PRELIM CASE ANALYSIS IT 2

Submitted to: Mr. John Karlo S. Dalangin

Group Members: BUENAFLOR, T !!i Mari "ALES, Ro l Ar#an$o KEE, %&ra TOTESORA, Y'onn R ina (E"A, D&an Pa)ri*ia

ACC + ,)h Y ar S *)ion C

Date of Submission: Jan-ar& ., 2/0,

FILM ANALYSIS

A. What are the manifold ethical questions addressed in the film that you chose? In what way were they presented in the film? The company is claiming that they can provide an easy way for communication but their hidden goal is to control the world. To attain these goals, the means that they use is unethical. They steal codes and kill programmers. Another issue would be them invading other people s privacy in order to steal codes. They put surveillance cameras to monitor them and use people to become closer to their target. !ilo "offman s girlfriend, Alice #oulson was later on found out as a person being paid by the company in order to monitor and observe him. $ig ethical issues that we ve observed in class that were not maintained by the company were workplace safety, employee privacy, and stealing of codes. $. In what specific way did %urv &ompany fail to uphold its ethical responsibilities? This is shown when !ilo "offman had discovered that the company was putting cameras in order to monitor programmers and he also found out about the multiple amounts of information that they know of him including his friends and other employees of the company. 'thical responsibilities that the company had failed to uphold were mostly concerned with the public. They failed to return the public s trust for they have crossed lines and forgot to seek balance with the interest and safety of others as long as they can achieve being at the peak. &. Who, do you think, is the main character in the film? (escribe the character)s contribution in solving the issue of the film. With regards to the main character, it most probably is the computer software designer* !ilo "offman. "e was hired by %+,- &ompany for a programming position. While working in the company, he discovered that one of the codes shown to him was actually from his friend Teddy &hin who was murdered and later on, he also discovered that the company steals codes from programmers. !ilo "offman

has decided to end the wrongdoings of %urv by showing to the people crimes they have committed and also distributing what should be rightfully be owned by the public for he believed that technology shouldn t be bought but is something which belonged to everyone. (. What is the main problem discussed in the film? #lease cite the specific scene in the film presenting the comple. nature of the problem. The main problem discussed in the film is the immoral things done by the company in order to achieve being on top. /ome employees are even involved in killing programmers and theft for intellectual properties. 'thical responsibility has long been forgotten as they were even willing to kill people in e.change for success, to invade other people s privacy and to disrespect the confidentiality of information about a certain person s life. The specific scene where the main problem occurred was when !ilo "offman tried to investigate the company secretly at night which resulted to him discovering and accidentally finding out the company secrets including their diverse knowledge of their employees, their ways of stealing codes through implanting devices for surveillance and their e.tent of influence which has even reached the police department. '. "ow did the film end? '.plain the various processes that led to the solution of the problem. Through the help of his friend, a careful plan was e.ecuted by !ilo making him the bait in order to lure his adversaries and make them follow him. (uring the pursuit, 0isa &alighan, a co*worker whom he believed to be an ally was actually on the company s side. After succeeding being the bait, they e.posed the crimes did by the %+,- company. The &'1 and some employees who were involved were arrested. The movie ended with him quoting the belief of Teddy, his deceased friend, about how technology should belong to everyone.

SITUATIONAL ANALYSIS a. Statement of the Problem Ma1or Pro2l #3 4a! )h #al5-n*)ioning o5 )h !&!) # )h r al or onl& *a-! o5 )h $i!*r 6an*& o5 )h AR *on)rol a**o-n) an$ !-2!i$iar& l $g r7 2irst, this is a problem because there are conflicting ideas found. The company believes and has already concluded that the cause of the discrepancy is the malfunctioning of the system but the auditor feels 3differently4. In assessing how the auditor feels about their conclusion, the auditor must have felt wrongly about their conclusion given that they haven t really delved in to investigating the problem, and yet they have already concluded prematurely. It might be true that there was really a malfunction but the auditor has not yet reached a reasonable assurance that there was no real manipulation perpetrated. /econd, it is a ma5or problem in the case because efforts in solving the ma5or problem may 5ustify that the malfunctioning of the system is the real cause or may refute the company s assertion and prove that there was in fact embe66lement. 'ven though the company already put the blame into the system, it doesn t mean that it also holds true to everyone, or is the truth, in that case, unless careful analysis and 5udgment has been applied. !inor #roblems7 8. "ow did the perpetrator, if there s any, conceal the fraud? 9. Who could have possibly committed the fraud? :. If there was really embe66lement, was the company s delegation of tasks a contributing factor? ;. What can be done in order to prevent the embe66lement to occur again? <. What will be the future consequences if the fraud really happened but the company did not pursue in trying to discover it?

