Accounting Information Systems 14e Romney Chapter 5

Accounting Information Systems, 14e (Romney/Steinbart)
Chapter 5 Computer Fraud
1 Explain the threats faced by modern information systems.
1) Perhaps the most striking fact about natural disasters in relation to AIS controls is that
A) many companies in one location can be seriously affected at one time by a disaster.
B) losses are absolutely unpreventable.
C) there are a large number of major disasters every year.
D) disaster planning has largely been ignored in the literature.
Answer: A
Concept: Threats to accounting information systems
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
2) Which of the following is the greatest risk to information systems and causes the greatest
dollar losses?
A) Human errors and omissions
B) Physical threats such as natural disasters
C) Dishonest employees
D) Computer crime
Answer: A
Difficulty: Easy
3) Identify the threat below that is not one of the four types of threats faced by accounting
information systems.
A) Natural and political disasters
B) Software errors and equipment malfunctions
C) Unintentional acts
D) System design inefficiency
Answer: D
Difficulty: Easy
AACSB: Application of Knowledge
1
Copyright © 2018 Pearson Education, Inc.
4) A power outage is an example of a(n) ________ threat.
A) natural and political disasters
B) software errors and equipment malfunctions
C) unintentional acts
D) intentional acts (computer crimes)
Answer: B
Difficulty: Moderate
5) Sabotage is an example of a(n) ________ threat.

Answer: D
6) Systems that do not meet company need is an example of a(n) ________ threat.
Answer: C
7) Terrorists are an example of a(n) ________ threat.

Answer: A
2
8) Undetected data transmission errors are an example of a(n) ________ threat.
Answer: B
9) Excessive heat is an example of a(n) ________ threat.

Answer: A
10) What was the first known cyber-attack intended to harm a real-world physical target?
A) Sasser
B) Stuxnet
C) Michelangelo
D) Doomsday
Answer: B
Difficulty: Challenging
11) What agency did the United States create to use cyber weapons and to defend against cyber
attacks?
A) U.S. Cyber Command
B) Department of Network Security
C) Department of Cyber Defense
D) Department of Technology Strategy
Answer: A
3
12) Which type of threat poses the greatest risk to information systems?
A) Software errors and equipment malfunctions
B) Unintentional acts
C) Intentional acts (computer crimes)
D) Natural and political disasters
Answer: B
13) A disgruntled employee in Australia hacked into a sewage system, causing a quarter of a
million gallons of raw sewage to flood a hotel and a park.
Answer: TRUE
Difficulty: Easy
14) A 16 year old hacker was able to access the systems of U.S. Missile Command and
accidently launched a small nuclear missile, which fortunately, failed to detonate.
Answer: FALSE
15) At Facebook, an automated system for verifying configuration value errors backfired,
causing every single client to try to fix accurate data it perceived as invalid. Since the fix
involved querying a cluster of databases, that cluster was quickly overwhelmed by hundreds of
thousands of queries a second. The resultant crash took the Facebook system offline for two-and-
a-half hours.
Answer: TRUE
16) The activist hacker group called Anonymous played Santa Claus one Christmas, indicating
they were "granting wishes to people who are less fortunate than most." They were inundated
with requests for iPads, iPhones, pizzas, and hundreds of other things. They hacked into banks
and sent over $1 million worth of virtual credit cards to people.
Answer: TRUE
4
2 Define fraud and describe both the different types of fraud and the auditor's responsibility to
detect fraud.
1) Lauren wants to open a floral shop in a downtown business district. She doesn't have funds
enough to purchase inventory and pay six months' rent up front. Lauren approaches a good
friend, Jamie, to discuss the possibility of Jamie investing funds and becoming a 25% partner in
the business. After a lengthy discussion, Jamie agrees to invest. Eight months later, Jamie
discovered that Lauren has not be honest with her regarding some aspects of the business
financial operation. In order for Jamie to sue Lauren for fraud, all the following must be true
except
A) Jamie's decision to invest was primarily based on Lauren's assertion that she had prior floral
retail experience.
B) Jamie has suffered a substantial loss in her investment because of Lauren's deception.
C) Jamie trusted and relied on Lauren's representation of the business financial operation.
D) Jamie found Lauren dishonest because she does not always reconcile the business cash
account on a timely basis.
Answer: D
Concept: Fraud
AACSB: Reflective Thinking
2) What characteristics must be presented for an act to be considered fraudulent? Give an

example to support your answer.
Answer: A false statement, representation, or disclosure; a material fact, which is something that
induces a person to act; an intent to deceive; a justifiable reliance; that is, the person relies on the
misrepresentation to take an action; and an injury or loss suffered by the victim. Students'
response may vary depending on the example that they provide.
Concept: Fraud
3) Fraud perpetrators are often referred to as

