Let's consider the following scenario: Your organization enforces mandatory vacations in an effort to prevent occupational fraud. A current employee is perpetrating a fraud scheme involving a fictitious employee and must access your accounting system bi-weekly to continue the fraudulent activity. Unfortunately for you, employees are allowed to work from home and the fraudster in question simply logs in after-hours and performs the necessary steps to maintain his/her scheme.
This scenario highlights the importance of IT controls, as we see that the fraudster was able to circumvent the organization's anti-fraud efforts by taking advantage of a weakness in the IT control environment.