b. Areas of Consideration Th *o#6an&8! *-!)o# r! or$ r $ )h !a# 9-an)i)& o5 *ra2# a) a*h : ;, )h 6ri* ! 5or )h *ra2# a) r #ain $ )h !a# all & ar, an$ )h 9-an)i)& or$ r $ :a! al:a&! )h !a# . Thus, it should be implied that the invoices and payments from the customer that are recorded by the company should be the same as to their dollar amount. Th *o#6an& ! n$! : *-!)o# r! 6a& : ;l& in'oi* )o )h *-!)o# r!, an$ !o )h ;l& a! : ll. Mon)hl& 2ill! : r no) ! n) )o *-!)o# r!

-nl !! )h *-!)o# r :a! 2 hin$ in 6a&# n)! . #ayments from customers, then, are e.pected to come in weekly and must be reflected as such in the records. If a customer was unable to make payment, the customer would have received a bill and the auditor could confirm from the customer regarding the receipt of such bill. Th *o#6an& ; 6) )h a**o-n)ing r *or$! in a #i*ro*o#6-) r :h r in )h 5o-r #o$-l ! )ha) #a$ -6 )h :hol !&!) # : r no) in) gra) $. This condition did not enable data updating and currency of information between modules. "ence, the records that were maintained by the company s system were not up*to*date and had been possibly used as a means to perpetrate fraud. Th #an-al !al ! in'oi* ! : r no) 6r <n-#2 r $. If these invoices had been pre*numbered, it would have been easy to detect any invoice that had not been recorded. Th !-##ar& )o)al! 5ro# )h r 6or) )ha) )h a-$i)or r 'i : $ $i$ no) *oin*i$ :i)h )h )o)al a#o-n) r 5l *) $ in )h g n ral l $g r 6rogra#, an$ $i55 r n) a#o-n)! ha$ 2 n n) r $. This lack of correspondence between the records raises suspicion as to how the company records its transactions in the system. It should prompt the auditor to inquire as to why there had been different amounts that entered in the program, and whether it had been properly authori6ed by management.

Sh

)! 5ro# )h *o#6-) r li!)ing ha$ 2

n $i!*o' r $ )o 2 ri66 $ a6ar) a)

)h 2o))o#. This is another instance that should alert the auditor as to the purpose and necessity of such ripping of important documents in the company s system. There must be a valid reason that would support the act done so as to clear off the auditor s suspicions. A *-!)o# r8! *h *; ha$ 2 n !)a#6 $ on )h 2a*; :i)h an a$$r !! !)a#6 o5 )h *o#6an& in!) a$ o5 )h -!-al =5or $ 6o!i) onl&> *o#6an& !)a#6. This instance is a deviation from the company s regulation of incoming checks. It implicates that the check could have possibly been delivered to another person instead of the check being deposited directly in the bank. Th or$ r o5 6a&# n)! )ha) : r r 5l *) $ in )h a**o-n)! r * i'a2l 6rogra# :a! no) *on! *-)i' . Tha) i!, a *h *; r * i' $ on Ma& 0/ :a! onl& r *or$ $ a5) r )h Ma& 0? an$ Ma& 2@ *h *;! . This curious event could possibly signify a loss of control in recording the checks, or a possible misuse of the check that was recorded later than its date of receipt. A *o6& o5 a 2an; $ 6o!i) )i*; ) :hi*h ha$ no) 2 n 6ro6 rl& !)a#6 $ 2& )h 2an; an$ :i)h )h a#o-n)! a$$ $ -6 no) *orr !6on$ing )o )h )o)al a) )h 2o))o# o5 )h )i*; ) :a! a'aila2l an$ 6r ! n) $ )o )h o:n r an$ a-$i)or. /uch document is difficult to rely on especially when it lacked the bank s stamp. There must be authentication of the said document.

