Fraud

I agree with the statement that awareness and education is the key to defeating fraud within today’s organisations, according to constantly high incidence of fraud through last decade. However, it must combine with internal control and deduction of pressure for optimal effectiveness in minimising the incidence of fraud.

As I discovered that those organisations with high fraud risks are all lack of effective internal control, otherwise employees in those companies are under too much pressure. To be specific, fraudsters may exist if there is no formal risk management framework can be used to monitor and evaluate internal control. The reason is that internal control monitoring can provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations. Additionally, internal control mechanisms are able to reduce opportunities to commit fraud risk. In terms of employees’ overload pressure, which comes from various aspects, such as home loan payments, gambling debts and desire of appearing successful. Such pressures are potential motivations for employees to commit frauds. I found that most common characteristics of high fraud risk organisations include high turnover of staff and profits tied salary structure. Therefore, internal control and reduced pressure play a significant role in lowering fraud risks. Nevertheless, resources and time spend on developing an ethical culture are good long-term investment. The better educative efforts to build ethical organizational climates and better management behavior would keep organisations out of high fraud risks.

In order to build a fraud-intolerant environment within organisations, I recommend three strategies. Firstly, establishing an effective fraud control system that provide an expectation of punishment for breach and define responsibility for fraud. Secondly, developing a corporate code of conduct that list expectations about bushiness practices and employee conduct to avoid dishonest and unethical practices. Additionally, promoting a culture of honesty and openness by operating a employee assistance program. 


 
http://www.anao.gov.au/html/Files/BPG%20HTML/Government%20Fraud%20Control%20BPG/5_1.html 

Mandatory Filtering for Australian ISPs

I do not think Australian ISPs should be forced to filter Internet content, although mandatory filtering for Australian ISPs can protect children from exposure to RC-rated content when they are online to some extend. There are much more issues associated with Internet content filtering should be taken into consideration.

The first problem is the difficulty in identifying prohibited content which required to be filtered for mandatory ISP filtering. As I found that ISPs can not filter all material for prohibited content unless they are told which particular content is prohibited contend. The Australian Broadcasting Authority had only notified ISPs limited items of content that had identified. Therefore, blocking those partial items that expected to increase constantly would not protect children effectively. The second issue should be addressed is overblocking and underblocking of filters. Filters vary in their effectiveness. According to the data measured by their rates of failure to block prohibited content identified by the ABA. I discovered that some approved filter vendors had not added all ABA notified items of content to their blacklists. Subsequently, the filters failed to block some notified content, and may incorrectly block a significant percentage of material that apparently should not have been blocked including sexual health and education. The risk of privacy infringement is the third issue. I learned that auditing and tracking is an important feature of many Internet filtering products, except for blocking access to unacceptable content. Thus, surfing activity of individual users can be examined. The potential for mis-use or inadvertent disclosure of detail of customers’ Internet usage would threaten users’ privacy.

 In conclusion, the use of filtering software should not be mandatory. The key to protect children from inappropriate content and enjoy the wonders of the Internet is Internet safety education. The filtering software should be installed voluntarily to suit family’s needs, rather than a one-size-fits-all ISP filtering system. 

 

ISP level filtering won't work

Advertisements with Disclaimers

I found two typical examples of disclaimers in web advertising. The first one is the website ads of Apple Store http://www.apple.com/legal/internet-services/terms/site.html while the other is from Occupational Therapy (http://www.otaus.com.au/disclaimers/list/asset_id/1/cid/1/parent/0/t/disclaimers). Both disclaimers provided on websites are legally effective.

As I discovered that the primary purpose of a website disclaimer is to limit the liabilities that a website owner or publisher may suffer arising out of the website, as well as to qualify other information on the site. Those liabilities that publishers must contend with include defamation, copyright infringement and breach of privacy. I learned that there are two standards a business must comply with to eliminate inherent risks in using disclaimers. Firstly, businesses must adequately draw the consumer’s attention to the qualifying statement. Secondly, the disclaimer must be effective in remedying the main statement.

