1 computer fraud and security uaa – acct 316 accounting information systems dr. fred barbee

1

Computer Fraud and Security

UAA – ACCT 316 Accounting Information Systems Dr. Fred Barbee

3

What’s an Oxymoron???

4

Interesting Oxymorons

Advanced BASIC

Airline food

Government organization

Sanitary landfill

5

Scarey Oxymorons

Computer security

Business Ethics

6

Blatant Oxymorons

Microsoft Works

7

Introduction

Business Ethics

8

Ethics

“Our ethical standards come out of the past – out of our inheritance as a people; religions, philosophical, historical. And the more we know of that past, the more sure-footedly we can inculcate ethical conduct in the future.”

John Akers, Former Chairman of the Board and CE0 of IBM

9

Business Ethics

Ethics pertains to the principles of conduct that individuals use in making choices, and

guiding their behavior

in situations that involve the concepts of right and wrong.

11

Introduction

Fraud

12

What is Fraud

Fraud is any and all means a person uses to gain an unfair advantage over another person.

13

In the Business Environment

Fraud is intentional deception,misappropriation of a company’s

assets, or manipulation of its financial data

to the advantage of the perpetrator.

14

Common Law Definition

Intentional deception, such as the misrepresentation, concealment, or nondisclosure of a material fact,

that results in injury to another.

15

Fraud

Business fraud typically comes at two levels:Employee fraud

Management fraud

16

Characteristics of Employee Fraud

Designed to directly convert cash or other assets to personal benefit.

Typically circumvents the firm’s internal control system for personal gain.

Usually involves three steps which the text refers to as “the Fraud Process.”

17

Characteristics of Management Fraud

Fraud is perpetrated at levels of management above the one which internal control structures typically target.

Usually involves using the financial statements to create the illusion that the firm is doing better than it really is.

18

Characteristics of Management Fraud

If the fraud involves misappropriation of assets, it frequently is shrouded in a maze of complex business transactions, often involving third parties.

19

Fraudulent Financial Reporting

The Treadway Commission

20

The Studies . . .

Report of the National Commission on Fraudulent Financial Reporting (1981-1986)

Fraudulent Financial Reporting: 1987-1997 – An analysis of U.S. Public Companies

21

The Findings . . .

Top senior executives were frequently involved.CEO 72% of cases

CFO 43% of cases

CEO/CFO 83% of cases

22

The Findings . . .

Most audit committees only met about once a year (or the firm had no audit committee).

Boards of Directors dominated by “insider” and “gray” directors

23

The Findings . . .

Family relationships among directors and/or officers were fairly common.

24

Fraudulent Financial Reporting

Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.

25

Committee Recommendations

1. Establish an organizational environment that contributes to the integrity of the financial reporting process.

2. Identify and understand the factors that lead to fraudulent financial reporting.

26

Committee Recommendations

3. Assess the risk of fraudulent financial reporting within the company.

4. Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented.

27

Let’s Take a Slight Detour

28

What are the Common Law Requirements for Fraud?

29

Common Law Requirements

1. There must be a false statement or a nondisclosure

2. A fact must be a substantial factor in inducing someone to act

3. There must be intent to deceive

30

Common Law Requirements

4. The misrepresentation must have resulted in justifiable reliance upon information, which caused someone to act.

5. The misrepresentation must have caused injury or loss.

31

Is Fraud a Problem?

ACFE 2002 Report to the Nation

Occupational Fraud and Abuse

At the Sources of Fraud

At the Duration of the schemes

How Were They Detected?

Fraud Prevention Measures

53

Now, Back to the Text

The Fraud Process

55


Why Fraud Occurs

Pressure (Real or Perceived)

The Fraud Triangle(Why Good People Do The Wrong Thing)

Table 9-1 Pressures that Can Lead to Fraud

58

Situational Pressures


59


Sudden decreases in revenue or market share.

Unrealistic budget pressures, particularly for short-term results.

60


Financial pressure resulting from bonus plans that depend on short-term economic performance.


Opportunities, Consequences,

Likelihood of Detection (Real or perceived)


Table 9-2 Perceived Opportunities

63

Opportunities


64

Opportunities

Absence of a board of directors or audit committees.

Weak, or nonexistent, internal controls

Unusual or complex transactions

65

Opportunities

Accounting estimates requiring significant subjective judgment by management.

Ineffective internal audit staffs



Rationalization (Just this one time)

(I will pay it back!)

Opportunities, Consequences,

Likelihood of Detection (Real or perceived)

67

Rationalizations

You would understand it if you knew how badly I needed it.

What I did was not that serious.

It was for a good cause.

No one will ever know.

68

Rationalizations

I occupy a very important position of trust. I am above the rules.

Everyone else is doing it, so it cannot be that wrong.

The company owes it to me, and I’m taking no more than is rightfully mine.

Fraud or Honesty?

Fraud Motivating ForcesSituational Pressures

Opportunities

Personal Characteristics (integrity)

(High)

(High)

(Low)

(Low)

(Low)

High

No Fraud

Fraud

71


Computer Fraud

72

Computer Fraud . . .

Computer fraud is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.

73


Unauthorized theft, use, access, modification, copying, and destruction of software or data.

Theft of money by altering computer records or the theft of computer time.

74


Theft or destruction of computer hardware.

Use or the conspiracy to use computer resources to commit a felony

Intent to illegally obtain information or tangible property through the use of computers.

75

Computer Fraud Classifications

Computer Fraud Classifications

78

Preventing and Detecting Computer Fraud

Make Fraud Less Likely to Occur

79

Fraud Prevention . . .

Use proper hiring and firing practices.

Manage disgruntled employees

Train employees in security and fraud prevention measures

80


Manage and track software licenses

Require signed confidentiality agreements

81


Increasing the difficulty of committing fraud

82


Develop a strong system of internal controls

Segregate duties

Require vacations and rotate duties.

83


Restrict access to computer equipment and data files

Encrypt data and programs

Protect telephone lines

84


Protect the system from viruses

Control sensitive data

Control laptop computers

Monitor hacker information

85


Improve detection methods

86


Conduct frequent audits

Use a computer security officer

Set up a fraud hot line

Use computer consultants

87


Monitor system activities

Use forensic accountants

Use fraud detection software

88


Other

89


Reduce Fraud Losses

Prosecute and Incarcerate Fraud Perpetrators

90


2002 Wells Report Survey Data

92


Strong internal controls (1.62)

Background checks on new employees (3.70)

Regular fraud audits (3.97)

Established fraud policies (4.08)

93


Willingness to prosecute (4.47)

Ethics training (4.86)

Anonymous fraud reporting mechanisms (5.02)

Workplace surveillance (6.07)

94


Survey Data 1996

95


Establish a corporate code of conduct (75%)

Reference checks on all new employees (65%)

Employment contracts (48%)

96


Review and improve internal controls (47%)

Perform fraud audit (42%)

Ethics training (41%)

Training in fraud prevention and detection (31%)

97


Surveillance equipment (30%)

Increased focus of senior management on the problem (29%)

Code of sanctions against suppliers/contractors (26%).

98


Increased role of audit committee (16%)

Staff rotation policy (11%)

1 computer fraud and security uaa – acct 316 accounting information systems dr. fred barbee

Documents

introduction fraud slide

security slide

fraud business fraud

gray directors slide

computer fraud

treadway commission

fred barbee slide

fraud process