You are on page 1of 13

Computer Fraud

Chapter 5

Copyright 2015 Pearson Education, Inc.

5-1

Learning Objectives
Explain the threats faced by modern information systems.
Define fraud and describe both the different types of fraud and the process
one follows to perpetuate a fraud.
Discuss who perpetrates fraud and why it occurs, including the pressures,
opportunities, and rationalizations that are present in most frauds.
Define computer fraud and discuss the different computer fraud
classifications.
Explain how to prevent and detect computer fraud and abuse.

Copyright 2015 Pearson Education, Inc.

5-2

Threats to AIS
Natural and Political disasters
Software errors and equipment malfunctions
Unintentional acts
Intentional acts
Copyright 2015 Pearson Education, Inc.

5-3

Fraud
Any means a person uses to gain an unfair
advantage over another person; includes:

A false statement, representation, or disclosure


A material fact, which induces a victim to act
An intent to deceive
Victim relied on the misrepresentation
Injury or loss was suffered by the victim

Fraud is white collar crime


Copyright 2015 Pearson Education, Inc.

5-4

Two Categories of Fraud


Misappropriation of assets
Theft of company assets which can include
physical assets (e.g., cash, inventory) and digital
assets (e.g., intellectual property such as protected
trade secrets, customer data)

Fraudulent financial reporting


cooking the books (e.g.,booking fictitious
revenue, overstating assets, etc.)

Copyright 2015 Pearson Education, Inc.

5-5

Conditions for Fraud


These three conditions must be
present for fraud to occur:
Pressure
Employee
Financial
Lifestyle
Emotional

Financial Statement
Financial
Management
Industry conditions
Copyright 2015 Pearson Education, Inc.

Opportunity to:
Commit
Conceal
Convert to personal gain

Rationalize
Justify behavior
Attitude that rules dont apply
Lack personal integrity
5-6

Fraud Triangle

Copyright 2015 Pearson Education, Inc.

5-7

Computer Fraud
If a computer is used to commit fraud it is called
computer fraud.
Computer fraud is classified as:

Input
Processor
Computer instruction
Data
Output

Copyright 2015 Pearson Education, Inc.

5-8

Preventing and Detecting Fraud


1. Make Fraud Less Likely to Occur
Organizational

Create a culture of integrity


Adopt structure that
minimizes fraud, create
governance (e.g., Board of
Directors)
Assign authority for business
objectives and hold them
accountable for achieving
those objectives, effective
supervision and monitoring of
employees
Communicate policies
Copyright 2015 Pearson Education, Inc.

Systems

Develop security policies to


guide and design specific
control procedures
Implement change
management controls and
project development
acquisition controls
5-9

Preventing and Detecting Fraud


2. Make It Difficulty to Commit
Organizational

Develop strong internal


controls
Segregate accounting
functions
Use properly designed forms
Require independent checks
and reconciliations of data

Copyright 2015 Pearson Education, Inc.

Systems

Restrict access
System authentication
Implement computer controls
over input, processing, storage
and output of data
Use encryption
Fix software bugs and update
systems regularly
Destroy hard drives when
disposing of computers
5-10

Preventing and Detecting Fraud


3. Improve Detection
Organizational

Systems

Assess fraud risk


External and internal audits
Fraud hotline
Audit trail of transactions
through the system
Install fraud detection
software
Monitor system activities (user
and error logs, intrusion
detection)
Copyright 2015 Pearson Education, Inc.

5-11

Preventing and Detecting Fraud


4. Reduce Fraud Losses
Organizational

Systems

Insurance
Business continuity and
disaster recovery plan

Copyright 2015 Pearson Education, Inc.

Store backup copies of


program and data files in
secure, off-site location
Monitor system activity

5-12

Key Terms

Sabotage
Cookie
Fraud
White-collar criminals
Corruption
Investment fraud
Misappropriation of assets
Fraudulent financial reporting

Copyright 2015 Pearson Education, Inc.

Pressure
Opportunity
rationalization
Lapping
Check kiting
Computer fraud

5-13