ACIS 3504 Exam 2 Study Guide

Fraudulent Financial Reporting

"cooking the books" (booking fictitious revenue, overstating assets, etc.)

Vulnerabilities of computer systems

- Company databases can be huge and access privileges can be difficult to create and enforce. Consequently, individuals can steal, destroy, or alter massive amounts of data in very little time - Organizations often want employees, customers, suppliers, and others to have access to their system from inside the organization and without. This access also creates vulnerability - Computer programs only need to be altered once, and they will operate that way until the system is no longer in use or someone notices - Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control *It is hard to control physical access to each PC *PCs are portable, and if they are stolen, the data and access capabilities go with them *PCs tend to be located in user departments, where one person may perform multiple functions that should be segregated *PC users tend to be more oblivious to security concerns)

Flowcharts vs. DFDs

- DFDs place a heavy emphasis on the logical aspects of a system - Flowcharts place more emphasis on the physical characteristics of the system - Changes in the physical characteristics of the process do affect the flowchart but have little or no impact on the DFD - When deciding which tool to employ, consider the information needs of those who will view it

Commit (opportunity)

- Lack of internal controls - Failure to enforce controls (the most prevalent reason) - Excessive trust in key employees - Incompetent supervisory personnel - Inattention to details - Inadequate staff - Management may allow fraud by: Not getting involved in the design or enforcement of internal controls, inattention or carelessness, overriding controls, using their power to compel subordinates to carry out the fraud

Business Process Diagrams Symbols

- Small Circle = start/begin - Small Bolded Circle = end - Rounded Edge Rectangle = activity in process - Diamond = decision - Arrow = flow - Bolded Dash Arrow = annotated information

System Flowcharts Organization/Rules

- The system flowchart begins by identifying the inputs to the system - Each input is followed by a process, i.e., the steps performed on the data - The process is followed by outputs -the resulting new information

Guidelines for drawing flowcharts

- Understand the system you are trying to represent - Identify business processes, documents, data flows, and data processing procedures - Organize the flowchart so that it reads from top to bottom and left to right - Clearly label all symbols - Use page connectors (if it cannot fit on a single page) - Edit/review/refine to make it easy to read and understand

Benefits of visualizing data

- Visualized data is processed faster than written or tabular information - Visualizations are easier to use. Users need less guidance to find information with visualized data - Visualization supports the dominant learning style of the population because most learners are visual learners

Outlier

a data point, or a few data points, that lie an abnormal distance from other values in the data - Can be performed on qualitative data by first transforming the qualitative data into numbers

Level 0 diagram

a projection of the process on the Context diagram. It is like opening up that process and looking inside to see how it works (to show the internal sub-processes) - you repeat the external entities but you also expand the main process into its subprocesses (Also data stores will appear at this level)

Null hypothesis

a proposed explanation worded as a statement of equality

DFD Symbols

add picture

Completeness

does not omit aspects of events or activities, and of enough breadth and depth (Violation - an annual evaluation of vendor performance only contains 7 months of data)

Pressure

either employee pressure or financial statement pressure

Data Contradiction Errors

errors that exist when the same entity is described in two conflicting ways - Contradiction errors need to be investigated and resolved appropriately

Violated Attribute Dependencies

errors that occur when a secondary attribute in a row of data does not match the primary attribute

Type 2 Error

failure to reject a false null hypothesis

Employee fraud pressure

financial, emotional, or lifestyle pressure

Static graphics

graphics that stay the same and don't change (most prevalent type of visualization in business and the only ones that can be used in print)

Data Fraud

illegally using, copying, browsing, searching, or harming company data

Program Flowcharts Purpose

illustrates the sequence of logical operations performed in a computer in executing a program (also follow input - process - output) related to systems

Type 1 Error

incorrect rejection of a true null hypothesis

Orientation

information should be presented and able to be read in a horizontal fashion

Weighting

make colors darker, greater contrast, size, and density

Data Structuring

the process of changing the organization and relationships among data fields to prepare the data for analysis (includes aggregate data, data joining, and data pivoting)

Quantity

(goldilocks principle) axis increments, information in labeling of axis, improper use of too many colors, number of data points

Failing to consider the variation

(the spread of the data about a prediction) inherent in a model

Document flowcharts Organization/Rules

- All departments using the system (the parties who "do" things in the story/each department gets its own column) - All documents or information flows (must show where each document originates and its final disposition) - All processes performed on the documents

How do accountants use documentation?

