Download Computer Fraud

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts
no text concepts found
Transcript 
Computer Fraud
Chapter 5
Copyright © 2015 Pearson Education, Inc.
5-1
Learning Objectives
• Explain the threats faced by modern information systems.
• Define fraud and describe both the different types of fraud and the
process one follows to perpetuate a fraud.
• Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present in
most frauds.
• Define computer fraud and discuss the different computer fraud
classifications.
• Explain how to prevent and detect computer fraud and abuse.
Copyright © 2015 Pearson Education, Inc.
5-2
INTRODUCTION
• Information systems are becoming increasingly
more complex and society is becoming
increasingly more dependent on these systems.
▫ Companies also face a growing risk of these
systems being compromised.
▫ Recent surveys indicate 67% of companies
suffered a security breach in the last year with
almost 60% reporting financial losses.
Copyright © 2015 Pearson Education, Inc.
Threats to AIS
• Natural and Political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional acts
Copyright © 2015 Pearson Education, Inc.
5-4
Fraud
• Any means a person uses to gain an unfair
advantage over another person; includes:
▫
▫
▫
▫
▫
A false statement, representation, or disclosure
A material fact, which induces a victim to act
An intent to deceive
Victim relied on the misrepresentation
Injury or loss was suffered by the victim
Fraud is white collar crime
Copyright © 2015 Pearson Education, Inc.
5-5
THE FRAUD PROCESS
• Fraud against companies may be committed by
an employee or an external party.
▫ Former and current employees (called
knowledgeable insiders) are much more likely
than non-employees to perpetrate frauds (and big
ones) against companies.
 Largely owing to their understanding of the company’s systems
and its weaknesses, which enables them to commit the fraud
and cover their tracks.
▫ Organizations must utilize controls to make it difficult
for both insiders and outsiders to steal from the
company.
Copyright © 2015 Pearson Education, Inc.
Two Categories of Fraud
• Misappropriation of assets
▫ Theft of company assets which can include
physical assets (e.g., cash, inventory) and digital
assets (e.g., intellectual property such as protected
trade secrets, customer data)
• Fraudulent financial reporting
▫ “cooking the books” (e.g., booking fictitious
revenue, overstating assets, etc.)
Copyright © 2015 Pearson Education, Inc.
5-7
SAS #99
• Auditors responsibility to detect fraud
▫ Understand fraud
▫ Discuss risks of material fraudulent statements
 Among members of audit team
▫ Obtain information
 Look for fraud risk factors
▫ Identify, assess, and respond to risk
▫ Evaluate the results of audit tests
 Determine impact of fraud on financial statements
▫ Document and communicate findings
 See Chapter 3
▫ Incorporate a technology focus
Copyright © 2015 Pearson Education, Inc.
THE FRAUD PROCESS
• Fraud perpetrators are often referred to as whitecollar criminals.
• Researchers have compared the psychological and
demographic characteristics of three groups of people:
▫ White-collar criminals
▫ Violent criminals
▫ The general public
• They found:
▫ Significant differences between violent and white-collar
criminals.
▫ Few differences between white-collar criminals and the general
public.
Copyright © 2015 Pearson Education, Inc.
Conditions for Fraud
These three conditions must be
present for fraud to occur:
• Pressure
▫ Employee
 Financial
 Lifestyle
 Emotional
▫ Financial Statement
 Financial
 Management
 Industry conditions
Copyright © 2015 Pearson Education, Inc.
• Opportunity to:
▫ Commit
▫ Conceal
▫ Convert to personal gain
• Rationalize
▫ Justify behavior
▫ Attitude that rules don’t apply
▫ Lack personal integrity
5-10
Fraud Triangle
Copyright © 2015 Pearson Education, Inc.
5-11
PRESSURES THAT LEAD TO EMPLOYEE FRAUD
FINANCIAL
• Living beyond
means
• High personal
debt/expenses
• “Inadequate”
salary/income
• Poor credit ratings
• Heavy financial
losses
• Bad investments
• Tax avoidance
• Meet unreasonable
quotas/goals
EMOTIONAL
•
•
•
•
•
•
•
•
•
•
•
•
Copyright © 2015 Pearson Education, Inc.
