ais09computer fraud

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

9-1

Accounting Information Systems9th Edition

Marshall B. Romney

Paul John Steinbart


9-2

Computer Fraud

Chapter 9


9-3

Learning Objectives

1. Describe fraud and describe the process one follows to perpetuate a fraud.

2. Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.

3. Compare and contrast the approaches and techniques that are used to commit computer fraud.

4. Describe how to deter and detect computer fraud.


9-4

Introduction

Jason Scott finished his tax return. Everything was in order except his

withholding amount. For some reason, the federal income

tax withholdings on his final paycheck was $5 higher than on his W-2 form.

What did he discover?


9-5

Introduction

Most of the 1,500 company employees had a $5 discrepancy between their reported withholdings and the actual amount withheld.

The W-2 of Don Hawkins, one of the programmers in charge of the payroll system, showed that thousands of dollars more in withholding had been reported to the IRS than had been withheld from his paycheck.


9-6

Introduction

What constitutes a fraud, and is the withholding problem a fraud?

If this is indeed a fraud, how was it perpetrated?


9-7

Introduction

Why did the company not catch these mistakes earlier?

Was there a breakdown in controls? What can the company do to detect

and prevent fraud? Just how vulnerable are computer

systems to fraud?


9-8

Introduction This chapter describes the fraud

process. It also explores the reasons that fraud

occurs. The chapter also describes the

approaches to computer fraud and the specific techniques used to commit it.

Finally, several methods to deter and detect fraud are analyzed.


9-9

Learning Objective 1

Understand what fraud is and the process one follows to perpetuate a fraud.


9-10

The Fraud Process

Most frauds involve three steps.

The theft ofsomething

The conversionto cash

Theconcealment


9-11

The Fraud Process

What is a common way to hide a theft?– to charge the stolen item to an

expense account What is a payroll example?

– to add a fictitious name to the company’s payroll


9-12

The Fraud Process

What is lapping? In a lapping scheme, the perpetrator

steals cash received from customer A to pay its accounts receivable.

Funds received at a later date from customer B are used to pay off customer A’s balance, etc.


9-13

The Fraud Process

What is kiting? In a kiting scheme, the perpetrator

covers up a theft by creating cash through the transfer of money between banks.

The perpetrator deposits a check from bank A to bank B and then withdraws the money.


9-14

The Fraud Process

Since there are insufficient funds in bank A to cover the check, the perpetrator deposits a check from bank C to bank A before his check to bank B clears.

Since bank C also has insufficient funds, money must be deposited to bank C before the check to bank A clears.

The scheme continues to keep checks from bouncing.


9-15


Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.


9-16

Why Fraud Occurs

Researchers have compared the psychological and demographic characteristics of three groups of people:

White-collarcriminals

Violentcriminals

Generalpublic

Few differencesSignificant differences


9-17

Why Fraud Occurs

What are some common characteristics of fraud perpetrators?

Most spend their illegal income rather than invest or save it.

Once they begin the fraud, it is very hard for them to stop.

They usually begin to rely on the extra income.


9-18

Why Fraud Occurs

Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills.

Some computer fraud perpetrators are more motivated by curiosity and the challenge of “beating the system.”

Others commit fraud to gain stature among others in the computer community.


9-19

Why Fraud Occurs

Three conditions are necessary for fraud to occur:1 A pressure or motive2 An opportunity3 A rationalization


9-20

Pressures

What are some financial pressures?– living beyond means– high personal debt– “inadequate” income– poor credit ratings– heavy financial losses– large gambling debts


9-21

Pressures

What are some work-related pressures?– low salary– nonrecognition of performance– job dissatisfaction– fear of losing job– overaggressive bonus plans


9-22

Pressures

What are other pressures?– challenge– family/peer pressure– emotional instability– need for power or control– excessive pride or ambition


9-23

Opportunities

An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act.

Opportunities often stem from a lack of internal controls.

However, the most prevalent opportunity for fraud results from a company’s failure to enforce its system of internal controls.


9-24

Rationalizations

Most perpetrators have an excuse or a rationalization that allows them to justify their illegal behavior.