c. Alternative Courses of Action ACA A0 IN(ESTI"ATE AND CONFIRM DEPOSIT =iven the important facts of the case stated above, it can be inferred that the discrepancy in the records cannot be attributed solely to the malfunctioning of the system. The auditor has a good reason to feel differently, and so, with sufficient facts that would back up his doubt, he must convince the owners of the company to allow him to continue the investigation. /o as to prepare him in convincing /usan to reconsider the problem at hand, the auditor should work on the facts that he had already gathered. "e must present the facts which are highly indicative of embe66lement of funds within the company. +nless the auditor can have sufficient reason so as to satisfy his doubts regarding such curious instances that occurred within the company, his efforts to convince the owners to allow him to go further in his investigation is above reproach and necessary. With >ohn and /usan s permission, the ne.t thing that the auditor should accomplish to do is to verify whether the received checks had been subsequently deposited in the bank. "e can do this by obtaining the most recent bank statement obtained by the company or if none is available at hand, he may send a bank confirmation request to the bank which should accordingly indicate the specific items that he needs confirmation with. "e must also verify with the bank whether the cancelled check of the customer who had been called were deposited or cashed. These steps are necessary in order to affirm that all checks received had been subsequently deposited in the company s bank account. The auditor s ne.t step is dependent on the bank s response to the auditor s letter and inquiry. If it is discovered in the bank deposit that some checks have not been deposited or some checks have been cashed by the bank, the auditor will have substantive proof of embe66lement of cash and that the malfunctioning of the system

was not the real cause of the discrepancy that was noted. "e must, then, proceed to identifying who might have accomplished the embe66lement, and how such person has committed such act ?the steps in accomplishing these are discussed in the recommendations as solutions to the minor problems@. If it is otherwise declared by the bank that all checks ?including the customer s cancelled check@ have been properly deposited in their account, the auditor must still be able to find out why the A, control account and the summary totals per A, subsidiary ledger were not in agreement by ?8@ checking why the list of individual accounts receivable balances had been ripped apart at the bottom and ?9@ why was the order of payment by the customers not in chronological order in the A, program, that is, !ay 8A payment came after !ay 9: payment. "e should review the internal control of the company and the issues that have caught his attention upon studying the facts of the case. "e should be able to find out who is responsible for entering amounts in the A, subsidiary ledger and also inquire if he has solely the authority to do so. If not, then the auditor should find out who also had the same authority. Among those who control the A, subsidiary ledger, he might try to analyse who could have the intention to do such thing and why. If it is impossible to find an answer, then he could proceed with the ne.t issue, the incorrect order of payments. "e can check who has the function in recording and receiving payment. If only one person does both tasks, he can further investigate to discover whether there could have been lapping done. "e can do this by sending confirmation letters from clients whether the balances recorded correspond to their record. If there is negation, then we can further investigate whether there is really lapping. If the auditor can prove that there was lapping, then ripping apart of computer listing might now be e.plained. 2inally, the auditor must be able to recommend ways to ensure that internal controls are properly working and that the loss of cash in the company can be prevented in the future.

The

BENEFITS issue as to whether

the

COSTS &ompensation of the auditor for continuing the investigation #ostage e.penses for sending letter to bank +tility e.penses 'stimated time frame for

malfunctioning of the system was the real or only cause to the discrepancy of the A, control account and subsidiary ledger will be resolved. 'vidence showing the truth regarding such issue can be established. There would be confirmation as to whether the auditor s assumption that embe66lement had occurred is valid. The checks that were supposedly accounted for by the bank can be verified as to their completeness, and any check that had not been deposited or had been cashed can be attributed to the stolen amount of cash. The auditor would be able to identify the lapses in the internal control of the company and thereby suggest ways in order to amend it.

accomplishing this A&A and how soon the company s problem be resolved7 one to three weeks ,isk of delaying the work of employees by inquiring them about management s internal control

