Med-Link International Inc. is a public company medical institution based in the U.S.A. It was founded in 1994 operating in the industry of information technology and services. The company is committed to availing community services and applications that simplify the accessibility of patient care-related information and privacy. This goes through the establishment of a secure environment while availing it to both large and small-scale institutions at an affordable price to attain the highest participation level. For this particular reason, Med-Link International is a for-profit medical facility (Sonnelitter, 2006).
Med-Link is one among several other health care publicly-traded companies in the U.S, that has been accused of committing health care fraud, as revealed by the assessment of the SOX regulations.SOX is an abbreviation form of the Sarbanes-Oxley Act of 2002. It is legislation that the U.S. Congress uses to safeguard its shareholders and the public in its entirety from accounting mistakes and deceptive actions in a venture or project. It also advances the accuracy of corporate disclosures (Biegelman, 2006). The American government manages the Act through the United States’ commission that is in charge of securities (Sonnelitter, 2006).
The Sarbanes-Oxley Extent
The Act weighs in quite heavily on the finance companies in one area and the Information Technology sections that have a responsibility maintaining and archiving soft copy data of organizations in another aspects. At its most prime level, SOX caters for both for-profit and not-for-profit organizations and health care organizations in this context. As a result, mandating SOX requirements for non-profits might reduce fraud and increase corporate governance (Sonnelitter, 2006). This is because the act defines the vital records for storage in the company. It also specifies the necessary storage period, which is usually around five years and the consequences of nonconformity. The majority of the consequences are result in imprisonment or fines or both, for-profit and not-for-profit health care organizations. For instance, all the officers in charge of the companies are required to keep correct records of all the activities going on in their companies. For this reason, they tend to fear to participate in entertaining activities that result in massive embezzlement of funds. In this manner, SOX plays a vital role in reducing fraud not only in the for-profit medical institutions, but also in not-for-profit medical institutions (Sonnelitter, 2006).
The Impact of SOX in Fraud Control in for Profit Health Institutions
However, the impact of SOX on controlling fraud in for-profit health institutions has not been at a tremendous success like it was in not-for-profit health companies. The implication of this, is that it has become inefficient in controlling decent conducts among profit making health care facilities, as is the case of health institutions that are not profit oriented (Young, 2014). Med-Link International link is a suitable example here. Despite the provisions of the SOX, this organization still went ahead to commit fraud crimes against one of its investors and fake the records. SEC announced on October 26, 2012 that it held Med-Link International, its C.EO Aurelio Vuon and its CFO James Rose responsible for civil injunctive actions, condemning them of falsely filing an annual report. At this level, the actions of SOX in the for-profit organizations have failed to ignite a sense of honesty leading to its failure in that area (Tarantino, 2010).
Resources and improvements for Fraud Control
As for Med-Link International inc., there were not sufficient resources in the IT to detect and reduce fraud activity and ensure the integrity of documents. Certainly, this is the main reason as to why there was a change in the records to be kept. Enough resources would have been able to detect the alteration at a very basic level than the one detected with SEC (Tarantino, 2010). The available ones such as audit trails, data integrity, and policies and procedures lacked the sophistication required to ensure complete control of fraud and detect accounting errors. In this connection, for any success in this scope in the future, the Med-Link International organization has to be well equipped with the relevant machines and personnel for this specific job. Such things like data integrity policies and procedures, as well as audit trails, require some enhancement and perfection. Intrusion detection and real-time intrusion detection are aspects that ought to be included in the audit verification. To detect the intrusion of outsiders, audit traits have to be designed and made to record the appropriate information only. In this manner, the audit trails will also be able to take care of real time intrusion, which is principally designed for detecting the outsiders who try to gain approval to access the organization’s system (Tarantino, 2010).
As another tool, data integrity on the other side has to be comprehended so that it caters for the precision of the entire data of the health record. It needs an upgrade so that it encompasses patient identification, information supremacy, amendments, and record corrections and also authorship validation. It also records auditing for documentation validity during submission of the reimbursement claims (Biegelman, 2006).
Med-Link International Organization’s Fraud Fate
A review of the report of the Med-Link International organization shows that the organization and its seniors were involved in fraud. Additionally, it depicts negligence on the part of the auditors when coming up with the organization’s auditing statement. The meaning of this is that the reported fraud was not due to financial errors. Med-Link was found accountable for fraud against one of its shareholders, whom it was to sell to approximately 210,526 of its share stock for $149,473.50. Vuono, the Med-Link CEO had earlier informed the shareholders that the company would hold up the transaction and would not cash the shareholders check until the investor had enough cash in his checking account. Later on, the investor told Rose that the company was limited in cashing the check. Med-Link had no authority to cash the check. For this reason, he instructed the organization to return it (Biegelman, 2006). In spite of that, instead of giving back the check, Rose intentionally deposited it in the bank account of Med-Link. However, Med-Link failed to refund the cash of investors or compensating them in another way that is appropriate.
Violation of Requirements
This inappropriate action of Med-Link broke the initial Sox’s law that pertains to the changing, damaging and or document falsification and some of the accompanying consequences. According to Young, (2014), this section of the Sarbanes-Oxley has three rules that implicate on the organization of electronic records. The law that follows, elaborates period for maintenance data that is to be stored. The other law indicates the way the data of specific companies in need of enough space to store.
Recommendations
To avoid such fraudulent occurrences and activities in the future, the internal control environment of Med-Link has to adopt successful fraud prevention measures. This primarily starts with the creation of an environment that inhibits fraud and spreads to cover steps like taking instant and dynamic action in case fraud is detected. Some of these measures are as follows;
Physical Security
It is one of the improvements required in the internal control environment of Med-Link organization. Physical security is a precautionary measure that controls the access of the IT systems, assets, data or documentation so as to do away with their damage, loss or unauthorized use (Cascarino, 2012). Assets here comprises of computer terminals on desks and cheques for debt settlements. This control spreads to cater for premises databases, computers, banking facilities and documents among others. Computer access crucially has to be restricted for the sake of the integrity of the organization’s data. One can be easily achieved through the Data Protection Act, which subsequently ought to be revived and observed by Med-Link (Bill James, 2013).
Supervision
Supervision is a course of action by which administrators thouroughly examine the performance of their personnel. If incorporated into Med-Links’s internal control environment, it will be vital in checking the staff’s performance in order to tell whether they meet the standards and provisions. It is inclusive of scrutiny on the functions of controls by personnel at lower stages as well (Young 2014). It is for that reason, both prevention and detection measures as these controls, are significant where the staff handles cash or accounting records.
References
Biegelman, M. T. (2006). Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance. Hoboken, N.J: Wiley.
Cascarino, R. (2012). Auditor’s Guide to IT Auditing. Hoboken, N.J: Wiley.
Sonnelitter, R. J. 2006 Miller SOX 404 for Small, Publicly Held Companies: Internal Control Assessment and Reporting Under Sarbanes-Oxley. Chicago, IL: CCH Inc.
Tarantino, A. (2010). Sarbanes Oxley in Leading Economies. Upper Saddle River, N.J: Prentice Hall.
Young, M. R., (2014). Financial Fraud Prevention and Detection. New York, J.T: Upper Hill.