Chapter 8 Review Questions
SHORT ANSWER Describe two kinds of fraud
Misappropriation of assets, or theft, by a person or group for personal financial gain is usually committed by employees. Fraudulent financial reporting is intentional or reckless conduct that results in materially misleading financial statements.
How does the U.S. Justice Department define computer fraud? A) As an illegal act in which knowledge of computer technology is essential. B) As an illegal act in which a computer is an integral part of the crime. C) As any crime in which a computer is used. D) As any act in which cash is stolen using a computer.
A
Insiders are frequently the ones who commit fraud because A) they know more about the system and its weaknesses than outsiders. B) they are less likely to get caught than outsiders. C) they are more dishonest than outsiders. D) they need money more than outsiders
A
ESSAY What characteristics must be presented for an act to be considered fraudulent? Give an example to support your answer.
A false statement, representation, or disclosure; a material fact, which is something that induces a person to act; an intent to deceive; a justifiable reliance; that is, the person relies on the misrepresentation to take an action; and an injury or loss suffered by the victim. Students' response may vary depending on the example that they provide.
SHORT ANSWER What characteristics must be presented for an act to be considered fraudulent? Give an example to support your answer.
A false statement, representation, or disclosure; a material fact, which is something that induces a person to act; an intent to deceive; a justifiable reliance; that is, the person relies on the misrepresentation to take an action; and an injury or loss suffered by the victim. Students' response may vary depending on the example that they provide.
Which situation below makes it easy for someone to commit a fraud? A) Placing excessive trust in key employees. B) Unclear company policies. C) Inadequate staffing within the organization. D) All of the above situations make it easy for someone to commit a fraud
D
Lapping is best described as the process of A) stealing small amounts of cash, many times over a period of time. B) applying cash receipts to a different customer's account in an attempt to conceal previous thefts of cash receipts. C) increasing expenses to conceal that an asset was stolen. D) inflating bank balances by transferring money among different bank accounts.
B
One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as A) lapping. B) kiting. C) concealment. D) misappropriation of assets.
B
________ is a simple, yet effective, method for catching or preventing many types of employee fraud. A) Requiring all employees to take a fraud prevention awareness course B) Requiring all employees to take annual vacations C) Monitoring all employees computer usage activities D) Explaining that fraud is illegal and will be severely punished to employees
B
Fraud perpetrators are often referred to as A) outlaws. B) blue-collar criminals. C) white-collar criminals. D) bad actors.
C
What is the primary difference between fraud and errors in financial statement reporting? A) The materiality of the misstatement B) The level of management involved C) The intent to deceive D) The type of transaction effected
C
Which of the following is the greatest risk to information systems and causes the greatest dollar losses? A) Computer crime B) Physical threats such as natural disasters C) Human errors and omissions D) Dishonest employees
C
ESSAY Explain the various computer fraud classifications using the data processing model. Provide an example foreach computer fraud classification.
Computer fraud can be classified into the following categories: data fraud, input fraud, processor fraud, computer instructions fraud, and output fraud. Illegally using, copying, browsing, searching, or harming company data constitutes data fraud. The simplest and most common way to commit a computer fraud is to alter or falsify computer input. Processor fraud includes unauthorized system use, including the theft of computer time and services. Computer instructions fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity. Unless properly safeguarded, displayed or printed output can be stolen, copied, or misused. Students answer may vary depending on the examples they used.
SHORT ANSWER Explain the various computer fraud classifications using the data processing model. Provide an example for each computer fraud classification.
Computer fraud can be classified into the following categories: data fraud, input fraud, processor fraud, computer instructions fraud, and output fraud. Illegally using, copying, browsing, searching, or harming company data constitutes data fraud. The simplest and most common way to commit a computer fraud is to alter or falsify computer input. Processor fraud includes unauthorized system use, including the theft of computer time and services. Computer instructions fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity. Unless properly safeguarded, displayed or printed output can be stolen, copied, or misused. Students answer may vary depending on the examples they used.
Computer systems are particularly vulnerable to computer fraud because A) computer fraud can be much more difficult to detect than other types of fraud. B) perpetrators can steal, destroy, or alter massive amount of data in very little time, often leaving little evidence. C) computer programs need to be modified illegally only once for them to operate improperly for as long as they are in use. D) all of the above
D
Downloading a master list of customers and selling it to a competitor is an example of A) output theft. B) fraudulent financial reporting. C) download fraud. D) data fraud.
D
Identify the opportunity below that could enable an employee to commit fraud. A) An employee's spouse loses her job. B) The employee is experiencing financial hardship. C) An employee is upset that he was passed over for a promotion. D) The company does not have a clear policies and procedures for the employee to follow.
D
Perhaps the most striking fact about natural disasters in relation to AIS controls is that A) disaster planning has largely been ignored in the literature. B) there are a large number of major disasters every year. C) losses are absolutely unpreventable. D) many companies in one location can be seriously affected at one time by a disaster
D
Sabotage is an example of a(n) ________ threat. A) natural and political disasters B) software errors and equipment malfunctions C) unintentional acts D) intentional acts (computer crimes)
D
Which of the following isnota way to make fraud less likely to occur? A) Adopt an organizational structure that minimizes the likelihood of fraud. B) Create an organizational culture that stresses integrity and commitment to ethical values. C) Effectively supervise employees. D) Create an audit trail so individual transactions can be traced.
