Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 73

C HAPTER 4

Computer Fraud and


Security

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 1 of 175
INTRODUCTION

• Questions to be addressed in this chapter:


– What is fraud, and how are frauds
perpetrated?
– Who perpetrates fraud and why?
– What is computer fraud, and what forms does
it take?
– What approaches and techniques are used to
commit computer fraud?

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 2 of 175
INTRODUCTION

• Information systems are becoming


increasingly more complex and society is
becoming increasingly more dependent on
these systems.
– Companies also face a growing risk of these
systems being compromised.
– Recent surveys indicate 67% of companies
suffered a security breach in the last year with
almost 60% reporting financial losses.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 3 of 175
• Include:
Threats of IS – Fire or excessive heat
– Floods
• Companies face – Earthquakes
four types of threats – High winds
to their information – War and terrorist attack
systems:
• When a natural or political
– Natural and political disaster strikes, many companies
can be affected at the same time.
– disasters – Example: Bombing of the
World Trade Center in NYC.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 4 of 175
• Include:
– Hardware or software
INTRODUCTION failures
– Software errors or bugs
– Operating system
• Companies face four types of threats
crashes
• to their information systems:
– Natural and political disasters
– Power outages and
– Software errors and equipment fluctuations
malfunction – Undetected data
transmission errors
• Estimated annual economic
losses due to software
bugs = $60 billion.
• 60% of companies studied
had significant software
errors in previous year.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 5 of 175
INTRODUCTION
• Include
• Companies face four types of threats to their information
– Accidents causedsystems:
by:
– Natural and political
• Human carelessness
disasters
– Software errors and • Failure to follow established
equipment malfunction procedures
– Unintentional acts • Poorly trained or supervised
personnel
– Innocent errors or omissions
– Lost, destroyed, or misplaced data
• Information Systems Security Assn.
estimates 65% of security problems are
caused by human error.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 6 of 175
INTRODUCTION
• Include:
– Computer fraud
• Companies face four
– Misrepresentation, false use, or

unauthorized disclosure of data
types of threats to their
• information systems: – Misappropriation of assets
– Natural and political disasters – Financial statement fraud
– Software errors and equipment malfunction
– Unintentional acts
– Intentional acts
(computer crime)

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 7 of 175
INTRODUCTION

• In this chapter we’ll discuss:


– The fraud process
– Why fraud occurs
– Approaches to computer fraud
– Specific techniques used to commit computer
fraud
– Ways companies can deter and detect
computer fraud

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 8 of 175
INTRODUCTION

• In this chapter we’ll discuss:


– The fraud process
– Why fraud occurs
– Approaches to computer fraud
– Specific techniques used to commit computer
fraud
– Ways companies can deter and detect
computer fraud

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 9 of 175
THE FRAUD PROCESS

• Fraud is any and all means a person uses to


gain an unfair advantage over another person.
• In most cases, to be considered fraudulent, an
act must involve:
– A false statement (oral or in writing)
– About a material fact
– A victim relies on the statement
– And suffers injury or loss as a result

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 10 of 175
THE FRAUD PROCESS
• Since fraudsters don’t make journal entries to
record their frauds, we can only estimate the
amount of losses caused by fraudulent acts:
– The Association of Certified Fraud Examiners (ACFE)
estimates that total fraud losses in the U.S. run
around 6% of annual revenues or approximately $660
billion in 2004.
• More than we spend on education and roads in a year.
• 6 times what we pay for the criminal justice system.
– Income tax fraud (the difference between what
taxpayers owe and what they pay to the government)
is estimated to be over $200 billion per year.
– Fraud in the healthcare industry is estimated to
exceed $100 billion a year.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 11 of 175
THE FRAUD PROCESS
• Fraud against companies may be committed by
an employee or an external party.
– Former and current employees (called
knowledgeable insiders) are much more likely than
non-employees to perpetrate frauds (and big ones)
against companies.
• Largely owing to their understanding of the company’s
systems and its weaknesses, which enables them to commit
the fraud and cover their tracks.
– Organizations must utilize controls to make it difficult
for both insiders and outsiders to steal from the
company.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 12 of 175
THE FRAUD PROCESS

