Information Governance and IT Controls: Healthy Hospital Case Analysis

Verified

Added on 2023/06/04

AI Summary

This case study examines the breakdown of information governance and internal controls at Healthy Hospital, leading to employee fraud. The analysis covers issues such as outdated technology, poor communication between departments, and violations of company policies, specifically the nepotistic hiring of Matt Harris. The case highlights gaps in employee background checks and the failure to address potential breaches in company regulations. It emphasizes the importance of adequate information systems, adherence to government regulations, and effective risk assessment. The ethical dilemma of retaining Harris, despite his fraudulent activities, is explored, advocating for adherence to company policies and termination to prevent further mismanagement. The case underscores the need for robust IT and management controls to prevent fraud and maintain organizational integrity. Desklib offers solved assignments and past papers for students.

Running Head: INFORMATION GOVERNANCE
INFORMATION GOVERNANCE
Name of the Student:
Name of University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION GOVERNANCE
Answer 1
The information system is considered to be one of the important aspect on which every
organization must rely on. In fact, the information system (IS) is entitled to comprise the
information regarding employee details, financial data, supplier information and the customer
details (Oinas-Kukkonen and Harjumaa 2018). It can be argued that the IS encompasses all the
information that a company requires in case of making a sustainable business (Zhang et al.
2017). In this context, the Healthy Hospital (HH) was not sound technologically because the
technology that the healthcare facility imbibed in its operations were backdated and the company
did not even think about updating the systems in course of time. There were some minor changes
that the company thought enough to deal with the changing situation but in reality that was not
real.
Moreover, there are organizational issues inside the company where the
company was lack of communication between different departments. For example, the
administrative department eliminated two clerical positions despite of getting requests from the
controller and the account payable manager. As a result of that it created problem regarding the
payment of the vendors.
In case of the hospital employees there was lack of understanding about the
company policies or the employees were deliberately violated the norms. For an instance, in case
of recruiting a contractual clerk the interviewer Tracy Downs did not check the background of
Matt Harris, the newly recruited employee. Matt was the son of an existing permanent employee
Sharon Harris and the company policy did not give the leverage to employ another family

2INFORMATION GOVERNANCE
members of the employees in any sensitive position. Therefore, later on it created problems and
misunderstanding. In fact, caused a fraud in the finance also.
Answer 2
There are some gaps in the activities performed by the HH Company in case of hiring the
employees and checking their backgrounds. It can be argued that for the sensitive positions
Healthy Hospital followed a standard procedure of checking the backgrounds of the employees.
However, in case of employing Matt Harris as temporary accounts payable clerk that process
was not followed. As a result of that the first violation was occurred in that case. In fact, at the
time Alan Walter found that there was a possible breach in the company regulation regarding the
recruitment of new employees he failed to convince the higher authority to take steps
accordingly. Though he reported James Smith, the CFO about the practice of nepotism inside the
organisation but he failed to envisage the big picture. It was true that the appointment of Harris
fostered a flexibility in the operations of the company. Nevertheless it can be asserted that the
recruitment was not based on the standard policy of the company and it would not be a problem
for the company to replace Matt with another employee.
As a matter of fact, the Internal Audit Manager should complain officially and might
have an official meeting with Tracy Downs as Walter was the head of that department so it was
in his jurisdiction to investigate every details and information regarding his team members.
Moreover, the official complaints could draw the attention of the higher authority and would
facilitate proper measures regarding the breach.
Answer 3

3INFORMATION GOVERNANCE
The information system of Healthy Hospital are not adequate to follow the organisational
regulations. In other words, it can be articulated that there are proper policies and regulations
regarding the role of information system. As a matter of fact, it is pertinent for the organisation
to go with the government legislation (Al Hogail and AlHogail 2015). As per the regulation of
the Australian government it can be argued that every organisation should have a policy to
secure the information regarding their employees (AlKalbani, Deng and Kam 2015). In fact, it is
important to formulate a proper channel that all the employees must follow. Therefore, in case of
the Healthy Hospital that process was not applied in the first place and as a result of that the
faced sever problem and reluctance to go through the personal details of every employee.
Answer4
At first it is important to define the Audit subject. It can be argued the risk assessments
and the organisational change plans are incorporated in the process and the legal or regulatory
frameworks are also important for the organisation to get acknowledged with.
After that it is important to define the audit objectives. The audit objectives are
comprised with the understanding of legal constraints and regulatory understanding. Moreover,
confidentiality, integrity and reliability of the audit plan has to be maintained.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION GOVERNANCE
Besides this, the next plan puts emphasis on the scope of the plan. It is pertinent for the
organisation to get a clear vision of the scopes and opportunities of the change plan that will
deliver a better framework for the company
On the other hand, pre-audit planning and the determining procedures are also important
to make an effective measure in order to facilitate efficient information audit plan.
Answer 5
The dilemma that is faced by the organization, Healthy Hospital, initiated since the recruitment
of Matt Harris as a clerk in the organizational structure. However, the organization had a policy
of preventing nepotism in the structure. The crisis faced by the organization led to the
recruitment of Harris. The internal audit officer of the business finds out the nepotism as the
candidate profile and the management at the time of recruitment did not review information.
This led to an ethical dilemma of retaining the candidate as per the needs of the organization to
cope with the crisis of paying off the suppliers and the vendors (Holm and Severinsson 2014).
On the other hand, the fraudulent activities that were undertaken by Harris clearly exemplified
that the organization should take steps to expel the candidate. In this relation, the organization
must take steps to adhere to the policy relating to nepotism. Mismanagement of six cash
disbursement authorization forms by Harris affected the functioning of the business (Waring et
al. 2016). Therefore, the organization must take steps to build on the organizational performance
through reviewing the different issues faced by the same and thereby terminate Harris in order to
prevent further fraudulent activities while operating as per the objectives of the venture.

5INFORMATION GOVERNANCE
Reference
Al Hogail, A. and AlHogail, A., 2015. Cultivating and Assessing Organizational Information
Security Culture, an Empirical Study. vol, 9, pp.163-178.
AlKalbani, A., Deng, H. and Kam, B., 2015, July. Organisational Security Culture and
Information Security Compliance for E-Government Development: The Moderating Effect of
Social Pressure. In PACIS (p. 65).
Holm, A.L. and Severinsson, E., 2014. Reflections on the ethical dilemmas involved in
promoting self-management. Nursing Ethics, 21(4), pp.402-413.
Oinas-Kukkonen, H. and Harjumaa, M., 2018. Persuasive systems design: key issues, process
model and system features. In Routledge Handbook of Policy Design (pp. 105-123). Routledge.
Waring, J., Allen, D., Braithwaite, J. and Sandall, J., 2016. Healthcare quality and safety: a
review of policy, practice and research. Sociology of Health & Illness, 38(2), pp.198-215.
Zhang, Y., Qiu, M., Tsai, C.W., Hassan, M.M. and Alamri, A., 2017. Health-CPS: Healthcare
cyber-physical system assisted by cloud and big data. IEEE Systems Journal, 11(1), pp.88-95.