A) bad actors.
B) blue-collar criminals.
C) white-collar criminals.
D) outlaws.
Answer: C
Concept: Fraud
Difficulty: Easy
5
4) "Cooking the books" is typically accomplished by all the following except
A) overstating inventory.
B) accelerating recognition of revenue.
C) inflating accounts payable.
D) delaying recording of expenses.
Answer: C
Concept: Fraud
5) SAS No. 99 requires that auditors

A) plan audits based on an analysis of fraud risk.
B) detect all material fraud.
C) alert the Securities and Exchange Commission of any fraud detected.
D) take all of the above actions.
Answer: A
Concept: Fraud
6) What is the primary difference between fraud and errors in financial statement reporting?
A) The level of management involved
B) The intent to deceive
C) The materiality of the misstatement
D) The type of transaction effected
Answer: B
Concept: Fraud
7) The two most common types of fraud impacting financial statements are
A) corruption and fraudulent financial reporting.
B) misappropriation of assets and embezzlement.
C) fraudulent financial reporting and e-commerce fraud.
D) fraudulent financial reporting and misappropriation of assets.
Answer: D
Concept: Fraud
6
8) Intentional or reckless conduct that results in materially misleading financial statements is
called
A) financial fraud.
B) misstatement fraud.
C) fraudulent financial reporting.
D) audit failure fraud.
Answer: C
Concept: Fraud
Difficulty: Easy
9) Which of the following is not an example of one of the basic types of fraud?
A) While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer.
B) An executive devised and implemented a plan to accelerate revenue recognition on a long-
term contract, which will allow the company to forestall filing for bankruptcy. The executive
does not own any stock, stock options or grants, and will not receive a bonus or perk because of
the overstated revenue.
C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that
gave the agent tickets to several football games.
D) A salesperson approves a large sales discount on an order from a company owned partially by
the salesperson's sister.
Answer: A
Concept: Fraud
10) Describe two kinds of fraud.

Answer: Misappropriation of assets, or theft, by a person or group for personal financial gain is
usually committed by employees. Fraudulent financial reporting is intentional or reckless
conduct that results in materially misleading financial statements.
Concept: Fraud
Difficulty: Easy
7
11) Which of the following is not an example of misappropriation of assets?
A) A warehouse employee takes home two units of electronic entertainment inventory each week
without authorization.
B) The chief financial officer of the company falsely adds $20 million to the accounts receivable
and revenue accounts.
C) The president of the company utilizes the organization's cash to add a floor to her 15,000
square foot house.
D) The treasurer of the company makes an unauthorized wire transfer from the organization's
bank to a personal account in Grand Cayman.
Answer: B
Concept: Fraud
12) Describe some of the most frequent fraudulent financial reporting schemes.
Answer: The most frequent fraudulent financial reporting schemes involve fictitiously inflating
revenues,
holding the books open (recognizing revenues before they are earned), closing the books
early (delaying current expenses to a later period), overstating inventories or fixed assets, and
concealing losses and liabilities.
Concept: Fraud
13) Describe ways that the Treadway Commission has recommended to reduce fraudulent
financial reporting.
Answer: The Treadway Commission recommended four actions to reduce fraudulent financial
reporting: (1) Establish an organizational environment that contributes to the integrity of the
financial reporting process. (2) Identify and understand the factors that lead to fraudulent
financial reporting. (3) Assess the risk of fraudulent financial reporting within the company. (4.)
Design and implement internal controls to provide reasonable assurance of preventing fraudulent
financial reporting.
Concept: Fraud
8
14) Asset misappropriation is ________ likely than fraudulent financial reporting. The amounts
involved in asset misappropriation are much ________ than fraudulent financial reporting.
A) less; more
B) less; less
C) more; less
D) more, more
Answer: C
Concept: Fraud
15) Misappropriation of assets is a fraudulent act that involves

A) dishonest conduct by those in power.
B) misrepresenting facts to promote an investment.
C) using computer technology to perpetrate a crime.
D) theft of company property.
Answer: D
Concept: Fraud
16) Explain the impact of SAS No. 99 on auditors' responsibilities.

