Question

The Mountain Top Resort Community is an elegant, thriving four-season resort and community of over 1,200 single family homes, 1,000 time-share units, and a multi-million-dollar ski business. Guests visiting the resort can enjoy the indoor/outdoor water park, play golf on one of the two 18-hole championship golf courses, ski, snowboard, or snow tube in the winter on 14 trails that are all lighted for night skiing, or relax at the full-service spa. There are also three dining rooms, card rooms, nightly movies, and live weekend entertainment.

The resort uses a computerized system to make room reservations and bill customers.

Following standard policy for the industry, the resort also offers authorized travel agents a 10 percent commission on room bookings. Each week, the resort prints an exception report of bookings made by unrecognized travel agents. However, the managers usually pay the commissions anyway, partly because they don't want to anger the travel agencies and partly because the computer file that maintains the list of authorized agents is not kept up-to-date.

Although management has not discovered it, several employees are exploiting these circumstances. As often as possible, they call the resort from outside phones, pose as travel agents, book rooms for friends and relatives, and collect the commissions. The incentive is obvious: rooms, costing as little as $100 per day result in payments of $10 per day to the "travel agencies" that book them. The scam has been going on for years, and several guests now book their rooms exclusively through these employees, finding these people particularly courteous and helpful.

Requirements:

1. Would you say this is a computer crime? Why or why not?

2. Is this fraud? Why or why not?

3. What internal controls would you recommend that would enable the resort's managers to prevent such offenses? (please give me as many as you can identify)

4. Classify the controls that you just identified above as either preventive, detective, or corrective.

5. How does the matter of "accountability" (tracing transactions to specific agencies) affect the problem?

Answer 1

Answer:

1.         This case illustrates the difficulty of defining “computer crime.” The key to this particular fraud is an employee's ability to pose as a travel agent and collect a commission on an easy sale. Yet, because it involves a computer, it is possible to call this a “computer crime.”

2.         This would be classified as fraud because employees are intentionally deceiving the company, they are receiving benefits, and the firm is harmed

3.         One obvious control for this application is for the resort to formally adopt a policy prohibiting employees from receiving booking commissions when they double as travel agents-or perhaps pay them small, fixed bonuses for such work instead of full commissions. The resort should also maintain a current list of approved travel agencies, and use this list before paying booking commissions. It may also be cost effective for managers to handle non-approved agency commissions on an exceptions basis. For example, each month before paying commissions to such agencies, the resort might obtain a printout of unrecognized firms and contact each of them for verification.

4.         Classification will depend on the controls that students identify. Using the first example above, any “policy” is intended to be a preventive control. Notice that the content of the policy is to segregate duties, which is itself a preventive control. The last example in #2 (above) would be a detective control. Students also might suggest training for employees at this resort so that they learn how management expects them to behave in the future, which would be an example of a corrective control.

5.         The lack of accountability is critical to this fraud because it is the resort's policy of paying unverified travel agencies booking commissions that enables this deception to continue. It is not clear that the resort should change its policy (e.g., it may not be cost effective to do so). However, this seems unlikely. Catching and disciplining one employee may also act as a deterrent to others.