Week 3
“(Do you agree with the business owner’s views? If you were advising a small business about IT Governance, risk assessment and fraud, what would you recommend in relation to COBIT 4.1? How does this case demonstrate the accuracy (or not) of Cressey’s fraud triangle? Provide researched reasons for your answer.)”
“(Do you agree with the business owner’s views? If you were advising a small business about IT Governance, risk assessment and fraud, what would you recommend in relation to COBIT 4.1? How does this case demonstrate the accuracy (or not) of Cressey’s fraud triangle? Provide researched reasons for your answer.)”
Based
on the case study presented, I have identified typical issues which small businesses
face with IT Governance, my analysis can be found here. Firstly I believe that governance is important for
small businesses as the consequences of IT risks are tragic. According to
Warfield (2011) there have been cases where small business had to close because
of fraud. In my experience I have witnessed a small company which suffered IT
risks and alleged fraud when integrating a new accounting system and hired new
accounting staff.
In the case study and my
experience, both companies lacked proper IT Governance and there was evidence
of little internal controls. The following COBIT 4.1 (2007) control objectives are applicable to both
scenarios.
·
PO4.11 – Separation of Duties
·
PO7 – Manage IT Human Resources
·
PO9 – Assess and Manage IT Risks
·
DS4 – Ensure Continuous Service
·
ME4 – Provide IT Governance
From observation, I recommend the owner develop an understanding
of risks and review these objectives to develop a framework to mitigate
the occurrence of risks. Additionally I recommend the implementation of
controls such as internal audits and audit trails, red flags and separation of
duties.
Cressey’s model of fraud highlights that people commit
fraud because of the opportunities which companies provide. This company exposed
themselves to the opportunity of fraud occurring through the lack of controls
and the owner’s lack of awareness of risks. Additionally the fraudster was
under pressures, highlighted here, and was able to commit the fraud because she was able
to rationalise her behaviour.
Reference
List:
COBIT
4.1 (2007). COBIT 4.1: Framework, control objectives, management guidelines
and maturity models. Retrieved from www.isaca.org
Warfield, B. (2011). Fraud in Australia. Retireved from: http://www.warfield.com.au/Bookkeeping_Fraud_in_Australia_2005-2011.pdf
Warfield, B. (2011). Fraud in Australia. Retireved from: http://www.warfield.com.au/Bookkeeping_Fraud_in_Australia_2005-2011.pdf
No comments:
Post a Comment