Computer fraud - Chapter 5

  Chapter 

This chapter introduced the topic computer fraud. What is fraud? How was fraud perpetrated? How vulnerable is de company’s computer system?

As accounting information systems grow more complex to meet our escalating needs for information, companies face the growing risk that their systems may be compromised. Recent surveys show that 67% of companies had a security breach, over 45% were targeted by organized crime, and 60% reported financial losses.

There are four types of threats to accounting information systems.

  1. Natural and political disasters.

  2. For example: fire or excessive heat. Floods, earthquakes, landslides, hurricanes, tornadoes, blizzards, snowstorms, and freezing rain. Also, war and attacks by terrorists.

  3. Software errors and equipment malfunction.

  4. For example: hardware of software failure, software errors or bugs, operating system crashes, power outages and fluctuations, and undetected data transmissions errors.

  5. Unintentional acts.

  6. For example: accidents caused by human carelessness, failure to follow established procedures, and poorly trained or supervised personnel. Or innocent errors or omissions. Also logic errors, and lost, erroneous, destroyed, or misplaced data. Another example: systems that do not meet company needs or cannot handle intended tasks.

  7. Intentional acts (computer crimes).

  8. For example: sabotage, corruption, computer fraud, financial statement fraud, misappropriation of assets, and misappropriation, false use, or unauthorized disclosure of data.

A cookie contains data a website stores on your computer to identify the website to your computer so that you do not have to log on each time you visit the site.

Fraud is gaining an unfair advantage over another person. Legally, for an act to be fraudulent there must be:

  • A false statement, representation, or disclosure

  • A material fact, which is something that induces a person to act

  • A intent to deceive

  • A justifiable reliance. That is the person relies on the misrepresentation to take an action

  • A injury or loss suffered by the victim

An estimated 75% to 90% of computer fraud perpetrators are knowledgeable insiders with the requisite access, skills, and resources. Because employees understand a company’s system and its weaknesses, they are better able to commit and conceal a fraud. The controls used to protect corporate assets make it more difficult for an outsider to steal from a company. Fraud perpetrators are often referred to as white-collar criminals.

Fraud takes two forms

  • Misappropriation of assets: is the theft of company asset. The most significant contributing factor in most misappropriations is the absence of internal controls and/or the failure to enforce existing internal control.

  • Fraudulent financial reporting defined as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements. Financial statements are falsified to deceive investors and creditors, increase a company’s stock price, meet cash flow needs, or hide company losses and problems.

The Treadway Commission recommended four actions to reduce fraudulent financial reporting:

  1. Establish an organizational environment that contributes to the integrity of the financial reporting process.

  2. Identify and understand the factors that lead to fraudulent financial reporting.

  3. Assess the risk of fraudulent financial reporting within the company.

  4. Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting.

The Association of Certified Fraud Examiners found that an asset misappropriation is 17 times more likely than fraudulent financial reporting but that the amounts involved are much smaller.

SAS No. 99 (Statement on Auditing Standards) was adopted to clarify the auditor’s responsibility to detect fraud. It requires auditors to:

  • Understand fraud

  • Discuss the risk of material fraudulent misstatements

  • Obtain information

  • Identify, assess, and respond to risks

  • Evaluate the results of their audit tests

  • Document and communicate findings

  • Incorporate a technology focus

When researches compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the public, they found significant differences between violent and white-collar criminals. Fraud perpetrators look just like you and me. Some are disgruntled and unhappy with their jobs and seek revenge against employers. Most have no previous criminal record. Some are motivated by curiosity, a quest for knowledge, the desire to learn how things work and the challenge of beating the system.

Three conditions are present when fraud occurs.

  1. Pressure. A pressure is a person’s incentive or motivation for committing fraud. There are three types of pressure. The first one is financial pressure. Financial pressure often motivate misappropriation frauds by employees. A second type of pressure is emotional. Many frauds are motivated by greed. Some employees turn to fraud because they have strong feelings or resentment or believe they have been treated unfair. A third type of employee pressure is a person’s lifestyle. The person may need funds to support a gambling habit or support a drug or alcohol addiction. Some people commit fraud to keep pace with other family members.

  2. Opportunities. This is the condition or situation that allows a person or organization to do three things.

    1. Commit the fraud

    2. Conceal the frand

      1. Lapping: a perpetrator steals the cash or checks customer A mails in to pay its accounts receivable.

      2. Kiting: cash is created using the lag between the time a check is deposited and the time it clears the bank.

    3. Convert the theft or misrepresentation to personal gain

  3. Rationalization. A rationalization allows perpetrators to justify their illegal behavior. Perpetrators rationalize that they are not being dishonest, that honesty is not required of them, or that they value what they take more than honesty and integrity.

Computer fraud is any fraud that requires computer technology knowledge to perpetrate, investigate, or prosecute it. Millions of dollars can be stolen in less than a second, leaving little or no evidence. Therefore, computer fraud can be much more difficult to detect than other types of fraud.

Computer systems are particularly vulnerable for the following reasons:

  • People who break into corporate databases can steal, destroy, or alter massive amounts of data in very little time.

  • Perpetrators can steal many more assets with much less time and effort.

  • Some organizations grant employees, customers, and suppliers access to their system.