• Fraud perpetrators are often referred to as


white-collar criminals.
.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 13 of 175
THE FRAUD PROCESS

• Three types of occupational fraud:


– Misappropriation of assets
• Involves theft, or misuse of company assets for
personal gain.
• Examples include billing schemes, check
tampering,and theft of inventory.
• In the 2004 Report to the Nation on Occupational
Fraud and Abuse, 92.7% of occupational frauds
involved asset misappropriation at a median cost
of $93,000.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 15 of 175
THE FRAUD PROCESS

• Three types of occupational fraud:


– Misappropriation of assets
– Corruption
• Corruption involves the wrongful use of a
position, contrary to the responsibilities of
that position, to procure a benefit.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 16 of 175
THE FRAUD PROCESS

• Three types of occupational fraud:


– Misappropriation of assets
– Corruption
– Fraudulent statements
• Financial statements can be misstated
• About 7.9% of occupational frauds involve fraudulent statements at a
median cost of $1 million

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 17 of 175
THE FRAUD PROCESS

• Common approaches to “cooking the


books” include:
– Recording fictitious revenues
– Recording revenues prematurely
– Recording expenses in later periods
– Overstating inventories or fixed assets
– Concealing losses and liabilities

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 18 of 175
THE FRAUD PROCESS

• The Auditor’s Responsibility to Detect


Fraud
auditor’s responsibility to detect fraud.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 19 of 175
THE FRAUD PROCESS
– Understand fraud

• Auditors can’t effectively audit something they don’t


understand.
• also indicated that auditors are not lawyers and “do not make
legal determinations of whether fraud has occurred.”
• The external auditor’s interest specifically relates to acts that
result in a material misstatement of the financial statements.
• Internal auditors will have a more extensive interest in fraud
than just those that impact financial statements.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 20 of 175
THE FRAUD PROCESS
– Understand fraud
– Discuss the risks of material fraudulent
misstatements

• While planning the audit, members of the audit team


should discuss how and where the company’s financial
statements might be susceptible to fraud.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 21 of 175
• The audit team must gather evidence about the existence of fraud
by: THE FRAUD PROCESS
– Looking for fraud risk factors
– Testing company records
• A –revision to SAS-82, SAS-99, was issued in
Asking management, the audit committee, and others if they
December 2002.
know of any past orSAS-99 requires
current fraud auditors
or of fraud to:
risks the
– Understand
organizationfraud
faces.
• –Special carethe
Discuss needs to of
risks bematerial
exercisedfraudulent
in examining revenue
misstatements
accounts, since they are particularly popular fraud targets.
– Obtain information

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 22 of 175
THE FRAUD PROCESS
• A revision to SAS-82, SAS-99, was issued in
• Auditors must assess the risk of fraud throughout the
December
audit. 2002. SAS-99 requires auditors to:
– Understand
• When thefraud
audit is complete, they must evaluate whether
– Discuss the risksmisstatements
any identified of material fraudulent misstatements
indicate the presence of
fraud.
– Obtain information
• If so, they should determine the impact on the financial
– Identify, assess,
statements andand
the respond
audit. to risks
– Evaluate the results of their audit tests

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 23 of 175
THE FRAUD PROCESS
• A revision to SAS-82, SAS-99, was issued in
December 2002. SAS-99 requires auditors to:
– Understand fraud
– Discuss the risks of material fraudulent misstatements
– Obtain information
– Identify, assess, and respond to risks
– Evaluate the results of their audit tests
– Communicate findings

• Auditors communicate their fraud


findings to management, the audit
committee, and others.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 24 of 175
THE FRAUD PROCESS
• A revision to SAS-82, SAS-99, was issued in
December 2002. SAS-99 requires auditors to:
– Understand fraud
– Discuss the risks of material fraudulent misstatements
– Obtain information
– Identify, assess, and respond to risks
– Evaluate the results of their audit tests
– Communicate findings
– Document their audit work

• Auditors must document their


compliance with SAS-99 requirements.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 25 of 175
THE FRAUD PROCESS
• A revision to SAS-82, SAS-99, was issued in
December 2002. SAS-99 requires auditors to:
– Understand fraud
– Discuss the risks of material fraudulent misstatements
– Obtain information
– Identify, assess, and respond to risks
– Evaluate the results of their audit tests
– Communicate findings
– Document their audit work
– Incorporate a technology focus

