Computer Fraud
Download
Report
Transcript Computer Fraud
Computer Fraud
Chapter 5
Copyright © Pearson Education Limited 2015.
5-1
Learning Objectives
• Explain the threats faced by modern information systems.
• Define fraud and describe both the different types of fraud and the
process one follows to perpetuate a fraud.
• Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present in
most frauds.
• Define computer fraud and discuss the different computer fraud
classifications.
• Explain how to prevent and detect computer fraud and abuse.
Copyright © Pearson Education Limited 2015.
5-2
Threats to AIS
Table 5-1
Integrative case
on page 148
• Natural and Political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional acts
Copyright © Pearson Education Limited 2015.
5-3
AIS Threats
• Pages 150-152
Copyright © Pearson Education Limited 2015.
5-4
Focus 5-1
• Electronic Warfare
• Stuxnet 60 Minutes
Copyright © Pearson Education Limited 2015.
5-5
Fraud
• Any means a person uses to gain an unfair
advantage over another person; includes:
▫
▫
▫
▫
▫
A false statement, representation, or disclosure
A material fact, which induces a victim to act
An intent to deceive
Victim relied on the misrepresentation
Injury or loss was suffered by the victim
The ACME estimates ….. Page 152
Fraud is white collar crime
Copyright © Pearson Education Limited 2015.
5-6
Two Categories of Fraud
• Misappropriation of assets page 153
▫ Theft of company assets which can include
physical assets (e.g., cash, inventory) and digital
assets (e.g., intellectual property such as protected
trade secrets, customer data)
• Fraudulent financial reporting page 154
▫ “cooking the books” (e.g.,booking fictitious
revenue, overstating assets, etc.)
Copyright © Pearson Education Limited 2015.
5-7
Conditions for Fraud
These three conditions must be
present for fraud to occur:
• Pressure
▫ Employee
Financial
Lifestyle
Emotional
▫ Financial Statement
Financial
Management
Industry conditions
Copyright © Pearson Education Limited 2015.
• Opportunity to:
▫ Commit
▫ Conceal
▫ Convert to personal gain
• Rationalize
▫ Justify behavior
▫ Attitude that rules don’t apply
▫ Lack personal integrity
5-8
Fraud Triangle
Copyright © Pearson Education Limited 2015.
5-9
Computer Fraud
• If a computer is used to commit fraud it is called
computer fraud. See “The rise in computer
fraud” in page 160; Cyber sleuths in page 161
• Computer fraud is classified as:
▫
▫
▫
▫
▫
Input
Processor
Computer instruction
Data
Output
Copyright © Pearson Education Limited 2015.
5-10
Preventing and Detecting Fraud
1. Make Fraud Less Likely to Occur
Organizational
• Create a culture of integrity
• Adopt structure that
minimizes fraud, create
governance (e.g., Board of
Directors)
• Assign authority for business
objectives and hold them
accountable for achieving
those objectives, effective
supervision and monitoring of
employees
• Communicate policies
Copyright © Pearson Education Limited 2015.
Systems
• Develop security policies to
guide and design specific
control procedures
• Implement change
management controls and
project development
acquisition controls
5-11
Preventing and Detecting Fraud
2. Make It Difficulty to Commit
Organizational
• Develop strong internal
controls
• Segregate accounting
functions
• Use properly designed forms
• Require independent checks
and reconciliations of data
Copyright © Pearson Education Limited 2015.
Systems
• Restrict access
• System authentication
• Implement computer controls
over input, processing, storage
and output of data
• Use encryption
• Fix software bugs and update
systems regularly
• Destroy hard drives when
disposing of computers
5-12
Preventing and Detecting Fraud
3. Improve Detection
Organizational
• Assess fraud risk
• External and internal audits
• Fraud hotline
Copyright © Pearson Education Limited 2015.
Systems
• Audit trail of transactions
through the system
• Install fraud detection
software
• Monitor system activities (user
and error logs, intrusion
detection)
5-13
Preventing and Detecting Fraud
4. Reduce Fraud Losses
Organizational
• Insurance
• Business continuity and
disaster recovery plan
Copyright © Pearson Education Limited 2015.
Systems
• Store backup copies of
program and data files in
secure, off-site location
• Monitor system activity
5-14
Key Terms
•
•
•
•
•
•
•
•
Sabotage
Cookie
Fraud
White-collar criminals
Corruption
Investment fraud
Misappropriation of assets
Fraudulent financial reporting
Copyright © Pearson Education Limited 2015.
•
•
•
•
•
•
Pressure
Opportunity
rationalization
Lapping
Check kiting
Computer fraud
5-15