Greed
Unrecognized
performance
Job dissatisfaction
Fear of losing job
Power or control
Pride or ambition
Beating the system
Frustration
Non-conformity
Envy, resentment
Arrogance,
dominance
Non-rules oriented
LIFESTYLE
• Support gambling
habit
• Drug or alcohol
addiction
• Support sexual
relationships
• Family/peer
pressure
WHO COMMITS FRAUD AND WHY
• Financial statement fraud is distinct from other
types of fraud in that the individuals who
commit the fraud are not the direct beneficiaries.
▫ The company is the direct beneficiary.
▫ The perpetrators are typically indirect beneficiaries.
• Reasons for Fraudulent Financial Statements




Deceive investors or creditors
Increase a company’s stock price
Meet cash flow needs
Hide company losses or other problems
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• Opportunity is the opening or gateway that
allows an individual to:
▫ Commit the fraud
▫ Conceal the fraud
▫ Convert the proceeds
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• There are many opportunities that enable
fraud. Some of the most common are:
▫ Lack of internal controls
▫ Failure to enforce controls (the most prevalent
reason)
▫ Excessive trust in key employees
▫ Incompetent supervisory personnel
▫ Inattention to details
▫ Inadequate staff
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• Management may allow fraud by:
▫ Not getting involved in the design or enforcement
of internal controls;
▫ Inattention or carelessness;
▫ Overriding controls; and/or
▫ Using their power to compel subordinates to carry
out the fraud.
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• Concealing the fraud often takes more time and
effort and leaves more evidence than the actual
theft or misrepresentation.
• Examples of concealment efforts:
▫ Charge a stolen asset to an expense account or to an
account receivable that is about to be written off.
▫ Create a ghost employee who receives an extra
paycheck.
▫ Lapping.
▫ Kiting.
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• Unless the target of the theft is cash, then the
stolen goods must be converted to cash or some
form that is beneficial to the perpetrator.
▫ Checks can be converted through alterations,
forged endorsements, check washing, etc.
▫ Non-cash assets can be sold (online auctions are a
favorite forum) or returned to the company for
cash.
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• How many people do you know who regard
themselves as being unprincipled or sleazy?
• It is important to understand that fraudsters do
not regard themselves as unprincipled.
▫ In general, they regard themselves as highly principled
individuals.
▫ That view of themselves is important to them.
▫ The only way they can commit their frauds and
maintain their self image as principled individuals is to
create rationalizations that recast their actions as
“morally acceptable” behaviors.
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• These rationalizations take many forms,
including:
▫ I was just borrowing the money.
▫ It wasn’t really hurting anyone. (Corporations are
often seen as non-persons, therefore crimes against
them are not hurting “anyone.”)
▫ Everybody does it.
▫ I’ve worked for them for 35 years and been underpaid
all that time. I wasn’t stealing; I was only taking what
was owed to me.
▫ I didn’t take it for myself. I needed it to pay my child’s
medical bills.
Copyright © 2015 Pearson Education, Inc.
WHO COMMITS FRAUD AND WHY
• Fraud occurs when:
▫ People have perceived, non-shareable pressures;
▫ The opportunity gateway is left open; and
▫ They can rationalize their actions to reduce the moral impact in
their minds (i.e., they have low integrity).
• Fraud is much less likely to occur when
▫ There is low pressure, low opportunity, and high integrity.
• Unfortunately, there is usually a mixture of these forces
in play, and it can be very difficult to determine the
pressures that may apply to an individual and the
rationalizations he/she may be able to produce.
Copyright © 2015 Pearson Education, Inc.
Computer Fraud
• If a computer is used to commit fraud it is called
computer fraud.
• In using a computer, fraud perpetrators can
steal:
▫ More of something
▫ In less time
▫ With less effort
• They may also leave very little evidence, which
can make these crimes more difficult to detect.
Copyright © 2015 Pearson Education, Inc.