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 26 of 175
INTRODUCTION

• In this chapter we’ll discuss:


– The fraud process
– Why fraud occurs
– Approaches to computer fraud
– Specific techniques used to commit computer
fraud
– Ways companies can deter and detect
computer fraud

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 27 of 175
WHO COMMITS FRAUD AND WHY
• Researchers have compared the psychological and
demographic characteristics of three groups of people:
– White-collar criminals
– Violent criminals
– The general public
• They found:
– Significant differences between violent and white-collar
criminals.
– Few differences between white-collar criminals and the general
public.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 28 of 175
WHO COMMITS FRAUD AND WHY

• White-collar criminals tend to mirror the general


public in:
– Education
– Age
– Religion
– Marriage
– Length of employment
– Psychological makeup

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 29 of 175
The “Fraud Triangle”
Donald Cressey

Op
r e
su

po
es

r tu
Pr

ni
ty
Rationalization
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 30 of 175
The “Fraud Triangle”
Donald Cressey

Op
re
su

po
es

r tu
Pr

ni
ty
Rationalization
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 31 of 175
WHO COMMITS FRAUD AND WHY

• Pressure
– Cressey referred to this pressure as a
“perceived non-shareable need.”
– The pressure could be related to
finances, emotions, lifestyle, or some
combination.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 32 of 175
WHO COMMITS FRAUD AND WHY

• The most common pressures were:


- Not being able to pay one’s debts, nor admit it to
one’s employer, family, or friends (which makes
in non-shareable)
• May be associated with vices, such
as drugs, gambling, mistresses, etc.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 33 of 175
WHO COMMITS FRAUD AND WHY

• The most common pressures were:


- Not being able to pay one’s debts, nor admit it to
one’s employer, family, or friends (which makes in
non-shareable)
- Fear of loss of status because of a personal
failure • Example would be mismanagement of
a personal investment or retirement
fund.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 34 of 175
WHO COMMITS FRAUD AND WHY

• The most common pressures were:


- Not being able to pay one’s debts, nor admit it to
one’s employer, family, or friends (which makes in
non-shareable)
- Fear of loss of status because of a personal failure
- Business reversals
- Status gaining

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 35 of 175
WHO COMMITS FRAUD AND WHY

• The most common pressures were:


- Not being able to pay one’s debts, nor admit it to
one’s employer, family, or friends (which makes in
non-shareable)
- Fear of loss of status because of a personal failure
- Business reversals
• May create pressure to get revenge,
- Physical isolation take the money you feel is rightfully
owed to you, etc.
- Status gaining
- Difficulties in employer-employee relations

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 36 of 175
The “Fraud Triangle”
Donald Cressey

Op
r e
su

po
es

r tu
Pr

ni
ty
Rationalization
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 38 of 175
WHO COMMITS FRAUD AND WHY
• There are many opportunities that enable fraud.
Some of the most common are:
– Lack of internal controls
– Failure to enforce controls (the most prevalent
reason)
– Excessive trust in key employees
– Incompetent supervisory personnel
– Inattention to details
– Inadequate staff

Opportunities
Opportunities
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 39 of 175
The “Fraud Triangle”
Donald Cressey

Op
r e
su

po
es

r tu
Pr

ni
ty
Rationalization
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 42 of 175
WHO COMMITS FRAUD AND WHY

• How many people do you know who regard


themselves as being unprincipled or sleazy?
• It is important to understand that fraudsters do
not regard themselves as unprincipled.
– In general, they regard themselves as highly
principled individuals.
– That view of themselves is important to them.
– The only way they can commit their frauds and
maintain their self image as principled individuals is to
create rationalizations that recast their actions as
“morally acceptable” behaviors.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 43 of 175
WHO COMMITS FRAUD AND WHY
• Fraud occurs when:
– People have perceived, non-shareable pressures;
– The opportunity gateway is left open; and
– They can rationalize their actions to reduce the moral impact in
their minds (i.e., they have low integrity).
• Fraud is much less likely to occur when
– There is low pressure, low opportunity, and high integrity.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 44 of 175
INTRODUCTION

