Target corporation is one of the biggest retailers there is out there, bringing in an estimate of $74 million dollars a year in revenue. Majority of Target revenue is earned during the busiest time of the year, which are Black Friday and holidays. Target has had a huge positive reputation because of the “Expect More Pay Less” promise and giving 5% back to the community. However, Target has been going through some hard times because of the Target breach that occurred during the holidays of 2013.
This research paper will focus first on introducing the Target breach and how it has affected the company and what the company has done to fix the problem. Moving forward, I will focus on internal controls that Target could have applied and summarizing everything towards the end. Target Breach & Internal Controls Target Corporation is a well known and respected retail store out there. Target is a corporation that buys goods from manufactures at a purchase discount price and reselling it to consumers in a higher price to make a profit. Target has brought in revenue of $74 million dollars a year and continues to grow every year.
However, Target has gone through some hard times with the Target breach that just occurred during the holidays of 2013. Consumers have had a hard time trusting their card readers and loyalty and sales have been dropping ever since. The question that is now in the air is what internal controls that company had during this breach and what could they have done to avoid this breach that just occurred. To begin with, the company was running perfectly and driving outstanding sales until the company and guest found out that they had a breach, also known to the community as the “Target Breach.
Target corporation confirmed that a major data breach occurred between Black Friday and December 15, 2013, which includes many of the most important shopping days of the year” (Edelson, 2013). Ever since the Target breach, the company’s reputation was hurt, consumers were not confident about shopping, and are afraid of using the card readers at the stores. Later in time, after the breach was announced, the company had given further information on how the breach affected the people.
It is believed that the breach affected roughly 40,000 card devices at store registers, which could mean that millions of cardholders could be vulnerable, according to the people familiar with the incident” (Sidel, 2013). On top of the 40,000 card devices being affected, 40 million people’s credit card and debit card information was stolen. The CEO of Target Corporation later released to the press and announced that personal information such as address, names, phone numbers, and e-mail address were also taken from the Target system.
After reading about the Target breach, being an assistant manager for Target, and hearing about the tragic that has been caused, I remember feeling upset because of the way the company was going to be affected. However, it also reminded of the internal control concept that was thought in class. There was a lot of fraud involved with the Target breach, which is something that occurs when it comes to intern control. “Fraud refers to any act by the management or employees of business involving an internal deception for personal gain.
Fraud may include, among other acts, embezzlement of business cash, theft of assets, filing false insurance claims, filing false health claims, and financial statement fraud” (Ferris, Wallace, Christensen, 2014, pg. 314). With the Target breach, you are able to see the fraud triangle concepts, which consist of pressure, opportunity, and rationalization. Being employed by Target, that concept came into mine when reading the article because there was an e-mail sent to management about believing that an employee that worked with the POS (point on sale) system had a lot of inside information within the system.
The pressure was there to get information from the POS system and rationalization was involved when they knew that they can get credit card information. The opportunity occurred when they knew the busiest time of the year was going to be Black Friday and majority of the sales are driven in that day. From all that has occurred it is not clear what internal controls Target had in order to avoid this situation. Internal controls are important when it comes to businesses in order to avoid situation like the Target breach.
There are two parts that I believe that important when it comes to internal controls, which are prevention control and detection control. A “prevention control is intended to deter a problem or fraud before it can arise” (Ferris, Wallace, Christensen, 2014, pg. 316). Target should have followed the prevention control with the POS system in order to avoid the Target breach. A “detection control, on the other hand, is designed to discover any problems or fraud shortly it arises” (Ferris, Wallace, Christensen, 2014, pg. 316).
Target followed the detection control after the problem of the breach was brought and took justice in their own hands in order to fix the problem. The first thing Target did was post a prominent message on its Web site, “Important notice: unauthorized access to payment card data in the U. S. stores. ” The message linked to a letter alerting customers that a breach occurred and outlining steps Target is taking to a voice a recurrence” (Edelson, 2013). Another step that Target has taken is bringing justice for the information was that was stolen out of their systems.
Target had invested $5 million dollars into a multi-year campaign in order to stop phishing scams (Target, 2013). “Target has longstanding history of commitment to our communities, and cyber security is one of the most pressing issues facing consumers today,” said Steinhafel. “We are proud to be working with three trusted organizations-the National Cyber-Forensics and Training Alliance (NCFTA), National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB)- to advance public education around cyber security” (Target, 2013).
Target has gone to long measures to protect the information of the guest and reinsure loyalty by offering ProtectMyID, which keeps track of credit reports, monitoring, and identity theft (Target, 2013). As an apology to the guest, Target offered a 10% off discount to all guests which were a huge success for the company but numbers of transactions was cash paid. Being an employee for Target, we are still determine to follow our core roles, continue delivering the “Expect More Pay Less” promise, and delivering an excellent shopping experience for our guest in order to continue driving profitable sales and guest loyalty.
In order to avoid this situation and detect the problem ahead of time, Target should have incorporated the following elements that are designed for prevention and detection controls. The first element is establish clear lines of authority and responsibility, which is giving authority to a supervisor or manager but also evaluation their consequently to companies policies and rules. Implement segregation of duties, “requires that when allocating various duties within the accounting system, management should make sure that no employee is assigned too many different responsibilities” (Ferris, Wallace, Christensen, 2014, pg.317). Hire competent personnel, which the company sees if that person has the education and qualified skills to perform that job. Use control number on all business documents, which is having all important documents with control numbers. Develop plans and budgets, which is having a plan and budget in order to bring the company forward. For example, the $5 million dollars that were invested in the anti fraud software in order to bring guest loyalty back. Maintain adequate accounting records, which is making sure that the company has the most recent accounting records.
For example, the number of fraud claims that were reported under guest bank statements in order to reinvers their money back. Provide physical and electronic controls, is locking their doors or important files to prevent theft, which should have happened with the POS system. Conduct internal audit, “is a company function that provided independent appraisals of the company’s financial statement, its internal control, and its operations” (Ferris, Wallace, Christensen, 2014, pg. 319).
In conclusion, we are able to see how the company was impacted from the breach that had occurred and the actions that the company has taken in order to fix the problem. People information had been stolen and finances have been tampered through it. We are able to see how internal controls play an important part when it comes to finances, accounting, and to businesses such as Target. If the proper elements and procedures had been applied with internal control I am sure that all of this could have been avoided or reduced.