To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com CHAPTER COMPUTER FRAUD AND SECURITY SUGGESTED ANSWERS TO DISCUSSION QUESTIONS 5.1 The statement seems ironic because employees represent both the greatest control strength and the greatest control weakness to an information system Honest, skilled employees are the most effective deterrent to computer fraud However, when fraud does occur, it usually involves an employee in a position of trust Studies suggest that as many as 75 to 90% percent of all computer frauds are insider jobs by employees The textbook suggests several important things employers can to maintain the integrity of their employees (NOTE: The information to answer this question is introduced in this chapter but is covered in more depth in Chapter 6) Human Resource Policies Implement human resource policies for hiring, compensating, evaluating, counseling, promoting, and discharging employees that send messages about the required level of ethical behavior and integrity Hiring and Firing Practices: Effective hiring practices are aimed at screening potential employees through thorough background checks before hiring Potential employees can also be screened with written tests that evaluate integrity Care should also be taken when an employee is fired Employees who are fired should be removed from all sensitive jobs and denied access to the computer system to avoid sabotage Managing Disgruntled Employees: Some employees who commit a fraud are disgruntled and are seeking revenge or "justice" for some wrong that they perceive has been done to them Companies should have procedures for identifying these individuals and helping them resolve their feelings or removing them from jobs that allow them access to the system One way to avoid disgruntled employees is to provide grievance channels that allow employees to talk to someone outside the normal chain of command about their grievances Culture Create an organizational culture that stresses integrity and commitment to both ethical values and competence Management Style Adopt an organizational structure, management philosophy, operating style, and appetite for risk that minimizes the likelihood of fraud Employee Training: Employees should be trained in appropriate behavior, which is then reinforced by the corporate culture Employees should be taught fraud awareness, security measures, ethical considerations, and punishment for unethical behavior 5-1 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 5: Computer Fraud and Security 5.2 According to the text, a kiting scheme involves the cover-up of a theft of cash by transferring money between banks Cash is created by depositing a check from bank A in bank B The perpetrator then withdraws the money from bank B and spends it Since there are insufficient funds in bank A to cover the check to bank B, the perpetrator must deposit a check to his account in bank A before his check to bank B clears This check comes from bank C, which also has insufficient funds to cover the check written on the account Therefore, funds must be deposited to bank C before its check to bank A clears The check to bank C comes from bank A, B, or D, which also have insufficient funds The scheme continues, with checks written and deposits made as needed to keep checks from bouncing Kiting can be detected by analyzing all interbank transfers Since the scheme requires constant transferring of funds, the number of interbank transfers will usually increase significantly This increase is a red flag that should alert the auditors to begin an investigation When the employee confesses the company should immediately investigate the fraud and determine the actual losses Employees often "underconfess" the amount they have taken When the investigation is complete the company should determine what controls could be added to the system to deter similar frauds and to detect them if they occur Employers should consider the following issues before pressing charges: How will prosecution of this case impact the future success of the business? What effect would adverse publicity have upon the company's well being? Could such publicity increase the incidence of fraud by exposing company weaknesses? What social responsibility does the company have to press charges? Does the evidence assure a conviction? If charges were not made, what message would that send to other employees in the organization? Could failure to expose the crime subject the company to civil liability problems? 5-2 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.3 One fraud technique that the perpetrator definitely used is impersonation He or she impersonated a Digital repairman to obtain the necessary access codes to enter the system and destroy the data base The computers at U S Leasing began acting sluggish several hours before the impersonator called Therefore, it is likely that the impersonator knew the system was experiencing problems or caused them If the perpetrator knew the computer was having problems, he took advantage of the situation to gain access In such a case the person was either an insider or was familiar enough with the system to know it was sluggish If the perpetrator was responsible for the sluggishness, he or she may have: Infected the systems with some kind of virus or worm Hacked into the system and hijacked it or of a large part of its processing capability Infected it with a Trojan horse, trap door, logic or time bomb, or some other malware that is causing the sluggishness The unauthorized use of superzap, a special software utility to bypass regular system controls To avoid such problems, the secrecy of company passwords and logon numbers should be protected Only reveal passwords and logon numbers on an authorized basis and to individuals whose identities are assured Ensure that it is a Digital employee by calling Digital back on their known and published service number and then give the company the access codes and passwords Even better would be to call back and talk to the Digital representative assigned to U S Leasing After the system had been fixed, the codes and password information should be changed Other control considerations that could reduce the incidence of unauthorized access include: Improved control of sensitive data Protection of phone lines Alternate repair procedures Increased monitoring of system activities 5-3 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 5: Computer Fraud and Security 5.4 This problem has no clear answer By strict definition, the actions of Logisticon in halting the software represented a trespassing and an invasion of privacy Some states recognize trespassing as a breach of the peace, thereby making Logisticon's actions illegal However, according to contract law, a secured party can repossess collateral if the contract has been violated and repossession can occur without a breach of the peace 5.5 Answers will vary Students should give consideration to the following conflicting concepts: Software licensing encourages the development of new ideas by protecting the efforts of businesses seeking to develop new software products that will provide them with a profit and/or a competitive advantage in the marketplace This point is supported by the following ideas: The prospect of a financial reward is the primary incentive for companies to expend the time and money to develop new technologies If businesses were unable to protect their investment by licensing the software to others, it would be much more difficult for them to receive a reward for their efforts in the research and development of computer software Economic systems without such incentives are much more likely to fail in developing new products to meet consumer needs The only way to foster new ideas is to make information and software available to all people This argument is supported by the following ideas: The most creative