St.

Louis College VALENZUELA

Maysan, Valenzuela City

COLLEGE DEPARTMENT

CSBU- Business Software Application

Weekly Module Number #5

Computer Fraud

Intended Learning Outcomes

At the end of this module, you should be able to:

• Explain the threats faced by modern information systems.

• Define fraud and describe both the different types of fraud and the process one follows to
perpetuate a fraud.

• Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and
rationalizations that are present in most frauds.

• Define computer fraud and discuss the different computer fraud classifications.

• Explain how to prevent and detect computer fraud and abuse.

Threats to AIS

• Natural and Political disasters

Destruction due to Natural Disasters and Politics One of the threats faced by companies is
due to natural and political disasters, such as fires, excessive heat, floods, earthquakes, wind storms,
and war. Disasters that cannot be predicted can completely destroy the information system and
cause a downfall of a company. When a disaster occurs, many companies are affected at the same
time.

• Software errors and equipment malfunctions

Error in software and malfunction of equipment. The second threat to the company is
software errors and equipment malfunctions, such as hardware failures, errors or software
malfunctions, operating system failures, electrical interference and fluctuations, and undetected
data transmission errors.

• Unintentional acts

Accidental actions A third threat to companies is unintentional actions, such as errors or

deletions due to ignorance or accident. This usually happens due to human error, failure to follow
established procedures, and personnel who are not supervised or trained properly. Users often lose
or misplace data, and accidentally delete or change files, data and programs. Computer operators
 and users can enter incorrect or unreliable input, use the wrong version of the program, use the
wrong data file, or put the file in the wrong place. Analysts and system programmers make mistakes
in the logic of the system, develop systems that do not meet the needs of the company, or develop
systems that are unable to handle the tasks assigned.

• Intentional acts

Accidental Actions (computer crime) The fourth threat facing the company is intentional
action, which is usually referred to as computer crime. This threat is in the form of sabotage, the
purpose of which is to destroy the system or some of its components. Computer fraud is another
type of computer crime, with the aim of stealing valuable objects such as money, data, or computer
time / services. This fraud can also involve theft, namely theft or improper use of assets by
employees, accompanied by falsification of records to hide theft.

Fraud

• Any means a person uses to gain an unfair advantage over another person; includes:

▫ A false statement, representation, or disclosure

▫ A material fact, which induces a victim to act

▫ An intent to deceive

▫ Victim relied on the misrepresentation

▫ Injury or loss was suffered by the victim

Fraud is white collar crime

Two Categories of Fraud

• Misappropriation of assets

▫ Theft of company assets which can include physical assets (e.g., cash, inventory) and
digital assets (e.g., intellectual property such as protected trade secrets, customer data)

• Fraudulent financial reporting

▫ “cooking the books” (e.g.,booking fictitious revenue, overstating assets, etc.)

Conditions for Fraud

These three conditions must be present for fraud to occur:

• Pressure

▫ Employee

 Financial
  Lifestyle

 Emotional

▫ Financial Statement

 Financial

 Management

 Industry conditions

• Opportunity to:

▫ Commit

▫ Conceal

▫ Convert to personal gain

• Rationalize

▫ Justify behavior

▫ Attitude that rules don’t apply

▫ Lack personal integrity

Computer Fraud

• If a computer is used to commit fraud it is called computer fraud.

• Computer fraud is classified as:

▫ Input

▫ Processor

▫ Computer instruction

▫ Data

Preventing and Detecting Fraud

1. Make Fraud Less Likely to Occur

Organizational

• Create a culture of integrity

• Adopt structure that minimizes fraud, create governance (e.g., Board of Directors)
 • Assign authority for business objectives and hold them accountable for achieving those
objectives, effective supervision and monitoring of employees

• Communicate policies

Systems

• Develop security policies to guide and design specific control procedures

• Implement change management controls and project development acquisition controls

2. Make It Difficulty to Commit

Organizational

• Develop strong internal controls

• Segregate accounting functions

• Use properly designed forms

• Require independent checks and reconciliations of data

Systems

• Restrict access

• System authentication

• Implement computer controls over input, processing, storage and output of data

• Use encryption

• Fix software bugs and update systems regularly

• Destroy hard drives when disposing of computers

3. Improve Detection

Organizational

• Assess fraud risk

• External and internal audits

• Fraud hotline

Systems

• Audit trail of transactions through the system

 • Install fraud detection software

• Monitor system activities (user and error logs, intrusion detection)

4. Reduce Fraud Losses

Organizational

• Insurance

• Business continuity and disaster recovery plan

Systems

• Store backup copies of program and data files in secure, off-site location

• Monitor system activity

Key Terms

• Sabotage

• Cookie

• Fraud

• White-collar criminals

• Corruption

• Investment fraud

• Misappropriation of assets

• Fraudulent financial reporting

• Pressure

• Opportunity

• rationalization

• Lapping

• Check kiting

• Computer fraud

References:

Pearson education Inc., Copyright 2015