Explore BrainMass

Operational audit and employee theft

This content was STOLEN from BrainMass.com - View the original, and get the already-completed solution here!

Why is an operational audit (OA) complementary to, and necessary for, a quality security risk management program?

Identify and discuss at least two procedural controls for decreasing the incidence of employee theft.

Discuss security's role in labor disputes.

© BrainMass Inc. brainmass.com October 25, 2018, 9:11 am ad1c9bdddf

Solution Preview

Why is an operational audit (OA) complementary to, and necessary for, a quality security risk management program?
- An operational audit follows the processes and procedures for producing a product or service. Within the audit, operations are verified in terms of people and steps in the processes. The audit can identify where processes are done correctly, where problems occur, and where potential risks are. All of these discoveries can be used to improve processes and increase productivity and profits.
Internal or external auditors can do these audits. They can also identify problems with ethical behaviors. It can also reveal new risks, new perspectives, and efficiency. The intended use is to identify ways to increase productivity.
With a management program, many types of decisions are made, using many types of criteria. When a management member makes decisions without fully comprehending the outcomes, or does not consider either outcomes or alternative, then the company can be put at risk. In some cases, decisions are made with personal power and wealth considerations, leading to problems in quality, efficiency, and product ...

Solution Summary

A review of areas of security and operational audits based on supplied questions.

See Also This Related BrainMass Solution

Ethics Case: Theft Reimbursement, Twice

Ethics Case: Theft Reimbursement, Twice

I am the assistant controller at a medium-sized, not-for-profit organization. I hired a new accounts payable clerk three months ago?let's call her Mary, which is not her real name?and then I fired her last week because she stole $16,583 from us by altering six checks. Mary's primary duties were to key in all the accounts payable information, and then, after the checks were printed, to match all the supporting documentation to each check. She then took the checks to the signing officers. After they were signed, she mailed the checks and filed the yellow copy with all the supporting documentation in the paid invoices filing cabinet.
We pay each member of our board of directors a $2,000 honorarium. I prepare the list of the directors and how much to pay each director, which I give to Mary for inputting into the computer. Each honorarium check simply has the name of the director and no address or other information. We normally hand them to the directors during the meeting. Similarly, our expense report reimbursement checks only have the names of the individuals and no address or other information on the checks. We send those to our employees through the interoffice mail.
Well, after they were signed, Mary took four honorarium checks and two expense report checks, and changed the names on the checks to her name. All of our checks are printed on light green paper. Well, Mary used White-Out to alter the names, but she wasn't very smart. It was obvious that the names had been changed from the White-Out used and her name wasn't even the same font as the typing on the rest of the check. She took the checks across the street to an ATM machine and deposited them into her bank account. She then transferred the money to her family who live in another country.
I discovered the false checks last week when I was doing the bank reconciliation. She admitted what she did and we've had the police charge her with theft. Our bank was very apologetic and immediately reimbursed us the full $16,583. Our bankers admitted that the checks were so obviously falsified that they never should have cleared the bank in the first place.
Well, my problem is that, after I discovered the theft and before the bank reimbursed us, I decided to claim on our insurance policies. One of those policies is a check-protector service. Well, today we received a check for $16,583 from them. So, I took the check to my boss, the controller, and I was laughing saying that we've been reimbursed twice and that I was going to send the check back to the insurance company. Well, he said "No." He told me to deposit the check into a high-interest savings account. "We'll return the $16,583 to the insurance company after the court case is settled. In the meantime we'll earn interest on the money and since we're a non-profit organization we won't even have to pay tax on the interest."
He said the interest represents the aggravation we're going through. Well, there has been a lot of aggravation. The other accounting clerks felt terrible about Mary. They felt violated and abused because they had trusted her. We will also have to spend a lot of time with the lawyers and time in court at Mary's trial. My boss' attitude is that the interest on the extra $16,583 will cover all of these additional costs associated with the Mary fiasco. He also said that the bank deserves to pay the interest to us since they should never have cashed those doctored checks in the first place.
Well, I don't think that this is right. But I don't want to challenge him since I was the one who hired Mary. So, like, what do you think I should do?

1. How would you answer the assistant controller?
2. What advice would you give to the controller?
3. What aspects of the organization's governance process and/or internal controls were flawed?
4. Should the directors be told about the fraud and/or any other matters?
5. Indicate what preventive and detective controls can be put in place to prevent this from happening again

View Full Posting Details