Fraud Prevention

I agree with the above statement, business owners and managers think that fraud won't occur in their business because their employees past performance has been acceptable, and therefore it will be in the future to. 

This stance is highly problematic as according to the KPMG 2010 Fraud Survey the total cost of fraud for all the respondents was $345.4 million. The respondents also admitted that only 1/3 of total losses were being detected. 65% of the major frauds were committed by employees who usually acted alone in the organisation. So once a firm is aware that fraud is a serious potential risk, it needs to take action to prevent it from happening.

Firstly the company should promote a culture that deters fraud from occurring (Sacks, 2004). This is done by hiring honest people and providing them with fraud awareness training, creating a positive work environment and development of a code of ethics. Finally an employee assistance program should be implemented to make sure employees don't feel any unhealthy pressure about there job. 

This final point was not done in my first job; I felt very unsure about what to do in a lot of situations but received little to no help in regard to these issues. This led to me not really caring about my job as I felt undervalued. Whilst I had no intention to commit fraud, it doesn't mean others with the opportunity to do so won't either.

Secondly therefore, the firm has to eliminate opportunities to commit fraud (Sacks, 2004). This can be done by having strict internal controls, discouraging collusion, monitoring employees, providing a tip hot-line, create an expectation of punishment and audit proactively. 

By having both these policies in place, it will be less likely fraud will occur in the organisation.

Sacks, S. E. (2004). Fraud risk: Are you prepared? Journal of Accountancy, 198(3), 57-63. http://search.proquest.com/docview/206782293?accountid=13380

Interesting articles:

Here is a more interesting take on fraud detection by merely looking at the first numbers of a data set:
http://www.kirix.com/blog/2008/07/22/fun-and-fraud-detection-with-benfords-law/

Here is how to detect fraud by monitoring user behaviour:
http://search.proquest.com.ezp01.library.qut.edu.au/docview/230116396

Expert Witness

I believe that I would not make a suitable expert witness primarily due to my lack of experience and specialisation in the field.

Whilst I have my degree, I have not had enough time to gain experience and specialise in the field to which is required to become an expert witness (Rasmussen, & Leauanae, 2004). This is in direct violation of APES 215 which state that I must show professional competence and due care, which is achieved through specialised training, study or experience. It also goes on to state that I should evaluate before I accept the task if I have the required experience. After evaluation of the scenario I believe I do not have the required skills to complete this task.

In addition due to the size and importance of the case, there is a high chance that due to this lack of experience I will draw out the litigation process and may not even get paid due to my evidence being thrown out of court. It will be a waste of everyone’s time and falsely raise the client’s hopes and expectations. This will in turn both tarnish not only my own professional record but also the firm’s reputation.

I have accepted to do things in the past where I did not have enough experience to accept them whether to impress the person I was doing it for or I didn’t find experience necessary to do the task. Just like in this instance it turned to be a complete waste of time for everyone involved leaving me feeling embarrassed and the other party disappointed and in a desperate situation.

References:

Rasmussen, D. G., & Leauanae, J. L. (2004). Expert witness qualifications and selection. Journal of Financial Crime, 12(2), 165-171. http://search.proquest.com/docview/235993131?accountid=13380

Interesting Articles:

Expert witness' evidence thrown out of court and struck off medical registrar for erroneous evidence:
http://news.bbc.co.uk/2/hi/uk_news/4637687.stm

Internet Filtering

I personally believe that there should be no filtering of Internet content. The reasons that shall be discussed are twofold. Firstly the rating of restricted content is very subjective in most cases and secondly by having this system in place it can be abused in the future.

Firstly, the rating content restricted over another piece is highly subjective. What should be restricted to one person could not be to another, but there is only one rater of the content (Internet Filtering, year unknown). Such content are anti-abortion and pro-euthanasia websites, they have been rated restricted content. The only way to know for sure if this should be restricted content is to use an objective test, such as a “referendum” type survey so all of Australia can put there view across. However due to the magnitude of blacklisted sites this would be near impossible due the amount of time and expense it would take.

When I was younger my parents had a filter installed on my computer to block harmful websites. However this filter also blocked lots of sites that I needed to look at to do assignments for school as the blocked categories were very broad and subjective. Therefore I had to get them to unblock it and then “reblock” it every time this happened. This was a sluggish process, however at least the sites I required were able to be unblocked. If this filter is implemented and blocks sites that are viewed by large audiences there will be no way to unblock this legally. 

In conclusion, I believe this proposed filter is very subjective and it definitely should not be put forth as legislation.

