an opportunity for the special librarian. Inspel, 34(3/4), pp.210-226.
Lotich, P. (2017). 10 Ways to Protect Your Organization from Employee Fraud — The Thriving
Small Business. [online] The Thriving Small Business. Available at:
https://thethrivingsmallbusiness.com/employee-fraud/ [Accessed 20 Sep. 2018].
Matriciani, P. (2014). INTERNAL AUDITING AND FRAUD: HOW TO MANAGE FRAUD
INFORMATION. [online] Acfe.com. Available at:
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/european/Course_Materials/2014/
cpp/5B-Piero-Matriciani.pdf [Accessed 20 Sep. 2018].
Primeau, D. (2018). The Role Of Information Governance In Health Care | Primeau Consulting
Group. [online] Primeau Consulting Group. Available at:
https://primeauconsultinggroup.com/the-role-of-information-governance-in-health-care/
[Accessed 20 Sep. 2018].
Romanelli, M., 2018. Organizations and People for Sustainability. Management Dynamics in the
Knowledge Economy, 6(1), pp.117-128.
Schweber, A. (2015). Information Governance in Healthcare | Absolute Security Insider.
[online] Blogs.absolute.com. Available at: https://blogs.absolute.com/information-governance-
in-healthcare/ [Accessed 20 Sep. 2018].
References
Ahima.org. (2014). INFORMATION GOVERNANCE Principles for Healthcare (IGPHC).
[online] Available at:
http://www.ahima.org/~/media/AHIMA/Files/HIM-Trends/IG_Principles.ashx [Accessed 20
Sep. 2018].
Botha, H. and Boon, J.A., 2003. The information audit: principles and guidelines. Libri, 53(1),
pp.23-38.
Buchanan, S. and Gibb, F., 2008. The information audit: Methodology selection. International
journal of information management, 28(1), pp.3-11.
Dubois, C. (1995). The information audit: its contribution to decision making. [online]
Emeraldinsight.com. Available at:
https://www.emeraldinsight.com/doi/10.1108/01435129510093746 [Accessed 20 Sep. 2018].
Henczel, S., 2000. The information audit as a first step towards effective knowledge
management: an opportunity for the special librarian. Inspel, 34(3/4), pp.210-226.
Lotich, P. (2017). 10 Ways to Protect Your Organization from Employee Fraud — The Thriving
Small Business. [online] The Thriving Small Business. Available at:
https://thethrivingsmallbusiness.com/employee-fraud/ [Accessed 20 Sep. 2018].
Matriciani, P. (2014). INTERNAL AUDITING AND FRAUD: HOW TO MANAGE FRAUD
INFORMATION. [online] Acfe.com. Available at:
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/european/Course_Materials/2014/
cpp/5B-Piero-Matriciani.pdf [Accessed 20 Sep. 2018].
Primeau, D. (2018). The Role Of Information Governance In Health Care | Primeau Consulting
Group. [online] Primeau Consulting Group. Available at:
https://primeauconsultinggroup.com/the-role-of-information-governance-in-health-care/
[Accessed 20 Sep. 2018].
Romanelli, M., 2018. Organizations and People for Sustainability. Management Dynamics in the
Knowledge Economy, 6(1), pp.117-128.
Schweber, A. (2015). Information Governance in Healthcare | Absolute Security Insider.
[online] Blogs.absolute.com. Available at: https://blogs.absolute.com/information-governance-
in-healthcare/ [Accessed 20 Sep. 2018].
1 out of 7
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.