ACA A2 INBUIRE ABOUT TCE SYSTEM AND SE"RE"ATION OF DUTIES After efforts of finding out if there is fraud by checking whether the bank deposit was really made, why the computer listings were ripped apart at the bottom, and order of payment was not in chronological order, and yet it was futile, inquiring about the system is the ne.t course of action of the auditor. With the auditor considering the system of the company especially the accounts receivable system as the cause of the embe66lement, it would then be important for him to check how the system works by visiting ,adio/hack. /ince the modules of the company s accounting system consists of four modules ?general ledger system, purchases program, accounts receivable program, and a payroll program@ that are not integrated, these modules are not automatically updated when data is placed in one module and it would not then be easy for the auditor to check the accounts independently. -isiting ,adio/hack could also help the auditor in identifying the usual causes of the malfunctioning of their systems. That is, the auditor is to ask ,adio/hack the number of programs that malfunctioned during the year and ask the common causes to the malfunctioning of such programs. If the gathered information shows that a lot of programs made by ,adio/hack malfunctioned, then the auditor may believe /usan s conclusion that the Accounts ,eceivable program is malfunctioning. 2or this reason, the auditor may suggest to the company that it reconsider its supplier relationship with ,adio/hack or reconsider its choice as to its program maker.

With /usan s conclusion that the accounts receivable program was not working properly, it would then also be important to check on how duties were segregated on the system, who has access to the system and why there was an immediate loss of the accounts receivable file given that there is still information that might be useful in solving the problem. 0astly, the auditor should check or inquire as to the functions that are placed in the accounts receivable module since there was a loss of the accounts receivable file.

%ormally, the accounts receivable module handles invoices or bills and payments of customers, the money due to the company and often has a record of the deposits to banks since deposit information is important to update customer accounts. With all these functions and the immediate loss of the information which subsequently hid all evidence, the auditor may consider that the loss of money is due to the malfunctioning system. "ence, even if the auditor feels that there is a need to check whether fraud e.isted, it is still important to check the system itself and to reconcile the discrepancies discovered ?if possible@, for the main problem is to know the truth as to whether the system is the real or only cause of the discrepancy. And knowing the truth in this matter will need to 5ustify the conclusion of the company that it is only the system s malfunction which contributed to the difference of amounts.

BENEFITS The auditor would be able to identify whether the loss is due to the embe66lement of an employee or because of the malfunctioning of the system.

COSTS &ompensation of the auditor for continuing the investigation +tility e.penses while investigating the system Transportation cost of the auditor for visiting ,adio/hack 'stimated time frame for accomplishing this A&A and how soon the company s problem be resolved7 several days to a whole week

The auditor would be able to know how the company segregates its duties in the system and suggest the proper ways of segregating duties.

The auditor would be able to identify the lapses in the internal control of the company and thereby suggest ways in order to amend it.

The auditor would be able to suggest whether continue the using company programs should from

,adio/hack

or

choosing

another

maker of their program.

d. Recommendations and Conclusion The group takes it stand on the first alternative course of action ? ACA A0 or IN(ESTI"ATE AND CONFIRM DEPOSIT@ since it is the more appropriate strategy to use in this case. A&A B8 is able to address more areas of consideration in this case, and it is important that they must be addressed because there is an issue as to the effectiveness and efficiency of the company s internal control. As can be noticed from the given areas of consideration in the case, the physical controls of the company have more deficiencies compared to its IT controls. Also, an audit trail is more observable in A&A B8 than A&A B9 since the focus of the former is on the physical or manual controls of the system. It is also important that a confirmation from the bank be accounted for in solving the case since it is the company s policy to have all payments received from customers deposited in the bank as a safety measure in keeping all cash intact. A&A B8 is able to include a procedure which would involve the coordination of the bank in the auditor s investigation. 0astly, though it is to be e.pected that salary e.pense for the auditor would be higher in A&A B8, the long*term benefits that the company will gain from the auditor s findings and recommendation would compensate for such spending of the company in the present. It can be assured, then, that the quality of the company s internal control would not be pre5udiced and if fraud really e.isted, the perpetrator can be held accountable. In order to e.ecute this chosen course of action, the auditor must first prepare in convincing the owners of the company that it is necessary to continue the investigation because there are unresolved facts in the case that cannot be satisfied by the discovery that the computer program was malfunctioning. It is important that the auditor s investigation proceed with the approval of the owners.

