11e-chp5-im (1)
TRANSCRIPT
-
7/23/2019 11e-Chp5-IM (1)
1/34
CHAPTER 5
COMPUTER FRAUD AND ABUSE
Instructors Manual
Learning O!ecti"es:
1. Define fraud and describe the process one follows to perpetuate a
fraud.
2. Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities and rationalizations that are present in
most frauds.
3. Define computer fraud and discuss the different computer fraud
classifications.
4. Compare and contrast the approaches and techniues that are used
to commit computer fraud.
#uestions to e a$$resse$ in t%is c%a&ter'
!ho perpetrates fraud and why"
!hat is computer fraud, and what forms does it ta#e"
!hat approaches and techniues are used to commit computer fraud"
!hat is fraud, and how are frauds perpetrated"
(ason antici&ate$ t%e )ollo*ing +uestions t%at ,anage,ent *as going toas-'
1. !hat constitutes a fraud, and is the withholding problem a fraud"
2. $f this is indeed a fraud, how was it perpetrated" !hat moti%ated
Don to commit it"
3. !hy did the company not catch these mista#es earlier"
4. !as there a brea#down in controls"
&. !hat can the company do to detect and pre%ent fraud"
'. (ust how %ulnerable are computer systems to fraud"
)ur society has become increasingly dependent on accounting information
systems.
*s system comple+ity and our dependence on systems increase, companies
face the growing ris# of their systems being compromised.
Page . o) /0
Intro$uction
-
7/23/2019 11e-Chp5-IM (1)
2/34
* recent sur%ey disclosed that
'- of companies had a security breach
)%er 4&- were targeted by organized crime
'- reported financial losses.
/he )our t1&es o) t%reatsa company faces are e+plained in Tale 52.onPage .0/
Four T1&es O) S1ste,s T%reats'
.3 Natural an$ &olitical $isasters
43 So)t*are errors an$ e+ui&,ent ,al)unctions
/3 Unintentional acts
03 Intentional acts co,&uter cri,es6
.3 Natural an$ &olitical $isasters
0ires, e+cessi%e heat, floods, earthua#es, high winds, war
and attac#s by terrorists
!orld /rade Center in ew or# City
0lood in Chicago
ea%y ains 5ississippi and 5issouri i%ers
6arthua#es in 7os *ngeles and 8an 0rancisco
*ttac#s on 9o%ernment $nformation 8ystems by 0oreign
Countries, 6spionage *gents and /errorists
43 So)t*are Errors An$ E+ui&,ent Mal)unctions
7osses due to software bugs at almost ' billion a year.
5ore than '- of the companies studied had significant
software errors in the pre%ious year. 0or e+ample,
;ugs in new ta+ accounting system were to blame for
California
-
7/23/2019 11e-Chp5-IM (1)
3/34
* software bug in ;urger =ing- of security problems.
0orrester esearch estimates that employees unintentionally
create legal, regulatory or financial ris#s in 2&- of their
outbound e?mails.
@rogrammers ma#e logic errors. 6+amples include the
following::
$n (apan, a data entry cler# at 5izuho 8ecurities
mista#enly #eyed in a sale for '1, shares of (?Com
for 1 yen instead of the sale of 1 share for '1,
yen. /he error cost the company 2& million.
* ban# programmer mista#enly calculated interest for
each month using 31 days. esulted in o%er 1, in
e+cess interest paid.
*n error in a 0annie 5ae spreadsheet resulted in a
1.2 billion misstatement of its earnings.
A@8 lost a cardboard bo+ with computer tapes
containing information, such as names, 8ocial 8ecurity
numbers, account numbers and payment histories on 3.B
million Citigroup customers.
/reasury Department mista#e in interest rate >.'-that should ha%e been '.>-. /his was caught before
the chec#s were sent out could ha%e resulted in
o%erpayments of o%er 14 million.
Note to Instructor' T%e )ollo*ing e7a,&le is not in t%e ..t%
e$ition o) t%is oo-3 Ho*e"er8 it *as in t%e .9t%e$ition o)t%e oo-3
* data entry cler# at 9iant 0ood mista#e in uarterly
di%idend 2.& should be .2&. esulted in 1
million in e+cess di%idends
03 Intentional Acts Co,&uter Cri,es6
/he most freuent type of computer crime is )rau$. /his iswhere the intent is to steal something of %alue.
/he threat can also be in the form of saotage, in which theintent is to destroy or harm a system or some of its
components.
Page / o) /0
-
7/23/2019 11e-Chp5-IM (1)
4/34
$nformation systems are increasingly %ulnerable to attac#.
