Paul Linkchorst

Question 1: What are the challenges faced by Salvi?

Vishal Salvi, the Chief Information Security officer at HDFC bank at the time of the case, had several challenges facing him in his new role. As outlined in the beginning of the case, the three major dilemmas that Salvi faced were how to ensure security of online transactions, whether or not…[Read more]

Hi Said,

I would agree with you and think the CEO should resign. Throughout my readings, I couldn’t identify if the fraud was material or not, in the sense that it had a substantial impact on the financials of the company. However, in my post I suggested that an investigation be made on the CEO and if found he had knowledge of the fraud, s…[Read more]

Hi Ming,

Definitely became a big fan of Valve/Steam when I switched over to playing on a PC. You bring up a good point though about how a game is permanently recorded to your account. This helps with the Order to Cash process since customers don’t need to worry about their product being “lost” or any claims made about not receiving a produ…[Read more]

Hi Yu Ming,

I would agree that sellers such as Dunkin Donuts that have the products located at a store will have the best Order to Cash processes. Since the product can be provided to the customer usually within a couple of seconds, it makes for a very secure and easy transaction. With that being said, I think Dunkin Donut’s new ordering a…[Read more]

Hi Abhay,

You bring up a really good point about credit management. In a fraud situation, an individual can raise the credit limit or worthiness on a particular customer in return for compensation or something else. Since sometimes credit worthiness can result in more favorable purchase terms, customers might be willing to bribe or somehow…[Read more]

Hi Said,

Couldn’t agree with you more. I think the shipping portion is definitely an area that is susceptible to fraud. However, I just wanted to point out that the Order to Cash process is not just complete when the order is received by the customer, but is complete when the payment for the order is received by the seller. There are some a…[Read more]

As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?

One of the company’s that I believe to have a good Order to Cash process is Valve Corporation. Valve is a software and video game developer that created a video game client called…[Read more]

Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?

I would say the two individuals responsible for the controls of the company’s Order to Cash would be the CFO and the COO. In my mind, the two major elements of the Order to Cash process is the accounting of the orders and the ful…[Read more]

What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?

As we know, the Order to Cash process involves a customer ordering a product or service to begin with, and ending with the seller receiving the payment. When I think of the Order to Cash process, the two underlying processes…[Read more]

As most of us know, Wells Fargo has recently disclosed that a large scale fraud has taken place within the company, which resulted in 5,300 employees being fired or about 2% of its workforce. This fraud essentially involved employees who made up fake accounts or enrolled existing users into new but unwanted programs in order to meet company…[Read more]

An Important Message to Yahoo Users on Security

Yahoo, the tech company, has recently disclosed that it had been breached with over 500 million accounts compromised. According to haveibeenpwned.com, a website that allows users to search if their accounts have been breached using information from the web, the Dropbox breach could potentially…[Read more]

Hi Daniel,

I suppose revealing that a company has been breached poses a bigger risk since it might provoke hackers or “bad guys” in general to get involved in the action.

Hi Mansi,

I do think the ulterior motive for this case was that the practitioner wanted her patients to receive further treatment to prevent them from getting worse again. While this might be a moral or just cause, it still involved ripping off the company as a whole since their resources were being used without taking in any revenue.

Hi Priya,

I would have to follow up with what Ming had said that I believe it is “most” important. Timing is definitely an important part. However, if an asset isn’t even recorded on the financial statements then timing wouldn’t even be taken into consideration.

Seagate faced with class-action lawsuit following whaling scam

According to the article found on IT Governance USA’s webpage, Seagate, the computer hardware manufacturer, is now facing a class-action lawsuit due to a “whaling scam”. The article states that over 10,000 employees of the company had information leaked which included W-2 forms…[Read more]

Hi Sean,

I think you bring up a good point that a major risk associated with DBMS, is that of being a big target for hackers. It seems like every other day a major company is being hacked, which I am sure not all compromises are reported. Since information is a valuable and easy to sell, databases are a huge target. It will be interesting to…[Read more]

Hi Yu Ming,

Good point that you brought up about training being an effective way to mitigate risks. My first thoughts seem to go to access controls and monitoring. However, simple training can teach employees the value of following policies and procedures as well as incorporate them as a vital part of information security. You can have the…[Read more]

Hi Professor Yao,

Will do. I will leave my thoughts here as well.

• Unauthorized users to the database
o Have standard process/policy in place for creating users. Also there should be a periodic review of the users with access to the database.
o Remove excessive rights and users that either default or have been added

• Mal…[Read more]

Hi Wenting,

I had the fraud triangle in mind when I raised the question. In my experiences, those who commit time theft rationalize the theft since they are underpaid and not as “respected”. However, I find the same ones who commit time theft and rationalize this way are those who will not show up to work or go on social media when on the…[Read more]

Hi Sean,

Good point that you brought up about these actions being the tip of the iceberg. We talk a lot in our classes about the “tone at the top” and this could be an example where employees don’t respect the policies put in place. If they are willing to share that exploitation with an intern, what else are they doing that they would…[Read more]