Information Governance Principles and Practices

Question: Discuss about the Information Governance Principles and Practices. Answer: Introduction: This essay aims to focus on the employee fraud practice as a result of information systems mishandling. Though an array of information control system are present in the organizations for preventing any fraudulent action, however the employees who are not honest are aware of the weakness within the system. The fraud of information system is responsible for bearing of financial losses by the organization. The employees having such intentions of committing fraud are a major threat to the company and are the responsibility of the internal auditors for identifying such frauds within the financial information system (Knowles, Colson and Dezateux 2016). This essay will analyze a case study associated with employee fraud in Healthy Hospital (HH) in which breaching of the internal controls of information technology and management was done together with the falsification of business records. The analysis of this case study intends for learning from such situations as well as analyzes the risks within the system vigilantly. In addition, this essay will focus on the appropriate action which should be taken by an internal auditor for improving the internal controls and preventing the activities of fraud within the organizations in future. For understanding the reason behind the fraudulent activity in the Healthy hospital, it is essential to provide a succinct summary of the case. It has been revealed by the by the facts of Healthy hospital that the software system of this hospital have recently been upgraded prior to its installation in the year 1990. Because of the reduction in the annuals profits of the hospital, a decision was made for reducing their annual operations cost by twenty five million dollars. After reviewing the areas, where reduction in the operation cost can be made, a decision was made for eliminating clerk position because of declining number of vendors of medical supply. However, as a result of the complaints regarding slow payment received from the vendors, Matt Harris who was the senior A/P clerk of Healthy hospital (HH) was hired as a temporary clerk without investigating his background. As the days passed by, he became a permanent employee of the organization like the other employees. He was a suspect for fraud case related to cash in the absence of an internal audit manager. Therefore, it is evident from the case analysis that there was an occurrence of fraud because of the functioning of Tracy Downs, the A/P manager. In the recruitment of employees, the standard operating procedure has not been followed by the A/P manager. Matts background investigation was ignored as it was thought it was not needed by for the temporary employees. The other breach that has been observed is ignoring the policy of the organization against nepotism by which the employees belonging from a similar family, who work in sensitive departments like finance and several o thers, are prohibited to work in HH for protecting the business documents. Therefore, Tracys actions conflict with the procedure of the hospital in the recruitment of employees and ending in a fraud case. In addition, the term of the procedure of business in this hospital, Tracy was responsible for updating and maintaining the accurateness in accounts payable data. Since, Tracy forgot to delete the account payable vendor file of Matt prior to his full time employment after working as an independent contractor; it resulted in the occurrence of fraud within the organization. He was not interviewed for his permanent recruitment according to the policy of HH. In this hospital, the control for internal information system was not strong enough hence; Matt got access to the checks that were signed previously. It is necessary to know regarding an employee by means of checking the background or interviewing for preventing any sort of fraud cases. An example of Healthcare fraud pending cases has been provided in the appendices figure- 1. It has been revealed by the case study that fraud mostly takes place because of weak internal controls, which could be detected by the individuals like Matt and taking full advantage in every possible way. The primary action would be in strengthening the internal controls by carrying out a comprehensive evaluation of the risk in the company or organization (Epstein 2013). The auditors must have a strict control for ensuring that all the corporate policies as well as practices are followed strictly by all the members of the organization. The other necessary action is to evidently segregate the policies of duty, which implies that which employee should be authorized to access and have a control over the documents. In the given case study, assigning Matt with semi-weekly cash disbursement run was a sever mistake. It offered him a chance for successfully carrying out his intention of fraud. Lack of action for segregating the responsibility of duty is the cause behind several events of fr aud in an organization. Only the restricted persons like Account Payable Manager should possess the authority for initiating or approving a transaction (Knowles, Colson and Dezateux 2016). In cases of pre-established finance, there must be dual signature as well as approval of the management for a check amount (Laxman, Randles and Nair 2014). For protecting the financial transactions, random auditing is also necessary (Knowles, Colson and Dezateux 2016). It will also lead to the elimination of the chances of manipulation of business information by the employees who are deceitful. Besides Tracy, Downs and Harris, the A/P manager is greatly responsible for this fraudulent activity as Matt was hired by her without any background investigation and subsequent to the recruitment policy. The CEO of HH, James Smith is indirectly responsible for this case as Matt was allowed by him as an employee in spite of the Mr. Walters warning regarding the recruitment going against the nepotism policy. Tracy Down and Elinor Linz are also responsible for this act of fraud as they did not deleted the Matts accounts