chapter 5, 7, 8, 9, 10
the Association of Certified Fraud Examiners estimates total global fraud losses to be more than
$2.9 trillion a year
SAS No. 99
- evaluate the results of audit tests - incorporate a technology focus - discuss the risks of material fraudulent misstatements
the AICPA focuses specifically on ___ aspects of information systems controls
5
The Public Company Accounting Oversight Board consists of
5 members
the Computing Technology Industry Association estimates that human errors cause __% of security problems.
80
money from new investors is used to pay off earlier investors
Ponzi scheme
cross-footing balance test
a processing control which verifies accuracy by comparing two alternative ways of calculating the same total
the simplest and most common way to commit a computer fraud is to
alter computer input
transposition error
an error that results when numbers in two adjacent columns are inadvertently exchanged (for example, 64 is written as 46).
closed-loop verification
an input validation method that uses data entered into the system to retrieve and display other related information so that the data entry person can verify the accuracy of the input data
validity check
compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists. For example, if product number 65432 is entered on a sales order, the computer must verify that there is indeed a product 65432 in the inventory database
Objective that involves parties external to the organization
compliance objectives
Components of COSO
control (internal) environment risk assessment control activities information and communication monitoring
reasonableness test
determines the correctness of the logical relationship between two data items. For example, overtime hours should be zero for someone who has not worked the maximum number of regular hours in a pay period.
field check
determines whether the characters in a field are of the proper type. For example, a check on a field that is supposed to contain only numeric values, such as a U.S. Zip code, would indicate an error if it contained alphabetic characters.
sign check
determines whether the data in a field have the appropriate arithmetic sign. For example, the quantity-ordered field should never be negative.
ways to prevent and detect computer fraud include
developing a strong system of internal controls and installing fraud detection software
detective controls
discover problems that are not prevented
size check
ensures that the input data will fit into the assigned field. For example, the value 458,976,253 will not fit in a eight-digit field.
third ERM component
event identification
the pressures that can lead to employee fraud include:
fear of losing job, family or peer pressure
True:
for an act to be fraudulent there must be a false statement, representation, or disclosure
False:
fraud perpetrators are often referred to as management fraud
type of fraud associated with 50% of all auditor lawsuits
fraudulent financial reporting
this causes the majority of computer security problems
human errors
corrective controls
identify and correct problems as well as correct and recover from the resulting errors
internal control factors that provide an opportunity for employee and financial statement fraud includes
inadequate supervision
what will reduce fraud losses once fraud has occurred
insurance, regular backup of data and programs, contingency plan
Most important component of the ERM
internal environment
fraud in which the perpetrator creates cash by transferring money between banks
kiting
fraud in which later payments on account are used to pay off earlier payments that were stolen
lapping
general controls
make sure an organization's control environment is stable and well managed
employee fraud
misappropriation of assets
computer fraud is increasing rapidly due to the fact that:
not everyone agrees on what constitutes computer fraud, many computer frauds go undetected, the total dollar value of losses is difficult to calculate
example of computer fraud #2
obtaining information illegally using a computer
the three conditions that are present when fraud occurs:
opportunity, pressure, rationalization
control procedure most likely to deter lapping
periodic rotation of duties (rotating duties such that the perpetrator does not have access to the necessary accounting records will most likely result in the fraud's discovery)
application controls
prevent, detect, and correct transaction errors and fraud in application programs.
type of internal controls that finds the problem before it occurs
preventive controls
the five principles that contribute to the overall objective of systems reliability
processing integrity, security, confidentiality, privacy, availability
false:
psychological profiles of white-collar criminals are significantly different from those of the general public
_____ is a simple, yet effective, method for catching or preventing many types of employee fraud
requiring all employees to take annual vacations
involves stealing tiny slices of money over a period of time
salami technique
most important, basic, and effective control to deter fraud
segregation of duties (it makes it difficult for any single employee to both commit and conceal a fraud)
operating system crashes is an example of:
software errors and equipment malfunctions
corporate objective based on a company's mission statement
strategic objectives
financial total
sums a field that contains monetary values, such as the total dollar amount of all sales for a batch of sales transactions
hash total
sums a nonfinancial numeric field, such as the total of the quantity-ordered field in a batch of sales transactions
limit check
tests a numerical amount against a fixed value. For example, the regular hours-worked field in weekly payroll input must be less than or equal to 40 hours.
range check
tests whether a numerical amount falls between predetermined lower and upper limits. For example, a marketing promotion might be directed only to prospects with incomes between $50,000 and $99,999
record count
the number of records in a batch
batch totals
the sum of a numerical item for a batch of documents, calculated prior to processing the batch, when the data are entered, and subsequently compared with computer-generated totals after each processing step to verify that the data was processed correctly.
example of computer fraud #1
theft of money by altering computer records
example of computer fraud #3
unauthorized modification of a software program
completeness check (or test)
verifies that all required data items have been entered. For example, sales transaction records should not be accepted for processing unless they include the customer's shipping and billing addresses.
