1 computer fraud and security uaa – acct 316 accounting information systems dr. fred barbee
TRANSCRIPT
1
Computer Fraud and Security
UAA – ACCT 316 Accounting Information Systems Dr. Fred Barbee
Computer Fraud and Security
3
What’s an Oxymoron???
4
Interesting Oxymorons
Advanced BASIC
Airline food
Government organization
Sanitary landfill
5
Scarey Oxymorons
Computer security
Business Ethics
6
Blatant Oxymorons
Microsoft Works
7
Introduction
Business Ethics
8
Ethics
“Our ethical standards come out of the past – out of our inheritance as a people; religions, philosophical, historical. And the more we know of that past, the more sure-footedly we can inculcate ethical conduct in the future.”
John Akers, Former Chairman of the Board and CE0 of IBM
9
Business Ethics
Ethics pertains to the principles of conduct that individuals use in making choices, and
guiding their behavior
in situations that involve the concepts of right and wrong.
11
Introduction
Fraud
12
What is Fraud
Fraud is any and all means a person uses to gain an unfair advantage over another person.
13
In the Business Environment
Fraud is intentional deception,misappropriation of a company’s
assets, or manipulation of its financial data
to the advantage of the perpetrator.
14
Common Law Definition
Intentional deception, such as the misrepresentation, concealment, or nondisclosure of a material fact,
that results in injury to another.
15
Fraud
Business fraud typically comes at two levels:Employee fraud
Management fraud
16
Characteristics of Employee Fraud
Designed to directly convert cash or other assets to personal benefit.
Typically circumvents the firm’s internal control system for personal gain.
Usually involves three steps which the text refers to as “the Fraud Process.”
17
Characteristics of Management Fraud
Fraud is perpetrated at levels of management above the one which internal control structures typically target.
Usually involves using the financial statements to create the illusion that the firm is doing better than it really is.
18
Characteristics of Management Fraud
If the fraud involves misappropriation of assets, it frequently is shrouded in a maze of complex business transactions, often involving third parties.
19
Fraudulent Financial Reporting
The Treadway Commission
20
The Studies . . .
Report of the National Commission on Fraudulent Financial Reporting (1981-1986)
Fraudulent Financial Reporting: 1987-1997 – An analysis of U.S. Public Companies
21
The Findings . . .
Top senior executives were frequently involved.CEO 72% of cases
CFO 43% of cases
CEO/CFO 83% of cases
22
The Findings . . .
Most audit committees only met about once a year (or the firm had no audit committee).
Boards of Directors dominated by “insider” and “gray” directors
23
The Findings . . .
Family relationships among directors and/or officers were fairly common.
24
Fraudulent Financial Reporting
Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
25
Committee Recommendations
1. Establish an organizational environment that contributes to the integrity of the financial reporting process.
2. Identify and understand the factors that lead to fraudulent financial reporting.
26
Committee Recommendations
3. Assess the risk of fraudulent financial reporting within the company.
4. Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented.
27
Let’s Take a Slight Detour
28
What are the Common Law Requirements for Fraud?
29
Common Law Requirements
1. There must be a false statement or a nondisclosure
2. A fact must be a substantial factor in inducing someone to act
3. There must be intent to deceive
30
Common Law Requirements
4. The misrepresentation must have resulted in justifiable reliance upon information, which caused someone to act.
5. The misrepresentation must have caused injury or loss.
31
Is Fraud a Problem?
ACFE 2002 Report to the Nation
Occupational Fraud and Abuse
At the Sources of Fraud
At the Duration of the schemes
How Were They Detected?
Fraud Prevention Measures
53
Now, Back to the Text
The Fraud Process
55
Computer Fraud and Security
Why Fraud Occurs
Pressure (Real or Perceived)
The Fraud Triangle(Why Good People Do The Wrong Thing)
Table 9-1 Pressures that Can Lead to Fraud
58
Situational Pressures
The Treadway Commission
59
Situational Pressures
Sudden decreases in revenue or market share.
Unrealistic budget pressures, particularly for short-term results.
60
Situational Pressures
Financial pressure resulting from bonus plans that depend on short-term economic performance.
