AIS and Internal Control Case

Study
WorldCom as an example
Background
WorldCom Inc. began as a small Mississippi provider of
long distance telephone service. During the 1990s, the
firm made a series of acquisitions of other
telecommunications firms that boosted its reported
revenues from $154 million in 1990 to $39.2 billion in
2001, placing it 42nd among Fortune 500 companies.
Noteworthy acquisitions included the 1998 takeover of
MCI, which made it the second largest U.S. long distance
carrier, and the purchases of UUNet, CompuServe, and
America Online’s data network, which put WorldCom
.among the leading operators of Internet infrastructure
How was the fraud carried out

In its June 25th statement, WorldCom admitted that the

company had classified over $3.8 billion in payments for line
costs as capital expenditures rather than current expenses. Line
costs are what WorldCom pays other companies for using their
communications networks; they consist principally of access
fees and transport charges for messages for WorldCom
customers. Reportedly, $3.055 billion was misclassified in 2001
and $797 million in the first quarter of 2002. According to the
company, another $14.7 billion in 2001 line costs was treated as
.a current expense
 ?Internal Control Role
Internal auditors are an early line of defense against accounting
errors (e.g., mistaken classifications with no intention to
deceive) and accounting fraud (e.g., knowingly false
classifications with intention to deceive). One question
regarding WorldCom is why it took more than a year for the
company’s internal auditors to discover the misclassification;
arguably, considering the amount of costs being capitalized
(roughly, $750 million each quarter) and the impact on net
.income and assets, this might have been caught earlier
Tougher questions might be asked of Arthur
Andersen. To some observers, the fact that
Andersen was not notified that line costs were
being capitalized is irrelevant; they argue that
Andersen should have designed its audit to
detect misclassifications of this magnitude.
Some observers also note that Andersen should
have taken into account the CRS-4 increasingly
precarious financial condition of WorldCom and
paid more attention to the possibility of
aggressive accounting practices
Ultimately, WorldCom Inc. had to go for
bankruptcy, which was the biggest
bankruptcy in the world. Immediately after
bankruptcy, 17,000 employees were laid
off - almost 20% of the company's
workforce. Sullivan was fired and
ultimately arrested for the accounting
manipulations. Controller David Myers was
.also arrested on the same issue
This Incident was one of other scandals
that led to Sarbanes oxley act 2002
Recommendations
:

The internal controls of an

AIS are the security measures
it maintains to protect
sensitive data. These can be
as simple as passwords or as
complex as biometric
identification. Biometric
security protocols might
include storing human
characteristics that don't
change over time, such as
fingerprints, voice, and facial
.characteristics
An AIS must have internal controls
to limit access to authorized users
and to protect against unauthorized
access. Authorized users will include
individuals inside and outside the
company. Internal controls must also
prevent unauthorized file access by
individuals who are allowed to
access certain select parts of the
.system
All of the data in an AIS should be encrypted
and access to the system should be logged and
surveilled
System activity should be traceable, as well
An AIS also needs internal controls that protect it
from computer viruses, hackers, and other internal
and external threats to network security
It must also be protected from natural disasters and
power surges that can cause data loss
 References
w.investopedia.com/articles/professionaleducation/11/accounting-information-systems.asp •
nal-controls

https://www.everycrsreport.com/files/20020829_RS21253_e7ed921fa695fd4b8a0986316b6cd894a5 •
57e163.pdf