Information Governance Practices of Employee

Question: Describe about the Information Governance for Practices of Employee. Answer: The essay brings into focus the practice of employee fraud due to mishandling of information system. Although organizations have different information control system to prevent any fraudulent action, but dishonest employees are able to identify the weakness in the system. Information system fraud can lead to immense financial losses in the company. Employee with such intention of fraud are great risk to the organization and its is the duty of the internal auditors to identify such red flags within the financial information system. This essay analyzes a case study related to employee fraud in Healthy Hospital where internal controls of information technology and management was breached and business records were falsified. The intention of this case study analysis is to learn from such situations and analyzing risk in the system carefully. The case is an appropriate example of variety of risk a company is exposed to due to fraudulent employees. It brings into focus the relevant action that an internal auditor must take to improve internal controls and prevent fraudulent activities in the organization in the future. In order to understand the reason that contributed to fraud in the Healthy Hospital, it is necessary to provide a brief summary of the case. The facts about Healthy Hospital revealed that the their software system have been recently upgrade after installation in the 1990s. Due to decrease in annual profits in the hospital, HH decided to reduce their annual operating cost by 25 million dollar. On review of areas where operation cost can be reduced, they decided to eliminate clerk position due to decrease in the medical supply vendors. However due to complaints of slow paymemt from the vendors, Matt Harris, the son of Sharon Harris (HHS senior A/P clerk) was recruited as a temporary clerk without background investigation. After some time he also became a permanent employee and he was suspected for large cash disembursement in the absence of internal audit manager. Hence from this case analysis, fraud took place because of inaction of A/P manager, Tracy Downs. The standard operating pro cedure for recruiting employees in sensitive position was not followed by Tracy. He ignored background investigation of Matt as felt it was not required for temporary employees. Another breach was seen in ignoring companys policy against nepotism by which employees from same family working in sensitive positions like finance and many others are prohibited from working in HH to protect the corporate documents. Hence action of Tracy conflict with hospital procedure for recruiting employees and lead to fraud case. Besides this in term of business process at HH, Tracy had the responsibility to update and maintain accuracy of accounts payable data. The fraud occurred because Tracy Down did not deleted Matts account payable vendor file even after he became a full time employee after working as an independent contractors. Even for permanent recruitment, he was not interviewed according to HHs policy. The control for internal information system was also weak in the hospital so Matt could ge t access to pre-signed checks. It is very much essential to know employee through background check or interview to prevent any fraud. The case study revealed that mostly fraud occurred due to weak internal controls which Matt could detect and took unfair advantage of it. This fraud could have been averted if Tracy Down had improved internal controls. The first action would be to strengthen internal controls by doing comprehensive review of risk in the organization. The auditors should have strict control to ensure that all corporate policies and practices are strictly followed by each member of the company (Disterer 2013). Another important action is to clearly segregate duty policies. It means determining which employees should have access to authorization and control over corporate documents (Choi et al. 2013). It was a severe mistake by HH to assign Matt with semi-weekly cash disbursement run. This gave him the chance to successfully carry out his fraudulent intention. Lack of action to segregate duty responsibility is the reason for many fraud events in the company. Only restricted individuals such as the Accou nt Payable Manager should have the authority to initiate or approve a transaction. In case of pre-established finance, there should dual signature and management approval on check amount. Random auditing is also essential to protect financial transactions and it will also eliminate any chance of manipulation of corporate information by dishonest employees (Vance et al. 2013). Other than Harris, Tracy Downs, the A/P manager is highly accountable for this fraud as she hired him without background investigation and following HHs policy for recruitment. James Smith, the CFO of HH is also indirectly responsible for the fraud as he allowed Matt to be the employee despite warning by Mr. Walters on the recruitment going against the policy on nepotism. Elinor Linz and Tracy Down are also responsible for not deleting accounts payable independent contractor account of Matt. Mailing of physical to hospitals vendor checks also lead to fraud. The internal audit manager could have helped to prevent the fraud had he taken action initially when he detected red flags of fraud in the information system. He had the responsibility of detecting and preventing fraud early on in the system. They should manage risk of fraud and then take efforts to monitor any suspicious activities within the organization (Donovan et al. 2014). However, to carry out this duty effectively, internal audit manager needs to have superior level of theoretical knowledge