$n a recent three?year period, the number of networ#s that
were compromised rose -
6+ample of Securit1 Breac%es, consider the case of)pen/able, a restaurant reser%ation ser%ice that did not
design its coo-ieproperly.
* Coo-ieis data that !eb sites store on yourcomputer. /he coo#ie identifies the !eb sites to your
computer and identifies you to the !eb site so you do
not ha%e to log on each time you %isit the site.
*t )pen/able, the customer number stored in the
coo#ie was %ery easy to change.
*n e+perienced programmer opened an account at
)pen/able and, in less than an hour, wrote a
program that cycled through all the customer
numbers and downloaded most of the company
-
7/23/2019 11e-Chp5-IM (1)
5/34
&. *n inury or loss suffered by the %ictim
Atte,&ts To Esti,ate T%e Staggering Losses Fro, Frau$'
/he *ssociation of Certi)ie$ Frau$ E7a,inersestimates totalfraud losses in the Anited 8tates to be about ;>'
Frau$ta#es t*o )or,s
Misa&&ro&riationof *ssets and
Frau$ulent0inancial eporting
Misa&&ro&riation o) Assets
Misa&&ro&riation o) Assetsoften referred to as E,&lo1eeFrau$
8ome e+amples include:
*lbert 5iano, a,anagerat eader
-
7/23/2019 11e-Chp5-IM (1)
6/34
Note to Instructor' T%e )ollo*ing e7a,&le isnot in t%e ..t%e$ition o) t%is oo-3 Ho*e"er8it *as in t%e .9t%e$ition o) t%e oo-3
$t was disco%ered that the,anagerstillhad an acti"e accountand&ass*or$as thefirm where he was fired
8o, the manager was able to
regularly browse the old newspaper
company
-
7/23/2019 11e-Chp5-IM (1)
7/34
usually on an e+tra%agant lifestyle. arely do
they sa%e or in%est the money they ta#e. 8ome of
these high cost lu+urious items include, big
homes, fancy cars, gambling or ust a big
spender type person
5any perpetrators that become greedy, not only
start ta#ing greater amounts of monies, but also
ta#e the monies more often.
*s pre%iously mentioned, perpetrators at some
point start getting bra%er and grow careless or
o%erconfident. /his is the point where they can
also ma#e a mista#e and get caught.
/he fraud perpetrator cannot get away with
stealing cash or property fore%er. *t some
point, although it may ta#e some time, they are
going to get caught.
/he most significant contributing factors inmost employee frauds is the absence of internal
controls or failure to enforce e+isting internal
controls.
*fter all, if a person that is already
dishonest in hisJher nature if they find
out the management is not concerned about
internal controls
this ma#es it %ery easy for them to
become a fraud perpetrator and start
stealing cash or property
Frau$ulent Financial Re&orting
/he Trea$*a1 Co,,issiondefined )rau$ulent )inancialre&ortingas intentional or rec#less conduct, whether by actor omission, that results in materially misleading financial
statements
/he /readway Commission studied 4& lawsuits against
auditors and found undetected fraud to be a factor in
half of them.
8ome prime e+amples are 6nron, !orldCom, /yco,
*delphia, ealth8outh, 9lobal Crossing and Kero+.
6+ecuti%es coo# the boo#s, as they say, by fictitiously
inflating re%enues, recognizing re%enues before they are
earned, closing the boo#s early Edelaying current period
e+penses to a later periodF, o%erstating in%entories or
fi+ed assets, and concealing losses and liabilities.
/he /readway Commission recommended )our actionsto reducethe possibility of fraudulent financial reporting:
Page = o) /0
-
7/23/2019 11e-Chp5-IM (1)
8/34
1. 6stablish an organizational en%ironment that
contributes to the integrity of the financial
reporting process.
2. $dentify and understand the factors that lead to
fraudulent financial reporting
3. *ssess the ris# of fraudulent financial reporting
within the company
4. Design and implement internal controls to pro%ide
reasonable assurance that fraudulent financial
reporting is pre%ented.
* study by the *ssociation of Certified 0raud 6+aminers found that
misappropriation of assets by employees is more than 1 times more
li#ely than fraudulent financial reporting.
