We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byBlaise Laity
Modified about 1 year ago
Copyright © 2015 Pearson Education, Inc. Computer Fraud Chapter 5 5-1
Copyright © 2015 Pearson Education, Inc. Introduction Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems. ▫Companies also face a growing risk of these systems being compromised. ▫Recent surveys indicate 67% of companies suffered a security breach in the last year with almost 60% reporting financial losses. 5-2
Copyright © 2015 Pearson Education, Inc. Threats to AIS Natural and political disasters Include: –Fire or excessive heat –Floods –Earthquakes –High winds –War and terrorist attack 5-3
Copyright © 2015 Pearson Education, Inc. Threats to AIS Natural and political disasters Software errors and equipment malfunction Include: –Hardware or software failures –Software errors or bugs –Operating system crashes –Power outages and fluctuations –Undetected data transmission errors 5-4
Copyright © 2015 Pearson Education, Inc. Threats to AIS Natural and political disasters Software errors and equipment malfunction Uninte ntional acts Include –Accidents caused by: Human carelessness Failure to follow established procedures Poorly trained or supervised personnel –Innocent errors or omissions –Lost, destroyed, or misplaced data –Logic errors –Systems that do not meet needs or are incapable of performing intended tasks 5-5
Copyright © 2015 Pearson Education, Inc. Threats to AIS Natural and political disasters Software errors and equipment malfunction Unintentional acts Intentional acts (computer crime) Include: –Sabotage –Computer fraud –Misrepresentation, false use, or unauthorized disclosure of data –Misappropriation of assets –Financial statement fraud Information systems are increasingly vulnerable to these malicious attacks. 5-6
Copyright © 2015 Pearson Education, Inc. Fraud Any means a person uses to gain an unfair advantage over another person; includes: ▫A false statement, representation, or disclosure ▫A material fact, which induces a victim to act ▫An intent to deceive ▫Victim relied on the misrepresentation ▫Injury or loss was suffered by the victim Fraud is white collar crime 5-7
Copyright © 2015 Pearson Education, Inc. Two Categories of Fraud Misappropriation of assets ▫Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data) ▫Largest factors for theft of assets: Absence of internal control system Failure to enforce internal control system 5-8
Copyright © 2015 Pearson Education, Inc. Two Categories of Fraud Fraudulent financial reporting ▫“cooking the books” (e.g.,booking fictitious revenue, McCormick grocery products Booking revenue before it is earned Xerox overstating assets, etc. Crazy Eddies) 5-9
Copyright © 2015 Pearson Education, Inc. Reasons for Fraudulent Financial Statements 1.Deceive investors or creditors 2.Increase a company’s stock price 3.Meet cash flow needs 4.Hide company losses or other problems 5-10
Copyright © 2015 Pearson Education, Inc. Treadway Commission Actions to Reduce Fraud 1.Establish environment which supports the integrity of the financial reporting process. 2.Identification of factors that lead to fraud. 3.Assess the risk of fraud within the company. 4.Design and implement internal controls to provide assurance that fraud is being prevented. 5-11
Copyright © 2015 Pearson Education, Inc. SAS #99 Auditors responsibility to detect fraud ▫Understand fraud ▫Discuss risks of material fraudulent statements Among members of audit team ▫Obtain information Look for fraud risk factors ▫Identify, assess, and respond to risk ▫Evaluate the results of audit tests Determine impact of fraud on financial statements ▫Document and communicate findings ▫Incorporate a technological focus 5-12
Copyright © 2015 Pearson Education, Inc. Conditions for Fraud These three conditions must be present for fraud to occur: Pressure ▫Employee Financial Lifestyle Emotional ▫Financial Statement Financial Management Industry conditions Opportunity to: ▫Commit ▫Conceal ▫Convert to personal gain Rationalize ▫Justify behavior ▫Attitude that rules don’t apply ▫Lack personal integrity 5-13
Copyright © 2015 Pearson Education, Inc. Fraud Triangle 5-14
Copyright © 2015 Pearson Education, Inc. PRESSURES THAT LEAD TO EMPLOYEE FRAUD FINANCIAL Living beyond means High personal debt/expenses “Inadequate” salary/income Poor credit ratings Heavy financial losses Bad investments Tax avoidance Meet unreasonable quotas/goals EMOTIONAL Greed Unrecognized performance Job dissatisfaction Fear of losing job Power or control Pride or ambition Beating the system Frustration Non-conformity Envy, resentment Arrogance, dominance Non-rules oriented LIFESTYLE Support gambling habit Drug or alcohol addiction Support sexual relationships Family/peer pressure 5-15
