John Martin, a highly skilled computer technician with a master’s degree in computer science took a low profile evening job as a janitor at Kent Manufacturing Company. Since the position was low level no security clearance or background check was necessary. While working at nights, John snooped through offices for confidential information regarding system operations, internal controls, and the financial thresholds for trans-action that would trigger special reviews. He observed employees who were working late, type in their passwords, and managed to install a Trojan horse virus onto the system to capture the IDs and passwords of other employees. During the course of several weeks, john obtained the necessary IDs and passwords to set himself up in the system as a supplier, a customer, systems administrator, which gave him access to most of the accounting system’s functions.
As a customer, John ordered inventory that was shipped to a rented building and later sold. As a system administrator, he approved his credit sales orders and falsified his customer payment records to make it appear that the goods had been paid for. He also generated POsto himself and created false receiving reports and supplier invoices as part of a vendor fraud scheme. He was thus able to fool the system into setting up accounts payable to himself and writing checks in payment of inventory items that the company never received.
John was careful to ensure that all his transactions fell just below the financial materiality thresholds that triggered special reviews. Nevertheless, his fraud schemes cost Kent Manufacturing approximately$100,000 per month and went undetected for one and half years. John, however, became overconfident and careless in his lifestyle. Working late one evening, the internal auditor observed John arriving for work in an expensive sports car that seemed out of place for a poorly paid janitor. The auditor initiated an investigation that exposed John’s activities. He was arrested and charged with computer fraud.
Please answer the following question in detail demonstrating your understanding of the subject:
A. What control weaknesses allowed John to perpetrate these frauds?
B. Explain the controls that should be in place to reduce the risk of fraud.