• In this chapter we’ll discuss:


– The fraud process
– Why fraud occurs
– Approaches to computer fraud
– Specific techniques used to commit computer
fraud
– Ways companies can deter and detect
computer fraud

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 45 of 175
APPROACHES TO COMPUTER FRAUD

• The U.S. Department of Justice defines


computer fraud as any illegal act for
which knowledge of computer technology
is essential for its:
– Perpetration; (to bring about or carry out
(something, such as a crime or deception
– Investigation; or Prosecution.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 46 of 175
APPROACHES TO COMPUTER FRAUD

• Economic espionage, the theft of


information and intellectual property, is
growing especially fast.
• This growth has led to the need for
investigative specialists or cybersleuths.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 47 of 175
APPROACHES TO COMPUTER FRAUD

• Computer Fraud Classification


– Frauds can be categorized according to the
data processing model:
• Input
• Processor
• Computer instructions
• Stored data
• Output

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 48 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 49 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 50 of 175
APPROACHES TO COMPUTER FRAUD

• Input Fraud
– The simplest and most common way to commit a fraud is to alter
computer input.
• Requires little computer skills.
• Perpetrator only need to understand how the system
operates
– Can take a number of forms, including:
• Disbursement frauds
• The perpetrator causes a company to:
– Pay too much for ordered goods; or
– Pay for goods never ordered.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 51 of 175
APPROACHES TO COMPUTER FRAUD

• Input Fraud
– The simplest and most common way to commit a fraud is to alter
computer input.
• Requires little computer skills.
• Perpetrator only need to understand how the system
operates
– Can take a number of forms, including:
• Disbursement frauds
• Inventory frauds
• The perpetrator enters data into the system to
show that stolen inventory has been scrapped.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 52 of 175
APPROACHES TO COMPUTER FRAUD

• Input Fraud
– The simplest and most common way to commit a fraud is to alter
computer input.
• Perpetrators
• Requires little computer may enter data to:
skills.
– Increase
• Perpetrator only needtheir salaries how the system
to understand
operates – Create a fictitious employee
– Can take a number
– Retain of forms, including:
a terminated employee on the records.
• Disbursement
• In the frauds
latter two instances, the perpetrator
• Inventoryintercepts
frauds and cashes the resulting paychecks.
• Payroll frauds

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 53 of 175
APPROACHES TO COMPUTER FRAUD

• Input Fraud
– The simplest and most common way to commit a fraud is to alter
computer input.
• Requires little computer skills.
• Perpetrator only need to understand how the system
operates
• The perpetrator hides the theft by falsifying
– Can take a number
system of forms, including:
input.
• Disbursement
• EXAMPLE: frauds Cash of $200 is received. The
• Inventoryperpetrator
frauds records a cash receipt of $150 and
pockets the $50 difference.
• Payroll frauds
• Cash receipt frauds

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 54 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 55 of 175
APPROACHES TO COMPUTER FRAUD

• Processor Fraud
– Involves computer fraud committed through
unauthorized system use.
– Includes theft of computer time and services.
– Incidents could involve employees:
• Surfing the Internet;
• Using the company computer to conduct personal business;

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 56 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 57 of 175
APPROACHES TO COMPUTER FRAUD

• Computer Instructions Fraud


– Involves tampering with the software that
processes company data.
– May include:
• Modifying the software
• Making illegal copies
• Using it in an unauthorized manner
– Also might include developing a software
program or module to carry out an
unauthorized activity.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 58 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 59 of 175
APPROACHES TO COMPUTER FRAUD

• Data Fraud
– Involves:
• Altering or damaging a company’s data files; or
• Copying, using, or searching the data files without
authorization.
– In many cases, disgruntled employees have altered,
or destroyed data files.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 60 of 175
COMPUTER FRAUD CLASSIFICATIONS

Data
Fraud

Input Processor Output


Fraud Fraud Fraud

Computer
Instructions
Fraud
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 61 of 175
APPROACHES TO COMPUTER FRAUD