Answer: SAS No. 99, effective December 2002, requires that auditors explicitly consider fraud
risks when planning and performing an audit. Auditors must understand types and characteristics
of fraud. Audit teams must review clients' financial statements for areas susceptible to fraud and
communicate with each other during planning of the audit. Auditors must ask management and
audit committee members about any past or current instances of fraud. Since many frauds
involve revenue recognition, auditors must exercise special care and testing in examining
revenue accounts. Audit procedures and testing must be tailored in response to fraud risk
assessment. Auditors must evaluate the risk of management override of controls and any other
indications of fraud occurrences. All audit procedures, testing and findings must be documented
and communicated to management and the audit committee. Auditors must evaluate and
recognize the impact of technology on fraud risks, as well as opportunities technology may
provide to design fraud-auditing procedures.
Concept: Fraud
9
3 Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and
rationalizations that are present in most frauds.
1) Fraud perpetrators do not typically

A) attempt to return or pay back stolen amounts soon after the initial theft, but find they are
unable to make full restitution.
B) use trickery or lies to gain the confidence and trust of others at the organization they defraud.
C) become bolder and more greedy the longer the theft remains undetected.
D) begin to rely on stolen amounts as part of their income.
Answer: A
Concept: Fraud perpetrators
Difficulty: Easy
2) Researchers found significant differences between white-collar criminals and the public.
Answer: FALSE
Difficulty: Easy
3) Most fraud perpetrators have previous criminal record; they were dishonest and disrespected
members of their community.
Answer: FALSE
4) Lapping is best described as the process of

A) applying cash receipts to a different customer's account in an attempt to conceal previous
thefts of cash receipts.
B) inflating bank balances by transferring money among different bank accounts.
C) stealing small amounts of cash, many times over a period of time.
D) increasing expenses to conceal that an asset was stolen.
Answer: A
Concept: Fraud
10
5) Which of the following is not an example of the fraud triangle characteristic concerned with
rationalization?
A) Revenge against the company
B) Intent to repay "borrowed" funds in the future
C) Sense of entitlement as compensation for receiving a lower than average raise
D) Belief that the company won't suffer because an insurance company will reimburse losses
Answer: A
Concept: The fraud triangle
6) Insiders are frequently the ones who commit fraud because

A) they are more dishonest than outsiders.
B) they need money more than outsiders.
C) they are less likely to get caught than outsiders.
D) they know more about the system and its weaknesses than outsiders.
Answer: D
Difficulty: Easy
7) Which of the following is not a management characteristic that increases pressure to commit
fraudulent financial reporting?
A) Close relationship with the current audit engagement partner and manager
B) Pay for performance incentives based on short-term performance measures
C) High management and employee turnover
D) Highly optimistic earnings projections
Answer: A
Difficulty: Easy
8) Researchers have compared the psychological and demographic characteristics of white-collar

