Professional Documents
Culture Documents
Materi STKD Pertemuan 3
Materi STKD Pertemuan 3
1. Fraudulent Statements
2. Asset Misappropriation
3. Bribery and Corruption
OCCUPATIONAL OTHER
Fraudulent Statements Intellectual property theft
◦ Financial Financial institution fraud
◦ Non-financial Check and credit card
Asset Misappropriation fraud
◦ Theft of Cash Insurance fraud
◦ Fraudulent disbursements Healthcare fraud
◦ Inventory and other assets Bankruptcy fraud
Bribery and Corruption Tax fraud
◦ Bribery Securities fraud
◦ Illegal gratuities Money laundering
◦ Economic extortion Consumer fraud
◦ Conflict of interest Computer and Internet
fraud
Nature of Items
◦ Size and value
◦ Cash, etc
Nature of Control Environment
◦ Safeguards
◦ Separation of duties.
◦ Documentation.
◦ Dominance, etc
Pressures
◦ Level of dissatisfaction
◦ Expectations
◦ Guarantees.
The U.S. Department of Justice defines
computer fraud as any illegal act for which
knowledge of computer technology is
essential for its:
◦ Perpetration;
◦ Investigation; or
◦ Prosecution.
Computer fraud includes the following:
◦ Unauthorized theft, use, access, modification,
copying, and destruction of software or data.
◦ Theft of money by altering computer records.
◦ Theft of computer time.
◦ Theft or destruction of computer hardware.
◦ Use or the conspiracy to use computer resources to
commit a felony.
◦ Intent to illegally obtain information or tangible
property through the use of computers.
In using a computer, fraud perpetrators can
steal:
◦ More of something
◦ In less time
◦ With less effort
They may also leave very little evidence,
which can make these crimes more difficult to
detect.
Computer systems are particularly
vulnerable to computer crimes for several
reasons:
◦ Company databases can be huge and access
privileges can be difficult to create and enforce.
Consequently, individuals can steal, destroy, or
alter massive amounts of data in very little time.
◦ Organizations often want employees, customers,
suppliers, and others to have access to their
system from inside the organization and without.
This access also creates vulnerability.
◦ Computer programs only need to be altered once,
and they will operate that way until:
The system is no longer in use; or
Someone notices.
◦ Modern systems are accessed by PCs, which are
inherently more vulnerable to security risks and
difficult to control.
It is hard to control physical access to each PC.
PCs are portable, and if they are stolen, the data and
access capabilities go with them.
PCs tend to be located in user departments, where one
person may perform multiple functions that should be
segregated.
PC users tend to be more oblivious to security
concerns.
◦ Computer systems face a number of unique
challenges:
Reliability (accuracy and completeness)
Equipment failure
Environmental dependency (power, water damage, fire)
Vulnerability to electromagnetic interference and
interruption
Eavesdropping
Misrouting
These frauds cost billions of dollars each
year, and their frequency is increasing
because:
◦ Not everyone agrees on what constitutes computer
fraud.
Many don’t believe that taking an unlicensed copy of
software is computer fraud. (It is and can result in
prosecution.)
Some don’t think it’s a crime to browse through
someone else’s computer if their intentions aren’t
malicious.
◦ Many computer frauds go undetected.
◦ An estimated 80-90% of frauds that are uncovered
are not reported because of fear of:
Adverse publicity
Copycats
Loss of customer confidence.
◦ There are a growing number of competent
computer users, and they are aided by easier access
to remote computers through the Internet and
other data networks.
◦ Some folks believe “it can’t happen to us.”
◦ Many networks have a low level of security.
◦ Instructions on how to perpetrate computer crimes
and abuses are readily available on the Internet.
◦ Law enforcement is unable to keep up with the
growing number of frauds.
◦ The total dollar value of losses is difficult to
calculate.
Economic espionage, the theft of information
and intellectual property, is growing
especially fast.
This growth has led to the need for
investigative specialists or cybersleuths.
Data
Fraud
Computer
Instructions
Fraud
Input Fraud
◦ The simplest and most common way to commit a fraud is
to alter computer input.
Requires little computer skills.
Perpetrator only need to understand how the system
operates
◦ Can take a number of forms, including:
Disbursement frauds
Inventory frauds
Payroll frauds
Cash receipt frauds
Fictitious refund fraud
Processor Fraud
◦ Involves computer fraud committed through
unauthorized system use.
◦ Includes theft of computer time and services.
◦ Incidents could involve employees:
Surfing the Internet;
Using the company computer to conduct personal
business; or
Using the company computer to conduct a competing
business.
Computer Instructions Fraud
◦ Involves tampering with the software that processes
company data.
◦ May include:
Modifying the software
Making illegal copies
Using it in an unauthorized manner
◦ Also might include developing a software program
or module to carry out an unauthorized activity.
Computer instruction fraud used to be one
of the least common types of frauds
because it required specialized knowledge
about computer programming beyond the
scope of most users.
Today these frauds are more frequent--
courtesy of web pages that instruct users
on how to create viruses and other
schemes.
Data Fraud
◦ Involves:
Altering or damaging a company’s data files; or
Copying, using, or searching the data files without
authorization.
◦ In many cases, disgruntled employees have
scrambled, altered, or destroyed data files.
◦ Theft of data often occurs so that perpetrators
can sell the data.
Most identity thefts occur when insiders in financial
institutions, credit agencies, etc., steal and sell financial
information about individuals from their employer’s
database.
Output Fraud
◦ Involves stealing or misusing system output.
◦ Output is usually displayed on a screen or printed
on paper.
◦ Unless properly safeguarded, screen output can
easily be read from a remote location using
inexpensive electronic gear.
◦ This output is also subject to prying eyes and
unauthorized copying.
◦ Fraud perpetrators can use computers and
peripheral devices to create counterfeit outputs,
such as checks.
Thanks for Your Attention