Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Hello I need help ( Accounting Information System) CASE 7-1 The Greater Providence Deposit & Trust Embezzlement I have attach the case 7/1 I need

image text in transcribed

Hello I need help ( Accounting Information System)

CASE 7-1 The Greater Providence Deposit & Trust Embezzlement

I have attach the case 7/1

I need short answer 8 questions at the end of the case.

In a word document.

image text in transcribed CASE 7-1 The Greater Providence Deposit & Trust Embezzlement Nino Moscardi, president of Greater Providence Deposit & Trust (GPD&T), received an anonymous note in his mail stating that a bank employee was making bogus loans. Moscardi asked the bank's internal auditors to investigate the transactions detailed in the note. The investigation led to James Guisti, manager of a North Providence branch office and a trusted 14-year employee who had once worked as one of the bank's internal auditors. Guisti was charged with embezzling $1.83 million from the bank using 67 phony loans taken out over a three-year period. Court documents revealed that the bogus loans were 90day notes requiring no collateral and ranging in amount from $10,000 to $63,500. Guisti originated the loans; when each one matured, he would take out a new loan, or rewrite the old one, to pay the principal and interest due. Some loans had been rewritten five or six times. The 67 loans were taken out by Guisti in five names, including his wife's maiden name, his father's name, and the names of two friends. These people denied receiving stolen funds or knowing anything about the embezzlement. The fifth name was James Vanesse, who police said did not exist. The Social Security number on Vanesse's loan application was issued to a female, and the phone number belonged to a North Providence auto dealer. Lucy Fraioli, a customer service representative who cosigned the checks, said Guisti was her supervisor and she thought nothing was wrong with the checks, though she did not know any of the people. Marcia Perfetto, head teller, told police she cashed checks for Guisti made out to four of the five persons. Asked whether she gave the money to Guisti when he gave her checks to cash, she answered, \"Not all of the time,\" though she could not recall ever having given the money directly to any of the four, whom she did not know. Guisti was authorized to make consumer loans up to a certain dollar limit without loan committee approvals, which is a standard industry practice. Guisti's original lending limit was $10,000, the amount of his first fraudulent loan. The dollar limit was later increased to $15,000 and then increased again to $25,000. Some of the loans, including the one for $63,500, far exceeded his lending limit. In addition, all loan applications should have been accompanied by the applicant's credit history report, purchased from an independent credit rating firm. The loan taken out in the fictitious name would not have had a credit report and should have been flagged by a loan review clerk at the bank's headquarters. News reports raised questions about why the fraud was not detected earlier. State regulators and the bank's internal auditors failed to detect the fraud. Several reasons were given for the failure to find the fraud earlier. First, in checking for bad loans, bank auditors do not examine all loans and generally focus on loans much larger than the ones in question. Second, Greater Providence had recently dropped its computer services arrangement with a local bank in favor of an out-of-state bank. This changeover may have reduced the effectiveness of the bank's control procedures. Third, the bank's loan review clerks were rotated frequently, making follow-up on questionable loans more difficult. Guisti was a frequent gambler and used the embezzled money to pay gambling debts. The bank's losses totaled $624,000, which was less than the $1.83 million in bogus loans, because Guisti used a portion of the borrowed money to repay loans as they came due. The bank's bonding company covered the loss. The bank experienced other adverse publicity prior to the fraud's discovery. First, the bank was fined $50,000 after pleading guilty to failure to report cash transactions exceeding $10,000, which is a felony. Second, bank owners took the bank private after a lengthy public battle with the State Attorney General, who alleged that the bank inflated its assets and overestimated its capital surplus to make its balance sheet look stronger. The bank denied this charge. 1. How did Guisti commit the fraud, conceal it, and convert the fraudulent actions to personal gain? 2. Good internal controls require that the custody, recording, and authorization functions be separated. Explain which of those functions Guisti had and how the failure to segregate them facilitated the fraud. 3. Identify the preventive, detective, and corrective controls at GPD&T, and discuss whether they were effective. 4. Explain the pressures, opportunities, and rationalizations that were present in the Guisti fraud. 5. Discuss how Greater Providence Deposit & Trust might improve its control procedures over the disbursement of loan funds to minimize the risk of this type of fraud. In what way does this case indicate a lack of proper segregation of duties? 6. Discuss how Greater Providence might improve its loan review procedures at bank headquarters to minimize its fraud risk. Was it a good idea to rotate the assignments of loan review clerks? Why or why not? 7. Discuss whether Greater Providence's auditors should have been able to detect this fraud. 8. Are there any indications that the internal environment at Greater Providence may have been deficient? If so, how could it have contributed to this embezzlement? CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recovery. CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recovery

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Financial Accounting

Authors: Anne Britton, Chris Waterston

5th edition

273719300, 273719304, 978-0273719304

More Books

Students also viewed these Accounting questions

Question

7. One or other combination of 16.

Answered: 1 week ago

Question

5. It is the needs of the individual that are important.

Answered: 1 week ago