Woman hacks North Bay Health Care Group According to Computer Crime and Intellec

Question

Woman hacks North Bay Health Care Group According to Computer Crime and Intellectual Property Section, Criminal Division, United States Department of Justice (CCIP), May 27, 2004, United States Attorney McGregor W. Scott announced that Jessica Quitugua Sabathisa, 31, of Vallejo, California was charged with ten counts of fraudulently using her computer to misuse more than $875,035 from North Bay Health Care Group ("North Bay"). North Bay is a not-for-profit organization which operates hospitals and clinics in Vacaville and Fairfield, California. This computer crime case was investigated by the United States Postal Inspection Service and the United States Secret Service. According to Assistant United States Attorney Robin R. Taylor, who is prosecuting the crime, the indictment charges that between July 2001, and April 2004, Sabathia, an accounts payable clerk, used her computer to access North Bay's accounting software. Without the authority of her employer, Sabathia issued approximately one hundred and twenty-seven checks payable to herself and others. To conceal the fraud, Sabathia distorted the electronic check register to make it appear that the checks had been payable to North Bay's vendors. Sabathia cashed several of the checks, and many were deposited into her bank account, and the bank accounts of others, and used for personal expenses. If convicted, Sabathia faces a maximum sentence of five years in prison, and up to a $250,000 fine for each count of the computer fraud. The charges in the indictment are only allegations and the defendant are presumed innocent until and unless proven guilty beyond a reasonable doubt. Questions in Detail 1. For Such Situation can you provide two measures with reasons to check such frauds where proofs are not rational and enough to prove some guilty. 2. Also can you provide two proactive solutions with reasons to such situation so that no Sabathia can misuse her job position and make financial and other harm to the organization?

Explanation / Answer

The Board of Directors and Audit Committee Sufficient number of independent board members knowledgeable about internal control Strong enough to ask hard questions of senior management about preventing and detecting fraud Questioning the auditors without senior management present if the auditors are aware of any indications of fraud and what procedures they employed during the audit to detect fraud Setting a strong ethical tone at the top and communicating it throughout the organization Internal Auditor Independent of the President, CEO, or COO and knowledgeable about internal control Reports directly to the Board or owner Strong enough to ask hard questions of senior executives about how they prevent and detect fraud Periodically questions bookkeepers, data entry personnel, and programmers if they have been asked to make unusual entries, or know about theft of assets Interview the network admin and obtain a list of users who have access rights to make changes to accounting journals and review it with business managers for appropriateness Ask programmers and the IT staff if senior management ever asks them to make accounting entries, especially at year end. Determine if the accounting journals record user names, dates, and time of entry. If so, use a CAAT package like ACL or Idea to: Search for entries made at unusual times of day, i.e. outside regular business hours. Search for entries made by unusual users, blank user names, senior management, the IT staff, or nonsensical user names, i.e. names like guesswho, netuser, or spock. Enable appropriate audit logging, establish the integrity and continuity of the logs, and review regularly

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.