11-15. What company policies or procedures would you recommend to prevent each o

Question

11-15. What company policies or procedures would you recommend to prevent each of the following activities? g. An accounts receivable clerk manages to embezzle more than $1 million from the company by diligently lapping the accounts every day for 3 consecutive years. h. A computer virus on the company’s local area network is traced to an individual who accidentally introduced it when he loaded a computer game onto his microcomputer. i. A clerk at a medical lab recognizes the name of an acquaintance as one of those whose lab tests are ‘‘positive’’ for an infectious disease. She mentions it to a mutual friend and before long, the entire town knows about it.

Explanation / Answer

Part g)

The company is not having an appropriate internal control structure in the given case. There is no segregation of duties. The clerk responsible for collecting the payments is allowed to upload the details (relating to receipt of payments from customers) in the system which is not correct. Performance of multiple tasks within a process (such as accounting) can increase the probability of fraudulent conduct. Also, it can be observed that the clerk has been performing the same duties since last 3 years making it possible for him to accumulate large amount of money through lapping. To prevent such kind of acts, the company should implement internal controls such as "Segregation of Duties" and "Job Rotation" of employees at regular intervals.

_______

h)

The company should develop a strict IT (Information Technology) policy whereby any type of external hardware (not belonging to the organization) such as pen drive, compact disc, hard disk drive, etc. is not allowed to be carried to the business premises by the employees. If any employee is found to be in violation of the policy, strict disciplinary action should be taken immediately. The company can also remove the compact disc, floppy drive and other ports relating to pen drive or hard disk drive from the computer system of the employees. This will completely eliminate the possibility of any kind of external content from geting uploaded on the company's network. Another important policy would be restricted and limited use of internet for official purposes only. The IT team of the company should block the websites which appear to be in violation of company's IT and ethics policy.

_______

i)

The company should follow a strict "Client Information Confidentiality Policy". It can also be termed as "Privacy Policy" whereby the company undertakes the responsibility of ensuring its clients/customers that the information belonging to them will not be shared with any third party in any form. All the employees within the organization should be trained on the importance of the policy. It should also be clearly communicated to all the employees that any type of information leakage will not be tolerated and can lead to termination in case of violation.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.