In: Finance
Betty and Tony are concerned that clients may be potential targets for internal and external fraud based on this media release. As their ERP is more than 10 years old, they feel their internal controls are outdated and do not want you to review their current system of controls. Betty and Tony have requested that you focus your research on current threats to the online dating industry and methods of mitigation of these threats. The current process for new clients and accounts receivable at LFL is as follows:
Using the information provided to you, prepare a business report to Betty and Tony addressing the following:
THE 5 POSSIBLE INTERNAL CONTROL WEAKNESSES RELATING TO LFL'S SYSTEMS THAT ALLOW FRAUD TO OCCUR AND THEIR IMPACTS ARE :
1) THE EMPLOYEES IN LFL HAS ACCESS TO ALL THE PERSONAL INFORMATION OF THEIR CLIENTS INCLUDING CLIENT ID AND THEY CAN MISUSE IT FOR THEIR PERSONAL BENEFITS.
2) THE ACCOUNTS RECEIVABLE CLERK HAS ACCESS TO CREDIT CARD DETAILS OF ALL THE CLIENTS AND HE/SHE CAN MISUSE IT FOR PERSONAL BENEFITS.
3) THE INFORMATION SENT BY LFL TO THEIR NEW CUSTOMERS INCLUDE CLIENT ID , DATE OF BIRTH & ADDRESS WHICH IS A MATTER OF CONCERN FOR THE COMPANY.
4) THE ACCOUNTS RECEIVABLE CLERK HAS ACCESS TO BANKING APPLICATION TO UPLOAD THE CREDIT CARD DETAILS FOR MONTHLY PROCESSING OF CLIENTS PAYMENTS AND THERE IS NO CHECK ON HIS WORK BY SOME OTHER EMPLOYEE OF LFL ON HIM.
5) LFL HAS A NUMBER OF BUSINESS BANK ACCOUNTS & THE ACCOUNTS RECEIVABLE CLERK HAS AUTHORITY TO NOMINATE THE BANK ACCOUNT FOR RECEIPT OF CREDIT CARD PAYMENTS. THE POSSIBLE RISK IN THIS PROCESS IS THAT THE CLERK CAN EVEN NOMNATE HIS PERSONAL BANK ACCOUNT DETAILS FOR RECEIPT OF CREDIT CARD PAYMENTS FROM CUSTOMERS
THE PARCTICAL APPLICATION CONTROLS LFL COULD IMPLEMENT TO MINIMISE THE IMPACT OF EACH OF THE POTENTIAL WEAKNESSES ARE:
1) THE EMPLOYEES IN LFL SHOULD NOT HAVE ACCESS TO CLIENT ID. THE CLEIRNT ID MUST BE ENCRYPTED AND MUST NOT BE VISIBLE TO ANY EMPLOYEE OF THE COMPANY.
2) THE ACCOUNTS RECEIVABLE CLERK SHOULD NOT HAVE ACCESS TO CREDIT CARD DETAILS OF CUSTOMERS. THE CREDIT CARD DETAILS ONCE ENTERED BY CUSTOMERS IN THE ONLINE APPLICATION FORM MUST BE ENCRYPTED IN THE LFL COMPUTER SYSTEM AND MUST NOT BE VISIBLE TO ANY EMPLOYEE OF THE COMPANY.
3) THE INFORMATION SENT BY LFL TO THEIR NEW CUSTOMERS MUST NOT INCLUDE CLIENT ID , DATE OF BIRTH & ADDRESS AS THIS INFORMATION IS NOT REQUIRED BY THEIR CLIENTS INSTANTLY AS THEY REVIEW FOR THIER DATES. THIS INFORMATION CAN BE EASILY MISUSED BY ANYONE ONLINE.
4) THE ACCOUNTS RECEIVABLE CLERK'S WORK MUST BE AUTHORISED BY SOME OTHER EMPLOYEE OF LFL SO THAT THERE WILL BE MAKER CHECKER ENVIRONMRNT AND THE CHANCES OF FRAUD SHALL BE LESS.
5) LFL SHOULD HAVE ONLY ONE BUSINESS BANK ACCOUNT INORDER TO RECEIVE CREDIT CARD PAYMENTS FROM THEIR CUSTOMERS SO THAT THERE WILL BE NO ROOM FOR ACCOUNTS RECEIVABLE CLERK TO COMMIT FRAUD AND RECEIVE MONEY INTO HIS PERSONAL BANK ACCOUNT.