Threats to information systems include natural disasters, software errors, human errors, and intentional acts like computer crime and fraud. Fraud involves deception to gain an unfair advantage, and there are two categories: misappropriation of assets and fraudulent financial reporting. Perpetrators of fraud experience pressure, have opportunities to commit fraud, and rationalize their behavior. Computer fraud uses computers to commit traditional types of fraud and can target input, processing, output, or data. Preventing computer fraud involves reducing opportunities, improving detection through controls and audits, and reducing losses through backups and monitoring.
Threats to information systems include natural disasters, software errors, human errors, and intentional acts like computer crime and fraud. Fraud involves deception to gain an unfair advantage, and there are two categories: misappropriation of assets and fraudulent financial reporting. Perpetrators of fraud experience pressure, have opportunities to commit fraud, and rationalize their behavior. Computer fraud uses computers to commit traditional types of fraud and can target input, processing, output, or data. Preventing computer fraud involves reducing opportunities, improving detection through controls and audits, and reducing losses through backups and monitoring.
Threats to information systems include natural disasters, software errors, human errors, and intentional acts like computer crime and fraud. Fraud involves deception to gain an unfair advantage, and there are two categories: misappropriation of assets and fraudulent financial reporting. Perpetrators of fraud experience pressure, have opportunities to commit fraud, and rationalize their behavior. Computer fraud uses computers to commit traditional types of fraud and can target input, processing, output, or data. Preventing computer fraud involves reducing opportunities, improving detection through controls and audits, and reducing losses through backups and monitoring.
Threats to information systems include natural disasters, software errors, human errors, and intentional acts like computer crime and fraud. Fraud involves deception to gain an unfair advantage, and there are two categories: misappropriation of assets and fraudulent financial reporting. Perpetrators of fraud experience pressure, have opportunities to commit fraud, and rationalize their behavior. Computer fraud uses computers to commit traditional types of fraud and can target input, processing, output, or data. Preventing computer fraud involves reducing opportunities, improving detection through controls and audits, and reducing losses through backups and monitoring.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1of 5
Chapter 5 Computer Fraud
LO1 Threats to AIS
1. Natural and Political disasters fire, excess heat, floods, earthquakes; war, attacked by terrorists (cyber-attack by Obama Iran) 2. Software errors and equipment malfunctions software bugs, equipment failure, power outages… 3. Unintentional acts human errors that accountants should check & control 4. Intentional acts computer crime, fraud, deliberate harm to the system… LO2 Define Fraud 欺詐 • Any means a person uses to gain an unfair advantage over another person; includes: – A false statement, representation, or disclosure – A material fact, which induces a victim to act – An intent to deceive – Victim relied on the misrepresentation – Injury or loss was suffered by the victim Fraud is white-collar crime Describe Fraud Two categories of fraud: 1 Misappropriation of assets 挪用公司資產 Employee steals assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, e-data, customer data) 2 Fraudulent financial reporting 做假帳 – Management “cooking the books” (e.g., booking fictitious 虚 假 的 revenue, overstating assets, etc.) Fraudulent Financial Reporting 1. It is intentional or reckless conduct, by act or by omission that results in materially misleading financial statements. 2. For the purposes of deceiving investors and creditors, increasing stock prices, hiding company debts or problems 3. “Cook the books”: inflating revenue, delaying expenses, overstating inventory or fixed assets, concealing losses and liabilities. Recommendations to reduce fraudulent financial reporting 1) Establish an organizational environment of integrity, regulations and procedures. 2) Identify and understand the factors that lead to fraudulent financial reporting 3) Assess the risk within the company 4) Design and implement internal control to prevent fraudulent financial reporting. Reduce Fraud inside a company • The number of asset misappropriation is 17 times more likely than fraudulent financial reporting, but the amount lost are much smaller. • Auditors and management are more concerned with fraudulent financial reporting. • will have serious result Auditor’s Responsibility SAS No. 99 (AU-C Section 240) requires auditor’s to: 1 Understand fraud: How and why it is committed? 