The auditor can start preparing by gathering facts from his previous review of the company s operation and controls. "e should gather facts which are highly indicative of embe66lement of funds from the company. /uch facts would be: a) the customer s chec! had been stamped on the bac! "ith an address stamp of the compan# instead of the usual $for deposit onl#% compan# stamp& b) accounting records had been ripped apart for some un!no"n reason and c) the order of pa#ments that "ere reflected in the accounts receivable program "as not consecutive . These events go beyond the policy of the company and must be investigated as to why they had occurred, how necessary that such acts be done despite them being a clear violation of the company s policy, had such acts been authori6ed and who had performed them. The auditor must then present such facts to the owners so as to satisfy them that a further investigation is indeed necessary. "aving gained the owners approval, the auditor should gather sufficient reason so to satisfy his doubt regarding such curious events. "e can start by verifying that the company s account in the bank contains all deposits from the received checks from customers. A bank statement or a bank confirmation request would sufficeC however in this case, the auditor is provided with a copy of a bank deposit ticket. The deposit ticket which (ebbie had presented was suspicious because it lacked the bank s stamp which would verify its authenticity, it was dated !ay 8A and the added up amount did not correspond with the totals at the bottom of the ticket. "e may, then, request for an end* of*the*month, stamped bank deposit ticket through a letter of confirmation to the bank or he may send the suspicious bank deposit ticket and verify its authenticity with the bank. #ending the reply from the bank, the auditor can continue investigating by inquiring as to the curious events that had caught his attention. "e should inquire (ebbie as to why she had used the address stamp on that particular customer check and whether she was authori6ed to use such stamp. /ince no e.planation can be gathered as to why different amounts had been entered in the company s records, the auditor should perform alternative procedures. !oreover, the auditor must inquire why there had been some sheets in the computer listing that were ripped apart at the

bottom, whether it was authori6ed and who had done it. The auditor must satisfy himself with evidences that would rule out any suspicion regarding the events he had noted. To resolve the issue of incorrect order of payments, the auditor should check who has the function in recording and receiving payment. If only one person does both tasks, he can further investigate to discover whether there could have been lapping done. "e can do this by sending confirmation letters from clients whether the balances recorded correspond to their record. If there is negation, then we can further investigate whether there is really lapping. If the auditor can prove that there was lapping, then ripping apart of computer listing might now be e.plained. +pon receipt of the bank s response to the confirmation letter, the auditor should then corroborate information from the records and the valid bank deposit ticket and check for any undeposited checkDs or cashed checkDs. If there would be evidences as to the latter, the auditor would have substantial proof of embe66lement of cash and that the loss of money cannot be attributed to the malfunctioning of the system. The auditor must then identify how the perpetrator concealed the fraud and who could have possibly committed the fraud. The auditor should likewise recommend ways to amend the loose internal control in the company and how they would be able to prevent such loss from occurring again. If there would be no evidences as to any undeposited or cashed checkDs the auditor must still be able to reconcile as to why the A, control account and the summary totals per A, subsidiary ledger had not been in agreement. "e should be able to find out who is responsible for entering amounts in the A, subsidiary ledger and also inquire if he has solely the authority to do so. If not, then the auditor should find out who also had the same authority. Among those who control the A, subsidiary ledger, he might try to analyse who could have the intention to do such thing and why. The auditor should, then, perform additional procedures and recommend actions to be done in order to secure that proper internal controls are being observed within the company.