Internet Filtering, (Unknown). Problems with the use of filters. Retrieved from: http://sites.google.com/site/internetfiltering2/problems-with-the-use-of-filters

Interesting articles:

This was found by simply googling "Australian Internet filter bypass"
http://www.lifehacker.com.au/2009/12/ways-to-bypass-the-internet-filter/

Here is a group who is devoutly against the filter
http://www.internetblackout.com.au/

Disclaimers

The first advertisement to be reviewed is an insurance line advert found at http://www.youtube.com/index?client=my-google&desktop_uri=%2F&gl=AU&rdm=m3btww5je#/watch/v=12pCNf9XZQc

The disclaimers found in this advertisement where clearly legally effective, in terms of conforming to the ACCC’s advertising and selling guide (ACCC, 2007). The disclaimers whilst being small in font size could still can be clearly visible and read, as they are all on for a significant duration of time. They are bold, compelling and precise whilst being clear and accurate and worded in precise terms. This was because they were short in length and got straight to the point, whilst using formal language. They did not contradict the main message of advert; they merely added additional information about the representations that they were qualifying. 

The second ad I shall review is a Holden advert found at http://www.youtube.com/index?client=my-google&desktop_uri=%2F&gl=AU&rdm=m3btww5je#/watch?v=mgd69GQh2Cc.

This again has conformed to the ACCC guidelines and is completely legal. The disclaimer is in very small font however it is on for over 30 seconds so viewers have plenty on time to read it. The disclaimer is bold compelling and precise as it gives information on how variance on test results to the car may differ. It was clear and accurate with precise terms used, due to the amount of information covered in the short statement with understandable scientific terminology. It did not contradict the main point of the ad but supported them. In addition the disclaimer was introduced when the representation it was to qualify occurred.

These guidelines had to be followed by a friend of mine when he was creating a video advertisement. The employer sent him all the requirements and he followed them without any refinements.

Overall both ads had clearly legal declaimers in them.

References:

ACCC, (2007). Advertising and selling. Retrieved from: http://www.accc.gov.au/content/item.phtml?itemId=303213&nodeId=036ca4235ebf82478fa3d969c13d94dd&fn=Advertising%20and%20selling.pdf

Protection of IP

It is essential for a business to know how to protect and understand the importance of intellectual property (IP).

Firstly, IP can be protected using a range of legislation that is available depending upon what type of IP it is. Such acts include the Copyright Act, Patents Act, Trademark Act. These acts offer great protection to anyone wanting to protect there IP, recently my cousin used the patents act to patent a desk design he created.

However there are dealings with internal and third parties that need to be kept confidential that unfortunately do not fit into these acts. This is done with confidence agreements, express and implied contracts. These define who is authorised to know the information, why they should know, and how long the information should remain confidential and there fore should not be general but very specific (Roberts, 2002). This has helped my cousin in determining who is allowed to know about the patent in pending, and hold them accountable if they leak the designs.

Secondly, if the business does not understand who owns IP in business dealings they can lose a lot of money and not legally own the work that they paid for. Unless dealt with in the contract, the creator of the work is the owner of the work, even with employees (Groom, 2008). Therefore if the firm wants to make modifications to the work at a later date, but did not make sure they are the owners of the work in the contract, they would be doing so illegally. As a result the firm should always make sure who the owner of the IP is in the contract.

In conclusion, it is important for businesses to be educated on both these issues.

Roberts, B. (2002). Protecting the crown jewels. Electronic Business, 28(11), 52-55. http://search.proquest.com/docview/194238919?accountid=13380

Groom, S. (2008). How to reward inventive employees. Managing Intellectual Property, , n/a-n/a. http://search.proquest.com/docview/233242567?accountid=13380

Additional Readings:

This is how small businesses can protect there IP effectively:
http://www.smallbusiness.wa.gov.au/strategies-to-protect-your-ip/

Copyright Infringement

I do not agree that people should be able to download music and films for free as this would be a breach of the Copyright Act 1968 (Cth). This is of course unless it is 70 years after the artist’s death at which the copyright duration would have elapsed (s33-34) or if the artist gave permission for this to happen.

The first test for a breach under the act is if the work was reproduced without permission which is under s36(1). This test considers if there has been a reproduction of major part of the work. The people sharing these files on the internet have are merely reproducing the entire file for people to download.

In addition by posting links online these people are communicating the work to the public. This is also a violation of the act under s36(1) as well. Moreover 3^rd party peer-to-peer sharing services may also be under breach of s112E if found to be authorising infringement by not filtering out copyright material and promoting copyright behaviour as was found in the Kazaa case.

Personally, many of my friends have received warnings from companies to stop downloading illegally. Some have even received multiple warnings, I on the other hand believe it is not worth the risk and therefore I don’t do it.

So in conclusion, it is quite clear that downloading music and films for free is in breach of the Copyright Act 1968 (cth) unless exempt from the act or permission was given from the owner.

