Risk Management Systems complete the following problems, which will help you apply your knowledge of fraud prevention and risk management: Case 46 on page 164.Case 47 on page 16complete the following problems, which will help you apply your knowledge of detecting a potential fraudulent activity:
Case 43 on page 192.Case 44 on page 192. 46. Geox Company produces and sells a specialized software package used by valuation analysts
throughout the world. The software contains a series of modules connected to online databases in such
a way that valuation analysts can quickly and accurately calculate estimated market values for private
companies. Geox uses a subscription model to sell its product. Subscribers pay an initial fee, which
permits them to immediately download and begin using the software. At the end of one year,
subscribers must pay an annual fee or the subscription expires and the software stops working.
Geox began operations only several years ago with three brothers pitching in and working together in
the garage of the oldest brother, Ricky. He developed the concepts behind the product and its
marketing. Middle brother Zeek is a software engineer and did all the programming work. The youngest
brother, Tricky, developed the Web site and did all of the work setting it up and billing customers. He
manages everything to do with accounting.
Geox has rapidly grown from only a handful of subscribers to more than 10,000. Because of this growth,
Tricky hired three full-time staff members for technical support and service. He does all of the billing
himself with the help of his wife and oldest son. His present billing system was designed for only a small
number of subscribers. Customers input their payment information into a secure Web form on Geox’s
site. Tricky then receives the payment details via e-mail. He then e-mails the customer a code from his
database, which the customer inputs into the software to make it work for one year.
Tricky has become very good at handling the customer subscriptions and payments, despite the large
number of transactions. Still, the large customer load often causes him to work too many hours, so he
wants an automated system to handle all customer orders. He found an open-source shopping cart
system that he likes on the Web. He prefers an open-source system so that Zeek can customize it as
needed. Zeek is one of the world’s best programmers, and he would never tolerate relying on any
accounting system to which he could not make programming changes.
Tricky is presently using the Isolex accounting system, which is also a completely open source. It handles
all payroll and expenses. It also handles revenues, but Tricky enters them manually, in weekly totals. All
main data files in the Isolex system are stored in MySQL databases. This means that Zeek can easily
integrate the Isolex system with any of the many online shopping cart and billing systems that also
support MySQL. Tricky is considering three open-source shopping cart and billing system packages. He is
very worried about security because he has heard many stories of hackers breaking into online systems
such as the one he is contemplating.
a. Assume that you are called in as a forensic accountant to advise Geox. How would you suggest
evaluating the contemplated open-source shopping cart systems?
b. How does the fact that the systems are open source affect their security?
47. Rimco Automobile Company specializes in repairs and custom modifications for high-performance
sports cars. Dana Peaker, the CEO, is a former race car driver. Over the last 10 years, she has managed
to open 18 shops in major U.S. cities. Rimco has been very profitable. Because it provides such
specialized services for very expensive automobiles, it is able markup both labor and materials at least
four times cost and in many cases more than 100 times cost.
Rimco’s operations have several divisions, each with it is own national division manager.
Basic engine and automobile repairs.
Parts procurement and distribution.
Central office support.
Most of the profits come from the two customization divisions. Each division manager updates monthly
budgets and plans for his or her area in each of the 18 stores. The central office support division includes
the CEO, various administrative staff, accounting, internal auditing, IT, and security support.
The stores are connected to the main office through a network of VSAT satellite dishes, which permits
all transactions to be centrally recorded in real time.
Donna Hacher, a member of the IT support group, is in charge of security. She constantly ensures
companywide information security through a series of procedures that include the following:
Checking to see that all of the latest security patches are applied to all company software.
Telling all employees to notify her of any security problems.
Teaching employees about not sharing their login passwords for the accounting system.
Overall, Donna feels pretty good about security because she recently moved all accounting functions to
the latest version of the Zelical Accounting system, which has one of the best reputations in the industry
for security features. She believed that with such a secure accounting system, her main concern would
be ensuring that employees do not share their login passwords with others, for that would be the likely
opening for any type of attack.
a. Describe Rimco’s ISMS.
b. What weaknesses exist in the ISMS?
43. The Veggie-Buffet Restaurant is a downtown expensive buffet-only restaurant that specializes in
trendy vegetarian salads and soy-based meat substitutes. When customers first enter the restaurant,
they immediately take a buffet tray and a large plate and pass though the buffet, selecting food items of
The buffet is offered to all at a fixed price, and customers can eat as much as they can pile on their plate,
but they cannot return to the buffet line once they have left it. At the end of the buffet line, customers
are offered the option of purchasing nonfruit drinks or drinks in the fruit juice bar, which is located past
the buffet line. Customers who purchase the juice bar option are given a plastic glass that is tinted
slightly blue. Those who do not purchase the juice bar option are given the same plastic glass but
without the blue tint.