to identify signs of fraud and attitude change in employees. They should be attentive enough to further investigate a suspicious case and inform responsible person about it. Conducting annual auditing is also a critical activity to reduce any chance of fraud. They should support management to establish an anti-fraud policy, assess risk in business process, identify connection between crime and internal controls and immediately report on the matter to the audit committees (Ege 2014). Accord ing to Principles of audit, audit managers should have professional skepticism attitude to be accountable enough to reduce existence of fraud. Hence, such action could help to avert fraud cases (Nijenhuis 2016). Technical control may help in suspecting and protecting organization against fraud. Technical control may be done to enhance system of checks and balances. It will ensure that no employees have control over financial transactions in an organization. For example in case of HH, they should have authorized disbursement and other pay roll activities only to designated persons for the job and not giving that responsibility to Matt. Second option for technical control would be to carry out reconciliation of bank account on a monthly basis to make sure the process flows transparently. For HH particularly, it will be essential for them to examine checks and ensure that they are not issues without permission from trusted authorities. It will also mean identifying financial activity on a regular basis and looking after major operations. HH should also implement accurate policies for cash disbursement, conflict of interest, using companys assets and handling recruitment activities (Power 2013). An information auditing plan for Healthy Hospital can be made for fraud prevention activities. The first plan of action will be to correctly apply the companys code of conduct regarding recruitment and procedure and communicate it to all staff members. Secondly, it will be essential to regularly review that all employee conform to set standard of business and commit to the management of integrity of HH. A fully planned programme of communication and training will be beneficial to enhance control on fraud reporting and prevention (Laxman et al. 2014). The internal manager of HH must be vigilant enough to notice change in employees attitude and behavior. Establishing an internal control system will be most important for HH so that they can prevent future cases of fraud like cash disbursements done by Matt Harris. The aim of internal control system at HH will be to respect separate duties of each employees. An employee should never be allowed to carry out dual role in any situation (Sha nmugam et al. 2012). Practices of employee managing both back office and front office activities should be strictly prohibited. A responsible person can be made accountable to examine staff competence, investigate each new employee and regularly carry out evaluation of performance. Proactive actions should be planned by internal managers. For example they can do screening for background check to monitor level of conviction in employees, search necessary database to identify dishonest connection between employees. It will help in identifying those actions which normally goes unnoticed earlier in HH (Carcello et al. 2015). The essay based on critical case analysis of Healthy Hospital highlighted the practice of fraudulent scheme executed by dishonest employees by misusing information system of the organization. In the case analysis, serious crime was committed by Matt when he was found guilty of large cash disbursements. The study of the case also revealed that such activities mainly take place due to weak internal controls and lack of accountability among internal audit managers and other staff. In HH, the account payable manager Tracy Downs was also indirectly responsible for triggering fraudulent activities as he did not followed companys policies for recruitment and nepotism. Mistakes also occurred in their duty of reviewing accounts payable data. Hence, it is necessary that technical and internal control be enhanced to reduce future case of information system fraud. Reference Carcello, J.V., Eulerich, M., Masli, A. and Wood, D.A., 2015. The Value to Management of Using the Internal Audit Function as a Management Training Ground.Available at SSRN 2691535. Choi, J.H., Choi, S., Hogan, C.E. and Lee, J., 2013. The effect of human resource investment in internal control on the disclosure of internal control weaknesses.Auditing: A Journal of Practice Theory,32(4), pp.169-199. Disterer, G., 2013. Iso/iec 27000, 27001 and 27002 for information security management. Donovan, J., Frankel, R., Lee, J., Martin, X. and Seo, H., 2014. Issues raised by studying DeFond and Zhang: What should audit researchers do?.Journal of Accounting and Economics,58(2), pp.327-338. Ege, M.S., 2014. Does internal audit function quality deter management misconduct?.The Accounting Review,90(2), pp.495-527. Laxman, S., Randles, R. and Nair, A., 2014. The fight against fraud: internal auditors can use COSO components to develop and deliver an effective fraud mitigation program.Internal Auditor,71(1), pp.49-54. Nijenhuis, R.G., 2016. Prevention of Dutch fraud cases: a multiple case study on the effectiveness of internal control in the process of financial statement fraud prevention. Power, M., 2013. The apparatus of fraud risk.Accounting, Organizations and Society,38(6), pp.525-543. Shanmugam, J.K., Haat, M.H.C. and Ali, A., 2012. An Exploratory Study of Internal Control and Fraud Prevention Measures in SMEs.Small,100, pp.18-2. Vance, A., Lowry, P.B. and Eggett, D., 2013. Using accountability to reduce access policy violations in information systems.Journal of Management Information Systems,29(4), pp.263-290.