Blogstream   -   Create a Blog!   -   Login Chat   -   Options   -   Clean   -   Flag   -   Family Filter: Off   -   Recent   -   Rndm >>    

Blogstream  >  Government  >  Blog  >  Post #311701
  
Whistleblower Support

Friday May 9, 2008

 Archives: Boeing has been stung by internal theft before
Back to Full Blog  

Last updated July 16, 2007 10:13 p.m. PT
Boeing has been stung by internal theft before
By ANDREA JAMES
P-I REPORTER
Information technology controls are meant to do a lot more than stop hackers and kill computer viruses -- especially because corporate fraud comes from within. And internal fraud can happen to any size firm -- even to a Fortune 50, tech-savvy company such as The Boeing Co.
Two recent cases illustrate the point.
In 2006, two former Boeing employees were sentenced to a year in prison for stealing nearly $300,000 from the aerospace giant.
Former supply chain management director Robert Rice and his subordinate, Lisa Hernandez, made a series of purchases -- including a $52,000 BMW, artwork, jewelry and vacations -- that they charged to the company starting in 2004. And Boeing paid for the items.
How?
Rice had authority to approve expenses on employee charge cards that are used to buy things outside of the normal supply chain, according to the U.S. Attorney's Office in St. Louis. (Rice and Hernandez worked in that city.)
Rice created a shell company in Nevada called Leantraining and set himself up as a faux vendor. Hernandez would submit charges to Rice, who approved the expenses as "training materials."
The two also altered receipts and records to cover up the scheme, according to court documents.
Boeing discovered the fraud after someone made an internal complaint, the company said.
"Following discovery of Mr. Rice's activities, Boeing tightened processes and controls around applications and usage of company purchasing cards, increased the frequency of audits, and implemented several additional fixes as recommended by the Defense Contract Audit Agency," Boeing said in a statement to the Seattle P-I.
In a case that surfaced last week, King County prosecutors charged a former Boeing employee with 16 counts of unlawfully accessing a computer to steal company information, which prosecutors said later appeared in newspaper articles.
According to charging documents, Gerald Eastman, 45, a former quality-assurance inspector in Tukwila, took more than 320,000 pages of confidential Boeing documents. A company vice president estimated that had even a small portion of the documents fallen into the wrong hands, the financial damage to Boeing could have ranged from $5 billion to $15 billion, court documents said.
In its case summary, prosecutors said that the files were not encrypted or password-protected and that Eastman "had to exploit a weakness in Boeing's computer system" to retrieve the files. A Boeing spokesman said security has been tightened since the incident. Eastman is set to be arraigned Tuesday.
Boeing is a large enough company -- it had $61.5 billion in annual revenue last year -- that a theft of $300,000 doesn't make a large dent. (The theft represents 0.0005 percent of revenue.) Even so, companies seek to prevent fraud by monitoring their computer systems, and the Sarbanes-Oxley Act of 2002 made it mandatory for all public companies to do so.
That requirement has been challenging and expensive for companies, and many executives said auditing costs exceeded the perceived risk.
Now that public accounting firms have to sign off on a company's computer systems as well as its financial statements, such firms could charge for more hours of auditing at rates of hundreds of dollars per hour.
Many firms complained that it didn't make sense, for example, to spend $500,000 on controls that would prevent $300,000 in theft. Also, it's unclear whether tighter technology controls alone could have prevented Rice and Hernandez's theft, because experts say it's easier to defraud a company if two people are in on the scheme.
But experts say the information technology component of the law is critical because it seeks to protect the data that back up financial statements.
Material misstatements because of computer control failures are rare, but not impossible, according to the Institute of Internal Auditors, an industry group.
"Risks come from everywhere, but IT is part of the risk profile because information technology is inherent in almost every process," institute President Dave Richards said in a 2007 webcast addressing controls. "It is the workhorse of transaction processing."
Auditors have the job of examining the protective mechanisms within a company's computer systems. Those mechanisms, called IT controls, include things such as making sure databases are backed up, that passwords are secure, and that employees do not have unnecessary access to sensitive data.
"All data is maintained in systems. If the systems aren't controlled, then how can you rely on the accuracy of the data?" said Adam Shnider, director of technology risk management for the Seattle office of Jefferson Wells, an audit firm. "How can you rely on the data, period?"
Soundoff

Posted by Victorian Muse at 11:41 PM - No Comments   Add a Comment  
  Hide Post  
Next Post
 
Comments:

There are no comments.


  Add a Comment
Back to Blog  

 

 

 

 

 

 

 

 

 

 

 

   
  About Me
Author: Victorian Muse
From The Great Pacific Northwest, USA
 
This blog is about...
In support of Whistleblowers; Shared information about Whistleblowers; Encouraging Support of... more
 
My: Profile  Gallery  Interests  Bio  Guestbook 
 
Bookmark   History

  Blogstream Sponsors
Have you checked out the new Blogstream site,

Question Stream.com?

Many Blogstream members are there already! Quotes from members: "It's like blog lite!" -- "I like the instant gratification!" -- "Stop spectating, get in the game!"

If you have not joined in, you are really missing out!

Send Free
Just Saying Hi
Greeting Cards at

Greeting Cards.com


Good Morning


  Recent Posts

  Blogs I Like

  Sites I Like

  Archives

3665 Visitors