What are some rationalizations? The perpetrator is just “borrowing” the stolen

assets. The perpetrator is not hurting a real person, just a

computer system. No one will ever know.


9-25


Compare and contrast the approaches and techniques that are used to commit computer fraud.


9-26

Computer Fraud

The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.

What are examples of computer fraud?– unauthorized use, access, modification,

copying, and destruction of software or data


9-27

Computer Fraud

– theft of money by altering computer records or the theft of computer time

– theft or destruction of computer hardware

– use or the conspiracy to use computer resources to commit a felony

– intent to illegally obtain information or tangible property through the use of computers


9-28

The Rise in Computer Fraud

Organizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud.


9-29

The Rise in Computer Fraud

No one knows for sure exactly how much companies lose to computer fraud. Why? There is disagreement on what computer fraud is. Many computer frauds go undetected, or

unreported. Most networks have a low level of security. Many Internet pages give instructions on how to

perpetrate computer crimes. Law enforcement is unable to keep up with fraud.


9-30

Computer Fraud Classifications

Computerinstruction fraud

Processor fraud

Data fraud

Inputfraud

Outputfraud


9-31

Computer Fraud andAbuse Techniques

What are some of the more common techniques to commit computer fraud?– Cracking– Data diddling– Data leakage– Denial of service attack– Eavesdropping– E-mail forgery and threats


9-32


– Hacking– Internet misinformation and terrorism– Logic time bomb– Masquerading or impersonation– Password cracking– Piggybacking– Round-down– Salami technique


9-33


– Software piracy– Scavenging– Social engineering– Superzapping– Trap door– Trojan horse– Virus – Worm


9-34


Describe how to deter and detect computer fraud.


9-35

Preventing and Detecting Computer Fraud

What are some measures that can decrease the potential of fraud?1 Make fraud less likely to occur.2 Increase the difficulty of committing

fraud.3 Improve detection methods.4 Reduce fraud losses.5 Prosecute and incarcerate fraud

perpetrators.


9-36


1 Make fraud less likely to occur.Use proper hiring and firing practices.Manage disgruntled employees.Train employees in security and fraud

prevention.Manage and track software licenses.Require signed confidentiality

agreements.


9-37

Preventing and Detecting Computer Fraud2 Increase the difficulty of committing

fraud.Develop a strong system of internal

controls.Segregate duties.Require vacations and rotate duties.Restrict access to computer

equipment and data files.Encrypt data and programs.


9-38


3 Improve detection methods.Protect telephone lines and the

system from viruses.Control sensitive data.Control laptop computers.Monitor hacker information.


9-39


4 Reduce fraud losses.Maintain adequate insurance.Store backup copies of programs and

data files in a secure, off-site location. Develop a contingency plan for fraud

occurrences.Use software to monitor system activity

and recover from fraud.


9-40


5 Prosecute and incarcerate fraud perpetrators.Most fraud cases go unreported and

unprosecuted. Why?• Many cases of computer fraud are as yet

undetected.• Companies are reluctant to report

computer crimes.


9-41

Preventing and Detecting Computer Fraud Law enforcement officials and the courts

are so busy with violent crimes that they have little time for fraud cases.

It is difficult, costly, and time consuming to investigate.

Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes.


9-42

Case Conclusion

What did Jason present to the president?A copy of his own withholding report

filed with the IRS and a printout of withholdings from the payroll records.


9-43

Case Conclusion

How did Jason believe the fraud was perpetrated? The payroll system had undergone some minor

modifications. The payroll project had been completed without the

usual review by other systems personnel. An unusual code subtracted $5 from most

employees’ withholdings and added it to Don’s.


9-44

Case Conclusion

What guidelines should Jason suggest to prevent this from happening again? Strictly enforce existing controls. New controls should be put into place to

detect fraud. Employees should be trained in fraud

awareness, security measures, and ethical issues.

Jason also urged the president to prosecute the case.


9-45

End of Chapter 9

ais09computer fraud

Documents

fraud processsince

fraud occursresearchers

fraud processmost frauds

bank c

bank b

customer b

computer systems

insufficient funds