Computer Fraud Chapter Copyright © 2015 Pearson Education, Inc 5-1 Learning Objectives • Explain the threats faced by modern information systems • Define fraud and describe both the different types of fraud and the process one follows to perpetuate a fraud • Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds • Define computer fraud and discuss the different computer fraud classifications • Explain how to prevent and detect computer fraud and abuse Copyright © 2015 Pearson Education, Inc 5-2 Threats to AIS • Natural and Political disasters • Software errors and equipment malfunctions • Unintentional acts • Intentional acts Copyright © 2015 Pearson Education, Inc 5-3 Fraud • Any means a person uses to gain an unfair advantage over another person; includes: ▫ ▫ ▫ ▫ ▫ A false statement, representation, or disclosure A material fact, which induces a victim to act An intent to deceive Victim relied on the misrepresentation Injury or loss was suffered by the victim Fraud is white collar crime Copyright © 2015 Pearson Education, Inc 5-4 Two Categories of Fraud • Misappropriation of assets ▫ Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data) • Fraudulent financial reporting ▫ “cooking the books” (e.g.,booking fictitious revenue, overstating assets, etc.) Copyright © 2015 Pearson Education, Inc 5-5 Conditions for Fraud These three conditions must be present for fraud to occur: • Pressure ▫ Employee  Financial  Lifestyle  Emotional ▫ Financial Statement  Financial  Management  Industry conditions Copyright © 2015 Pearson Education, Inc • Opportunity to: ▫ Commit ▫ Conceal ▫ Convert to personal gain • Rationalize ▫ Justify behavior ▫ Attitude that rules don’t apply ▫ Lack personal integrity Fraud Triangle Copyright © 2015 Pearson Education, Inc 5-7 Computer Fraud • If a computer is used to commit fraud it is called computer fraud • Computer fraud is classified as: ▫ ▫ ▫ ▫ ▫ Input Processor Computer instruction Data Output Copyright © 2015 Pearson Education, Inc 5-8 Preventing and Detecting Fraud Make Fraud Less Likely to Occur Organizational • Create a culture of integrity • Adopt structure that minimizes fraud, create governance (e.g., Board of Directors) • Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employees • Communicate policies Copyright © 2015 Pearson Education, Inc Systems • Develop security policies to guide and design specific control procedures • Implement change management controls and project development acquisition controls 5-9 Preventing and Detecting Fraud Make It Difficulty to Commit Organizational • Develop strong internal controls • Segregate accounting functions • Use properly designed forms • Require independent checks and reconciliations of data Copyright © 2015 Pearson Education, Inc Systems • Restrict access • System authentication • Implement computer controls over input, processing, storage and output of data • Use encryption • Fix software bugs and update systems regularly • Destroy hard drives when disposing of computers 5-10 Preventing and Detecting Fraud Improve Detection Organizational Systems • Assess fraud risk • External and internal audits • Fraud hotline • Audit trail of transactions through the system • Install fraud detection software • Monitor system activities (user and error logs, intrusion detection) Copyright © 2015 Pearson Education, Inc 5-11 Preventing and Detecting Fraud Reduce Fraud Losses Organizational Systems • Insurance • Business continuity and disaster recovery plan Copyright © 2015 Pearson Education, Inc • Store backup copies of program and data files in secure, off-site location • Monitor system activity 5-12 Key Terms • • • • • • • • Sabotage Cookie Fraud White-collar criminals Corruption Investment fraud Misappropriation of assets Fraudulent financial reporting Copyright © 2015 Pearson Education, Inc • • • • • • Pressure Opportunity rationalization Lapping Check kiting Computer fraud 5-13 ... bugs and update systems regularly • Destroy hard drives when disposing of computers 5-10 Preventing and Detecting Fraud Improve Detection Organizational Systems • Assess fraud risk • External and. .. Education, Inc 5-11 Preventing and Detecting Fraud Reduce Fraud Losses Organizational Systems • Insurance • Business continuity and disaster recovery plan Copyright © 2015 Pearson Education, Inc... policies Copyright © 2015 Pearson Education, Inc Systems • Develop security policies to guide and design specific control procedures • Implement change management controls and project development