SAS No3 >>' T%e Au$itors Res&onsiilit1 to Detect Frau$
SAS No3 >> re+uires au$itors to:
Anderstand fraud
Discuss the ris#s of material fraudulent misstatements
)btain information
$dentify, assess and respond to ris#s
6%aluate the results of their audit tests
Document and communicate findings
$ncorporate a technology focus
Multi&le C%oice 4
/he *ssociation of Certified 0raud 6+aminers estimates total fraud
losses in the Anited 8tates to be o%er
a. 3& billion a year
b. '' billion a year
c. 1 billion a year
d. > billion a year
Multi&le C%oice /
!hich of the following statements is false"
a. 0or an act to be fraudulent there must be a false
statement, representation, or disclosure.
b. 0raud perpetrators are often referred to as management
fraud.
c. 5isappropriation of assets is often referred to as
employee fraud.
d. 8*8 o. >2 was adopted in 1BB.
Page o) /0
-
7/23/2019 11e-Chp5-IM (1)
9/34
@%o Per&etrates Frau$ an$ @%1 It Occurs
@erpetrators of computer fraud tend to be younger and possess more
computer #nowledge, e+perience, and s#ills
8ome hac#ers and computer fraud perpetrators are more moti%ated by
curiosity, a uest for #nowledge, the desire to learn how things
wor#, and the challenge of Gbeating the system.H
5ost ha%e no pre%ious criminal record
esearch shows that three conditions are necessary for fraud to
occur: a&ressure, an o&&ortunit1, and a rationaliation. /his isreferred to as the fraud triangle and is shown as the middle
triangle in Figure 52.on Page .0.
Pressures
* pressure is a person. Tale 52/on Page .59pro%ides the pressures that can lead tofinancial statement fraud.
O&&ortunities
*s shown in the opportunity triangle in Figure 52.on Page .0,o&&ortunit1is the condition or situation that allows a person ororganization to do three things:
.3 Co,,it t%e )rau$
5ost fraudulent financial reporting consists of the
o%erstatement of assets or re%enues or the understatement of
liabilities, or the failure to disclose information.
43 Conceal t%e )rau$
* common and effecti%e way to hide a theft is to charge the
stolen item to an e+pense account. 0or e+ample, charge
supplies to an e+pense account when they are initially
purchased before they are used. /his allows the perpetrator
the opportunity to use some of the supplies for personal
benefit at the e+pense of the company. /hese unused supplies
Page > o) /0
Learning O!ecti"e T*o
Discuss *%o &er&etrates )rau$ an$ *%1 it occurs8inclu$ing t%e &ressures8 o&&ortunities an$rationaliations t%at are &resent in ,ost )rau$s
-
7/23/2019 11e-Chp5-IM (1)
10/34
should ha%e been recorded as an asset called 8upplies until
they are used.
*nother way to hide a decrease in assets is by la&&ing. $n ala&&ing scheme, the perpetrator steals the cash or chec#that customer * mails in to pay its accounts recei%able.
0unds recei%ed at a later date from customer ; are used to
pay off customer *
-
7/23/2019 11e-Chp5-IM (1)
11/34
BAN A BAN B PERPETRATOR BAN C
:. .. .8999 c%ec- .8999 Bal3 2.8999 .. Bal3 .8999 NSF $ue on ./ :4 .4 @D 2.8999 .4 .8999
Bal3 292 No NSF Due
./ .8999 :/ ./ .8999 c%ec- Bal3 292 Bal32.8999 No NSF Due NSF Due .5 :0 .5 .8999 c%ec- .8999 Bal3 2.8999 Bal3 292 NSF Due .= No NSF Due De&osit .8999.
Note :.' At t%is &oint t%e &er&etrator ,a1 *ant to $e&osit t%e ;.8999 %e %as %a$ )or 5 $a1s .4t%roug% .
-
7/23/2019 11e-Chp5-IM (1)
12/34
T%is &age is le)t lan- intentionall1J
Page .4 o) /0
-
7/23/2019 11e-Chp5-IM (1)
13/34
Rationaliations
ationalization allows perpetrators to ustify their illegal
beha%ior.
A list o) so,e o) t%e rationaliations &eo&le use'
$ am only GborrowingH the money Eor assetF and will
repay my Gloan.H
ou would understand if you #now how badly $ needed it
!hat $ did was not that serious
$t was for a good cause Ethe obin ood syndrome,
robbing from the rich to gi%e to the poorF.
$ occupy a %ery important position of trust. $ am
abo%e the rules.
6%eryone else is doing it, so it is not that wrong.
o one will e%er #now
/he company owes it to me, and $ am ta#ing no more
than is rightfully mine
Multi&le C%oice 0
/he three conditions that are present when fraud occurs includes:
a. *ttitude
b. )pportunity
c. 7ac# of controld. 0inancial
Multi&le C%oice 5
/he pressures that can lead to employee fraud include
a. 0ear of losing ob
b. 7ac# of control
c. @oor performance ratings
d. 0amilyJpeer pressure
e. * and D
Multi&le C%oice ,.
