Chapter 5 Computer Fraud

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 5

Chapter 5 Computer Fraud

LO1 Threats to AIS


1. Natural and Political disasters
fire, excess heat, floods, earthquakes; war, attacked by terrorists (cyber-attack by Obama
Iran)
2. Software errors and equipment malfunctions
software bugs, equipment failure, power outages…
3. Unintentional acts
human errors that accountants should check & control
4. Intentional acts
computer crime, fraud, deliberate harm to the system…
LO2 Define Fraud 欺詐
• Any means a person uses to gain an unfair advantage over another person;
includes:
– A false statement, representation, or disclosure
– A material fact, which induces a victim to act
– An intent to deceive
– Victim relied on the misrepresentation
– Injury or loss was suffered by the victim
Fraud is white-collar crime
Describe Fraud
Two categories of fraud:
1 Misappropriation of assets 挪用公司資產 Employee steals assets which can
include physical assets (e.g., cash, inventory) and digital assets (e.g.,
intellectual property such as protected trade secrets, e-data, customer data)
2 Fraudulent financial reporting 做假帳
– Management “cooking the books” (e.g., booking fictitious 虚 假 的
revenue, overstating assets, etc.)
Fraudulent Financial Reporting
1. It is intentional or reckless conduct, by act or by omission that results in
materially misleading financial statements.
2. For the purposes of deceiving investors and creditors, increasing stock prices,
hiding company debts or problems
3. “Cook the books”: inflating revenue, delaying expenses, overstating inventory
or fixed assets, concealing losses and liabilities.
Recommendations to reduce fraudulent financial reporting
1) Establish an organizational environment of integrity, regulations and
procedures.
2) Identify and understand the factors that lead to fraudulent financial reporting
3) Assess the risk within the company
4) Design and implement internal control to prevent fraudulent financial
reporting.
Reduce Fraud inside a company
• The number of asset misappropriation is 17 times more likely than fraudulent
financial reporting, but the amount lost are much smaller.
• Auditors and management are more concerned with fraudulent financial
reporting.
• will have serious result
Auditor’s Responsibility
SAS No. 99 (AU-C Section 240) requires auditor’s to:
1 Understand fraud: How and why it is committed?
2 Discuss the risks of material fraudulent misstatements with management and
themselves
3 Obtain information: looking for fraud risk factors by testing the system, from
clients, exam revenue A/C
4 Identify, assess, and respond to risks
5 Evaluate the results of their audit tests and evaluate the fraud’s impacts
6 Record findings in the audit documents
7 Incorporate a technology focus during audit procedure
LO3 Who Perpetrates Fraud and Why?
1. Many perpetrators look just you and me.
2. Some are unhappy with their jobs and seek revenge against their employers.
Some look honest and are respected. They are good people but did bad things.
3. Computer fraud perpetrators are younger and possess more computer skills.
They are motivated by curiosity, view their behavior as a game or take
challenge of beating the system.
4. Most perpetrators seek to get money.
5. When the first-time perpetrate is not caught, they may become serial
fraudsters.
Important characteristics of Perpetrators 犯罪者
Some employee makes use the weakness in internal control and commit
misappropriation of assets. The perpetrators:
1. Gain the trust or confidence of their employer
2. Use trickery, cunning or misleading information to commit fraud, physical or
online
3. Conceal the fraud by falsifying record
4. Rarely terminate the fraud voluntarily
5. Sees how easy to get extra money, greed impels 激励 to continue
6. Some employee did not think taking company data is equivalent to stealing

Conditions for Fraud


These three conditions must be present for fraud to occur:
• Pressure
– Employee
§ Financial (low income)
§ Lifestyle (deluxe)
§ Emotional
– Financial Statement
§ Financial
§ Management
§ Industry conditions
• Opportunity to:
– Commit
– Conceal
– Convert to personal gain
• Rationalize
– Justify behavior
– Attitude that rules don’t apply
– Lack personal integrity
Fraud Triangle

LO4 Define Computer Fraud


• If a computer is used to commit fraud it is called computer fraud
Examples:
• Unauthorized theft, use, access, modification, copying, or destruction of
software, hardware or data.
• Steal assets and cover up by altering computer records.
• Obtaining information illegally using computers
Computer Fraud Classifications
Computer fraud can be categorized using the data processing model:
1) Input fraud: less skill required: create, alter or falsify computer input
2) Processing fraud: unauthorized use/access, use company computer to run
illegal gambling website, hack into company’s system to transfer money /
stock to personal accounts.
3) Computer instruction fraud: use company software to give unauthorized
instructions to bank, other employees….
4) Data fraud: steal confidential information by employee or outsiders that cause
serious lost (money, reputation, legal)
5) Output fraud: displayed or printed output can be stolen, copied or misused.
LO5 Preventing and Detecting Fraud
1. Make Fraud Less Likely to Occur (preventive)
Organizational
• Create a culture of integrity
• Adopt structure that minimizes fraud, create governance (e.g., Board of
Directors)
• Assign authority to departments / individuals and hold them accountable for
completing tasks, with effective supervision and monitoring of employees
Systems
• Develop security policies to guide and design specific control procedures
• Implement human resource policies for hiring, promotion and required ethical
behavior and integrity
• Implement anti-fraud policies for management controls and project controls
2. Make It Difficulty to Commit
Organizational
• Develop strong internal controls
• Segregate accounting functions
• Use properly designed forms of documents
• Require independent checks and reconciliations of data
Systems
• Restrict access
• System authentication 证实
• Implement computer controls over input, processing, storage and output of
data
• Use encryption 加密 (on email or documents)
• Fix software bugs and update systems regularly
• Destroy hard drives when disposing of computers
3. Improve Detection (detective)
Organizational
• Assess fraud risk
• External and internal audits
• Fraud hotline 報料熱線
Systems
• Audit trail of transactions through the system
• Install fraud detection software
• Monitor system activities (user and error logs, intrusion detection)
4. Reduce Fraud Losses
Organizational
• Insurance
• Business continuity and disaster recovery plan
Systems
• Store backup copies of program and data files in secure, off-site location
• Monitor system activity
Key Terms – Ch05 Computer Fraud
• Sabotage (intentional act to harm the company computer system)
• Cookie (a software transfer data to a website)
• Fraud
• White-collar criminals
• Corruption
• Investment fraud 投资骗案
• Misappropriation of assets
• Fraudulent financial reporting
• Pressure
• Opportunity
• Rationalization
• Lapping (misbehavior conduct by an accounting staff)
• Computer fraud

1. Explain the threats faced by modern information systems.


2. Define fraud and describe both the different types of fraud and the auditor’s
responsibility to detect fraud.
3. Discuss who perpetrates fraud and why it occurs, including the pressures,
opportunities, and rationalizations that are present in most frauds.
4. Define computer fraud and discuss the different computer fraud
classifications.
5. Explain how to prevent and detect computer fraud and abuse.

You might also like