The Four Seasons Resort Community is an elegant, thriving four-season resort and a community of over 1,200 single family homes, 1,000 time-share units, and a multimillion dollar ski business. Guests visiting the resort can enjoy the indoor/outdoor water park; play golf on one of the two 18-hole championship golf courses; ski, snowboard, or snow tube in the winter on 14 trails that are all lighted for night skiing; or relax at the full-service spa. There are also three dining rooms, cards rooms, nightly movies, and live weekend entertainment.
The resort uses a computerized system to make room reservations and bill customers. Following standard policy for the industry, the resort also offers authorized travel agents a 10% commission on room bookings. Each week, the resort prints an exception report of bookings made by unrecognized travel agents. However, the managers usually pay the commissions anyway, partly because they don't want to anger the travel agencies and partly because the computer file that maintains the list of authorized agents is not kept up-to-date.
Although management has not discovered it, several employees are exploiting these circumstances. As often as possible, they call the resort from outside phones, pose as travel agents, book rooms for friends and relatives, and collect the commissions. The incentive is obvious: rooms costing as little as $100 per day result in payments of $10 per day to the "travel agencies" that book them. The scam has been going on for years, and several guests now book their rooms exclusively through these employees, finding these people particularly courteous and helpful.
1. Would you say this is a computer crime? Why or why not?
2. What internal controls would you recommend that would enable the resort's managers to prevent such offenses?
3. Classify the controls that you just identified above as either preventive, detective, or corrective controls.
4. How does the matter of accountability (tracing transactions to specific agencies) affect the problem?