Copyright © 2015 Pearson Education, Inc. 16
Copyright © 2015 Pearson Education, Inc. Opportunity Condition or situation that allows a person or organization to: 1.Commit the fraud 2.Conceal the fraud 3.Convert the theft or misrepresentation to personal gain 5-17
Copyright © 2015 Pearson Education, Inc. OPPORTUNITIES PERMITTING EMPLOYEE AND FINANCIAL STATEMENT FRAUD Internal Control Factors ▫Failure to enforce/monitor internal controls ▫Management not involved in control system ▫Management override of controls and guidelines ▫Managerial carelessness/inattention to details ▫Dominant and unchallenged management ▫Ineffective oversight by board of directors ▫No effective internal auditing staff ▫Infrequent third-party reviews ▫Insufficient separation of authorization, custody, and record-keeping duties ▫Too much trust in key employees ▫Inadequate supervision ▫Unclear lines of authority 18
Copyright © 2015 Pearson Education, Inc. OPPORTUNITIES PERMITTING EMPLOYEE AND FINANCIAL STATEMENT FRAUD ▫Lack of proper authorization procedures ▫No independent checks on performance ▫Inadequate documents and records ▫Inadequate system for safeguarding assets ▫No physical or logical security system ▫No audit trails ▫Failure to conduct background checks ▫No policy of annual vacations, rotation of duties 19
Copyright © 2015 Pearson Education, Inc. OPPORTUNITIES PERMITTING EMPLOYEE AND FINANCIAL STATEMENT FRAUD Other Factors ▫Large, unusual, or complex transactions ▫Numerous adjusting entries at year end ▫Related-party transactions ▫Accounting department understaffed and overworked ▫Incompetent personnel ▫Rapid turnover of key employees ▫Lengthy tenure in a key job ▫Unnecessarily complex organizational structure ▫No code of conduct, conflict of interest statements, or definitions of unacceptable behavior ▫Frequently changing auditors/legal counsel ▫Operating on a crisis basis ▫Close association with suppliers/customers 20
Copyright © 2015 Pearson Education, Inc. OPPORTUNITIES PERMITTING EMPLOYEE AND FINANCIAL STATEMENT FRAUD ▫Assets highly susceptible to misappropriation ▫Questionable accounting practices ▫Pushing accounting principles to the limit ▫Unclear company policies and procedures ▫Failing to teach and stress corporate honesty ▫Failure to prosecute dishonest employees ▫Low employee morale and loyalty 21
Copyright © 2015 Pearson Education, Inc. Rationalizations Justification of illegal behavior 1.Justification I am not being dishonest. I am only borrowing and will pay it back 2.Attitude I don’t need to be honest. 3.Lack of personal integrity Theft is valued higher than honesty or integrity. 5-22
Copyright © 2015 Pearson Education, Inc. Computer Fraud If a computer is used to commit fraud it is called computer fraud. Computer fraud is classified as: ▫Input ▫Processor ▫Computer instruction ▫Data ▫Output 5-23
Copyright © 2015 Pearson Education, Inc. Computer Fraud In using a computer, fraud perpetrators can steal: ▫More of something ▫In less time ▫With less effort They may also leave very little evidence, which can make these crimes more difficult to detect. 5-24
Copyright © 2015 Pearson Education, Inc. Computer Fraud Computer systems are particularly vulnerable to computer crimes for several reasons: ▫Company databases can be huge and access privileges can be difficult to create and enforce. Consequently, individuals can steal, destroy, or alter massive amounts of data in very little time. ▫Organizations often want employees, customers, suppliers, and others to have access to their system from inside the organization and without. This access also creates vulnerability. ▫Computer programs only need to be altered once, and they will operate that way until: The system is no longer in use; or Someone notices. 5-25
Copyright © 2015 Pearson Education, Inc. Computer Fraud Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control. ▫It is hard to control physical access to each PC. ▫PCs are portable, and if they are stolen, the data and access capabilities go with them. ▫PCs tend to be located in user departments, where one person may perform multiple functions that should be segregated. ▫PC users tend to be more oblivious to security concerns. 5-26
