Chapter 4 – Ethics, Fraud, and Internal Control
1. Understand Fraud
AIS Threats
1. Natural and political disasters- such as fires,
floods, earthquakes, and attacks by terrorists can
destroy an information system and cause many
companies to fail.
2. Software errors - Operating system crashes, and
undetected data transmission errors constitute a
second type of threat.
3. Unintentional acts - Accidents or innocent, is the
greatest risk to information systems
4. Intentional act - Computer crime, fraud, or
sabotage, which is deliberate destruction.
○ Sabotage - intentional act where the intent is to
destroy a system or some of its components.
Fraud
Legally, for an act to be fraudulent there must be:
1. A false statement- representation, or disclosure
2. A material fact- which is something that induces a
person to act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on
the misrepresentation to take an action
5. An injury or loss suffered by the victim
Corruption- dishonest conduct by those in power and
it often involves actions
Investment Fraud- misrepresenting or leaving out
facts in order to promote an investment
Fraudulent Financial Reporting- intentional or
reckless conduct, that results in materially misleading
financial statements
The Tread way Commission recommended four
actions to reduce fraudulent financial reporting:
1. Establish an organizational environment that
contributes to the integrity of the financial reporting
process.
2. Identify and understand the factors that lead to
fraudulent financial reporting.
3. Assess the risk of fraudulent financial reporting
within the company.
4. Design and implement internal controls to provide
reasonable assurance of preventing fraudulent
financial reporting.
The Auditor’s Responsibilities
2. Discuss the risks of material fraudulent
misstatements
3. Obtain information
4. Identify, assess, and respond to risks
5. Evaluate the results of their audit tests
6. Document and communicate findings
7. Incorporate a technology focus
Who commits fraud?
1. Employees that are disgruntled and unhappy.
2. People that view fraud as a challenge and want to
beat the system.
3. People that are looking to make money from
fraudulent activities.
4. Involved in organized crime.
The Fraud Triangle
1. Pressure - financial pressures often motivate
misappropriation frauds by employees.
2. Emotional - many employee frauds are motivated
by greed.
3. Lifestyle - the person may need funds to support a
gambling habit or support a drug or alcohol addiction.
Opportunity- condition or situation that allows a
person or organization to commit and conceal a
dishonest act and convert it to personal gain. It allows
one to do three things:
1. Commit the fraud - The theft of assets is the most
common type of misappropriation. Most instances of
fraudulent financial reporting involve overstatements
of assets or
Revenues
2. Conceal the fraud - perpetrators must keep the
accounting equation in balance by inflating
other assets.
3. Convert the theft or misrepresentation to personal
gain. In a misappropriation, fraud perpetrators who
do not steal cash or use the stolen assets personally
must convert them
to a spendable form.
Rationalizations-is the excuse that fraud perpetrators
use to justify their illegal behavior. In other words,
perpetrators rationalize that they are not being
dishonest, that honesty is not required of them, or
that they value what they take more than honesty
and integrity.

Computer Fraud- any fraud that requires computer

technology to perpetrate it.
Examples include:
➢Unauthorized theft
➢Theft of assets covered up by altering computer
records
➢Obtaining information or tangible property illegally
using computers

The number of incidents, the total dollar losses, and

the sophistication of the perpetrators and the
schemes used to commit computer fraud are
increasing rapidly for several
reasons:
1. Not everyone agrees on what constitutes computer
fraud.
2. Many instances of computer fraud go undetected.
3. A high percentage of frauds is not reported.
4. Many networks are not secure.
5. Internet sites offer step-by-step instructions on
how to perpetrate computer fraud and abuse.
6. Law enforcement cannot keep up with the growth
of computer fraud.
7. Calculating losses is difficult.

Computer Fraud Classifications

1. Input Fraud- simplest and most common way to
commit a computer fraud is to alter or falsify
computer input.
2. Processor Fraud- Processor fraud includes
unauthorized system use, including the theft of
computer time and services.
3. Computer Instructions Fraud- includes tampering
with company software, copying software illegally
4. Data Fraud- Illegally using, copying, browsing,
searching. The biggest cause of data breaches is
employee negligence.

Preventing Computer Crime and Fraud

1. Enlist top-management support
2. Increase employee awareness and education
3. Assess security policies and protect passwords
4. Implement controls