Kế toán kiểm toán - Chapter 9: Computer fraud

This chapter describes the fraud process. It also explores the reasons that fraud occurs. The chapter also describes the approaches to computer fraud and the specific techniques used to commit it. Finally, several methods to deter and detect fraud are analyzed.

ppt45 trang | Chia sẻ: thuychi20 | Lượt xem: 744 | Lượt tải: 0download
Bạn đang xem trước 20 trang tài liệu Kế toán kiểm toán - Chapter 9: Computer fraud, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Accounting Information Systems 9th EditionMarshall B. Romney Paul John Steinbart9-1©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer FraudChapter 99-2©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartLearning ObjectivesDescribe fraud and describe the process one follows to perpetuate a fraud.Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.Compare and contrast the approaches and techniques that are used to commit computer fraud.Describe how to deter and detect computer fraud.3©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartIntroductionJason Scott finished his tax return.Everything was in order except his withholding amount.For some reason, the federal income tax withholdings on his final paycheck was $5 higher than on his W-2 form.What did he discover?4©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartIntroductionMost of the 1,500 company employees had a $5 discrepancy between their reported withholdings and the actual amount withheld.The W-2 of Don Hawkins, one of the programmers in charge of the payroll system, showed that thousands of dollars more in withholding had been reported to the IRS than had been withheld from his paycheck.5©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartIntroductionWhat constitutes a fraud, and is the withholding problem a fraud?If this is indeed a fraud, how was it perpetrated?6©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartIntroductionWhy did the company not catch these mistakes earlier?Was there a breakdown in controls?What can the company do to detect and prevent fraud?Just how vulnerable are computer systems to fraud?7©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartIntroductionThis chapter describes the fraud process.It also explores the reasons that fraud occurs.The chapter also describes the approaches to computer fraud and the specific techniques used to commit it.Finally, several methods to deter and detect fraud are analyzed.8©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartLearning Objective 1 Understand what fraud is and the process one follows to perpetuate a fraud.9©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Fraud ProcessMost frauds involve three steps.The theft ofsomethingThe conversionto cashTheconcealment10©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Fraud ProcessWhat is a common way to hide a theft?to charge the stolen item to an expense accountWhat is a payroll example?to add a fictitious name to the company’s payroll11©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Fraud ProcessWhat is lapping?In a lapping scheme, the perpetrator steals cash received from customer A to pay its accounts receivable.Funds received at a later date from customer B are used to pay off customer A’s balance, etc.12©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Fraud ProcessWhat is kiting?In a kiting scheme, the perpetrator covers up a theft by creating cash through the transfer of money between banks.The perpetrator deposits a check from bank A to bank B and then withdraws the money.13©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Fraud ProcessSince there are insufficient funds in bank A to cover the check, the perpetrator deposits a check from bank C to bank A before his check to bank B clears.Since bank C also has insufficient funds, money must be deposited to bank C before the check to bank A clears.The scheme continues to keep checks from bouncing.14©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartLearning Objective 2 Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.15©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartWhy Fraud OccursResearchers have compared the psychological and demographic characteristics of three groups of people:White-collarcriminalsViolentcriminalsGeneralpublicFew differencesSignificant differences16©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartWhy Fraud OccursWhat are some common characteristics of fraud perpetrators?Most spend their illegal income rather than invest or save it.Once they begin the fraud, it is very hard for them to stop.They usually begin to rely on the extra income.17©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartWhy Fraud OccursPerpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills.Some computer fraud perpetrators are more motivated by curiosity and the challenge of “beating the system.”Others commit fraud to gain stature among others in the computer community.18©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartWhy Fraud OccursThree conditions are necessary for fraud to occur:A pressure or motiveAn opportunityA rationalization19©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPressuresWhat are some financial pressures?living beyond meanshigh personal debt“inadequate” incomepoor credit ratingsheavy financial losseslarge gambling debts20©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPressuresWhat are some work-related pressures?low salarynonrecognition of performancejob dissatisfactionfear of losing joboveraggressive bonus plans21©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPressuresWhat are other pressures?challengefamily/peer pressureemotional instabilityneed for power or controlexcessive pride or ambition22©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartOpportunitiesAn opportunity is the condition or situation that allows a person to commit and