Question

For each of the issues described below, explain the organisational policies or procedures that you recommend to prevent each activity from taking place. Also classify each control you recommend as whether it is a preventive, detective or a corrective control.

a. A vendor employee forwards an invoice for $476 of packing materials to a large company that manufactures fragile components, but without sending the packing materials. The company is accustomed to receiving invoices from the vendor and makes the payment, which is intercepted by the same vendor employee for their own gain.

b. A hacker is able to gain access to a company’s computer system by guessing the password of his neighbour – Gertrude, the name of his neighbour’s dog.

Answer 1

a. A vendor employee forwards an invoice for $476 of packing materials to a large company that manufactures fragile components, but without sending the packing materials. The company is accustomed to receiving invoices from the vendor and makes the payment, which is intercepted by the same vendor employee for their own gain.

In this case, what can be done to prevent such mistakes is review and double check your work two or three times before declaring it as done.

You can also segregate duties among many staff, so that the task for each person is small and limited, thus resulting in fewer errors.

This is a detective control, as it helps to detect any errors that has been made.

b. A hacker is able to gain access to a company’s computer system by guessing the password of his neighbour – Gertrude, the name of his neighbour’s dog.

To prevent this situation, the company needs to have a more sophisticated security system for their computer so no hacker gets into it. Also try not to keep such easy passwords or so.

This is a preventive measure, as it helps to prevent such occurences from happening.