Computer Fraud
Download
Report
Transcript Computer Fraud
Computer Fraud
Chapter 5
Copyright © 2015 Pearson Education, Inc.
5-1
Learning Objectives
• Explain the threats faced by modern information systems.
• Define fraud and describe both the different types of fraud and the
process one follows to perpetuate a fraud.
• Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present in
most frauds.
• Define computer fraud and discuss the different computer fraud
classifications.
• Explain how to prevent and detect computer fraud and abuse.
Copyright © 2015 Pearson Education, Inc.
5-2
Threats to AIS
• Natural and Political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional acts
Copyright © 2015 Pearson Education, Inc.
5-3
Fraud
• Any means a person uses to gain an unfair
advantage over another person; includes:
▫
▫
▫
▫
▫
A false statement, representation, or disclosure
A material fact, which induces a victim to act
An intent to deceive
Victim relied on the misrepresentation
Injury or loss was suffered by the victim
Fraud is white collar crime
Copyright © 2015 Pearson Education, Inc.
5-4
Two Categories of Fraud
• Misappropriation of assets
▫ Theft of company assets which can include
physical assets (e.g., cash, inventory) and digital
assets (e.g., intellectual property such as protected
trade secrets, customer data)
• Fraudulent financial reporting
▫ “cooking the books” (e.g.,booking fictitious
revenue, overstating assets, etc.)
Copyright © 2015 Pearson Education, Inc.
5-5
Conditions for Fraud
These three conditions must be
present for fraud to occur:
• Pressure
▫ Employee
Financial
Lifestyle
Emotional
▫ Financial Statement
Financial
Management
Industry conditions
Copyright © 2015 Pearson Education, Inc.
• Opportunity to:
▫ Commit
▫ Conceal
▫ Convert to personal gain
• Rationalize
▫ Justify behavior
▫ Attitude that rules don’t apply
▫ Lack personal integrity
5-6
Fraud Triangle
Copyright © 2015 Pearson Education, Inc.
5-7
Computer Fraud
• If a computer is used to commit fraud it is called
computer fraud.
• Computer fraud is classified as:
▫
▫
▫
▫
▫
Input
Processor
Computer instruction
Data
Output
Copyright © 2015 Pearson Education, Inc.
5-8
Preventing and Detecting Fraud
1. Make Fraud Less Likely to Occur
Organizational
• Create a culture of integrity
• Adopt structure that
minimizes fraud, create
governance (e.g., Board of
Directors)
• Assign authority for business
objectives and hold them
accountable for achieving
those objectives, effective
supervision and monitoring of
employees
• Communicate policies
Copyright © 2015 Pearson Education, Inc.
Systems
• Develop security policies to
guide and design specific
control procedures
• Implement change
management controls and
project development
acquisition controls
5-9
Preventing and Detecting Fraud
2. Make It Difficulty to Commit
Organizational
• Develop strong internal
controls
• Segregate accounting
functions
• Use properly designed forms
• Require independent checks
and reconciliations of data
Copyright © 2015 Pearson Education, Inc.
Systems
• Restrict access
• System authentication
• Implement computer controls
over input, processing, storage
and output of data
• Use encryption
• Fix software bugs and update
systems regularly
• Destroy hard drives when
disposing of computers
5-10
Preventing and Detecting Fraud
3. Improve Detection
Organizational
• Assess fraud risk
• External and internal audits
• Fraud hotline
Copyright © 2015 Pearson Education, Inc.
Systems
• Audit trail of transactions
through the system
• Install fraud detection
software
• Monitor system activities (user
and error logs, intrusion
detection)
5-11
Preventing and Detecting Fraud
4. Reduce Fraud Losses
Organizational
• Insurance
• Business continuity and
disaster recovery plan
Copyright © 2015 Pearson Education, Inc.
Systems
• Store backup copies of
program and data files in
secure, off-site location
• Monitor system activity
5-12
Key Terms
•
•
•
•
•
•
•
•
Sabotage
Cookie
Fraud
White-collar criminals
Corruption
Investment fraud
Misappropriation of assets
Fraudulent financial reporting
Copyright © 2015 Pearson Education, Inc.
•
•
•
•
•
•
Pressure
Opportunity
rationalization
Lapping
Check kiting
Computer fraud
5-13