criminals, violent criminals, and the general public. They found that
A) few differences exist between white-collar criminals and the general public.
B) white-collar criminals eventually become violent criminals.
C) most white-collar criminals invest their illegal income rather than spend it.
D) most white-collar criminals are older and not technologically proficient.
Answer: A
11
9) Identify the opportunity below that could enable an employee to commit fraud.
A) An employee's spouse loses her job.
B) The company does not have a clear policies and procedures for the employee to follow.
C) The employee is experiencing financial hardship.
D) An employee is upset that he was passed over for a promotion.
Answer: B
10) Which of the following is a financial pressure that could cause an employee to commit
fraud?
A) A feeling of not being valued.
B) Having a grumbling and drug addiction.
C) Having a close association with suppliers and customers.
D) Having an anger management issue.
Answer: B
Concept: The concept of information
11) Which of the following fraudulent acts generally takes most time and effort?
A) Lapping accounts receivable.
B) Selling stolen inventory to get cash.
C) Stealing inventory from the warehouse.
D) Creating false journal entries to overstate revenue.
Answer: A
Concept: Fraud
12) In many cases of fraud, the ________ takes more time and effort than the ________.
A) concealment; theft
B) theft; concealment
C) conversion; theft
D) conversion; concealment
Answer: A
Difficulty: Easy
12
13) Which of the following is the best way to hide theft of assets?
A) Only steal an immaterial amount of assets.
B) Conversion of stolen assets into cash.
C) Stealing cash from customer A and then using customer B's balance to pay customer A's
accounts receivable.
D) Charging the stolen asset to an expense account.
Answer: D
Concept: Fraud
14) Which fraud scheme involves stealing customer receipts and applying subsequent customer
cash payments to cover the theft?
A) kiting
B) laundering
C) lapping
D) bogus expense
Answer: C
Concept: Fraud
Difficulty: Easy
15) One fraudulent scheme covers up a theft by creating cash through the transfer of money
between banks. This is known as
A) lapping.
B) misappropriation of assets.
C) kiting.
D) concealment.
Answer: C
Concept: Fraud
Difficulty: Easy
16) Which of the following is not one of the components of the fraud triangle?
A) Incentive
B) Rationalization
C) Susceptibility
D) Opportunity
Answer: C
Difficulty: Easy
13
17) Which characteristic of the fraud triangle often stems from a lack of internal controls within
an organization?
A) Pressure
B) Opportunity
C) Rationalization
D) Concealment
Answer: B
Difficulty: Easy
18) Which characteristic of the fraud triangle often stems from the belief that "the rules do not
apply to me" within an organization?
A) Pressure
B) Opportunity
C) Rationalization
D) Concealment
Answer: C
Difficulty: Easy
19) Which situation below makes it easy for someone to commit a fraud?
A) Placing excessive trust in key employees.
B) Inadequate staffing within the organization.
C) Unclear company policies.
D) All of the above situations make it easy for someone to commit a fraud.
Answer: D
Difficulty: Easy
20) What is the most prevalent opportunity within most companies to commit fraud?
A) Lack of internal controls designed by management.
B) Failure by management to enforce the internal controls.
C) Weaknesses in the design of internal controls.
D) Management's belief that most employees would not commit fraud.
Answer: B
14
21) This component of the fraud triangle explains the incentive or motivation for someone to
commit fraud.
A) Pressure
B) Rationalization
C) Concealment
D) Opportunity
Answer: A
Difficulty: Easy
22) The most efficient way to conceal asset misappropriation is to

A) understate a stolen inventory item an asset account.
B) charge a stolen inventory item to an expense account.
C) not talk about the theft with anyone in the company.
D) record fictitious payments to vendors.
Answer: B
23) What are some of the distinguishing characteristics of fraud perpetrators?

Answer: Some distinguishing characteristics of fraud perpetrators are: they tend to spend their
illegal income to support their lifestyle; once they begin it becomes harder to stop and they
become bolder as each incident happens; once they start to rely on the ill-gotten gains, they
become more greedy and sometimes careless and overconfident. In the case of computer
criminals, they are often young and have substantial computer knowledge. About two-thirds are
men and likely to be an employee of the firm from which they steal. Many are unhappy or
disgruntled with their employer because they feel unappreciated and underpaid. Most have no
previous criminal record.
15
4 Define computer fraud and discuss the different computer fraud classifications.
1) Which of the following is least likely to result in computer fraud?

A) Releasing data to unauthorized users.
B) Allowing computer users to test software upgrades.
C) Allowing computer operators full access to the computer room.
D) Storing backup tapes in a location where they can be quickly accessed.
Answer: C
Concept: Computer fraud
Difficulty: Easy
2) How does the U.S. Justice Department define computer fraud?

A) As any crime in which a computer is used.
B) As any act in which cash is stolen using a computer.
C) As an illegal act in which a computer is an integral part of the crime.
D) As an illegal act in which knowledge of computer technology is essential.
Answer: D
3) Why is computer fraud often much more difficult to detect than other types of fraud?
A) Because fraud can be committed in only seconds, leaving little-to-no evidence.
B) Because most perpetrators do not spend their illegal income immediately, concealing key
evidence.
C) Because most computer criminals are older and more cunning than perpetrators of other types
of fraud.
D) Because perpetrators usually only steal immaterial amounts of money at a time, requiring a
long period of time to pass before discovery
Answer: A
16
4) Why is computer fraud often more difficult to detect than other types of fraud?
A) Rarely is cash stolen in computer fraud.
B) The fraud may leave little or no evidence it ever happened.
C) Computers provide more opportunities for fraud.
D) Computer fraud perpetrators are just more clever than other types of criminals.
Answer: B
Difficulty: Easy
5) Computer systems are particularly vulnerable to computer fraud because

A) perpetrators can steal, destroy, or alter massive amount of data in very little time, often
leaving little evidence.
B) computer fraud can be much more difficult to detect than other types of fraud.
C) computer programs need to be modified illegally only once for them to operate improperly for
as long as they are in use.
D) all of the above.
Answer: D
Difficulty: Easy
6) Why do many computer fraud cases go unreported and unprosecuted?

