Question

A computer operator at the local data processing center decides to visit work on a Monday evening. She has a key to the outside door, and since there is no key required for the computer room, she simply walks into the computer room. The operator, who is really one of the nation’s most notorious computer programmer/hackers (having been convicted five time for manipulating various firms’ data files), opens the documentation bookcase, located in the corner of the computer room. In the bookcase she finds the procedural documentation, the systems documentation, user manuals, application documentation, and operator manuals. She examines the documentation to understand the payroll program and to find the location of the payroll files. She accesses the information systems library, which is available to all computer operators at all times, accesses the payroll program, reprograms it, and runs a payroll job that creates one electronic funds transfer (to a new account opened by the operator under an assumed name). On Tuesday, the operator transfers the funds to a Swiss bank account and does not show up for work.

        Required

Prepare a summary that details any internal controls violated in this situation.

Answer 1

The computer operator does have a background of being one of the nation's most notorious computer programmer and hacker and have also been convicted five times for manipulating various firms' data files. The computer operator is not at all trustworthy and of highly suspicious character.

Now,

According to the problem, the computer operator does have a key to the outside door, which is a security breach and she as an operator shouldn't have had the key with her. Next, she opens the documentation bookcase and finds the procedural documentation, the systems documentation, user manuals, application documentation and operator manuals. Out of all these none of the documents are relevant to her work, therefore, she violated the regulations and moreover  she examines the documentation to understand the payroll program and to find the location of the payroll files, which is highly confidential for any organisation and is not permissible. Next, she examines the information system library which is available to all computer operators at all times and accesses the payroll program and reprograms it which is not at all permissible and thus, violated the regulation again. Finally, she commited a criminal offence by running a payroll job and creating a fund transfer to a new account opened by her under an assumed name. The next day she transfers the funds into a Swiss bank account and does not show up for work, assuming she flew away to another country to get saved from all these allegations of violating the regulations of the organisation and commiting a criminal offence.

She violated several internal controls in this situation and transferred the funds to a Swiss bank account so that any traces of money laundering couln't be found as Swiss bank never shares it's customer's information with anybody.