D
SHORT ANSWER What are the actions recommended by the Treadway Commission to reduce the possibility of fraudulent financial reporting?
Establish an organizational environment that contributes to the integrity of the financial reporting process. Identify and understand the factors that lead to fraudulent financial reporting. Assess the risk of fraudulent financial reporting within the company. Design and implement internal controls to provide reasonable assurance that the fraudulent financial reporting is prevented.
ESSAY Why do fraudulent acts often go unreported and are therefore not prosecuted?
Most fraud cases go unreported and are not prosecuted for several reasons. Many cases of computer fraud are as yet still undetected. As new technology and methods become available to organizations, prior undetected fraud may be revealed in the future. A second reason is that companies are reluctant to report computer fraud and illegal acts simply because of bad publicity-a highly visible case can undermine consumer confidence in an organization such as a financial institution. Also, the fact that a fraud has occurred may indeed encourage others to attempt to commit further acts against the organization. It would seem that unreported fraud creates a false sense of security, as people think systems are more secure than they are in reality. Another reason for not reporting fraudulent acts is the fact that the court system and law enforcement is busy with violent crimes and criminals in its system. There is little time left to go after a crime where no physical harm is present. Also, the court system tends to treat teen hacking and cracking as "acts of childhood" rather than as serious crimes, this leads to many plea bargains when a computer fraud is brought to trial. Another reason is that a computer fraud case is difficult, costly, and time-consuming to investigate and prosecute. Before 1986, no federal law existed governing computer fraud. Law enforcement officials, lawyers, and judges generally lack the computer skills necessary to properly evaluate, investigate, and prosecute computer crimes. Sadly, when all is said and done a successful prosecution and conviction of computer fraud results in a very light sentence. All of these factors contribute to the under reporting and lack of prosecution of computer fraud crimes. Not everyone agrees on what constitutes computer fraud: •Many networks have a low level of security •Many Internet pages give instruction on how to carry out computer crimes •Law enforcement has difficulty keep up with the growing number of computer frauds •The total dollar value of losses from computer fraud is difficult to estimate.
ESSAY Explain the impact of SAS No. 99 on auditors' responsibilities.
SAS No. 99, effective December 2002, requires that auditors explicitly consider fraud risks when planning and performing an audit. Auditors must understand types and characteristics of fraud. Audit teams must review clients' financial statements for areas susceptible to fraud and communicate with each other during planning of the audit. Auditors must ask management and audit committee members about any past or current instances of fraud. Since many frauds involve revenue recognition, auditors must exercise special care and testing in examining revenue accounts. Audit procedures and testing must be tailored in response to fraud risk assessment. Auditors must evaluate the risk of management override of controls and any other indications of fraud occurrences. All audit procedures, testing and findings must be documented and communicated to management and the audit committee. Auditors must evaluate and recognize the impact of technology on fraud risks, as well as opportunities technology may provide to design fraud-auditing procedures.
ESSAY What are some of the distinguishing characteristics of fraud perpetrators?
Some distinguishing characteristics of fraud perpetrators are: they tend to spend their illegal income to support their lifestyle; once they begin it becomes harder to stop and they become bolder as each incident happens; once they start to rely on the ill-gotten gains, they become more greedy and sometimes careless and overconfident. In the case of computer criminals, they are often young and have substantial computer knowledge. About two-thirds are men and likely to be an employee of the firm from which they steal. Many are unhappy or disgruntled with their employer because they feel unappreciated and underpaid. Most have no previous criminal record
ESSAY A teller at a savings and loan drive-through accepted a cash payment from customer #1 for an auto loan. The teller appeared to process the payment, but told the customer the printer was jammed, and she can't print a receipt. The customer accepted the excuse and drove away. The teller pocketed the cash and wrote down customer #1's loan number and payment amount for future reconciling. A couple of days before customer #1'smonthly statement was printed, the teller recorded a cash payment from customer #2 as if it were made by customer #1. The teller pocketed the difference between the two payments. The teller continued to steal and misapply customer payments for the next two years without detection. Identify the type of fraud scheme described. Describe five controls you would implement to address the fraud risk, and label each control as preventive or detective.
The fraud appears to be misappropriation of assets that is being concealed with a lapping scheme. Controls would include: 1. rotation of duties (primarily detective) 2. mandatory vacations (primarily detective) 3. surveillance with cameras (primarily detective) 4. staggered statement printing schedules, unknown to tellers (detective) 5. sequentially prenumbered, duplicate receipts (detective) 6. segregation of duties between cash handling and recording (preventive) 7. encourage customers to utilize on-line banking for loan payments and to frequently check balances (detective)
SHORT ANSWER Describe some of the most frequent fraudulent financial reporting schemes
The most frequent fraudulent financial reporting schemes involve fictitiously inflating revenues, holding the books open (recognizing revenues before they are earned), closing the books early (delaying current expenses to a later period), overstating inventories or fixed assets, and concealing losses and liabilities.