Chapter 5Computer Fraud

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall5-1

Learning Objectives

Explain the threats faced by modern information systems.

Define fraud and describe the process one follows to perpetuate a fraud.

Discuss who perpetrates fraud and why it occurs, including: the pressures, opportunities, and rationalizations that

are present in most frauds.

Define computer fraud and discuss the different computer fraud classifications.

Explain how to prevent and detect computer fraud and abuse.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-2

Common Threats to AIS

Natural Disasters and Terrorist Threats

Software Errors and/or Equipment Malfunction

Unintentional Acts (Human Error)

Intentional Acts (Computer Crimes)

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-3

What Is Fraud?

Gaining an unfair advantage over another person A false statement, representation, or disclosure A material fact that induces a person to act An intent to deceive A justifiable reliance on the fraudulent fact in which a

person takes action An injury or loss suffered by the victim

Individuals who commit fraud are referred to as white-collar criminals.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-4

Forms of Fraud

Misappropriation of assets Theft of a companies assets. Largest factors for theft of assets:

Absence of internal control system Failure to enforce internal control system

Fraudulent financial reporting “…intentional or reckless conduct, whether by act or

omission, that results in materially misleading financial statements” (The Treadway Commission).

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-5

Reasons for Fraudulent Financial Statements

1. Deceive investors or creditors

2. Increase a company’s stock price

3. Meet cash flow needs

4. Hide company losses or other problems

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-6

Treadway Commission Actions to Reduce Fraud

1. Establish environment which supports the integrity of the financial reporting process.

2. Identification of factors that lead to fraud.

3. Assess the risk of fraud within the company.

4. Design and implement internal controls to provide assurance that fraud is being prevented.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-7

SAS #99

Auditors responsibility to detect fraud Understand fraud Discuss risks of material fraudulent statements

Among members of audit team Obtain information

Look for fraud risk factors Identify, assess, and respond to risk Evaluate the results of audit tests

Determine impact of fraud on financial statements Document and communicate findings

See Chapter 3 Incorporate a technological focus

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-8

The Fraud Triangle

Pressure

Opportunity

Rationalization

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-9

Pressure

Employee

Financial

Emotional Lifest

yle

• Motivation or incentive to commit fraud

•Types:

1.Employee• Financial• Emotional• Lifestyle

2.Financial• Industry conditions• Management

characteristics

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-10

Financial Reportin

g

Industry Conditio

ns

Mgmt Characteristics

Opportunity

Opportunity

Commit

Conceal Conv

ert• Condition or situation that allows a person or organization to:

1.Commit the fraud

2.Conceal the fraud• Lapping• Kiting

3.Convert the theft or misrepresentation to personal gain

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-11

Rationalizations

Rationalizati

on

Justification

Attitude

Lack of Peronal Integrity

•Justification of illegal behavior

1.Justification• I am not being

dishonest.2.Attitude

• I don’t need to be honest.

3.Lack of personal integrity• Theft is valued

higher than honesty or integrity.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-12

Computer Fraud

Any illegal act in which knowledge of computer technology is necessary for: Perpetration Investigation Prosecution

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-13

Rise of Computer Fraud

1. Definition is not agreed on

2. Many go undetected

3. High percentage is not reported

4. Lack of network security

5. Step-by-step guides are easily available

6. Law enforcement is overburdened

7. Difficulty calculating loss

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-14

Computer Fraud Classifications

Input Fraud Alteration or falsifying input

Processor Fraud Unauthorized system use

Computer Instructions Fraud Modifying software, illegal copying of software, using software in an

unauthorized manner, creating software to undergo unauthorized activities

Data Fraud Illegally using, copying, browsing, searching, or harming company

data

Output Fraud Stealing, copying, or misusing computer printouts or displayed

information

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-15