/hree?fourths of the fraud offenses are committed by college?educated
white males. /he data indicate that about &> percent of the reported
fraud and abuse cases were committed by nonmanagerial employees, 3
percent by managers, and 12 percent by ownerJe+ecuti%es. 5edian losses
caused by e+ecuti%es were 1' times those of their employees. /he %ictims
in this report are organizations. /he most costly abuses occurred in
firms with less than 1 employees. Common %iolations include asset
Page 4 o) /0
-
7/23/2019 11e-Chp5-IM (1)
29/34
misappropriation, corruption, false financial statements, false
o%ertime, petty theft and pilferage, use of company property for
personal benefit, and payroll and sic# time abuses.
/he *ssociation of C06
-
7/23/2019 11e-Chp5-IM (1)
30/34
the super%isory pri%ileges to ma#e networ# additions, changes, and
deletions. $n the wa#e of the damage caused by the logic bomb, )mega has
installed state?of?the?art internal controls, and the firm will no
longer put all it eggs in one bas#et. $t is ma#ing sure that duplicates
of all data?base information, software code, and files are stored off?
site.
Q*dapted from =im 9irard, G6+?6mployee abbed in 15 ac# *ttac#,H
Computerworld, 0ebruary 2>, 1BB> p. '.
Note to t%e Instructor' T%e )ollo*ing is ta-en )ro, t%e Certi)ie$ Frau$E7a,iners Manual t%at inclu$es a$$itional in)or,ation regar$ing )rau$sc%e,es t%at ,a1 e inclu$e$ )or t%e stu$ents3
65@7)66 0*AD 8C6568
Cash
Cash is the focal point of most accounting entries. Cash, both on
deposit in ban#s and petty cash, can be misappropriated through manydifferent schemes. /hese schemes can be either on?boo# or off?boo#,
depending on where they occur. 9enerally, cash schemes are smaller than
other internal fraud schemes because companies ha%e a tendency to ha%e
comprehensi%e internal controls o%er cash and those internal controls
are adhered to. Cash fraud schemes follow general basic patters,
including s#imming, %oidsJunderrings, swapping chec#s for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
ournal entries and #iting.
8#imming
8#imming in%ol%es remo%ing cash from the entity before the cash is
recorded in the accounting system. /his is an off?boo# scheme receiptof the cash is ne%er reported to the entity. * related type of scheme is
to ring up a sale for less than the actual sale amount. E/he difference
between the actual sale and the amount on the cash register tape can
then be di%erted.F /his is of particular concern in retail operations
Efor e+ample, fast food restaurantsF where much of the daily sales are
in cash, and not by chec# or credit card.
6K*5@76
Accor$ing to an in"estigation8 )are re"enues on t%e C%icagoTransit Aut%orit1s CTA6 rail s1ste, allege$l1 *ere
,isa&&ro&riate$ 1 agenc1 e,&lo1ees3 T%e statistics in$icate t%att%e t%e)ts are not con)ine$ to t%e one station t%at originall1 *as
sus&ecte$ an$ t%at t%e )are2s-i,,ing 1 transit *or-ers ,ig%t %a"eeen re$uce$ 1 ne*s o) t%e in"estigation3 IN t%e )our $a1s a)terre&orts o) s-i,,ing sur)ace$8 aout ;=>48999 *as turne$ in 1station agents s1ste, *i$e3 In a si,ilar Mon$a1 t%roug% Fri$a1
&erio$ onl1 ;=4/8999 *as turne$ in 1 station agents3
CTA o))icials esti,ate$ t%at a &lanne$ installation o) a ;/,illion auto,ate$ )are2collection s1ste, *oul$ eli,inate ;
-
7/23/2019 11e-Chp5-IM (1)
31/34
t%e)t3 At least .9 *or-ers %a"e een in"estigate$8 inclu$ing ninetic-et agents an$ one su&er"isor or cler-3 Earl1 re&orts in$icate$t%at agents &oc-ete$ ,one1 a)ter recor$ing trans)er or ,ont%l1
&asses as cas%2&a1ing custo,ers &asse$ t%roug% turnstiles3
LoidsJAnder?ings
/here are three basic %oidsJunder?ring schemes. /he first is to record a
saleJcash receipt and then %oid the same sale, thereby remo%ing the cash