  • Computer programs need to be modified illegally only once for them to operate improperly for as long as they are in use.

  • Personal computers are vulnerable to security risks.

  • Computer systems face a number of unique challenges.

The number of incidents, the total dollar losses, and the sophistication of the perpetrators and the schemes used to commit computer fraud are increasing rapidly for several reasons:

  1. Not everyone agrees on what constitutes computer fraud

  2. Many instances of computer fraud go undetected

  3. A high percentage of frauds is not reported

  4. Many networks are not secure

  5. Internet sites offer step-by-step instructions on how to perpetrate computer fraud and abuse

  6. Law enforcement cannot keep up with the growth of computer fraud

  7. Calculating losses is difficult

Computer fraud can be categorized using the data processing model

  • Input fraud. The simplest and most common way to commit a computer fraud is to alter of falsify computer input. It requires little skill. Perpetrators need only understand how the system operates so they can cover their tracks.

  • Processor fraud. It includes unauthorized system use, including the theft of computer time and services.

  • Computer instruction fraud. This type of fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity. The approach used to be uncommon, but today it’s more frequent.

  • Data fraud. This is illegally using, copying, browsing, searching, or harming company data. The biggest cause of data breaches is employee negligence. In the absence of controls, it is nog hard for employees to steal data.

  • Output fraud. Unless properly safeguarded, displayed or printed output can be stolen, copied, or misused. Fraud perpetrators use computers to forge authentic-looking outputs, such as a pay check.

Sluit je aan bij JoHo om te kunnen inloggen en gebruik te maken van de tools en teksten
 

Aansluiten bij JoHo als abonnee of donateur

The world of JoHo footer met landenkaart

    Aansluiten bij JoHo met een JoHo abonnement

    JoHo abonnement (€20,- p/j)

    • Voor wie online volledig gebruik wil maken van alle JoHo's en boeksamenvattingen voor alle fases van een studie, met toegang tot alle online HBO & WO boeksamenvattingen en andere studiehulp
    • Voor wie gebruik wil maken van de gesponsorde boeksamenvattingen (en er met zijn pinpoints 10 gratis kan afhalen in een JoHo support center of bij een JoHo partner)
    • Voor wie gebruik wil maken van de vacatureservice en bijbehorende keuzehulp & advieswijzers
    • Voor wie gebruik wil maken van keuzehulp en advies bij werk in het buitenland, lange reizen, vrijwilligerswerk, stages en studie in het buitenland
    • Voor wie extra kortingen wil op (reis)artikelen en services (online + in de JoHo support centers)
    • Voor wie extra kortingen wil op de geprinte studiehulp (zoals tentamen tests en study notes) in de JoHo support centers

     of met een JoHo donateurschap

    JoHo donateurschap (€5,- per jaar)

    • Voor wie €10,- korting wil op zijn JoHo abonnement
    • Voor wie JoHo WorldSupporter en Smokey projecten wil steunen
    • Voor wie gebruik wil maken van alle gedeelde materialen op WorldSupporter
    • Voor wie op zoek is naar de organisatie bij een vacature

     

    Aanmelden & Aansluiten bij JoHo 

    JoHo & Partnernieuws

    Vacatures: checken

      Partners: verzekering kiezen
       
      Regel jij via JoHo je reis- of zorgverzekering bij een duurzame of gespecialiseerde partner?
       
       
       
       

      JoHo: chapters begrijpen

      Hoe werkt een JoHo Chapter?

       

      Wat vind je op een JoHo Chapter pagina

      •   JoHo Chapters zijn tekstblokken en hoofdstukken rond een specifieke vraag of een deelonderwerp

      Crossroad: volgen

      • Via een beperkt aantal geselecteerde webpagina's kan je verder reizen op de JoHo website

      Crossroad: kiezen

      • Via alle aan het chapter verbonden webpagina's kan je verder lezen in een volgend hoofdstuk of tekstonderdeel.

      Footprints: bewaren

      • Je kunt deze pagina bewaren in je persoonlijke lijsten zoals: je eigen paginabundel, je to-do-list, je checklist of bijvoorbeeld je meeneem(pack)lijst. Je vindt jouw persoonlijke  lijsten onderaan vrijwel elke webpagina of op je userpage
      • Dit is een service voor JoHo donateurs en abonnees.

      Abonnement: nemen

      • Hier kun je naar de pagina om je aan te sluiten bij JoHo, JoHo te steunen en zelf en volledig gebruik te kunnen maken van alle teksten en tools.

      Abonnement: checken

      • Hier vind je wat jouw status is als JoHo donateur of abonnee

      Aantekeningen: maken

      • Dit is een service voor wie bij JoHo is aangesloten. Je kunt zelf online aantekeningen maken en bewaren, je eigen antwoorden geven op tests, of bijvoorbeeld checklists samenstellen.
      • De aantekeningen verschijnen direct op de pagina en zijn alleen voor jou zichtbaar
      • De aantekeningen zijn zichtbaar op de betrokken webpagine en op je eigen userpage.

      Prints: maken

      • Dit is een service voor wie bij JoHo is aangesloten.  Wil je een tekst overzichtelijk printen, gebruik dan deze knop.
      JoHo: footprint achterlaten