References:

Copyright Act 1968 (Cth). Retrieved from: http://www.austlii.edu.au/au/legis/cth/consol_act/ca1968133/

Additional Readings:

This is a letter from a company telling the user to stop downloading illegally, much akin to the one my friend received:
http://www.google.com.au/imgres?um=1&hl=en&tbm=isch&tbnid=W6hDpcdfgU9fHM:&imgrefurl=http://www.unmediated.org/archives/2006/04/man_receives_wa_1.php&docid=iVlmn97u1o_mpM&imgurl=http://tallin.wordpress.com/files/2006/04/Charter%252520Letter%252520-%252520Part%2525201.jpg&w=1142&h=1472&ei=VTrLT-6SJpGhiQedrLXOBg&zoom=1&biw=1647&bih=938 

Adequate Notice

I believe that web operators still should give users adequate notice of changes in their terms of use if their dealings with users are primarily on the internet. This would mean all social networking sites and E-shops like Ebay or Amazon. The reason for this is that all Browse-Wrap contracts are legally enforceable contracts due to the Verio case and as such, need to be treated as legally enforceable contracts.

The notice can be feasibly given because to sign up to these sites a valid e-mail address must be given. Hence a month before that changes come into effect an E-mail can be sent to all the accounts alerting them of the changes. This E-mail can also be repeated each week leading up to the changes being effective. A message can also be located on the home page stating that E-mails have been sent regarding the changes; and a link can be proved that would lead them to more information. To date however I have not seen a site do such a thing.

But by following the above remedy relevant notice of changes to terms of service can be provided. Since this is a legal contract these users still have rights and web operators should strive to facilitate those rights as best they can.

Online Jurisdiction

The main issue that is brought up in the MegaUpload case is whether or not America's jurisdiction spreads over the internet. The people arrested in relation to MegaUpload had no domicile in America as they were citizens of various countries living in New Zealand. Moreover, the company was not founded in America, the only point that links them to America are the servers located in Virginia.

The main implication of this case is that any breach of law from any country that occurs online can put the offender in that countries jurisdiction; as long as they have servers in that country. If the accused get extradited on these grounds it shall be a precedent that can be used everywhere.

Personally I do not think the accused should be put to trail in America since there link to the accused is very weak. The fact that there domicile is not in America and there company was not founded there either. If this was a crime that did not occur online, America would not be after them. Instead they should be put to trial either where the company was founded or in there country of domicile.

IT Governance and Fraud

Firstly I disagree with the owners view that IT governance controls are too costly. Whilst they have a cost element to them they will save the business more money than they cost in the long run. For instance the chances are that the business would have prevented the fraud from occurring if control measures were in place. 

However I would not recommend a small business to implement COBIT 4.1 due to size issues discussed in week one. Although I would recommend elements that would be practical to a small business setting. The most the two most crucial of these elements would be evaluating IT risk and setting controls on those risks. If risk is not evaluated and controls set in place in the planning stage of implementing IT to a business it is destined to fall into a trap such as fraud.

This scenario has also proven the fraud triangle to be true. The employee had been given opportunity to commit fraud with the passwords required; and due to her age of 18 she could’ve been under financial pressure. Hence this built pressure and stress with opportunity gives rise for fraud to occur.

Therefore I recommend that small businesses evaluate potential IR risk and put controls in place. This will prevent an opportunity arising for desperate employees to pounce on.

COBITs Benefits

The traditional brick and mortar firms have become extinct due to Economic Darwinism. If firms want to succeed they need to go online and embrace IT. Hence companies need to have an ITG plan to ensure the implementation, support and monitoring is done in an effective manner.

Whilst it is true that it can create a lot of work for an organisation to create an ITG plan, I believe there would be countless benefits attached to it.

All businesses need to:

• Align there IT and business goals
• Manage the risks of IT failure in there firm
• Know to have a hot or cold site as the back up system
• Monitor divergence between IT and Business goals ect

In essence it is clear to me without an ITG plan a business would be going blind into a maze of risks that they wouldn’t be able to recognise before damage occurs. Such a case is the QLD health fraud and payroll debacle. My dad was not paid for a week, due to the poor governance practises by the QLD government. It has also influenced my perceptions on how well the current government can preside over other such issues in the future.

Therefore ITG strategies are a lot of work for an organisation but is 100% necessary for success.

SMEs and COBIT

Today I will be discussing whether or not IT governance and the COBIT framework are more concerned with large businesses rather than small to medium sized enterprises (SME). I personally disagree that IT governance should only be for larger businesses; however I agree that COBIT is not suited for SMEs.

Firstly whilst larger businesses have more IT to govern over does not mean that they should be the only ones practising it. The consequences are just as detrimental if poor practises are in place no matter the size. Even for an individual like myself; I lost a USB which contained a terms worth of school work. I placed a lot of stress on myself due to that poor governance choice. 

Secondly I believe COBIT is more suited to larger businesses due to the broadness of it. A SME do not have very many staff and usually does not have a dedicated IT department meaning implementing COBIT would be much harder. Getting external help is not necessarily a good idea either as it is expensive. In addition Devos (2012) found that implementing COBIT in SME’s yielded disappointing results due to size issues.

Therefore I recommend that IT governance be practiced by all sizes of business however SMEs should seek out a better framework than COBIT that fits there business size more.

References

Devos, J. (2012). Rethinking IT governance for SMEs. Industrial management + data systems, 112 (2), p. 206.