Prepared by Paula Funkhouser University of Nevada, Reno Core Concepts of Accounting Information Systems, 13th Edition Mark G Simkin ● Jacob M Rose ● Carolyn S Norman Computer Crime, Fraud, and Ethics Chapter Chapter 3: Computer Crime, Fraud, and Ethics • Introduction • Computer Crime and Fraud • Examples of Computer Crimes • Preventing and Detecting Computer Crime and Fraud • Ethical Issues, Privacy, and Identity Theft Copyright © 2015 John Wiley & Sons, Inc All rights reserved Computer Crime and Fraud • High level of public interest • Data on incidents is limited • Sources of information – Computer Security Institute (CSI) annual survey – KPMG surveys – Association of Certified Fraud Examiners (ACFE) survey Copyright © 2015 John Wiley & Sons, Inc All rights reserved Computer Crime and Fraud • Computer Crime – Criminal activity that involves computers – Dishonestly obtain money, acquire property, or something of value, or cause a loss – Steal identities – Harass an individual Copyright © 2015 John Wiley & Sons, Inc All rights reserved Computer Crime Examples Copyright © 2015 John Wiley & Sons, Inc All rights reserved Computer Crime and Fraud • Fraudulent Financial Reporting – Intentional falsification of accounting records – Intend to mislead analysts, creditors, investors • Misappropriation of Assets – Misuse of company assets – Committed by employees within an organization Copyright © 2015 John Wiley & Sons, Inc All rights reserved Asset Misappropriation Examples Copyright © 2015 John Wiley & Sons, Inc All rights reserved Federal Legislation of Computer Crimes • Computer Fraud and Abuse Act of 1986 (CFAA) – Amended in 1994 and 1996 • Computer Fraud Definition – An illegal act – Computer technology essential for perpetration, investigation, or prosecution Copyright © 2015 John Wiley & Sons, Inc All rights reserved CFAA Fraudulent Acts • Unauthorized theft, use, access, modification, copying, or destruction of software or data • Theft of money by altering computer records or the theft of computer time • Intent to illegally obtain information or tangible property through the use of computers Copyright © 2015 John Wiley & Sons, Inc All rights reserved CFAA Fraudulent Acts • Use, or the conspiracy to use, computer resources to commit a felony • Theft, vandalism, destruction of computer hardware • Trafficking in passwords or other login information for accessing a computer • Extortion that uses a computer system as a target 10 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Preventing and Detecting Cybercrime and Fraud • Enlist Top-Management Support • Increase Employee Awareness and Education • Assess Security Policies and Protect Passwords – Strong passwords – Social engineering 21 Copyright © 2015 John Wiley & Sons, Inc All rights reserved 10 Simple Steps to Safer PCs 22 Copyright © 2015 John Wiley & Sons, Inc All rights reserved 10 Simple Steps to Safer PCs 23 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Preventing and Detecting Cybercrime and Fraud • Implement Controls • Identify Computer Criminals – Nontechnical Backgrounds – Noncriminal Backgrounds – Education • Maintain Physical Security 24 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Recognizing Symptoms of Employee Fraud • Accounting Irregularities • Internal Control Weaknesses • Unreasonable Anomalies • Lifestyle Changes • Behavioral Changes 25 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Preventing and Detecting Cybercrime and Fraud • Use Data Driven Techniques – Query and Spreadsheet Skills – Data and Text Mining – Employ Forensic Accountants • Audit control language • EnCase 26 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #3 Which of these is not helpful in attempting to thwart computer crime and abuse? A Enlist the support of top management B Keep employees in the dark so that they cannot perpetrate them C Use strong passwords D Design and test disaster recovery programs 27 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #4 Most computer criminals: A B C D E Have nontechnical backgrounds Have noncriminal backgrounds Have little college education Are young and bright Have probably not been caught, so we don’t know much about them 28 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Ethical Issues, Privacy, and Identity Theft • Ethics Issues and Professional Associations – A set of moral principles or values – Governs organizations and individuals • Ethical behavior – Making choices and judgments that are morally proper – Acting accordingly 29 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Ethical Issues, Privacy, and Identity Theft • Ethical Issues  Codes of Ethics  Professional Conduct • Professional Accounting Associations  Certifications  Institute of Management Accountants (IMA)  Institute of Internal Auditors (IIA)  Information Systems Audit and Control Association (ISCPA) 30 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Ethical Issues, Privacy, and Identity Theft • Meeting the Ethical Challenges – Inform employees of importance of ethics – Ethics training – Lead by example – Utilize reward system 31 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Ethical Issues in Computer Usage 32 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Ethical Issues, Privacy, and Identity Theft • Company Policies with Respect to Privacy – Who owns the computer and data stored on it? – What purposes the computer may be used? – What uses are authorized or prohibited? • Identity Theft – Dumpster diving – Phishing – Smishing 33 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Identity Theft Methods 34 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #5 Smishing is a form of: A B C D Dial-back system Local area network Computer worm Identity theft 35 Copyright © 2015 John Wiley & Sons, Inc All rights reserved ... Codes of Ethics  Professional Conduct • Professional Accounting Associations  Certifications  Institute of Management Accountants (IMA)  Institute of Internal Auditors (IIA)  Information Systems. .. destruction of software or data • Theft of money by altering computer records or the theft of computer time • Intent to illegally obtain information or tangible property through the use of computers... of the following pieces of computer legislation is probably the most important? A B C D Cyber Security Enhancement Act of 2002 Computer Security Act of 1987 The Computer Fraud and Abuse Act of