BKAS3083 INFORMATION SYSTEMS CONTROL AND AUDIT

EXERCISE

In May 2017, a former Sinar Terbang Sdn. Bhd. (Sinar) employee, Mr. Salim, was charged
with defrauding the company of more than RM2.5 million over a 5-year period.

Mr. Salim was the chief airplane mechanic at the company’s hangar at Sepang Airport from
2000 until he was terminated in 2017. He invoiced the company for more than RM2.5 million
during his employment by using a fictitious entity that he created.

Mr. Salim billed Sinar Terbang Sdn. Bhd for non-existent parts and work that he himself
actually performed as part of his duties as a salaried employee. Most of these invoices were
for less than RM10,000, which he was authorised to approve. His supervisor approved few
invoices with amount of more than RM10,000 based on his trust in Mr. Salim.

In order to carry out his false billing scheme, Mr. Salim set up a fake vendor using a fictitious
entity named Autha Aircraft Parts Services Sdn. Bhd. He (as Autha) would then invoice Sinar
using non-sequential invoice numbers, looking like Autha was invoicing other companies too.

Mr. Salim used the money to purchase and maintain luxury automobiles, several superbikes
and to make payments for his house.

Mr. Salim was caught in late 2016 when three checks written by Sinar to Autha totalling of
RM44,000 were not cashed. When Sinar’s accountant questioned Mr. Salim about the Autha
uncashed checks, he indicated that Autha had been sold to another Sinar’s vendor. The false
billing scheme began to reveal and Sinar has fired Mr. Salim.

REQUIRED:

Based on the above case:

(a) Identify THREE (3) risks associated with the billing process in Sinar Terbang Sdn. Bhd.

(3 Marks)

(b) Suggest ONE (1) factor that might have contributed to EACH risk identified in (a).

(6 Marks)

(c) As an IS/IT auditor, suggest ONE (1) control procedure for EACH risk identified in (a),
which could minimise or eliminate the weaknesses in Sinar Terbang Sdn. Bhd.

(6 Marks)