The juice in the juice bar is made from fresh fruit and fresh fruit juice but mixed with a good bit of water
and raw sugar. Diluting the juice is necessary for cost-control reasons; pure fresh juice would cost too
much to offer. In any case, those with the blue-tinted glass are permitted to return as often as they want
for refills. On the other hand, those with the clear plastic glasses are offered filtered water and ice in the
same fruit bar area.
Midge Greenwafer, the owner, has noticed in recent months that profits appear to be down even
though the customer count seems to be holding steady. Her first reaction is look to the juice bar
because the weekly bill for fresh fruits and juice is much higher than she would like it to be. She does
not spend a lot of time in the restaurant because she has several other businesses, so she has to rely on
restaurant employees to help her figure out the problem.
So, Midge asked Sanahoria Hambre, her favorite shift manager, about what might be causing the
problem. Sanahoria had an immediate answer: “The problem is that many people are not paying for the
juice bar but are filling their water glasses with juice. I see it all the time. Just yesterday, I saw a family of
eight all freeloading on the juice bar.”
“That’s theft,” said Midge.
“Yes, but there’s not much we can do about it. We do not have the staff to constantly monitor the juice
bar. Most of the time the problem just goes undetected. But when one of our staff does see a clear glass
being used in the fruit bar, she politely reminds the customer that the juice bar is an extra charge.”
“Good,” said Midge. “Now we just need a better way to detect customers doing this.”
a. Create a simple detection system that can be used to solve the juice bar crises.
b. What do you think is the optimal role for detection in this problem?
44. Ashley Wesley is the assistant controller at the Walitin Construction Company. Walitin is
headquartered in Miami, Florida, and has a general contractor’s license in 30 different states. It is a
privately held company with about 5,000 stockholders, with the majority of the stock being owned by
the Walitin family.
Roberta Walitin has been the CEO of Walitin Construction for the previous 12 years. Everyone considers
her an excellent leader with excellent business skills. She has an undergraduate degree from the
University of Illinois in engineering and an MBA from the same school with a concentration in
Roberta has always insisted on ethical business practices, so two years ago she worked with Ashley to
set up an ethics hotline, which Ashley personally manages on a daily basis. Anyone either inside or
outside of the company can submit tips anonymously by Page 193e-mail, telephone, or a special Web
page she had set up. There is a prominent link to the hotline on the home page of the company’s Web
Since Ashley set up the hotline, she has received three tips, all via the Web. In every case, the tip was
about a subcontractor overbilling the company for services rendered. In two of the cases, she was
unable to confirm or disconfirm whether there was fraud, mainly because it is almost impossible to
investigate the work of a subcontractor on a job that has already been completed. But in the other case,
she caught a roofer billing for fictitious work. She did not report the fraud to authorities, but Roberta did
immediately replace the subcontractor with another roofing company.
Ashley reports to Bob Benson, Walitin’s controller. He’s been with the company for many years and
works very closely with Roberta. His main interest seems to be producing the financial statements and
working with her to obtain new clients. Roberta and Bob spend large periods of their time going to
lunches with clients, participating in civic meetings, and helping in small community-service construction
Because Bob is busy so much of the time with outside activities, Ashley pretty much runs everything in
accounting on her own except for the software and hardware, which Bob manages in conjunction with
the head of the IT department.
Bob is not interested in details, and anytime Ashley tries to explain something to him, he simply waves a
hand and says, “Don’t worry me with operational issues. Just take care of it.” Ashley has learned to live
with his hands-off approach.
Overall, Ashley runs everything smoothly. Her main problem is that Betty Grabber, the senior
accountant reporting to her, wants Ashley’s job. To make things worse, Betty is a niece of Roberta
Betty is a very wily person. Her goal is to have Ashley fired, and she’s been using her family connections
to get the message to Roberta that Ashley is scheming to have Bob Benson, the controller, fired. Ashley
also suspects that Betty has been spreading a rumor that she’s planning to go to work for a competitor if
she is not successful in taking over Bob’s job.
Ashley is unsure as to whether Bob is aware of the rumors. He seems to be avoiding her recently, and
there seems to an edge in his usually friendly voice. Ashley is feeling depressed just thinking about it.
She’s heard that Bob is having serious marital problems. Perhaps those problems are affecting the way
This morning Ashley had a major surprise when she started reading her e-mail, which contained a new
anonymous tip. Someone had submitted it last night via the Web, and it had automatically been
forwarded to her via e-mail. The tip read as follows:
To: Walitin Tip System
Sent: Tuesday 8/1/2015
I’m sending this tip to help you. I understand what you are going through. You’re working for a liar and a
thief. Bob Benson is hacking the accounting system to produce fraudulent financial statements. He’s
doing it in such a way that you’ll get the blame. It’s going to be a big mess.
a. What should Ashley do? Should she try to investigate? Should she report the tip to Roberta?
b. Evaluate Walitin’s hotline and make recommendations for its improvement.
Purchase answer to see full