2 Discuss the risks of material fraudulent misstatements with management and themselves 3 Obtain information: looking for fraud risk factors by testing the system, from clients, exam revenue A/C 4 Identify, assess, and respond to risks 5 Evaluate the results of their audit tests and evaluate the fraud’s impacts 6 Record findings in the audit documents 7 Incorporate a technology focus during audit procedure LO3 Who Perpetrates Fraud and Why? 1. Many perpetrators look just you and me. 2. Some are unhappy with their jobs and seek revenge against their employers. Some look honest and are respected. They are good people but did bad things. 3. Computer fraud perpetrators are younger and possess more computer skills. They are motivated by curiosity, view their behavior as a game or take challenge of beating the system. 4. Most perpetrators seek to get money. 5. When the first-time perpetrate is not caught, they may become serial fraudsters. Important characteristics of Perpetrators 犯罪者 Some employee makes use the weakness in internal control and commit misappropriation of assets. The perpetrators: 1. Gain the trust or confidence of their employer 2. Use trickery, cunning or misleading information to commit fraud, physical or online 3. Conceal the fraud by falsifying record 4. Rarely terminate the fraud voluntarily 5. Sees how easy to get extra money, greed impels 激励 to continue 6. Some employee did not think taking company data is equivalent to stealing
Conditions for Fraud
These three conditions must be present for fraud to occur: • Pressure – Employee § Financial (low income) § Lifestyle (deluxe) § Emotional – Financial Statement § Financial § Management § Industry conditions • Opportunity to: – Commit – Conceal – Convert to personal gain • Rationalize – Justify behavior – Attitude that rules don’t apply – Lack personal integrity Fraud Triangle
LO4 Define Computer Fraud
• If a computer is used to commit fraud it is called computer fraud Examples: • Unauthorized theft, use, access, modification, copying, or destruction of software, hardware or data. • Steal assets and cover up by altering computer records. • Obtaining information illegally using computers Computer Fraud Classifications Computer fraud can be categorized using the data processing model: 1) Input fraud: less skill required: create, alter or falsify computer input 2) Processing fraud: unauthorized use/access, use company computer to run illegal gambling website, hack into company’s system to transfer money / stock to personal accounts. 3) Computer instruction fraud: use company software to give unauthorized instructions to bank, other employees…. 4) Data fraud: steal confidential information by employee or outsiders that cause serious lost (money, reputation, legal) 5) Output fraud: displayed or printed output can be stolen, copied or misused. LO5 Preventing and Detecting Fraud 1. Make Fraud Less Likely to Occur (preventive) Organizational • Create a culture of integrity • Adopt structure that minimizes fraud, create governance (e.g., Board of Directors) • Assign authority to departments / individuals and hold them accountable for completing tasks, with effective supervision and monitoring of employees Systems • Develop security policies to guide and design specific control procedures • Implement human resource policies for hiring, promotion and required ethical behavior and integrity • Implement anti-fraud policies for management controls and project controls 2. Make It Difficulty to Commit Organizational • Develop strong internal controls • Segregate accounting functions • Use properly designed forms of documents • Require independent checks and reconciliations of data Systems • Restrict access • System authentication 证实 • Implement computer controls over input, processing, storage and output of data • Use encryption 加密 (on email or documents) • Fix software bugs and update systems regularly • Destroy hard drives when disposing of computers 3. Improve Detection (detective) Organizational • Assess fraud risk • External and internal audits • Fraud hotline 報料熱線 Systems • Audit trail of transactions through the system • Install fraud detection software • Monitor system activities (user and error logs, intrusion detection) 4. Reduce Fraud Losses Organizational • Insurance • Business continuity and disaster recovery plan Systems • Store backup copies of program and data files in secure, off-site location • Monitor system activity Key Terms – Ch05 Computer Fraud • Sabotage (intentional act to harm the company computer system) • Cookie (a software transfer data to a website) • Fraud • White-collar criminals • Corruption • Investment fraud 投资骗案 • Misappropriation of assets • Fraudulent financial reporting • Pressure • Opportunity • Rationalization • Lapping (misbehavior conduct by an accounting staff) • Computer fraud
1. Explain the threats faced by modern information systems.
2. Define fraud and describe both the different types of fraud and the auditor’s responsibility to detect fraud. 3. Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds. 4. Define computer fraud and discuss the different computer fraud classifications. 5. Explain how to prevent and detect computer fraud and abuse.