Question 1

Social engineering is the technique, skill, or psychological trick used in order to persuade and
make people do as the perpetrator's wishes. Social engineering is the process by which sociological
principles are applied to specific social problems and it is a kind of an exploitation of social
relationships or behaviours to achieve a desired result. In simplicity, we can define social engineering
as the manipulation of people for the purpose of gaining something from them, whether it is a
physical-logical access to a building, computer, server, or even network to covet the confidential
data someone possesses. 

Social engineers use a number of psychological tricks to make people feel like they should do
what they ask. There are several tricks used in this particular manipulation process, such as;

-  the sender of the e-mail claimed to be in a position of authority. 

- the sender tried to trigger an emotional response and sympathy

-  the sender inspired a sense of urgency

These concepts of social engineering and how manipulators try to deceive and persuade us
to do how they want us to do definitely have some relations with the accounting field in a way that
people try to act as a fake client to public accountants. Some social engineering schemes attempt to
achieve the goal of false legitimacy by first making ordinary or seemingly harmless requests of CPAs,
followed by requests to obtain Personally Identifiable Information or access to client funds. Recent
schemes targeted at CPAs in the AICPA Professional Liability Insurance Program have included
requests to establish bill pay services with existing software providers.

This means that in social engineering is also inevitable in accounting fields, it is not limited to
an ordinary and uneducated person but also to a highly intelligent accountant. from the above
example, we can see that social engineers may try to deceive accountants by pretending to be a
client and asking for information about funds and others.

As an accountant, we can minimize these social engineering threats by;

-  never shares accountant's user ID and passwords to anyone else, including your own partner

- never share private and confidential information over the phone or through e-mail

- always feel cautious and prepared whenever any strangers who you do not know ask for an access
for certain information

- give training to employees regularly regarding to cyber-crimes and social engineering threats

- do a security review regularly to the systems

Question 2

Fraud is the intentional activity to gain personal benefit or unfair advantage directly or
indirectly illegally, against organization or entity policy or over another person. It is ultimately
different from error and corruption. The case above stated that Tarigan has not been faithfully
honest with his partner regarding the floral shop's financial operation, despite that he has agreed on
a term with Wijaya to be a 25% partner if Wijaya invested some funds. This is an example of fraud
because there is a false and dishonest statement, representation and disclosure, an intent to
deceive, and a loss suffered by the victim. As the information stated above does not stated clearly
about any specific fraud types, there are 3 possibilities;

- corruption; a dishonest conduct by those in power that involves actions that are illegitimate,
immoral or incompatible with ethical standards. Here, it is shown by Tarigan, the owner, who uses
its power to falsify the financial operation data and provide disinformation to his partner. This is
definitely an unethical manner. As an accountant, we should be able to identify the fraud in the very
first place by exercising a relevant and faithfully representing audited financial statements.

- investment fraud; misrepresenting or leaving out facts in order to promise fantastic profits with
minimum risk investments. This is also a possibility in this case if Tarigan did use its financial
misinterpreted data to persuade Wijaya on entering the partnership scheme. As an accountant, we
should be able to advise our client and prevent them to enter a partnership scheme that is not
reliable by assessing its financial statements reliability first thing first.

- fraudulent financial reporting: intentional or reckless conduct whether by act or omission that
results in materially misleading financial statements. This is a possibility if the dishonesty aspect of
financial operation results from a manipulation of financial reporting. This is a job for auditors to
identify and understand the factors that can lead to fraudulence in financial reporting, thus, fraud
can be detected as early as possible and legal actions can take place.

As an external financial reviewer hired by Wijaya, here are some opinions and suggestions
that may help on dealing with this case;
- Wijaya should develop and implement a fraud risk assessment program that evaluate both the
likelihood and the magnitude of fraudulent activities and assesses the processes and control that can
deter and detect potential fraud

- Wijaya should create an audit trail so individual transactions can be traced through system to the
financial statements and vice versa, this is to prevent a false financial operation statement