The benefits of A&A B8 would outweigh the present e.penses that need to be incurred in order to set out and accomplish this strategy. The very source of the problem would be located through the investigation and the recommendations that would result from the auditor s findings would resolve the causes and not 5ust the 3symptoms4 of the problem. There would also be evidence regarding the embe66lement and the person responsible for this would be duly apprehended. Also, the company would be able to provide additional measures to safeguard its cash and receipt of payment. As a result, any instances of embe66lement in the future can be prevented, and improvements in the supervision within the company can be suggested and acted upon. The costs of this course of action can be thought of as an investment that would support the long*term effectiveness and efficiency of the company s operations. !oreover, the necessary costs to be incurred in this course of action are possibly more costly than the second alternative. "owever, more areas of consideration are duly addressed in A&A B8C thereby, there is better assurance that more problems will be dealt with accordingly. Minor problems and the corresponding solutions: 8. "ow did the perpetrator, if there s any, conceal the fraud? =iven that the company s customers ordered the same quantity of crabmeat each week, the prices for the crabmeat remained the same all year, and the quantity ordered was always the same, the records should reflect a single, recurring dollar amount in its records. In this case, E<,AAA was the recurring amount reflected in the payment records. /tealing checks and tampering records can be possibly done in this situation because there is no variation as to the amount in each customer s account. If each customer had variation as to the amount they ordered from the company weekly, then such unique value per customer can be easily traced to each one of them. It does seem peculiarC however, that a check received on !ay 8A was only recorded after the !ay 8F and !ay 9: checks. The dating was inconsistentC thereby, the auditor was curious as to why it had been this way. Also, the improper segregation

of duties paved way for fraud to be concealed since the perpetrator might have the authority to do incompatible functions such as recordkeeping and physical handling of assets. 0astly, the perpetrator might have seen the malfunctioning of the system as an opportunity to conceal the deception. With such things in mind, a possible scenario can be concocted as to how the perpetrator was able to conceal the fraud. The perpetrator could have recorded one sale but kept the payment of the said sale. $ecause no payment was reflected for that account, the perpetrator had to find a way to credit the account in order to avoid the billing of such customer. Thus, the perpetrator could have credited the ne.t payment for a separate sale to the account from which he has stolen the payment ?same as how it is done in lapping@. In order to resolve the problem as to the ne.t sale having no credited payment, the perpetrator could have possibly not recorded the sale itself. "e is then able to avoid the problem of arising A, balances from the customer whose payment was not recorded which would warrant a bill to be sent to such customer. 9. Who could have possibly committed the fraud? The fraud could have been committed by one who has access to the checks ?or cash@ and the accounting records, who can prepare bank deposits and make actual deposits, and who can input summaries into the general ledger program. Among the individuals in the case, the persons who had such functions were /usan and (ebbie. "owever, since /usan was the one who hired the fraud auditor in order to locate the problem, /usan can be crossed out of the list. Therefore, (ebbie is the only one who could have possibly committed the embe66lement of cash. /he had access to cash and helped record the receipt of cash in the records. /he also admitted that she sometimes used the address stamp instead of the 3for deposit only4 stamp which was the proper stamp to use in order that the checks be all warranted for deposit only. +sing the address stamp would mean the check would be delivered to the company and whoever could get hold of it can encash it right away. Also, she was only able to present a copy of a bank deposit ticket which had

not been properly stamped by the bank and the amounts added up did not correspond to the total at the bottom of the ticket. This could mean that the bank deposit ticket was invalid or tampered with. :. If there was really embe66lement, was the company s delegation of tasks a contributing factor? The company s delegation of tasks was a huge contributing factor to the occurrence of fraud. In fact, the delegation of tasks was not the only factor that contributed to an opportunity for fraud within the company. The internal control of the company had its lapses and must be dealt with accordingly. ;. What can be done in order to prevent the embe66lement to occur again? The fraud could have been prevented in the first place if the internal controls had been working and monitored by management. "owever, there had been problems in the physical controls in their system as discovered by the auditor. &learly, the internal control activities of the company need improvement. 'numerated below are the recommendations to each internal control activity of the company7 T,A%/A&TI1% A+T"1,IGATI1% The checks to be deposited should pass by authori6ation for deposit from a person not performing the deposit of the checks in the bank. The same person should prepare a list of checks that are clear for deposit so that such list can be compared with the records and the bank deposit tickets in order to verify the completeness of checks deposited in the bank. 2rom the four persons involved in the case, >ohn should be the assigned person for the 5ob since he does not have any recording function. /'=,'=ATI1% 12 (+TI'/ As emphasi6ed above, the duties assigned to each person in the company played an important part in determining whether fraud could have occurred. In the case of this company, the custody of assets should be separate from the record*keeping responsibility. Also, the keeper of records as to sale and receipt of payment is better off separated

