Chapter 8: Fraud and Errors
Define Computer Fraud
Any type of fraud that requires computer technology to perpetrate.
Define White Collar Criminal
businessperson who resorts to trickery or cunning crimes usually involve violation of trust or confidence
Define Corruption
dishonesties conduct by those in power which often involves actions that are illegitimate or immoral (ex: bribery)
Examples of input fraud
employee sold customers full price tickets and entered them as half price and pocketed the rest railroad employees entered data to scrap more than 200 cars. removed cars, painted and then resold them
Most frequent fraudulent financial reporting involve
fictitiously inflating revenues, holding the books open (recognizing revenues before they are earned), closing the books early (delaying current expenses to a later period), overstating inventories or fixed assets, and concealing losses and liabilities
Data Fraud
illegally using, copying, browsing, searching, or harming company data
Define Sabotage
intentional act where the intent is to destroy a system or some of its components
Fraud detection is much more effective when data analytics software tools are used to examine entire ____
population
Examples of Software errors and equipment malfunctions
power outages errors or bugs operating system crashes
Elements of fraud triangle
pressure opportunities rationalization
Examples of intentional acts
sabatoge misrepresentation false use fraud
For Fraud taking ____ is not very effective
samples
5 elements for there to legally be an act of fraud
1) Fals Statement, representation, or disclosure 2) Material Fact - induces a person to act 3) Intent to deceive 4) Justifiable reliance, relies on misrepresentation 5) Injury or Loss by victim
Examples of misappropriation of assets (page 229)
-stealing assets -paying for goods and services not received by the company -embezzling cash received - approving bad loans
SAS No. 99 requires auditors to:
-understand fraud -discuss the risks of material fraudulent misstatements -obtain information -identify, assess, and respond to risks -evaluate the results of their audit tests -document and communicate findings -incorporate a technology focus
Examples of processor fraud
1) An insurance company installed software to detect abnormal system activity and found that employees were using company computers to run an illegal gambling website. 2) Two accountants without the appropriate access rights hacked into Cisco's stock option system, transferred more than $6.3 million of Cisco stock to their brokerage accounts, and sold the stock.
Treadway Commission recommended 4 actions to reduce fraudulent financial reporting:
1) Establish an organizational environment that contributes to teh integrity of financial reporting process 2) Identify and understand the factors that lead to fraudulent financial reporting 3) Assess the risk of fraudulent financial reporting within the company 4) Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting
Challenges to use data analytics to prevent and detect fraud (7)
1) Properly coping out what data or account is to be tested 2) obtaining proper data in clean and electronic format 3) large numbers false positives 4) various software systems 5) data security 6) cost of acquiring data 7) fraud perpetrators concealing activities
Benefits to using data analytics to prevent and detect fraud (6)
1) Test for most frequent types of fraud schemes 2) examines data reactively or proactively 3) identify fraud before it becomes material 4) help investigators focus detection efforts on suspicious and high risk transactions 5) analyze numeric and non-numeric data and compare data from internal and external sources 6) test internal controls to determine how well they are working
Example of data fraud
1) The office manager of a Wall Street law firm sold information to friends and relatives about prospective mergers and acquisitions found in Word files. They made several million dollars trading the securities. 2) A 22-year-old Kazakh man broke into Bloomberg's network and stole account information, including that of Michael Bloomberg, the mayor of New York and the founder of the financial news company. He demanded $200,000 in exchange for not using or selling the information. He was arrested in London when accepting the ransom.
