Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Fraud Chapter 5.

Similar presentations

Presentation on theme: "Computer Fraud Chapter 5."— Presentation transcript:

1 Computer Fraud Chapter 5

2 Introduction Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems. Companies also face a growing risk of these systems being compromised. Recent surveys indicate 67% of companies suffered a security breach in the last year with almost 60% reporting financial losses.

3 Threats to AIS Natural and political disasters Include:
Fire or excessive heat Floods Earthquakes High winds War and terrorist attack

4 Threats to AIS Natural and political disasters
Software errors and equipment malfunction Include: Hardware or software failures Software errors or bugs Operating system crashes Power outages and fluctuations Undetected data transmission errors

5 Threats to AIS Natural and political disasters
Software errors and equipment malfunction Unintentional acts Include Accidents caused by: Human carelessness Failure to follow established procedures Poorly trained or supervised personnel Innocent errors or omissions Lost, destroyed, or misplaced data Logic errors Systems that do not meet needs or are incapable of performing intended tasks

6 Threats to AIS Natural and political disasters
Software errors and equipment malfunction Unintentional acts Intentional acts (computer crime) Include: Sabotage Computer fraud Misrepresentation, false use, or unauthorized disclosure of data Misappropriation of assets Financial statement fraud Information systems are increasingly vulnerable to these malicious attacks.

7 Fraud Any means a person uses to gain an unfair advantage over another person; includes: A false statement, representation, or disclosure A material fact, which induces a victim to act An intent to deceive Victim relied on the misrepresentation Injury or loss was suffered by the victim Fraud is white collar crime Scanning the headlines or doing a simple Google search can show many news articles at your local or regional level as well as national and international fraud. Because fraud is often perpetrated by knowledgeable insiders, it is important for accountants to maintain the highest level of professional ethics.

8 Two Categories of Fraud
Misappropriation of assets Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data) Largest factors for theft of assets: Absence of internal control system Failure to enforce internal control system

9 Two Categories of Fraud
Fraudulent financial reporting “cooking the books” (e.g.,booking fictitious revenue, McCormick grocery products Booking revenue before it is earned Xerox overstating assets, etc. Crazy Eddies)

10 Reasons for Fraudulent Financial Statements
Deceive investors or creditors Increase a company’s stock price Meet cash flow needs Hide company losses or other problems

11 Treadway Commission Actions to Reduce Fraud
Establish environment which supports the integrity of the financial reporting process. Identification of factors that lead to fraud. Assess the risk of fraud within the company. Design and implement internal controls to provide assurance that fraud is being prevented.

12 SAS #99 Auditors responsibility to detect fraud Understand fraud
Discuss risks of material fraudulent statements Among members of audit team Obtain information Look for fraud risk factors Identify, assess, and respond to risk Evaluate the results of audit tests Determine impact of fraud on financial statements Document and communicate findings Incorporate a technological focus

13 Conditions for Fraud These three conditions must be present for fraud to occur: Pressure Employee Financial Lifestyle Emotional Financial Statement Management Industry conditions Opportunity to: Commit Conceal Convert to personal gain Rationalize Justify behavior Attitude that rules don’t apply Lack personal integrity From your accounting coursework in your program, it is important to understand why internal controls are so important. In this book we will cover many internal controls that will prevent and detect these two categories of fraud. In your financial accounting coursework, it is important to understand why transactions should be recorded correctly and in the proper time period. Inappropriate transactions recorded in the accounting system can be indicators of covering up misappropriation of assets or management’s intent to “cook the books”. That is why for fraud to occur there must be: Pressure or incentive to commit the fraud Opportunity to commit the fraud Rationalization of the person committing the fraud as to why it’s ok that they committed the fraud With articles that you find in the news on fraud, see if you can identify the pressure, opportunity, and rationalization as to how the person committed the fraud and why they did it.

14 Fraud Triangle Figure 5-1 in the text is a good visualization of the Fraud Triangle and the detailed components of the two major types of pressure, the 3 C’s needed for opportunity and types of rationalization. It is noted that committing a fraud requires that all three components to occur: opportunity to commit the fraud, conceal the fraud, and then convert it.

FINANCIAL Living beyond means High personal debt/expenses “Inadequate” salary/income Poor credit ratings Heavy financial losses Bad investments Tax avoidance Meet unreasonable quotas/goals EMOTIONAL Greed Unrecognized performance Job dissatisfaction Fear of losing job Power or control Pride or ambition Beating the system Frustration Non-conformity Envy, resentment Arrogance, dominance Non-rules oriented LIFESTYLE Support gambling habit Drug or alcohol addiction Support sexual relationships Family/peer pressure


17 Opportunity Commit the fraud Conceal the fraud
Convert Condition or situation that allows a person or organization to: Commit the fraud Conceal the fraud Convert the theft or misrepresentation to personal gain

Internal Control Factors Failure to enforce/monitor internal controls Management not involved in control system Management override of controls and guidelines Managerial carelessness/inattention to details Dominant and unchallenged management Ineffective oversight by board of directors No effective internal auditing staff Infrequent third-party reviews Insufficient separation of authorization, custody, and record-keeping duties Too much trust in key employees Inadequate supervision Unclear lines of authority

Lack of proper authorization procedures No independent checks on performance Inadequate documents and records Inadequate system for safeguarding assets No physical or logical security system No audit trails Failure to conduct background checks No policy of annual vacations, rotation of duties

Other Factors Large, unusual, or complex transactions Numerous adjusting entries at year end Related-party transactions Accounting department understaffed and overworked Incompetent personnel Rapid turnover of key employees Lengthy tenure in a key job Unnecessarily complex organizational structure No code of conduct, conflict of interest statements, or definitions of unacceptable behavior Frequently changing auditors/legal counsel Operating on a crisis basis Close association with suppliers/customers