from the register. /he second, and more common %ariation, is to purchase
merchandise at unauthorized discounts. /he third scheme, which is a
%ariation of the unauthorized discount, is to sell merchandise to a
friend or co?conspirator using the employee
-
7/23/2019 11e-Chp5-IM (1)
32/34
Au$itors $etecte$ t%e $ela1e$ transactions $uring an unannounce$cas% count3 On t%e $a1 o) t%e count8 t%e )un$ custo$ian %a$ onl1 a)e* %un$re$ $ollars in %is an- account con)ir,e$ 1 tele&%oneu&on recei&ts o) custo$ians aut%oriation63 @%en all 4/ &ersonalc%ec-s *ere $e&osite$ in t%e $istricts account8 se"eral *erereturne$ as NSF3 A)ter &a1$a18 all NSF c%ec-s suse+uentl1 cleare$t%e an-3 T%e custo$ians e,&lo1,ent *it% t%e $istrict *aster,inate$3
Alteration o) cas% Recei&ts $ocu,entation
* lac# of segregation of duties can create an opportunity for an
employee to misappropriate company funds. 0or e+ample, if the same
person is responsible for both collecting and depositing the cash
receipts, then this person has the opportunity to remo%e funds from the
business for his own personal use and conceal such theft through the
deposits. /his is often the case in smaller organizations where there
are few personnel to di%ide the daily operations. * %ariation of this
scheme is to mutilate or destroy the cash receipts documentation so that
any attempt to reconcile the cash deposited with the cash receipts is
thwarted.
EAMPLE
An electe$ count1 treasurer allege$l1 stole ;
-
7/23/2019 11e-Chp5-IM (1)
33/34
uni"ersit13 T%e ,one1 *as allege$l1 ta-en )ro, t%e TuitionAssistance Progra,8 o&erate$ 1 t%e Ne* Kor- State Hig%erE$ucation Ser"ices Cor&oration to &ro"i$e e7&enses ,one1 to nee$1stu$ents3 Ho*e"er8 NKU o))icials assert t%at t%e )un$s ca,e )ro, aUni"ersit1 account8 not )ro, State ,one13
Mal)ricis !o *as to assure t%at stu$ents entitle$ to )un$s )ro,t%e Cor&oration recei"e$ t%eir c%ec-s3 Accor$ing to t%e U3S3
Attorne18 s%e arrange$ )or c%ec-s to e ,a$e out to %un$re$s o)legiti,ate NKU stu$ents *%o *ere not entitle$ to recei"e an1)un$s3 T%ese stu$ents *ere -e&t una*are o) t%is ecause t%e c%ec-s
*ere $e&osite$ into an- accounts in Man%attan an$ Ne* (erse1 t%atallege$l1 *ere controlle$ 1 t%e Mal)ricis3 T%ese c%ec-s *ere ,a$eo"er to Eliaet% Pa&&a e)ore eing $e&osite$ into accounts int%at na,e3 So,e ot%er c%ec-s *ere ,a$e &a1ale $irectl1 to Pa&&a3T%e FBI *as unale to locate Eliaet% Pa&&a an$ elie"es t%atsuc% a &erson ne"er e7iste$3 Re&orte$l1 t%e Mal)ricis s&en$;=58999 o) t%e )un$s in +uestion on e7&ensi"e !e*elr1 an$ ;58999
o) t%e ,one1 on Flori$a real estate3
=iting
=iting is the process whereby cash is recorded in more than one ban#
account, but in reality, the cash is either none+istent or is in
transit. =iting schemes can be perpetrated using one ban# and more than
one account or between se%eral ban#s and se%eral different accounts.
*lthough ban#s generally ha%e a daily repot that indicates potential
#iting schemes, e+perience has shown that they are somewhat hesitant to
report the scheme until the balance in their customers< accounts is
zero.
/here is one important element to chec# #iting schemes: all #iting
schemes reuire ban#s to pay on unfunded deposits. /his is not to say
that all payments on unfunded deposits are #iting schemes, but rather,
that all #iting schemes reuire payments be made on unfunded deposits.
$n other words, if a ban# allows its customers to withdraw funds on
deposits that the ban# has not yet collected the cash, then #iting
schemes are possible. $n today
-
7/23/2019 11e-Chp5-IM (1)
34/34
Cut o)) )ro, S1l"ias su&&l1 o) cas%8 ran$ones account *it% t%eBan- o) Boston *as le)t o"er$ra*n 1 ;>9=89993 ran$one *asor$ere$ to ,a-e restitution to t%e Ban- o) Boston3