Ways to improve detection methods
1) fraud risk assessment program 2) audit trail 3) periodicity external and internal audits 4) fraud detection software 5) fraud hotline 6) motivation to report fraud 7) computer security officer 8) monitor system activities
Ways to reduce losses from fraud and errors
1) maintain adequate insurance 2) develop comprehensive contingency, disaster recovery and business continuity plans 3) store backup copies of program and data files in a secure off site location 4) use software to monitor system activity and recover from the different types of threats
ways to make fraud and errors less likely to occur
1) organization culture that stresses integrity and ethics 2) structure, management philosophy, and style that minimizes likelihood of fraud 3) Obtain board of director and C level buy-in and support for the corporate application of security standards 3)Assign authority and responsibility for business objectives to specific departments and individuals 4) identify the events that led to increased fraud and take steps to prevent 5) comprehensive set of security policies 6) corporate security standards are applied to all new technology before implemented 7) HR policies 8) anti fraud policies 9) supervising employees 10) company code of conduct 11) train employees in integrity 12) increase penalty
Way stop increase the difficulty in committing fraud (9)
1) strong system of internal controls 2) segregate functions 3)authorization for transactions 4) properly designed documents and records 5) safeguard all assets 6) independent checks 7) computer based controls 8) encryption 9) fix software vulnerabilities
Define Pressure
A person's incentive or motivation for committing fraud.
Examples of Unintentional Acts
Accidents caused by human carelessness innocent errors lost data logic errors systems that don't meet company needs
Define Fraud
Any an all means a person uses to gain an unfair advantage over another person
Opportunity allows a perpetrator to do three things
Commit the fraud conceal the fraud convert theft or misrepresentation to personal gain
Define Lapping
Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable.
Define Check Kiting
Creating cash using the lag between the time a check is deposited and the time it clears the bank.
Example of Natural and Political Disasters
Fire Flood War/Terrorism
Fraudulent Financial Reporting
Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
Outlier Detection
Items outside the range of similar data can indicate fraud, such as a purchase or sales order number out of sequence. To combat fraud, some banks will notify users of a check number significantly out of order.
Define Cookie
a text file created by a website that is stored on a visitors hard drive Store info about the user and what they've done on the site
Investment Fraud
Misrepresenting or leaving out facts in order to promote an investment that promises fantastic profits with little or no risk. *Examples include Ponzi schemes and securities fraud.
4 threats to AIS
Natural and Political Disasters Software errors and equipment malfunctions Unintentional Acts Intentional Acts
Why is computer fraud increasing rapidly? (7)
Not everyone agrees on what constitutes computer fraud many instances of computer fraud go undetected high % of fraud is not reported many networks are not secure Internet sites offer step by step instructions on how to perpetrate computer fraud and abuse Law enforcement cannot keep up with growth of computer fraud calculating losses is difficult
Regression Analysis
This statistical method helps evaluate how strong the connection is between two or more data items. For example, there may be a historical relationship between shipping costs and sales. If sales were to increase dramatically without a corresponding increase in shipping costs, that might indicate fictitious sales.
Define Opportunity
The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain.
Define Rationalization
The excuse that fraud perpetrators use to justify their illegal behavior.
Most significant contributing factor in most misappropriations I the
absence of internal controls or failure to enforce existing internal controls
Examples of computer fraud
Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data. Theft of assets covered up by altering computer records. Obtaining information or tangible property illegally using computers.
Semantic Modeling
Using semantic analysis, investigators can analyze both structured and unstructured text for hidden clues to fraudulent activity. For example, computers can analyze reports written by those involved in an automobile insurance claim (policy holders, claims adjusters, insurance agents, and police) to see if there are inconsistencies that might indicate a fraudulent claim.
Computer Instructions Fraud
tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity
Input Fraud
the simplest and most common way to commit a computer fraud is to alter or falsify computer input
Misappropriation of Assets
theft of company assets by employees
Processor Fraud
unauthorized system use, including the theft of computer time and services
Output Fraud
unless properly safeguarded, displayed or printed output can be stolen, copied, or misused
Anomaly Detection
using trends and patterns Anything unexpected, out of the ordinary, or not in line with expected trends or patterns can indicate fraud. One way to perpetrate cash disbursements fraud is to begin making payments to an inactive vendor. Examining this new activity might uncover a fraud.