• Output Fraud
– Involves stealing or misusing system output.
– Output is usually displayed on a screen or printed on
paper.
– Unless properly safeguarded, screen output can
easily be read from a remote location
– Fraud perpetrators can use computers and peripheral
devices to create counterfeit outputs.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 62 of 175
COMPUTER FRAUD AND ABUSE
TECHNIQUES
 Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
 Internet misinformation
 Internet terrorism
• Hackers use the Internet to disrupt electronic commerce and
destroy company and individual communications.
• Viruses and worms are two main forms of Internet terrorism.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 63 of 175
COMPUTER FRAUD AND ABUSE
TECHNIQUES
 Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
 Internet misinformation
 Internet terrorism
 Logic time bombs
• A program that lies idle until triggered by some circumstance or a
particular time.
• Once triggered, it sabotages/destroying the system, destroying
programs, data, or both.
• Usually written by disgruntled (angry or dissatisfied) programmers.
• EXAMPLE: A programmer places a logic bomb in a payroll
application that will destroy all the payroll records if the
programmer is terminated.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 64 of 175
COMPUTER FRAUD AND ABUSE
TECHNIQUES
 Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
 Internet misinformation
 Internet terrorism
 Logic time bombs
 Masquerading or impersonation
 Password cracking

• An intruder penetrates a system’s defenses, steals the file of valid


passwords, decrypts them, and then uses them to gain access to
almost any system resources.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 65 of 175
COMPUTER FRAUD AND ABUSE
TECHNIQUES
 Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
 Virus

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 66 of 175
COMPUTER FRAUD AND ABUSE
TECHNIQUES
 Perpetrators have devised many methods to commit
computer fraud and symptoms:
• Virus abuse. These include:
 Virus – Computer will not start or
execute
– Performs unexpected read or
write operations
– Unable to save files
– Long time to load programs

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 67 of 175
INTRODUCTION

• In this chapter we’ll discuss:


– The fraud process
– Why fraud occurs
– Approaches to computer fraud
– Specific techniques used to commit computer
fraud
– Ways companies can deter and detect
computer fraud

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 68 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Organizations must take every precaution to
protect their information systems.
• Certain measures can significantly decrease the
potential for fraud and any resulting losses.
• These measures include:
– Make fraud less likely to occur
– Increase the difficulty of committing fraud
– Improve detection methods
– Reduce fraud losses

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 69 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Organizations must take every precaution to
protect their information systems.
• Certain measures can significantly decrease the
potential for fraud and any resulting losses.
• These measures include:
– Make fraud less likely to occur
– Increase the difficulty of committing fraud
– Improve detection methods
– Reduce fraud losses

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 70 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Make fraud less likely to occur
– Create a culture that stresses integrity and
commitment to ethical values.
– Require oversight from an active, involved, and
independent audit committee.
– . Require annual employee vacations, periodically
rotate duties of key employees, and require signed
confidentiality agreements.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 71 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Organizations must take every precaution to
protect their information systems.
• Certain measures can significantly decrease the
potential for fraud and any resulting losses.
• These measures include:
– Make fraud less likely to occur
– Increase the difficulty of committing fraud
– Improve detection methods
– Reduce fraud losses

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 72 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Organizations must take every precaution to
protect their information systems.
• Certain measures can significantly decrease the
potential for fraud and any resulting losses.
• These measures include:
– Make fraud less likely to occur
– Increase the difficulty of committing fraud
– Improve detection methods
– Reduce fraud losses

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 73 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Improve detection methods.
– Create an audit trail so individual transactions
can be traced through the system to the
financial statements and vice versa.
– Conduct periodic external and internal audits,
as well as special network security audits.
– Install fraud detection software.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 74 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Organizations must take every precaution to
protect their information systems.
• Certain measures can significantly decrease the
potential for fraud and any resulting losses.
• These measures include:
– Make fraud less likely to occur
– Increase the difficulty of committing fraud
– Improve detection methods
– Reduce fraud losses

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 75 of 175
PREVENTING AND DETECTING
COMPUTER FRAUD
• Reduce Fraud Losses
– Maintain adequate insurance.
– Develop comprehensive fraud contingency,
disaster recovery, and business continuity
plans.
– Store backup copies of program and data files
in a secure, off-site location.

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 76 of 175
Thank you

© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 77 of 175

You might also like