In terms of the first rule, disclaimers on both web advertising I mentioned are accessed via a link at the bottom of every page in relatively small print. In this way, there is no guarantee that consumers will see them. According to the ACCC Advertising and Selling Guide, businesses should make more efforts to make disclaimers conspicuous. For instance, to place disclaimers on a compulsory page, leaving consumers no choice but to view them at some stage while in the site. Another more appropriate way is to use dialogue box that contains claimers opens on users’ screen when they access the website before they make a purchase. For the effectiveness of a disclaimer, Apple Store and Occupational Therapy both made qualified statements. The reasons are that disclaimers in those two websites are accurate, clear and in precise terms. In addition, claimers do not contradict any advertising claims. Furthermore, both advertising adequately disclose material terms for goods and services. 

  Therefore, claimers in advertising websites from Apple Store and Occupational Therapy are legally effective. However, the inherent risks would be minimized if they make their claimers more compelling.

IP Protection and Ownership of IP Rights

In order to protect IP, a business can take the following three measures. The first effective measure is to register a trade mark which is a sign used to distinguish the goods or services of one trader from those of another. I found that if certain trade marks such as a logo, name and signature were registered, the registered owner of the trade mark has exclusive rights to use it and to authorize others to use it. Applying a patent is a second way to protect IP. I learned that a patent gives the patentee the exclusive rights to exploit the invention and to authorize another person to exploit it during the term of patent. What counts is the validity as an infringement may only be initiated if the patent is valid. The last IP protection strategy is to authorise confidential information by signing a contract, which is an alternative to patenting. It keeps information secret under the law of confidentiality when sharing information with third party at start of a business.

  Understanding ownership of IP rights is important for a business. It not only prevents business IP against infringement, but also eliminates risks of being an infringer. I discovered that there are different ways to make money from IP rights such as buying, selling and licensing. When you buy a business that is already established, you buy more than the stock or the right to sell products, the IP and the rights to use it should be bought at the same time. Therefore, the key thing is to ensure ownership of all IP assets are transferred into your name and be valued on the date bought. Furthermore, many businesses are built around licensing. The owner of IP rights may license someone else to exercise those IP right for charging fees, and the person be granted to the rights might then offer the public a license to use that IP for profits

                                 

don't wait to protect your business IP

 

Download Music and Films

I disagree with the statement that downloading music and film in Australia from Internet without payment should be allowed. There are three aspects should be taken into consideration.

Firstly, we should determine weather the music and film entitled to copyright. I learned four criteria of obtaining protection under the Copyright Act. The item should be a work or subject matter other than a work. That is qualified for music and film as music is defined as a musical work and film is one of other subject - matter. Originality is the second requirement, namely, the work must originate from the author and made with some skills and labour. The third criterion is material form that is met by music and film from Internet. Furthermore, its must be produced by qualified person who is a resident or citizen of Australia, or member of Berne Convention country. The item is entitled to copyright only if four criteria above met. Secondly, for those woks prevented by copyright, we need investigate the duration of copyright. In terms of the diverse duration of copyright applied to different works, I discovered that the copyright in music and film have the same duration, that copyright continue to subsist until the end of 70 years after the year in which the work is first published or performed in public. Furthermore, If the music or film is under protection of copyright, this means the owner of these works has exclusive rights to copy, reproduce and perform in public. Therefore, we should further analysis weather download them from Internet not infringes copyright. I found that infringement occurs when a person who is not the owner of the copyright take advantages of works without the permission of the copyright owner. However, some exceptions to infringement listed in Copyright Act. That includes fair dealing for purpose of study and fair dealing for reporting news, parody and satire.

In summary, we can download music and film from Internet for free only if passed the three elements above.


 https://www.youtube.com/watch?v=LIYbl6WTyc8

Unfair contract terms

I do not think that a web operator is able to change the terms of use of website without giving users adequate notice as this action result in an unfair contract term according to the unfair contracts law. First of all, a significant imbalance in the parties’ right arises under the contract. The website user was deprived of the right of knowing changed terms and the right of rejection, thereby an unexpected credit card charge automatically to operator. That also meets the second criteria of determing the unfair contract term as it would cause detriment to a party if it were to be applied. Therefore, a party cannot unilaterally change the terms of a contract before obtain the other party’s consent. However, this issue could have been rapidly avoided by website operator with some practical movements, such as send a notice by mail or call, although, it could increase extra work for website operator to some extend. Finally, In terms of the third fact that that unnoticed term is not reasonably necessary to protect the legitimate business interests of the website operator who would be advantaged by the term. In a word, the term will be void when that proved to be unfair, which caused by inadequate notice of the change.