because the accounts receivable program in the minicomputer cannot permit the segregation of such tasks. /+#',-I/I1% There should be strict supervision especially when such small company only employs few people in its operations. /egregation of duties is difficult to accomplish in a small company. A&&1+%TI%= ,'&1,(/ The manual sales invoices should be pre* numbered for convenience in checking whether all invoices had been recorded. A&&'// &1%T,10/ The person in charge of record*keeping should not have access to cash and other assets. #referably, such person should also not have access to important documents received from the bank ?e.g. bank deposit ticket@ which are used in the audit trail. I%('#'%('%T -',I2I&ATI1% The company does prepare daily sales reports which summari6e the company s business activity. "owever, they made a mistake in assigning (ebbie to such preparation of sales report which she could falsify in order that she could cover up her theft of cash. The sales report should be prepared by the person in charge of shipping the crabmeat to their customers who, in this case, is Tommy. <. What will be the future consequences if the fraud really happened but the company did not pursue in trying to discover it? If the company would not have pursued in preventing the fraud that had occurred, it would have a negative impact on the future operations of the company. The effect of such fraud would be long term. The company s income can possibly have a downward trend. As long as the perpetrator of fraud is still in the company, there is a possibility that the amount of cash embe66lement would have an upward trend. Hnowing that the management had not taken any action to stop the embe66lement, but instead 5ust ignored it, it would be possible that it could open an opportunity to the perpetrator to commit another type of fraud.

e. 'earnings and (a!e)A"a#s The case is about a company, involved in crabmeat processing, discovering a discrepancy in the A, control account and subsidiary ledger. They hired a fraud auditor in order to investigate who or what could have caused it. (uring the investigation, the auditor found out some lapses that could show evidence that fraud really materiali6ed. /usan, having the gut feeling that the system was the cause for the discrepancy, consulted ,adio/hack to check whether her inference was true. When the ,adio/hack confirmed it, the company did not bother to investigate further if there was really fraud and decided to focus their attention in re*entering transactions on the system. "owever, the auditor felt 3differently4. /ince the auditor s feeling is different from the company, there arises a conflict. Was the malfunctioning of the system the real or only cause of the discrepancy? This was the ma5or problem in the case because the auditor has not yet reached a reasonable assurance of the conclusion made by the company, and yet they already stopped further investigation. 'fforts in solving the ma5or problem may 5ustify that the malfunctioning of the system is the real cause or may refute the company s assertion and prove that there was in fact embe66lement. !inor problems also emerged along with the ma5or problem, with the assumption that fraud really did e.ist. These are7 who the perpetrator was, how he could have concealed fraud, how the delegation of tasks became a contributing factor to fraud, what preventions should be made in order for embe66lement not to occur again, and what future consequences that the company will suffer if they did not pursue in trying to discover it. $efore alternative courses of action can be formulated, consideration of the facts is important in order to have basis for such alternative actions. These are7 ?8@ the company s customers ordered the same quantity of crabmeat each week and the prices for the crabmeat remained the same all year, ?9@ they send weekly invoice to the customers, and so the customers pay weekly as well, ?:@ the four modules that made up the whole system were not integrated, ?;@ the manual sales invoices were not pre* numbered, ?<@ the summary totals from the report did not coincide with the total amount in the general ledger program, ?I@ sheets from the computer listing had been ripped

apart at the bottom, ?F@ a customer s check had been stamped on the back with an address stamp of the company instead of the usual 3for deposit only4 company stamp, ?J@ the order of payments that were reflected in the accounts receivable program was not consecutive, and ?K@ amounts in the bank deposit not properly stamped, when added up doesn t correspond to the total at the bottom of the ticket. The first course of action was to investigate and confirm deposit. 2irst, he needs to convince the owners that fraud e.isted by working on the facts he gathered. When he gets their permission, he could then proceed to verify whether the checks were really deposited to the bank. If he finds out that some of the checks were not deposited to the bank, he can now have a convincing proof that embe66lement of funds did happen. After which, he can proceed in finding out who could be the perpetrator and how he had concealed it. "owever, if he finds out that all checks have been deposited, then his recourse is to investigate why the computer listings of individual accounts in A, had been ripped apart in the bottom and why the order of payment was not consecutive. The greatest benefit of this action is the auditor will probably detect fraud and suggest preventive actions for the future. The greatest cost would be higher compensation for the auditor. $ut the benefits outnumber the costs so it is a reasonable course of action. If the first course of action proves to be futile and impossible because of insufficient evidence, the auditor can proceed with 5ustifying the conclusion of the management that the system s malfunction was the cause of the discrepancy. "e may do this by inquiring ,adio/hack what specific modules suffered glitches. "e can also inquire what could be the causes of the system breakdown in order to prevent this from happening again. And if all the modules malfunctioned, the company can decide whether to retain the system made by ,adio/hack or to find another system. "e can also inquire about the segregation of dutiesLwho authori6es transaction, records it, and has physical custody of assets. If the auditor finds incompatible functions done by a single employee, then conclusion can be drawn out that there could have been manipulation of records and theft of assets. The greatest benefit that this action can give is the auditor will be able to 5ustify that the malfunctioning of the system was the real cause of the discrepancy and the cost would be the compensation of the auditor.

