In: Accounting
Answer:
1. This case illustrates the difficulty of defining “computer crime.” The key to this particular fraud is an employee's ability to pose as a travel agent and collect a commission on an easy sale. Yet, because it involves a computer, it is possible to call this a “computer crime.”
2. This would be classified as fraud because employees are intentionally deceiving the company, they are receiving benefits, and the firm is harmed
3. One obvious control for this application is for the resort to formally adopt a policy prohibiting employees from receiving booking commissions when they double as travel agents-or perhaps pay them small, fixed bonuses for such work instead of full commissions. The resort should also maintain a current list of approved travel agencies, and use this list before paying booking commissions. It may also be cost effective for managers to handle non-approved agency commissions on an exceptions basis. For example, each month before paying commissions to such agencies, the resort might obtain a printout of unrecognized firms and contact each of them for verification.
4. Classification will depend on the controls that students identify. Using the first example above, any “policy” is intended to be a preventive control. Notice that the content of the policy is to segregate duties, which is itself a preventive control. The last example in #2 (above) would be a detective control. Students also might suggest training for employees at this resort so that they learn how management expects them to behave in the future, which would be an example of a corrective control.
5. The lack of accountability is critical to this fraud because it is the resort's policy of paying unverified travel agencies booking commissions that enables this deception to continue. It is not clear that the resort should change its policy (e.g., it may not be cost effective to do so). However, this seems unlikely. Catching and disciplining one employee may also act as a deterrent to others.