- At a minimum, they have to read documentation to understand how a system works (auditors need to assess risk) - They may need to evaluate the strengths and weaknesses of an entity's internal controls (Requires heavy reliance on documentation) - They may prepare documentation to: Demonstrate how a proposed system would work or Demonstrate their understanding of a system of internal controls

Guidelines for creating a DFD

- Understand the system that you are trying to represent - A DFD is a simple representation meaning that you need to consider what is relevant and what needs to be included - Start with a high level (context diagram) to show how data flows between outside entities and inside the system. Use additional DFDs at the detailed level to show how data flows within the system - Identify and group all the basic elements of the DFD - Name data elements with descriptive names, use action verbs for processes (e.g., update, edit, prepare, validate, etc.) - Give each process a sequential number to help the reader navigate from the abstract to the detailed levels - Edit/Review/Refine your DFD to make it easy to read and understand

Preventing and Detecting fraud

1. Make fraud less likely to occur 2. Make it difficult to commit 3. Improve detection 4. Reduce fraud losses

Four threats to AIS

1. Natural and political disasters 2. Software errors and equipment malfunctions 3. Unintentional acts 4. Intentional acts

Three steps to creating a predictive analytical model

1. Select the target outcome 2. Find and prepare the appropriate data 3. Create and validate a model

Miracles, black holes

?

Program Relationship to System flowcharts

A diagram is drawn for every process (rectangle) on a system flowchart

Business Process Diagrams Purpose

A visual way to represent the activities in a business process and the intent is that all business users can easily understand the process from a standard notation (BPMN: business process modeling notation)

Types of visualization for Comparison

Bar chart or bullet chart

Business Process Diagrams Structure

Can show the organizational unit performing the activity

Purposes of the visualization

Comparison, correlation, distribution, trend evaluation, part-to-whole

Conceal (opportunity)

Concealing the fraud often takes more time and effort and leaves more evidence than the actual theft or misrepresentation and may include: - Charge a stolen asset to an expense account or to an account receivable that is about to be written off - Create a ghost employee who receives an extra paycheck - Lapping (A/R) or kiting (banks)

Problems with data analytics

Data overfitting, extrapolation beyond the range of data, and failing to consider the variation

Computer fraud

Exists if a computer is used to commit fraud. In using a computer, fraud perpetrators can steal: More of something, in less time, with less effort - They may also leave very little evidence, which can make these crimes more difficult to detect

Financial statement fraud pressure

Financial statement fraud is distinct from other types of fraud in that the individuals who commit the fraud are not the direct beneficiaries (The company is the direct beneficiary and the perpetrators are typically indirect beneficiaries) - Reasons: deceive investors/creditors, increase a company's stock price, meet cash flow needs, hide company losses or other problems

Knowledgeable insiders

Former and current employees who are much more likely than non-employees to perpetrate frauds (and big ones) against companies. - Largely owing to their understanding of the company's systems and its weaknesses, which enables them to commit the fraud and cover their tracks

How data analytics can be used to prevent and detect fraud

Fraud detection is much more effective when data analytics software tools are used to examine an entire data population - Using data analytics software, every transaction or item in the data can be compared against selected criteria and any items identified as anomalies, unusual, or unexpected could be tagged for human examination - Data analytics don't directly detect fraud (Experienced humans are needed to examine and understand any suspicious activities identified and to determine if fraud is involved) - There are benefits as well as challenges when using data analytics to prevent and detect fraud

Rationalization

Fraudsters do not regard themselves as unprincipled, they regard themselves as highly principled individuals. The only way they can commit their frauds and maintain their self image as principled individuals is to create rationalizations that recast their actions as "morally acceptable" behaviors. These rationalizations may include: - I was just borrowing the money - It wasn't really hurting anyone (corporations are often seen as non-persons, therefore crimes against them are not "hurting" anyone) - Everybody does it - I've worked for them for 35 years and been underpaid all that time. I wasn't stealing; I was only taking what was owed to me - I didn't take it for myself. I needed it to pay my child's medical bills

Types of visualization for Distribution

Histogram or box-plot

Classifications of Computer Fraud

Input fraud, processor fraud, computer instructions fraud, data fraud, and output fraud

Types of visualization for Trend Evaluation

Line chart or area chart

Two Categories of Fraud

Misappropriation of assets and fraudulent financial reporting

Types of visualization for Part-to-Whole

Pie chart or tree map

Fraud Triangle/Conditions for Fraud

Pressure, opportunity, and rationalization

Types of visualization for Correlation

Scatterplot or heatmap

Forms of visualizations

Static graphics, tables, videos, static models, dynamic models, etc.

