MBA Information Technology Preventing and Detecting Operational Risk Essay

MBA Information Technology Preventing and Detecting Operational Risk Caused by Employees - Essay Example It has become imperative for the senior management to forcefully implement the appropriate measures to detect and prevent operational risk from employees in their organisations. Most of the measures, including security, need to be followed top down. An employee who sees an upright senior is less likely to engage in fraudulent behaviour. Security Policies and Training. The next step is to develop security policies and provide training to ensure that everyone is aware of, understands them and also follows them in right spirit. The greater the understanding of how security issues directly impact production levels, customer and supplier relationships, revenue streams, and management's liability, the more security will be incorporated into business projects and proposals. Most critical is an Acceptable Use policy (AUP) that informs users of their responsibilities. An AUP serves two main purposes: (1) It helps to prevent misuse of information and computer resources and (2) it reduces exposure to legal liability. Security Procedures and Enforcement. The next step is to implement procedures, training, and enforcement of the AUP. Businesses cannot afford to ignore security risks nor can they afford the infinite cost of perfect security. Security Tools: Hardware and Software. ... Keep in mind that security is an ongoing, multilayered process and not a problem that can be solved with hardware or software tools. Hardware and software security defenses cannot protect against irresponsible business practices. 2. What events triggered the strong measures to prevent and detect internal fraud Name three laws that have antifraud measures. Answer. Fraud Prevention and Detection. Internal audits and internal controls (cover later in the chapter) are critical to the prevention and detection of occupational frauds. Some high-profile examples of occupational fraud that were executed because of the lack of internal audits and controls leading to implementation of strong measures to prevent and detect internal fraud include: NEC. In 2006, NEC had to restate its earnings for five prior years after discovering that a 50-year-old manager/engineer had been fabricating business deals. The bogus deals inflated sales by 36.3 billion yen ($311 million). The false transactions enabled the manager to embezzle tens of millions of yen, which he spent on entertainment. Adelphia. A year after the public learned of the $600 million Enron scandal, the Rigases made Enron's fraud look like penny-change. The SEC uncovered the misappropriation and theft of tens of billions of dollars. In addition to the $2.3 billion the family stole from the company for their personal use, they caused losses investors of more than $60 billion. Global Crossing. Corporate insiders knowingly sold more than $1.5 billion of artificially inflated company stock. In April 2005, the SEC filed a settled action for civil penalties against Global Crossing's former CEO, CFO, and VP of Finance for aiding and abetting the fraud. Each executive agreed to pay a $100,000