Question

In some of the recent corporate scandals, senior executives “doctored the books” and misrepresented the corporate financial status of the company. In others, transactions were created to and from inert or false companies to enhance the bottom line. All of these actions required some intervention and dependence on current or new IT systems. As a result the Federal Government passed the SOX regulations in 2002-2003 and the Dodd-Frank Financial Reform law in 2010.

Do you feel the information technology group could or should identify (expose) these fraudulant practices?

What do you feel the responsibilities of the CIO are relative to internal fraud and illegal activities?

Is the CIO ethically responsible for how the network and computing “utility” within the company is used?

Is it an IT responsibility to build and install systems that cannot be compromised?

Does the information technology have the responsibility to ask “why” a business function is needed when a system is built?

Does the internal or external audit function have any responsibility in guiding the development of new Information Technology systems? Explain.

Answer 1

Background:

In some of the recent corporate scandals, senior executives “doctored the books” and misrepresented the corporate financial status of the company. In others, transactions were created to and from inert or false companies to enhance the bottom line. All of these actions required some intervention and dependence on current or new IT systems. As a result the Federal Government passed the SOX regulations in 2002-2003 and the Dodd-Frank Financial Reform law in 2010.

Answer 1 – Yes, we do feel that the information technology group could or should identify and expose these fraudulent practices in the business. But these group does not have any power to expose such fraud cases, as these are intentionally planned by the some senior managements.

Answer 2 : The responsibilities of the CIO are relative to internal fraud and illegal activities are

• Identify and inform to their senior authority of the fraud events in the IT environment.
• Develop the framework to avoid the fraud internet acts in the IT ERP software.
• Develop the team to ensure that fraud events are not entertained in the IT ERP software.
• Update the found cases to the CIO and other Chief people in the organization, if the organization is open for fair updates.

Answer 3: Yes, the CIO ethically responsible for how the network and computing “utility” within the company is used and being explored for the fraud work. But the CIO has also limitation as he may be overruled by his seniors or the directors who is managing the CIO.

Answer 4: No, it is not an IT responsibility to build and install systems that cannot be compromised, but it is the responsibility of the senior management and CEO/ COO of the organization to ensure that such system are implemented at the organization.

Answer 5: No, the information technology does not have the responsibility to ask “why” a business function is needed when a system is built, because the business function may be performing many works as suited to the needs of the organization. It is the decision of the CEO / COO for keeping or leaving the function in the organization.

Answer 6: Yes, the internal or external audit function does have the responsibility in guiding the development of new Information Technology systems, so that better control can be implemented in the IT system as per the findings in the audits. This improvement approach based on audits will keep on improving the work culture and control of the IT system more strong.