ITS 360 Assignment #2
What Would You Do?
1.) I would include this filing in my audit report. Although the money was loaned for a “good” reason, it is still unlawful use of company resources, and not reporting it could potentially lead to more issues, including myself getting into legal trouble if it was found out I knew about it and did not report it.
2.) I would ask the applicants who claim to have Cisco certification for proof of their certification, and if they could not provide reasonable corroboration, I would discuss with my manager the possible need to interview those candidates who didn’t have certification, but were hones on their resume and had a strong background in IT.
Critical Thinking Q’s
1.1) Each side could have made clear their expectations for the project. IBM should have ensured they provided Bridgestone with a realistic timeline prediction, and Bridgestone should have provided IBM with a clear understanding of the problems they had had so far in attempting to upgrade their system. Bridgestone should have given IBM ample amount of time to debug and test the new system, and IBM should have shown strong effort to implement the upgrade as quickly and flawlessly as possible.
1.2) I believe IBM would have been harmed more by this publicity, as IBM was the defendant, so Bridgestone threw everything they had at them to make their case for the lawsuit. Current and potential clients of IBM probably became more dubious about using the company for tech and IT purposes, where Bridgestone’s customers probably forgave Bridgestone to an extent once they heard that it was IBM’s “fault”.
1.3) Bridgestone and IBM dropped their respective lawsuits, with prejudice, and the whole incident faded away.
2.1) I think that the penalties in place for violation of the internal control provision and the books and records provision of the FCPA should be a little more severe, as simply paying the amount earned through fraud (plus interest) doesn’t provide much of a punishment or reason for companies to adhere to the rules. I believe some organizations do tolerate lax internal control so managers have as much freedom as possible in running their business. I would suggest higher fines associated with failure to adhere to the FCPA rules and guidelines.
2.2) The organization can discuss with the provider of the package their need for better internal control, and in some cases seek retribution or implementation if the provider was supposed to provide the organization with a certain level of internal control. Otherwise, the organization should seek to hire a company to upgrade or increase the software’s capability for internal control.
2.3) IT workers should know the laws regarding business transactions, be familiar with ways to implement good internal controls to protect against violations, and should collaborate closely with the company there are evaluating or designing the controls for.