Megaupload

The jurisdiction issues related to the Megaupload case can be summarized into four key aspects that respectively are, whether cyberspace included in United States territory, whether defendants should be extradited according to their crimes, does racketeering exists associated with intellectual property case and could this case apply to other cloud service. Those four issues are of significant to governments on conducting jurisdiction to defendants derived from cloud service.

The first concern relates to international IP infringements on the Internet and thereby the issue of extradition. As I learned that national jurisdiction has traditionally extended to activities that take place within a country. Therefore, the boundaries of state jurisdiction should be defined while taking cyberspace into consideration. For the second issue, there are five crimes listed under United States law, the accused should be extradited if they commit one of them. Racketeering might be constituted when the accused be proved to specifically know the uploaded contents are infringing. It is possible that the popular content is non-infringing under reward business model with cloud service. In addition, the US jurisdiction to Megaupload case will significantly affect international users of many other US-based cloud computing services.

Jurisdictions are different between countries. It would be increasingly challengeable for organizations to manage liability if a website can be accessed from multiple jurisdictions.

Boutique Technology

 The fraudulent activities committed by employees was attributed to two aspects of the company’s operating environment, are “Plan and Organise” and “Monitor and Evaluate”. The CEO of the company Alan is indifferent to “red tape” policies, Thereby business objectives are not able to be control by incorporating IT and business management, leading to unexpected overheads for the lack of strategic IT plan. I found that the recruitment and selection of employees conducted without any formal procedures and only three employees are accountable for the accounting, finance and HR activities. Those are two facts of the insufficient of human resources management and risks assessment. I discovered that there are no monitor and evaluate internal control due to the limited resources derived by pursing of low product costs. In addition, extra working hours and lower-rate award rates raised pressure to employees. Therefore, people will explore more opportunities to commit fraud with increased pressure and decreased internal control.

To address those problems, I recommend that Alan to focusing more on the IT governance rather than the culture fostering. Specifically, subsidise funds on selecting and training qualified staff and establishing IT governance. To this extent, COBIT 4 is strongly recommended. Meanwhile, Diminishing overtime and appointing more staff to the internal control activities are effective.

 

WhizBiz Pty Ltd

The statement about the massive work created by implementation of COBIT has been a critical issue for many organisations, especially for the small and medium sized business. I learned that COBIT is a comprehensive set of resources that contains all the information that organizations need to adopt an IT governance and control framework. There are four domains of COBIT, which consist of 34 processes and each process has several control objectives used for implementation and assessment. It seems to be unlikely for WhizBiz to implement all processes included in COBIT for their limit scale. However, I discovered that COBIT Quickstart is useful to address this issue. The reason is that Quickstart provides a selection from the components of the complete COBIT, thereby meet the need of smaller enterprises for a simple-to-use tool that will speed up the implementation of key IT control objectives.

In terms of online selling mode and a number of databases stored in WhizBiz. It is more necessary to implement COBIT as a framework to ensure good control over information to meet objectives. That is because more risks including fraud, data leakage and online issues are likely to emerge under online environment if IT control is inadequate.

ITGC - To give effect to the Corporate Plan

I agree with the statement that an IT governance control framework such as COBIT is more essential to the effectiveness of the Corporate Plan for that IT management function used by organizations. I learned that COBIT provides IT governance a framework to ensure the alignment between IT and business strategic, the objective of maximizing benefits, the responsible utilize of resources, and the appropriate management of risks. More crucial process of COBIT is performance measurement for IT governance with transparent IT’s cost, value and risks.
I discovered IT operations should link to enterprise operation to achieve strategic objective by solving targeted problems. For instance, gathering all the information about revenue and costs to work out the efficient way of rising revenue and lowering costs when a loss presented. In addition, we are able to optimally manage IT resources including knowledge and infrastructure under COBIT framework. I fond that risk should be realized by senior officer, more important, every employee in the enterprise should have right to know the significant risks. That is beneficial to embedding responsibility of risk management, resulting in adequate preparation in advance and risk minimization. Tracks and monitors strategy implementation is most vital for me. As every progress made by committing, identifing and correcting mistakes I have made. 

5 mian domains of COBIT