Balancing

The level 0 diagram must "balance" with the Context diagram. This means they should both have the same external entities with the same flows to and from those entities

Comparison of 3 people groups

They found significant differences between violent and white-collar criminals and few differences between white-collar criminals and the general public

Dummy variables

a field containing only two different responses - typically 0 or 1 and may also be called a dichotomous variable

Data deception

a graphical depiction of information, designed with or without an intent to deceive, that may create a belief about the message and/or its components, which varies from the actual message). Prevent by: 1. Showing representations of numbers proportional to the reported number by starting at 0 on the y-axis 2. In vizs designed to depict trends, show time progressing from left to right on the x-axis 3. Present complete data given the context

Data Flow Diagram (DFD)

a process model that focuses on data flows, processes, sources and destinations of the data, and data stores (DFD are visually simple and can be used to represent the same process at a high abstract (summary) or detailed level)

Extrapolation beyond the range of data

a process of estimating a value that is beyond the data used to create the model

Alternative Hypothesis

a proposed explanation worded as a statement of inequality

Attributes of High-Quality Data

accuracy, completeness, consistency, timely, validity

Document flowcharts Symbols

add picture

Flowchart symbols

add picture

System Flowcharts Symbols

add picture

Data Entry Errors

all types of errors that come from inputting data incorrectly - They often occur in human data entry and can also be introduced by the computer system - They may be indistinguishable from data formatting and data consistency errors in an output data file

Ordering

alphabetically, ascending, descending, etc.

Input Fraud

alteration or falsifying input

Flowcharts

an analytical technique that describes some aspect of an information system in a clear, concise, and logical manner (use a set of standard symbols to depict processing procedures and the flow of data)

Exploratory data analysis

an approach that explores data without testing formal models or hypotheses

Fraud definition

any means a person uses to gain an unfair advantage over another person; includes: - A false statement, representation, or disclosure - A material fact, which induces a victim to act - An intent to deceive - Victim relied on the misrepresentation - Injury or loss was suffered by the victim - Fraud is a white collar crime

Visualization

any visual representation of data, such as a graph, diagram, or animation; called a viz for short

Emphasis

assuring the most important message is easily identifiable (highlighting, weighting, ordering)

Basic Statistical Tests

can be performed to validate the data

Accuracy

correct, free of error, and accurately represents events and activities (Violation - a sale occurred on Dec 27 but is recorded as occurring the following year on Jan 4)

Data Threshold Violations

data errors that occur when a data value falls outside an allowable level

Cryptic data values

data items that have no meaning without understanding a coding scheme

Validity

data measures what it is intended to measure, and conforms to syntax rules and requirements (Violation - there are only 7 unique job positions at a company but 9 different positions are attributed to employees... 2 answers are not valid)

Misfielded data values

data values that are correctly formatted but not listed in the correct field

System Flowcharts Purpose

depicts the data processing cycle for a process; describes the relationship between inputs, processing, and outputs of an AIS (They are a pictorial representation of automated processes and files)

Four categories of data analytics

descriptive, diagnostic, predictive, prescriptive

Diagnostic Analytics

informal and formal analyses can be conducted, informal diagnostic analysis builds on descriptive analytics - Diagnostic analytics can also be much more formal and employ confirmatory data analysis techniques

Data parsing

involves separating data from a single field into multiple fields - It is often an iterative process that relies heavily on pattern recognition

Prescriptive Analytics

it can be either recommendations to take or programmed actions a system can take based on predictive analytics results - It uses techniques such as artificial intelligence, machine learning, and other statistics to generate predictions - The key to being successful is the development of initial predictive models and then applying appropriate learning algorithms so those models continue to improve their recommendations over time

Distance

labeling sections with subheadings instead of a key, adding numerical label for data value, or create close distance between relevant comparison groups