Copyright © 2015 Pearson Education, Inc. Computer Fraud Computer systems face a number of unique challenges: ▫Reliability (accuracy and completeness) ▫Equipment failure ▫Environmental dependency (power, water damage, fire) ▫Vulnerability to electromagnetic interference and interruption ▫Eavesdropping ▫Misrouting 5-27
Copyright © 2015 Pearson Education, Inc. Rise of Computer Fraud 1.Definition is not agreed on 2.Many go undetected 3.High percentage is not reported 4.Lack of network security 5.Step-by-step guides are easily available ▫Next 3 slides 6.Law enforcement is overburdened 7.Difficulty calculating loss 5-28
Copyright © 2015 Pearson Education, Inc. Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall 5-29
Copyright © 2015 Pearson Education, Inc. Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 30 Easier if WPS enabled
Copyright © 2015 Pearson Education, Inc. Computer Fraud Classifications Input Fraud ▫The simplest and most common way to commit a fraud is to alter computer input. Requires little computer skills. Perpetrator only needs to understand how the system operates ▫Can take a number of forms, including: Disbursement frauds Inventory frauds Payroll frauds Cash receipt frauds Fictitious refund fraud 5-31
Copyright © 2015 Pearson Education, Inc. Computer Fraud Classifications Processor fraud ▫Involves computer fraud committed through unauthorized system use. ▫Includes theft of computer time and services. ▫Incidents could involve employees: Using the company computer to conduct personal business; or Using the company computer to conduct a competing business. 5-32
Copyright © 2015 Pearson Education, Inc. Computer Fraud Classifications Computer instructions fraud ▫Involves tampering with the software that processes company data. ▫May include: Modifying the software Making illegal copies Using it in an unauthorized manner ▫Also might include developing a software program or module to carry out an unauthorized activity. 5-33
Copyright © 2015 Pearson Education, Inc. Computer Fraud Classifications Data fraud ▫Involves: Altering or damaging a company’s data files; or Copying, using, or searching the data files without authorization. ▫In many cases, disgruntled employees have scrambled, altered, or destroyed data files. ▫Theft of data often occurs so that perpetrators can sell the data. Most identity thefts occur when insiders in financial institutions, credit agencies, etc., steal and sell financial information about individuals from their employer’s database. 5-34
Copyright © 2015 Pearson Education, Inc. Computer Fraud Classifications Output fraud ▫Involves stealing or misusing system output. ▫Output is usually displayed on a screen or printed on paper. ▫Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear. ▫This output is also subject to prying eyes and unauthorized copying. ▫Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks. 5-35
Copyright © 2015 Pearson Education, Inc. Preventing and Detecting Fraud 1. Make Fraud Less Likely to Occur OrganizationalSystems Create a culture of integrity Adopt structure that minimizes fraud, create governance (e.g., Board of Directors) Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employees Communicate policies Develop security policies to guide and design specific control procedures Implement change management controls and project development acquisition controls 5-36
Copyright © 2015 Pearson Education, Inc. Preventing and Detecting Fraud 2. Make It Difficulty to Commit OrganizationalSystems Develop strong internal controls Segregate accounting functions Use properly designed forms Require independent checks and reconciliations of data Restrict access System authentication Implement computer controls over input, processing, storage and output of data Use encryption Fix software bugs and update systems regularly Destroy hard drives when disposing of computers 5-37
Copyright © 2015 Pearson Education, Inc. Preventing and Detecting Fraud 3. Improve Detection OrganizationalSystems Assess fraud risk External and internal audits Fraud hotline Audit trail of transactions through the system Install fraud detection software Monitor system activities (user and error logs, intrusion detection) 5-38
Copyright © 2015 Pearson Education, Inc. Preventing and Detecting Fraud 4. Reduce Fraud Losses OrganizationalSystems Insurance Business continuity and disaster recovery plan Store backup copies of program and data files in secure, off-site location Monitor system activity 5-39
