Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.

Published byDaniel Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449."— Presentation transcript:

1 Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449

2 Update from Business Week Cybertricks Phishing Pharming – viruses attached to emails and web sites drop monitoring software onto peoples computers Wi-Phishing – Cybercrooks set up “free” wireless networks. Monitor use and steal passwords and other identify information Typosquatting – Web site addresses similar to real sites (whitehouse.com)

3 Scope Of Bank Data Theft Grows To 676,000 Customers – largest breach of banking security in the U.S. to date – investigators learned that the bank employees normally conducted 40 to 50 searches of customer bank accounts as a daily part of their jobs. While the ring was in operation, however, they performed up to 500 account searches a day, looking for new data to steal.

4 Study: Insider revenge often behind cyberattacks (MAY 20, 2005 COMPUTERWORLD) Companies hoping to thwart insider attacks need to have good password, account and configuration management practices in place, as well as the right processes for disabling network access when employees are terminated Investigation of 49 cases of insider attacks – In 92% of the cases, a negative work-related event triggered the insider action

5 Internal Control

6 Primary objectives of an AIS Identify and record all valid transactions Properly classify transactions Record transactions at the proper monetary value Record transactions in the proper accounting period Properly present transactions and related disclosures in the financial statements AICPA

7 AIS Auditing Audit Through the Computer – Review and evaluate internal controls during compliance testing Audit With the Computer – Direct verification of financial statement balances – Part of substantive testing of account balances Audit Around the Computer – Treat AIS as a black box – Enter specific test transactions, determine if output reflects those transactions

8 IS Auditing Techniques Test data (black box testing) – Both valid and invalid input Determine expected output before processing the input Run the input transaction through the system Compare actual output with expected output Determine the cause of any discrepancy – Good for: Verifying validation controls Verifying computational routines (depreciation calculations)

9 IS Auditing Techniques Test data (black box testing) – Complications Will not detect fraud by clever programmers How do you reverse the test transactions? Not feasible to test all combinations of logic within a program

10 IS Auditing Techniques Integrated Test Facility – Create fictitious entities within system for test Run test transactions in conjunction with live data – Must exclude fictitious entities and data from normal output reports (financial statements) – Same technique used in Equity Funding scandal

11 IS Auditing Techniques Parallel Simulation – Process real data through test programs As opposed to processing test data through real programs – Compare regular output with simulated output – Very useful when evaluating changes or upgrades to a system Need to ensure that upgrades did not negatively affect existing routines

12 IS Auditing Techniques Embedded Audit Routines – modify computer programs for audit purposes – Snapshot Status of the system at a given point in time Take a snapshot of database before transaction, process the transaction, then take snapshot of database after. – Trace Detailed audit trail Requires in-depth knowledge of computer program – Desk Check Manually process transaction through program logic (as provided in flowchart or program listing)

13 Internal Control Time to put it all together

14 Internal Control Process Control Environment Bridge, Mike and Ian Moss. “COSO back in the limelight” http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

15 Control Environment Integrity and ethical values – Ethics and corporate culture Commitment to competence Management philosophy and operating style Responsibility and commensurate authority Human resources – Adequate supervision – Job rotation and forced vacations – Dual control

16 Internal Control Process Risk Assessment Bridge, Mike and Ian Moss. “COSO back in the limelight” http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

17 Apply Risk Assessment Framework What is threat? What is likelihood that threat will occur? What is potential damage from threat? What controls can be used to minimize damage? What is the cost of implementing the control?

18 Internal Control Process Control Activities Bridge, Mike and Ian Moss. “COSO back in the limelight” http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

19 Control Activities Constraints imposed on a user or a system to secure systems against risks. Types – Prevent – Detect – Correct General vs IT specific

20 Segregation of Systems Duties Systems Administration Network Management Security Management Change Management Systems Analysis Programming/Develop ment Test and Validation Computer Operations Data Control

21 Internal Control Process Information and Communication Bridge, Mike and Ian Moss. “COSO back in the limelight” http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

22 Information and Communication Need to understand: – How transactions are initiated – How data are captured in machine-readable form (or converted from source documents into machine-readable form) – How computer files are accessed and updated – How data are processed – How information is reported to internal and external users

23 Internal Control Process Monitoring Bridge, Mike and Ian Moss. “COSO back in the limelight” http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

24 Monitoring Effective Supervision Responsibility Accounting Monitor System Activities – Review computer and network security – Detect illegal entry – Test for weaknesses and vulnerabilities – Monitor for viruses, spyware, span, pop-ups, etc. Track purchased software

25 In-Class Exercise Problem 36, pg 477

26 Final Project Project 3

Download ppt "Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449."

Similar presentations

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Chapter 13 Auditing Information Technology

Chapter 13 Auditing Information Technology
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google