Fraud- any and all means one person uses to gain an unfair advantage over another person

3 types of fraud

1. Misappropriation of assets (employee fraud)- involves theft, embezzlement, or misuse of

company assets for personal gain. Billing schemes, check tampering. Absence of internal
controls or failure to enforce internal controls.
2. Corruption- involves the wrongful use of a position, contrary to the responsibilities of that
position, to procure a benefit. Kickback schemes and bribery schemes.
3. Fraudulent financial statements (cooking the books)- misstating financial condition of an entity
by intentionally misstating amounts or disclosures in order to deceive users. Undetected frauds
lead to about ½ of lawsuits filed against auditors.

SAS 99- the auditor’s responsibility to detect fraud.

Fraud triangle; 3 necessary conditions for fraud to occur

Pressure- could be related to finances, emotions, lifestyles, or some combination.

Opportunity- an opening or the gateway that allows an individual to commit the fraud, conceal the
fraud, convert the proceeds.

1. Committing the fraud- misappropriating assets, issuing deceptive financial statements,

accepting a bribe in order to make an arrangement that is not in the company’s best
interest.
2. Concealing the fraud- often takes more time and effort than the act of committing the
fraud. Charge a stolen asset to an expense account. Create a ghost employee who
receives an extra paycheck.
a. Lapping- steal payment
b. Kiting- creates cash by transferring money between banks. Requires multiple
bank accounts. Writing off checks.
3. Rationalizations- allow fraud perpetrators to justify their behavior. The only way their
commit their frauds and maintain their self image as principled individuals is to create
rationalizations that recast their actions as “morally acceptable” behaviors.

Fraud occurs when people have perceived non shareable pressures, the opportunity gateway is left
open and they can rationalize their actions to reduce the moral impact in their minds.

Economic espionage- refers to the theft of information and intellectual property and is growing
especially fast.

Computer Fraud- any illegal act for which the knowledge of computer technology is essential for its
perpetration, investigation, or prosecution. 5 types of computer fraud
 1. Input fraud- Simplest and most common way to commit computer fraud, alter
computer input, requires little computer skills, perpetrator only needs to understand
how the system operates.
a. Disbursements fraud- the perpetrator causes the company to either pay too
much for ordered goods or pay for goods never ordered.
b. Inventory fraud- the perpetrator enters data into the system to show the stolen
inventory has been scrapped
c. Payroll fraud- the perpetrator enters data to increase his salary, create a
fictitious employee, or retain a terminated employee on the records.
d. Cash receipts fraud- the perpetrator hides the theft of cash by falsifying system
input.
2. Processor fraud- involves computer fraud committed through unauthorized system use,
includes theft of computer time and services. Incidents could involve employees surfing
the internet, using the company computer to conduct personal or competing business.
3. Computer instructions fraud- involves tampering with the software that processes
company data. Modifying software, making illegal copies, using it in an unauthorized
manner. Also might include developing a software program or module to carry out
unauthorized activity.
4. Stored data fraud- altering or damaging a company’s data files or copying, using, or
searching the data files without authorization. Theft of data often occurs so that
perpetrators can sell the data. Most identity thefts occur when insiders in financial
institutions, credit agencies etc., steal and sell financial information about individuals
from their employer’s database.
5. Output fraud- involves stealing or misusing system output. Output is usually displayed
on a screen or printed on paper. Unless properly safeguarded, screen output can easily
be read from a remote location using inexpensive electronic gear. Fraud perpetrators
can use computers and peripheral devices to create counterfeit outputs, such as checks.

Computer Fraud techniques

Data diddling- changing data before, during, or after it is entered into the system. Can involve adding
deleting, or altering key system data,

Data leakage- involves the unauthorized copying of company data.

Denial of service attacks

Hacking

Phreaking

Logic time bombs

Packet sniffing
Phishing

Piggybacking

Spamming

Trojan horse

Virus

Worm