Copyright © 2015 Pearson Education, Inc. Computer Fraud Chapter
Copyright © Pearson Education Limited Computer Fraud Chapter
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
00 CHAPTER 1 Governance, Ethics, and Managerial Decision Making © 2009 Cengage Learning.
Copyright © 2015 Pearson Education, Inc. Auditing Computer-Based Information Systems Chapter
IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection.
Chapter 14 Internal Control, Corporate Governance, and Ethics.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 4 – 1 Transaction Processing and the Internal Control.
Copyright © 2007 Pearson Education Canada 1 Chapter 10: Fraud Auditing.
Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive, Detective, and Corrective Controls.
Fraud and Internal Control Presented by Andy Harper Pugh & Company, P.C. April 28, 2011.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chapter 11 Auditing Computer-Based Information Systems Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-1.
Auditing Computer Systems Dr. Yan Xiong College of Business CSU Sacramento 9/11/03.
McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Management Fraud and Audit Risk "It takes 20 years to build a.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT WHO COMMITS FRAUD AND WHY CHAPTER 2.
Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.
Chapter 9-1 Chapter 9: Introduction to Internal Control Systems Introduction 1992 COSO Report Updates on Risk Assessment Examples of Control Activities.
Chapter 6-1 The Islamic University of Gaza Accounting Information System Ethics, Fraud and Internal Control Dr. Hisham Madi.
7-1 FRAUD, INTERNAL CONTROL, AND CASH 7 Remember… people will lie, cheat and steal! Not everybody…. and not all the time.… but they do….
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Information Systems Security Operational Control for Information Security.
Justin K. Kiddy, CPA/PFS, CFE Fraud in your Charter School: Is it possible? How to defend against it?
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter Chapter 10-2 Chapter 10: Computer Controls for Organizations and Accounting Information Systems Introduction Enterprise Level Controls General.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Fraud Auditing Chapter 11.
Information Systems Controls Lecture 5 (Chapter 6, 7 & 8)
The “F” Word: Fraud Presented by: Donna Mayes, CPA.
1 Session 3 – Information Security Policies. 2 General - background How to establish security requirements –Risk assessments –Legal, statutory requirements.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart1 of 175 C HAPTER 5 Computer Fraud and Security.
Computer Security Management: Assessment and Forensics Session 8.
Chapter 5 Internal Control over Financial Reporting Copyright © 2010 South-Western/Cengage Learning.
9 - 1 Computer-Based Information Systems Control.
1. F1 Section D: Specific functions of accounting & internal financial control D1. Accounting & finance functions within business D3. Internal financial.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Reducing Fraud With Improved Internal Controls Dr. Raymond S. Kulzick, CPA St. Thomas University Miami, Florida Copyright 2004 R. S. Kulzick.
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
1 Chapter Three IT Risks and Controls. 2 Lecture Outline Identifying IT Risks Identifying IT Risks Assessing IT Risks Assessing IT Risks Identifying IT.
Chapter 6-1 The Islamic University of Gaza Accounting Information System Internal Control Systems Dr. Hisham Madi.
6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
© 2017 SlidePlayer.com Inc. All rights reserved.