A) Many companies believe the adverse publicity would result in copycat fraud and a loss of
customer confidence, which could cost more than the fraud itself.
B) It is difficult to calculate total losses when information is stolen, websites are defaced, and
viruses shut down entire computer systems.
C) Because of lack of funding and skilled staff, law enforcement investigates only 1 in 15
computer crimes.
D) All of the above
Answer: D
Difficulty: Easy
17
7) The fraud that requires the least computer knowledge or skill involves
A) altering or falsifying source data.
B) unauthorized use of computers.
C) tampering with or copying software.
D) forging documents like paychecks.
Answer: A
8) The simplest and most common way to commit a computer fraud is to

A) alter computer input.
B) alter computer output.
C) modify the processing.
D) corrupt the database.
Answer: A
Difficulty: Easy
9) Downloading a master list of customers and selling it to a competitor is an example of

A) data fraud.
B) output theft.
C) download fraud.
D) fraudulent financial reporting.
Answer: A
Difficulty: Easy
18
10) Which of the following is an example of processor fraud?
A) A man used desktop publishing to prepare bills for office supplies that were never ordered or
delivered and mailed them to local companies. The invoices were for less than $300, an amount
that often does not require purchase orders or approvals. A high percentage of the companies
paid the bills.
B) Two accountants without the appropriate access rights hacked into Cisco's stock option
system, transferred over $6.3 million of Cisco stock to their brokerage accounts, and sold the
stock. They used part of the funds to support an extravagant lifestyle, including a $52,000
Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex watch.
C) The office manager of a Wall Street law firm sold information to friends and relatives about
prospective mergers and acquisitions found in Word files. They made several million dollars
trading the securities.
D) A fraud perpetrator scanned a company paycheck, used desktop publishing software to erase
the payee and amount, and printed fictitious paychecks.
Answer: B
11) Which of the following is an example of input fraud?

paid the bills.
B) Two accountants without the appropriate access rights hacked into Cisco’’s stock option
Answer: A
19
12) Which of the following is an example of data fraud?
paid the bills.
Answer: C
13) Which of the following is an example of output fraud?

paid the bills.
Answer: D
20
14) Discuss the reasons for the rapid increase of computer fraud.
Answer: Not everyone agrees on what constitutes computer fraud and some people may commit
computer fraud unwittingly and not be aware of it. Many computer frauds go undetected. The
belief that "it just can't happen to us." Most networks have a low level of security. Many Internet
sites provide guidance on how to commit computer crimes. Law enforcement is unable to keep
up with the number of computer frauds. Most frauds are not reported. The total dollar value of
losses is difficult to calculate.
15) Why do fraudulent acts often go unreported and are therefore not prosecuted?
Answer: Most fraud cases go unreported and are not prosecuted for several reasons. Many cases
of computer fraud are as yet still undetected. As new technology and methods become available
to organizations, prior undetected fraud may be revealed in the future. A second reason is that
companies are reluctant to report computer fraud and illegal acts simply because of bad publicity
—a highly visible case can undermine consumer confidence in an organization such as a
financial institution. Also, the fact that a fraud has occurred may indeed encourage others to
attempt to commit further acts against the organization. It would seem that unreported fraud
creates a false sense of security, as people think systems are more secure than they are in reality.
Another reason for not reporting fraudulent acts is the fact that the court system and law
enforcement is busy with violent crimes and criminals in its system. There is little time left to go
after a crime where no physical harm is present. Also, the court system tends to treat teen
hacking and cracking as "acts of childhood" rather than as serious crimes—this leads to many
plea bargains when a computer fraud is brought to trial. Another reason is that a computer fraud
case is difficult, costly, and time-consuming to investigate and prosecute. Before 1986 no federal
law existed governing computer fraud. Law enforcement officials, lawyers, and judges generally
lack the computer skills necessary to properly evaluate, investigate, and prosecute computer
crimes. Sadly, when all is said and done a successful prosecution and conviction of computer
fraud results in a very light sentence. All of these factors contribute to the under reporting and
lack of prosecution of computer fraud crimes. Not everyone agrees on what constitutes computer
fraud:
• Many networks have a low level of security
• Many Internet pages give instruction on how to carry out computer crimes
• Law enforcement has difficulty keep up with the growing number of computer frauds
• The total dollar value of losses from computer fraud is difficult to estimate.
21
16) Explain the various computer fraud classifications using the data processing model. Provide
an example for each computer fraud classification.
Answer: Computer fraud can be classified into the following categories: data fraud, input fraud,
processor fraud, computer instructions fraud, and output fraud. Illegally using, copying,
browsing, searching, or harming company data constitutes data fraud. The simplest and most
common way to commit a computer fraud is to alter or falsify computer input. Processor fraud
includes unauthorized system use, including the theft of computer time and services. Computer
instructions fraud includes tampering with company software, copying software illegally, using
software in an unauthorized manner, and developing software to carry out an unauthorized
activity. Unless properly safeguarded, displayed or printed output can be stolen, copied, or
misused. Students answer may vary depending on the examples they used.
5 Explain how to prevent and detect computer fraud and abuse.
1) Most frauds are detected by