Non-proportional display of data

making width of bar size smaller (inappropriate visual weights) or failing to label y axis to scale

Computer Instructions Fraud

modifying software, illegal copying of software, using software in an unauthorized manner, creating software to undergo unauthorized activities

Data Overfitting

occurs when a model is designed to fit training data very well but does not predict well when applied to other datasets

Audit a Sample

one of the best techniques for assuring data quality

Advanced Testing Techniques

possible with a deeper understanding of the content of data

Consistency

presented in same format over time (Violation - a company switches the denomination of amounts (thousands, millions, etc.) irregularly)

Timely

provided in time for decision makers to make decisions (Violation - customer purchasing metrics are 2 years old)

Ethical presentation

refers to avoiding the intentional or unintentional use of deceptive practices that can alter the user's understanding of the data being presented

Simplification

refers to making a visualization easy to interpret and understand (quantity, distance, orientation)

Auditor's Responsibility (via SAS No. 99)

requires auditors to: - Understand fraud - Discuss the risks of material fraudulent misstatements - Obtain information - Identify, assess, and respond to risks - Evaluate the results of their audit tests - Document and communicate findings - Incorporate a technology focus

Sarbanes-Oxley Act (SOX)

requires management to assess internal controls and auditors to evaluate the assessment

SAS-94

requires that auditors understand the automated and manual procedures an entity uses - This understanding can be gleaned through documenting the internal control system ~ a process that effectively exposes strengths and weaknesses of the system

Data pivoting

rotating data from rows to columns

Document flowcharts Purpose

shows the flow of documents and data between departments or units, useful in evaluating internal controls

Three types of design principles

simplification, emphasis, and ethical presentation

Output Fraud

stealing, copying, or misusing computer printouts or displayed information

Confirmatory data analysis

tests a hypothesis and provides statistical measures of the likelihood that the evidence (data) refutes or supports a hypothesis

Data concatenation

the combining of data from two or more fields into a single field - It is often used to create a unique identifier for a row

Context diagram

the highest level of DFD - Provides a summary-level view of the system - Depicts a data processing system and the external entities that are: sources of its input and destinations of its output - The process symbol is numbered with a "0"

Opportunity

the opening or gateway that allows an individual to commit the fraud, conceal the fraud, and convert the proceeds

Aggregate data

the presentation of data in a summarized form

Data consistency

the principle that every value in a field should be stored in the same way

Data De-Duplication

the process of analyzing data and removing two or more records that contain identical information

Data validation

the process of analyzing data to make certain the data has the properties of high-quality data - It is both a formal and informal process - It is an important precursor to data cleaning - The techniques used to validate data can be thought of as a continuum from simple to complex

Data joining

the process of combining different data sources

Visual Inspection

the process of examining data using human vision to see if there are problems

Data Filtering

the process of removing records or fields of information from a data source

Data Imputation

the process of replacing a null or missing value with a substituted value - It only works with numeric data

Data Standardization

the process of standardizing the structure and meaning of each data element so it can be analyzed and used in decision making - It is particularly important when merging data from several sources - It may involve changing data to a common format, data type, or coding scheme - It encompasses ensuring the information is contained in the correct field and the fields are organized in a useful manner

Data cleaning

the process of updating data to be consistent, accurate, and complete - Dirty data is data that is inconsistent, inaccurate, or incomplete - To be useful, dirty data must be cleaned

Choosing the right visualization

the right type of visualization strengthens the ability of the viz to communicate effectively

Misappropriation of Assets

theft of company assets which can include physical assets (cash, inventory, etc.) and digital assets (intellectual property such as protected trade secrets, customer data)

Training and test datasets

this is important in creating and validating a model

White-collar criminals

those who commit fraud

Processor Fraud

unauthorized system use

Convert (opportunity)

unless the target of the theft is cash, then the stolen goods must be converted to cash or some form that is beneficial to the perpetrator - Checks can be converted through alterations, forged endorsements, check washing, etc. - Non-cash assets can be sold (online auctions are a favorite form) or returned to the company for cash

Descriptive Analytics

uses exploratory data analysis techniques*

Predictive Analytics

uses historical data to find patterns likely to manifest themselves in the future - The more data, the better chance of finding patterns

Highlighting

using colors in specific places by only using color in some places