payable Independent contractor account. In preventing the fraud, the internal audit manager could have assisted in preventing the fraud as he would have taken the action at first when he identified the incidences of fraud in the information system. He was responsible to detect and prevent the fraud activities in the early stages of the system. They are responsible for managing the risks of fraud and take steps for monitoring any activities of suspicion in the organization (Cassidy 2016).Nonetheless, for carrying out this duty efficiently, the internal audit manager needs to possess advanced level of theoretical knowledge for identifying the signs of fraud and change of attitude of the employees (Disterer 2013). They should be conscientious for further investigating a suspicious case and they should inform it to an individual who is responsible regarding it (Donovan et al. 2014). A critical activity for reducing the chances of fraud involves the conduction of annual auditing (Power 2013). The management should be supported by these individuals for establishing an anti-fraud policy, assessing risks in the process of business, identifying the relation between crime and internal crimes and instantly reporting the matter to the committees of auditing (Meehan 2016). According to audit principles, the audit managers should have professional cynicism attitude for being responsible enough for reducing the occurrence of fraud (Shanmugam, Haat and Ali 2012). Therefore, these actions could assist in averting the cases of fraud (Ballard et al. 2014). An example of the Health expenditures and the importance of preventing fraud have been provided in figure 2 in the appendices. Technical control may assist in suspecting and protecting the companies/organizations against fraud (Kaczmarek 2014). It may be carried for enhancing checks and balances systems. In particularly, for HH it is necessary for examining the checks ensuring that they dont have any issues without the permission from the trusted authorities (Nijenhuis 2016). In addition, for Healthy Hospital an information-auditing plan can be made for preventing the activities of fraud (Kaczmarek 2014). In addition a completely planned programme of training and communication will be advantageous for enhancing the control on fraud as well as its prevention. Healthy Hospitals internal manager should keep a constant vigil for noticing the changes in the behavior and attitude of the employees (Laxman, Randles and Nair 2014). It is important to establish an internal control system for preventing the future fraud cases such as disbursements of cash by Matt Harris. The internal control system should intend to keep in consideration the duty of every employee in Healthy Hospital (Laxman, Randles and Nair 2014). The information-auditing plan for Healthy Hospital should initially involve the recognition of changes that have been implemented prior to the fraud case. In addition, the managers who are concerned for auditing should assess the implemented alterations and and their impact on the workforce of Healthy Hospital. Besides this, the audit should investigate the sequence of financial transactions occurring on a daily basis. All the activities of business should be reviewed punctually to observe any violation of policies. The audit manger should also scrutinize the method of collecting data along with its storage. The data should be compared with the with respect to the performance as well as the standards. Therefore, by considering all these procedures Healthy hospital can prevent the fraud activities in future. In the end, it can be concluded that this essay has highlighted the fraud practices by the dishonest employees by the misuse of the organizations information system. The employees having such intentions of committing fraud are a major threat to the organization and are the responsibility of the internal auditors for identifying such frauds within the financial information system. The analysis of this case study intends for learning from such situations as well as analyzes the risks within the system carefully. In the case analysis, it has been observed that Matt has committed a serious crime, as he was responsible for the disbursements of large cash. Therefore, it is essential that the enhancements of technical and internal control should be done for reducing the cases of fraud in the future in an efficient manner. References Ballard, C., Compert, C., Jesionowski, T., Milman, I., Plants, B., Rosen, B. and Smith, H., 2014.Information Governance Principles and Practices for a Big Data Landscape. IBM Redbooks. Cassidy, A., 2016.A practical guide to information systems strategic planning. CRC press. Disterer, G., 2013. Iso/iec 27000, 27001 and 27002 for information security management. Donovan, J., Frankel, R., Lee, J., Martin, X. and Seo, H., 2014. Issues raised by studying DeFond and Zhang: What should audit researchers do?.Journal of Accounting and Economics,58(2), pp.327-338. Epstein, D., 2013. The making of institutions of information governance: the case of the Internet Governance Forum.Journal of Information Technology,28(2), pp.137-149. Kaczmarek, J., 2014. Supporting Information Governance through Records and Information Management. Research Bulletin.EDUCAUSE. Knowles, R., Colson, D. and Dezateux, C., 2016. Life Study Ethics and Information Governance Framework. Laxman, S., Randles, R. and Nair, A., 2014. The fight against fraud: internal auditors can use COSO components to develop and deliver an effective fraud mitigation program.Internal Auditor,71(1), pp.49-54. Meehan, A., 2016. The Information Governance Road Map: Mile Marker 2--Updates fromthe Journey.Journal of AHIMA/American Health Information Management Association,87(7), p.50. Nijenhuis, R.G., 2016. Prevention of Dutch fraud cases: a multiple case study on the effectiveness of internal control in the process of financial statement fraud prevention. Power, M., 2013. The apparatus of fraud risk.Accounting, Organizations and Society,38(6), pp.525-543. Shanmugam, J.K., Haat, M.H.C. and Ali, A., 2012. An Exploratory Study of Internal Control and Fraud Prevention Measures in SMEs.Small,100, pp.18-2.