Assets highly susceptible to misappropriation Questionable accounting practices Pushing accounting principles to the limit Unclear company policies and procedures Failing to teach and stress corporate honesty Failure to prosecute dishonest employees Low employee morale and loyalty

22 Lack of Peronal Integrity
Rationalizations Justification of illegal behavior Justification I am not being dishonest. I am only borrowing and will pay it back Attitude I don’t need to be honest. Lack of personal integrity Theft is valued higher than honesty or integrity. Rationalization Justification Attitude Lack of Peronal Integrity

23 Computer Fraud If a computer is used to commit fraud it is called computer fraud. Computer fraud is classified as: Input Processor Computer instruction Data Output Using the data processing diagram model that we discussed in Chapter 2, computer fraud is classified using this structure: From the processing cycle of the DP model, it would include processor and computer instruction fraud. The best way to learn about the computer fraud classifications is to talk about stories that occurred within these classifications. The book does a good job at describing many stories within these classifications. If you are a movie fan, there are many movies out there that use computer fraud as a storyline in the plot. For example, the movie “Office Space” is about a group of guys at a company that are unhappy with the company management. They change the computer code (computer instruction fraud) to divert fractions of pennies to an account that they own. You will have to watch the movie yourself to see if you can identify the components of fraud. A good example of output fraud is someone stealing the company trash to examine the reports generated and placed in the trash from a computer system. That is why many companies now have shredding policies. Although not a complete list here are some favorites (you can find many more just by going to the Web and looking for movies with fraud in the plot): Office Space Catch Me If You Can The Informant!

24 Computer Fraud In using a computer, fraud perpetrators can steal:
More of something In less time With less effort They may also leave very little evidence, which can make these crimes more difficult to detect.

25 Computer Fraud Computer systems are particularly vulnerable to computer crimes for several reasons: Company databases can be huge and access privileges can be difficult to create and enforce. Consequently, individuals can steal, destroy, or alter massive amounts of data in very little time. Organizations often want employees, customers, suppliers, and others to have access to their system from inside the organization and without. This access also creates vulnerability. Computer programs only need to be altered once, and they will operate that way until: The system is no longer in use; or Someone notices.

26 Computer Fraud Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control. It is hard to control physical access to each PC. PCs are portable, and if they are stolen, the data and access capabilities go with them. PCs tend to be located in user departments, where one person may perform multiple functions that should be segregated. PC users tend to be more oblivious to security concerns.

27 Computer systems face a number of unique challenges:
Computer Fraud Computer systems face a number of unique challenges: Reliability (accuracy and completeness) Equipment failure Environmental dependency (power, water damage, fire) Vulnerability to electromagnetic interference and interruption Eavesdropping Misrouting

28 Rise of Computer Fraud Definition is not agreed on Many go undetected
High percentage is not reported Lack of network security Step-by-step guides are easily available Next 3 slides Law enforcement is overburdened Difficulty calculating loss

29 Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall

30 Easier if WPS enabled Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

31 Computer Fraud Classifications
Input Fraud The simplest and most common way to commit a fraud is to alter computer input. Requires little computer skills. Perpetrator only needs to understand how the system operates Can take a number of forms, including: Disbursement frauds Inventory frauds Payroll frauds Cash receipt frauds Fictitious refund fraud

32 Computer Fraud Classifications
Processor fraud Involves computer fraud committed through unauthorized system use. Includes theft of computer time and services. Incidents could involve employees: Using the company computer to conduct personal business; or Using the company computer to conduct a competing business.

33 Computer Fraud Classifications
Computer instructions fraud Involves tampering with the software that processes company data. May include: Modifying the software Making illegal copies Using it in an unauthorized manner Also might include developing a software program or module to carry out an unauthorized activity.

34 Computer Fraud Classifications
Data fraud Involves: Altering or damaging a company’s data files; or Copying, using, or searching the data files without authorization. In many cases, disgruntled employees have scrambled, altered, or destroyed data files. Theft of data often occurs so that perpetrators can sell the data. Most identity thefts occur when insiders in financial institutions, credit agencies, etc., steal and sell financial information about individuals from their employer’s database.

35 Computer Fraud Classifications
Output fraud Involves stealing or misusing system output. Output is usually displayed on a screen or printed on paper. Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear. This output is also subject to prying eyes and unauthorized copying. Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks.

36 Preventing and Detecting Fraud 1. Make Fraud Less Likely to Occur
Organizational Systems Create a culture of integrity Adopt structure that minimizes fraud, create governance (e.g., Board of Directors) Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employees Communicate policies Develop security policies to guide and design specific control procedures Implement change management controls and project development acquisition controls Table 5-5 is a long list for students to remember, it may be simpler to break the list down into categories that would be general for the organization and those that are specific from a systems perspective These details are discussed more in Chapters 7 through 10 in the text

37 Preventing and Detecting Fraud 2. Make It Difficulty to Commit
Organizational Systems Develop strong internal controls Segregate accounting functions Use properly designed forms Require independent checks and reconciliations of data Restrict access System authentication Implement computer controls over input, processing, storage and output of data Use encryption Fix software bugs and update systems regularly Destroy hard drives when disposing of computers

38 Preventing and Detecting Fraud 3. Improve Detection
Organizational Systems Assess fraud risk External and internal audits Fraud hotline Audit trail of transactions through the system Install fraud detection software Monitor system activities (user and error logs, intrusion detection)

39 Preventing and Detecting Fraud 4. Reduce Fraud Losses
Organizational Systems Insurance Business continuity and disaster recovery plan Store backup copies of program and data files in secure, off-site location Monitor system activity

Download ppt "Computer Fraud Chapter 5."

Similar presentations

Ads by Google