5-22
APPROACHES TO COMPUTER FRAUD
• Computer systems are particularly vulnerable to
computer crimes for several reasons:
▫ Company databases can be huge and access privileges
can be difficult to create and enforce. Consequently,
individuals can steal, destroy, or alter massive
amounts of data in very little time.
▫ Organizations often want employees, customers,
suppliers, and others to have access to their system
from inside the organization and without. This access
also creates vulnerability.
▫ Computer programs only need to be altered once, and
they will operate that way until:
 The system is no longer in use; or
 Someone notices.
Copyright © 2015 Pearson Education, Inc.
APPROACHES TO COMPUTER FRAUD
▫ Modern systems are accessed by PCs, which are
inherently more vulnerable to security risks and
difficult to control.
 It is hard to control physical access to each PC.
 PCs are portable, and if they are stolen, the data and
access capabilities go with them.
 PCs tend to be located in user departments, where
one person may perform multiple functions that
should be segregated.
 PC users tend to be more oblivious to security
concerns.
Copyright © 2015 Pearson Education, Inc.
Computer Fraud Classifications
• Input Fraud
▫ Alteration or falsifying input
• Processor Fraud
▫ Unauthorized system use
• Computer Instructions Fraud
▫ Modifying software, illegal copying of software, using software in an
unauthorized manner, creating software to undergo unauthorized
activities
• Data Fraud
▫ Illegally using, copying, browsing, searching, or harming company data
• Output Fraud
▫ Stealing, copying, or misusing computer printouts or displayed
information
Copyright © 2015 Pearson Education, Inc.
Preventing and Detecting Fraud
1. Make Fraud Less Likely to Occur
Organizational
• Create a culture of integrity
• Adopt structure that
minimizes fraud, create
governance (e.g., Board of
Directors)
• Assign authority for business
objectives and hold them
accountable for achieving
those objectives, effective
supervision and monitoring of
employees
• Communicate policies
Copyright © 2015 Pearson Education, Inc.
Systems
• Develop security policies to
guide and design specific
control procedures
• Implement change
management controls and
project development
acquisition controls
5-26
Preventing and Detecting Fraud
2. Make It Difficulty to Commit
Organizational
• Develop strong internal
controls
• Segregate accounting
functions
• Use properly designed forms
• Require independent checks
and reconciliations of data
Copyright © 2015 Pearson Education, Inc.
Systems
• Restrict access
• System authentication
• Implement computer controls
over input, processing, storage
and output of data
• Use encryption
• Fix software bugs and update
systems regularly
• Destroy hard drives when
disposing of computers
5-27
Preventing and Detecting Fraud
3. Improve Detection
Organizational
• Assess fraud risk
• External and internal audits
• Fraud hotline
Copyright © 2015 Pearson Education, Inc.
Systems
• Audit trail of transactions
through the system
• Install fraud detection
software
• Monitor system activities (user
and error logs, intrusion
detection)
5-28
Preventing and Detecting Fraud
4. Reduce Fraud Losses
Organizational
• Insurance
• Business continuity and
disaster recovery plan
Copyright © 2015 Pearson Education, Inc.
Systems
• Store backup copies of
program and data files in
secure, off-site location
• Monitor system activity
5-29
Related documents
Consumer Fraud
Consumer Fraud
A large number of problems in data mining are related to fraud
A large number of problems in data mining are related to fraud
Consumer Advisory
Consumer Advisory
Chapter 18
Chapter 18
Locking down your web storefront
Locking down your web storefront
Big Data A statistician`s perspective
Big Data A statistician`s perspective
Distributed Data Mining in Credit Card Fraud Detection Large scale
Distributed Data Mining in Credit Card Fraud Detection Large scale
Is Your Business a Sitting Duck? Stop Fraud Before it Happens
Is Your Business a Sitting Duck? Stop Fraud Before it Happens
ANALYSIS ON CREDIT CARD FRAUD DETECTION METHODS
ANALYSIS ON CREDIT CARD FRAUD DETECTION METHODS
Combatting_fraud_and_corruption
Combatting_fraud_and_corruption