A) external auditors.
B) hotline tip.
C) internal auditors.
D) forensic accountants.
Answer: B
Concept: Fraud prevention
Difficulty: Easy
2) Which of the following will not reduce the likelihood of an occurrence of fraud?
A) Encryption of data and programs.
B) Use of forensic accountants.
C) Adequate insurance coverage.
D) Required vacations and rotation of duties.
Answer: C
Difficulty: Easy
22
3) The day after Christmas, Jane Olson, Chief Information Officer at American Trading
Corporation (ATC), received some bad news. The hard drive use to store the company's system
data backups was lost while it was being transported to an offsite storage location. Jane called a
meeting of her technical staff to discuss the implications of the loss. Which of the following is
most likely to relieve her concerns over the potential cost of the loss?
A) ATC has a comprehensive disaster recovery plan.
B) The hard drive was encrypted and password protected.
C) The shipper has insurance that will reimburse ATC for the cost of the hard drive.
D) ATC has a copy of the hard drive onsite, so a new copy for storage offsite can easily be
prepared.
Answer: B
Difficulty: Easy
4) ________ is a simple, yet effective, method for catching or preventing many types of
employee fraud.
A) Requiring all employees to take annual vacations
B) Monitoring all employees computer usage activities
C) Requiring all employees to take a fraud prevention awareness course
D) Explaining that fraud is illegal and will be severely punished to employees
Answer: A
Difficulty: Easy
5) What are the actions recommended by the Treadway Commission to reduce the possibility of
fraudulent financial reporting?
Answer: Establish an organizational environment that contributes to the integrity of the financial
reporting process. Identify and understand the factors that lead to fraudulent financial reporting.
Assess the risk of fraudulent financial reporting within the company. Design and implement
internal controls to provide reasonable assurance that the fraudulent financial reporting is
prevented.
23
6) Describe at least four ways a company can make fraud less likely to occur.
Answer: A company can decrease fraud by: good hiring and firing practices; good management
of unhappy employees; training in fraud awareness; manage and track computer licenses;
implement signed confidentiality agreements; maintain visible security; educate the workforce in
ethics and the penalties for illegal acts.
7) Describe four ways companies can reduce losses from fraud.

