The following are brief stories of actual employee thefts and embezzlements perpetrated in an IT environment.
What type of control procedure that might have prevented or detected the fraud was missing or inoperative?
a. An accounts payable terminal operator at a subsidiary entity fabricated false invoices from a fictitious vendor and entered them in the parent entity’s central accounts payable/ cash disbursement system. Five checks totaling $ 155,000 were issued to the “ vendor.”
b. A bank provided custodial and record- keeping services for several mutual funds. A proof- and- control department employee substituted his own name and account number for those of the actual purchasers of some shares. He used the accounting information system to conceal and shift balances from his name and account to names and accounts of the actual investors when he needed to avoid detection because of missing amounts in the investors’ accounts.
c. The university’s accounting information system was illegally hacked. Vandals changed many students’ first name to Susan, student telephone numbers were changed to the number of the university president, grade point averages were modified, and some academic files were completely deleted.
d. A computer operator at a state- run horse race betting agency set the computer clock back three minutes. After the race was completed, he quickly telephoned bets to his girlfriend, an input clerk at the agency, gave her the winning horse and the bet amount, and won every time!