conceal a dishonest act.Opportunities often stem from a lack of internal controls.However, the most prevalent opportunity for fraud results from a company’s failure to enforce its system of internal controls.23©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartRationalizations Most perpetrators have an excuse or a rationalization that allows them to justify their illegal behavior.What are some rationalizations?The perpetrator is just “borrowing” the stolen assets.The perpetrator is not hurting a real person, just a computer system.No one will ever know.24©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartLearning Objective 3 Compare and contrast the approaches and techniques that are used to commit computer fraud.25©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer FraudThe U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.What are examples of computer fraud?unauthorized use, access, modification, copying, and destruction of software or data26©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer Fraudtheft of money by altering computer records or the theft of computer timetheft or destruction of computer hardwareuse or the conspiracy to use computer resources to commit a felonyintent to illegally obtain information or tangible property through the use of computers27©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Rise in Computer FraudOrganizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud.28©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartThe Rise in Computer Fraud No one knows for sure exactly how much companies lose to computer fraud. Why?There is disagreement on what computer fraud is.Many computer frauds go undetected, or unreported.Most networks have a low level of security.Many Internet pages give instructions on how to perpetrate computer crimes.Law enforcement is unable to keep up with fraud.29©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer Fraud ClassificationsComputerinstruction fraudProcessor fraudData fraudInputfraudOutputfraud30©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer Fraud and Abuse Techniques What are some of the more common techniques to commit computer fraud?CrackingData diddlingData leakageDenial of service attackEavesdroppingE-mail forgery and threats31©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer Fraud and Abuse TechniquesHackingInternet misinformation and terrorismLogic time bombMasquerading or impersonationPassword crackingPiggybackingRound-downSalami technique32©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartComputer Fraud and Abuse TechniquesSoftware piracyScavengingSocial engineeringSuperzappingTrap doorTrojan horseVirus Worm33©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartLearning Objective 4 Describe how to deter and detect computer fraud.34©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer Fraud What are some measures that can decrease the potential of fraud?Make fraud less likely to occur.Increase the difficulty of committing fraud.Improve detection methods.Reduce fraud losses.Prosecute and incarcerate fraud perpetrators.35©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudMake fraud less likely to occur.Use proper hiring and firing practices.Manage disgruntled employees.Train employees in security and fraud prevention.Manage and track software licenses.Require signed confidentiality agreements.36©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudIncrease the difficulty of committing fraud.Develop a strong system of internal controls.Segregate duties.Require vacations and rotate duties.Restrict access to computer equipment and data files.Encrypt data and programs.37©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudImprove detection methods.Protect telephone lines and the system from viruses.Control sensitive data.Control laptop computers.Monitor hacker information.38©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudReduce fraud losses.Maintain adequate insurance.Store backup copies of programs and data files in a secure, off-site location. Develop a contingency plan for fraud occurrences.Use software to monitor system activity and recover from fraud.39©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudProsecute and incarcerate fraud perpetrators.Most fraud cases go unreported and unprosecuted. Why?Many cases of computer fraud are as yet undetected.Companies are reluctant to report computer crimes.40©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartPreventing and Detecting Computer FraudLaw enforcement officials and the courts are so busy with violent crimes that they have little time for fraud cases.It is difficult, costly, and time consuming to investigate.Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes.41©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartCase ConclusionWhat did Jason present to the president?A copy of his own withholding report filed with the IRS and a printout of withholdings from the payroll records.42©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartCase ConclusionHow did Jason believe the fraud was perpetrated?The payroll system had undergone some minor modifications.The payroll project had been completed without the usual review by other systems personnel.An unusual code subtracted $5 from most employees’ withholdings and added it to Don’s.43©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartCase ConclusionWhat guidelines should Jason suggest to prevent this from happening again?Strictly enforce existing controls.New controls should be put into place to detect fraud.Employees should be trained in fraud awareness, security measures, and ethical issues.Jason also urged the president to prosecute the case.44©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/SteinbartEnd of Chapter 945©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

Các file đính kèm theo tài liệu này:

  • pptais09_7154_5441.ppt