Answer: Maintain adequate insurance. Keep a current backup copy of all program and data files
in a secure off-site location. Develop a contingency plan for fraud occurrences and other
disasters that might occur. Use special software designed to monitor system activity and help
companies recover from frauds and malicious actions.
Difficulty: Easy
8) A teller at a savings and loan drive-through accepted a cash payment from customer #1 for an
auto loan. The teller appeared to process the payment, but told the customer the printer was
jammed and she can't print a receipt. The customer accepted the excuse and drove away. The
teller pocketed the cash and wrote down customer #1's loan number and payment amount for
future reconciling. A couple of days before customer #1's monthly statement was printed, the
teller recorded a cash payment from customer #2 as if it were made by customer #1. The teller
pocketed the difference between the two payments. The teller continued to steal and misapply
customer payments for the next two years without detection.
Identify the type of fraud scheme described. Describe five controls you would implement to
address the fraud risk, and label each control as preventive or detective.
Answer: The fraud appears to be misappropriation of assets that is being concealed with a
lapping scheme. Controls would include:
1. rotation of duties (primarily detective)
2. mandatory vacations (primarily detective)
3. surveillance with cameras (primarily detective)
4. staggered statement printing schedules, unknown to tellers (detective)
5. sequentially prenumbered, duplicate receipts (detective)
6. segregation of duties between cash handling and recording (preventive)
7. encourage customers to utilize on-line banking for loan payments and to frequently check
balances (detective)
24
9) At the beginning of this chapter, you were presented with a situation regarding Jason Scott.
Jason is an internal auditor for Northwest Industries, a forest products company. On March 31,
he reviewed his completed tax return and noticed that the federal income tax withholding on his
final paycheck was $5 more than the amount indicated on his W-2 form.He used the W-2 amount
to complete his tax return and made a note to ask the payroll department what happened to the
other $5. The next day, Jason was swamped, and he dismissed the $5 difference as immaterial.
On April 16, a coworker grumbled that the company had taken $5 more from his check than he
was given credit for on his W-2. When Jason realized he was not the only one with the $5
discrepancy, he investigated and found that all 1,500 employees had the same $5 discrepancy. He
also discovered that the W-2 of Don Hawkins, the payroll programmer, had
thousands of dollars more in withholdings reported to the Internal Revenue Service (IRS) than
had been withheld from his paycheck.
Identify the type of fraud scheme may have happened as described. Describe controls you would
implement to address the fraud risk, and label each control as preventive or detective.
Answer: The fraud appears to be involved computer fraud. Possible controls would include:
1. rotation of duties (primarily detective)
2. mandatory vacations (primarily detective)
3. surveillance (primarily detective)
4. segregation of duties between cash handling and recording (preventive)
Students' answer would vary depending on the type of fraud scheme they identify.
10) Which of the following is not a way to make fraud less likely to occur?
A) Adopt an organizational structure that minimizes the likelihood of fraud.
B) Create an organizational culture that stresses integrity and commitment to ethical values.
C) Create an audit trail so individual transactions can be traced.
D) Effectively supervise employees.
Answer: C
11) Which of the following is not a way to reduce fraud losses?

A) Conduct periodic external and internal audits.
B) Maintain adequate insurance.
C) Use software to monitor system activity.
D) Store backup copies of program and data files.
Answer: A
25
12) Which of the following is not a way to improve fraud detection?
A) Install fraud detection software.
B) Implement a fraud hotline.
C) Employ a computer security officer.
D) Implement computer-based controls over input, processing, storage, and output activities.
Answer: D
26

Accounting Information Systems 14e Romney Chapter 5

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Accounting Information Systems 14e Romney Chapter 5

Uploaded by

Copyright:

Available Formats

Accounting Information Systems, 14e (Romney/Steinbart)

Chapter 5 Computer Fraud

1 Explain the threats faced by modern information systems.

5) Sabotage is an example of a(n) ________ threat.

7) Terrorists are an example of a(n) ________ threat.

9) Excessive heat is an example of a(n) ________ threat.

2) What characteristics must be presented for an act to be considered fraudulent? Give an

3) Fraud perpetrators are often referred to as

5) SAS No. 99 requires that auditors

10) Describe two kinds of fraud.

15) Misappropriation of assets is a fraudulent act that involves

16) Explain the impact of SAS No. 99 on auditors' responsibilities.

1) Fraud perpetrators do not typically

4) Lapping is best described as the process of

6) Insiders are frequently the ones who commit fraud because

8) Researchers have compared the psychological and demographic characteristics of white-collar

22) The most efficient way to conceal asset misappropriation is to

23) What are some of the distinguishing characteristics of fraud perpetrators?

1) Which of the following is least likely to result in computer fraud?

2) How does the U.S. Justice Department define computer fraud?

5) Computer systems are particularly vulnerable to computer fraud because

6) Why do many computer fraud cases go unreported and unprosecuted?

8) The simplest and most common way to commit a computer fraud is to

9) Downloading a master list of customers and selling it to a competitor is an example of

11) Which of the following is an example of input fraud?

13) Which of the following is an example of output fraud?

5 Explain how to prevent and detect computer fraud and abuse.

1) Most frauds are detected by

7) Describe four ways companies can reduce losses from fraud.

11) Which of the following is not a way to reduce fraud losses?

You might also like