2rom the two mutually e.clusive courses of action, the former proved to be the better choice since it is able to address more areas of consideration in this case, and it is important that they must be addressed because there is an issue as to the effectiveness and efficiency of the company s internal control . True, there was a system breakdown but the internal control of the company was more inclined into opening opportunities to theft. %e.t, audit trail in the former course of action is more observable than the latter. 0astly, the compensation for the auditor in the former might be higher but the long*term benefits outweigh the cost as the auditor will also recommend improving their internal control to prevent fraud to materiali6e again. With regards to the minor problems, the perpetrator could have concealed fraud in several ways. "e could have done it by taking opportunity of the weak internal control of the company and the malfunctioning of the system. The possible perpetrator could be someone who prepared bank deposit tickets and made actual deposit in the bank, who recorded receipt of cash and checks, and who had access to the individual accounts. (ebbie is the one who does these functions. !ore or less, she can be the most convincing suspect that the auditor can have. The delegation of tasks was a huge contributor of fraud in the company since it allowed the same person to do numerous incompatible functions. The fraud can be prevented from occurring again by implementing physical controls such as transaction authori6ation, segregation of duties, supervision, audit trails brought by accounting records, direct and indirect access controls, and independent verification. The inaction of the company might open new opportunities for the perpetrator or any other individual to commit fraud again and the company might suffer greater losses. It is being learned in this case that prevention is really better than cure. If only the company could have strengthened their internal control, the opportunities for fraud might be narrower. &uring a mistake is never easy since you have to find out many things7 how can it be detected and corrected, how did it occur and who is held responsible. And sometimes, companies are faced with a dilemma of prioriti6ing cost savings ?short*term@ over finding the truth as to the matter.

The real issue in this case is how brave and determined the company is to know the truth behind a questionable circumstance. Mes, /usan and (ebbie confirmed their inference to ,adio/hack but did not seek second opinion and they stopped right there even when /usan knew there were peculiar and intriguing facts that were unleashed by the auditor. /usan and >ohn could have pursued the investigation but instead, they made themselves contented of the findings of ,adio/hack. Who could blame them? &ontinuing the investigation would entail costs to the company and might add problems of finding another employee to replace the perpetrator. "ence, they might have been afraid to verify the truth. !ost of us e.perience the same thing. 'ven if we still can do something to know what the truth is, we make ourselves believe that being safe is already enough. 2or >ohn and /usan, it was safer to blame the discrepancy to the system and go on with the operations as if nothing happened. They were afraid of what changes might further investigation bring them. They were afraid to lose one of their staff, or incur greater costs. $ut these benefits are short*lived as they would reali6e that the perpetrator may do that again and again without being detected and company will suffer greater losses, in the long*term. !ost of us would rather continue doing the familiar and not taking risks because we are afraid what events might spark if we trigger change. $ut later on, we would reali6e that the benefit of continuing the familiar is short*lived like the decision of /usan and >ohn, for change is indeed inevitable. 0ike /usan and >ohn, the possibility to larger chunks of money stolen increases as they tolerate more and more weak internal controls. It will cost us more if we let time pass by ignoring truth for it will later come out, no matter how much we suppress it. And by that time, we would not know that it already took greater value from usLgreater than we could have e.pected.