Pressure (Real or Perceived)
Opportunities, Consequences,
Likelihood of Detection (Real or perceived)
The Fraud Triangle(Why Good People Do The Wrong Thing)
Table 9-2 Perceived Opportunities
63
Opportunities
The Treadway Commission
64
Opportunities
Absence of a board of directors or audit committees.
Weak, or nonexistent, internal controls
Unusual or complex transactions
65
Opportunities
Accounting estimates requiring significant subjective judgment by management.
Ineffective internal audit staffs
The Fraud Triangle(Why Good People Do The Wrong Thing)
Pressure (Real or Perceived)
Rationalization (Just this one time)
(I will pay it back!)
Opportunities, Consequences,
Likelihood of Detection (Real or perceived)
67
Rationalizations
You would understand it if you knew how badly I needed it.
What I did was not that serious.
It was for a good cause.
No one will ever know.
68
Rationalizations
I occupy a very important position of trust. I am above the rules.
Everyone else is doing it, so it cannot be that wrong.
The company owes it to me, and I’m taking no more than is rightfully mine.
Fraud or Honesty?
Fraud Motivating ForcesSituational Pressures
Opportunities
Personal Characteristics (integrity)
(High)
(High)
(Low)
(Low)
(Low)
High
No Fraud
Fraud
71
Computer Fraud and Security
Computer Fraud
72
Computer Fraud . . .
Computer fraud is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.
73
Computer Fraud . . .
Unauthorized theft, use, access, modification, copying, and destruction of software or data.
Theft of money by altering computer records or the theft of computer time.
74
Computer Fraud . . .
Theft or destruction of computer hardware.
Use or the conspiracy to use computer resources to commit a felony
Intent to illegally obtain information or tangible property through the use of computers.
75
Computer Fraud Classifications
Computer Fraud Classifications
78
Preventing and Detecting Computer Fraud
Make Fraud Less Likely to Occur
79
Fraud Prevention . . .
Use proper hiring and firing practices.
Manage disgruntled employees
Train employees in security and fraud prevention measures
80
Fraud Prevention . . .
Manage and track software licenses
Require signed confidentiality agreements
81
Preventing and Detecting Computer Fraud
Increasing the difficulty of committing fraud
82
Fraud Prevention . . .
Develop a strong system of internal controls
Segregate duties
Require vacations and rotate duties.
83
Fraud Prevention . . .
Restrict access to computer equipment and data files
Encrypt data and programs
Protect telephone lines
84
Fraud Prevention . . .
Protect the system from viruses
Control sensitive data
Control laptop computers
Monitor hacker information
85
Preventing and Detecting Computer Fraud
Improve detection methods
86
Fraud Prevention . . .
Conduct frequent audits
Use a computer security officer
Set up a fraud hot line
Use computer consultants
87
Fraud Prevention . . .
Monitor system activities
Use forensic accountants
Use fraud detection software
88
Preventing and Detecting Computer Fraud
Other
89
Fraud Prevention . . .
Reduce Fraud Losses
Prosecute and Incarcerate Fraud Perpetrators
90
Preventing and Detecting Computer Fraud
2002 Wells Report Survey Data
92
Fraud Prevention . . .
Strong internal controls (1.62)
Background checks on new employees (3.70)
Regular fraud audits (3.97)
Established fraud policies (4.08)
93
Fraud Prevention . . .
Willingness to prosecute (4.47)
Ethics training (4.86)
Anonymous fraud reporting mechanisms (5.02)
Workplace surveillance (6.07)
94
Preventing and Detecting Computer Fraud
Survey Data 1996
95
Fraud Prevention . . .
Establish a corporate code of conduct (75%)
Reference checks on all new employees (65%)
Employment contracts (48%)
96
Fraud Prevention . . .
Review and improve internal controls (47%)
Perform fraud audit (42%)
Ethics training (41%)
Training in fraud prevention and detection (31%)
97
Fraud Prevention . . .
Surveillance equipment (30%)
Increased focus of senior management on the problem (29%)
Code of sanctions against suppliers/contractors (26%).
98
Fraud Prevention . . .
Increased role of audit committee (16%)
Staff rotation policy (11%)