ideas are developed when individuals are free to use all available resources (such as software and information) A free society should have no "secrets." Many security experts and systems consultants view proper ethical teaching as an important solution to most security problems However, no single approach is a complete solution to the problem of computer fraud Proper ethical teachings can reduce but not eliminate the incidents of fraud Though no security system is impenetrable, system security measures can significantly reduce the opportunity for damages from both intentional and unintentional threats by employees Controls can also make the cost (in time and resources) greater than the benefit to the potential perpetrator Ultimately, the reduction in security measures will increase opportunities for fraud If the perpetrator has sufficient motive and is able to rationalize his dishonest acts, increased opportunity will probably lead to an increase in computer crimes 5-4 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.6 The old saying "where there is a will, there is a way" applies to breaking into a computer system It is possible to institute sufficient controls in a system that it is very difficult to break in, but most experts would agree that it just isn't possible to design a system that is 100% secure from every threat There is bound to be someone who will think of a way of breaking into the system that designers did not anticipate and did not control against Though internal controls can't eliminate all system threats, controls can: Reduce threats caused by employee negligence or error Such threats are often more financially devastating than intentional acts Significantly reduce the opportunities, and therefore the likelihood, that someone can break into the system or commit a fraud 5.7 The textbook defines hacking as the unauthorized access and use of computer systems, usually by means of a personal computer and telecommunications networks Most hackers are motivated by the challenge of breaking and entering a system Many so with no intent to harm Others so to destroy data, to make unauthorized copies of the data, or to damage the system in some way Hacking has increased significantly in popularity for several reasons Perhaps the most important is the increasing use of personal computers and telecommunications and the corresponding rise in the number and the skill level of the users In other words, there are more systems to break into, and there are more people capable of breaking in By legal definition, hacking represents illegal trespassing and is punishable as a federal crime under the 1986 Computer Fraud and Abuse Act However, many computer users feel that hacking is a "right" enjoyed by computer users in a "free information" society If a hacker can gain system access illegally, then the business is at fault for not promoting adequate security measures Many hackers also argue that hacking rarely does any harm to a computer system and is acceptable behavior 5-5 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 5: Computer Fraud and Security SUGGESTED ANSWERS TO THE PROBLEMS 5.1 Adapted from the CIA Examination a This is an indication of fraud because there is a conflict of interest situation which should have alerted the auditor to the possibility of fraud It is a red flag warning signal and may be in conflict with the organization's code of ethics and conduct b This is a fraudulent act because there is a knowingly false representation c This is a fraudulent act by the supervisor of receiving because there is an intent to deceive as indicated by the efforts to conceal the act Alternately, this is unrelated to the investigation because while the chain is damaged by the theft, it is not due to an act by the buyers d This is a weakness in the system of internal control, and is unrelated to the investigation e This is an indicator of fraud because the receiving supervisor is advocating a system of weak internal control 5-6 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.2 Adapted from the CIA Examination a Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception It can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well as inside the organization Fraud deterrence consists of those actions taken to discourage the perpetration of fraud Fraud detection consists of identifying indicators of fraud sufficient to warrant recommending an investigation Fraud investigation consists of performing the extended procedures needed to determine whether fraud, as suggested by the indicators, has occurred b Any four (4) of the following: High personal debts or great financial losses Expensive lifestyle Extensive gambling or use of alcohol or drugs Heavy investments Significant personal or family problems Rewriting records, under the guise of neatness Refusing to leave custody of records during the day Extensive overtime Skipping vacations Questionable background and references Feeling that pay is not commensurate with responsibilities Strong desire to beat the system Regular borrowing of small amounts from fellow employees Personal checks returned for insufficient funds Collectors and creditors appearing at the place of business Placing unauthorized IOUs in petty cash funds Inclination toward covering up inefficiencies or "plugging" figures Pronounced criticism of others Association with questionable characters Annoyance with reasonable questions; replying to questions with unreasonable answers Unusually large bank balance Bragging about exploits Carrying unusually large amounts of cash c The fraudulent behavior of the purchases journal clerk may be detected by: Inspecting the documentation supporting the release of a check to a vendor 5-7 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 5: Computer Fraud and Security Tracing all payments back to the supporting documentation The receiving department would have no record of the receipt of the goods The purchasing department would have no record of having ordered the materials or of having such materials requested 5-8 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.3 Adapted from the CMA Examination Type of Fraud Input manipulation Program alteration Explanation Identification and Description of Protection Methods This requires the least amount of technical skill and almost no knowledge of how the computer system operates Input data are improperly altered or revised without authorization For example: Payroll time cards/time sheets can be altered to pay overtime or an extra salary Documentation and Authorization Data input format properly documented and authorized Control over blank documents Comprehensive editing Control source of data Program alteration requires programming skills and knowledge of the program The program coding is revised for fraudulent purposes For example: Ignore certain transactions such as overdrafts against the programmers' account Draw checks and have them sent to a falsely constructed account Grant excessive discounts to certain specified trade accounts Programmers should only make changes to copies of production source programs and data files, never to the actual files Programmed Terminal/User protection Programs designed to accept only certain inputs from designated users, locations, terminals, and/or times of the day Segregation of Duties Computer operators should not have access to production programs or data files Periodic Comparisons Internal Audit or some other independent group should have access to the master programs, periodically process actual data, and compare the output with output obtained from normal operations Any output changes would be indicative of unauthorized program changes Periodic comparisons of on-line programs to off-line backup copies to detect changes 5-9 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 5: Computer Fraud and Security Type of Fraud Explanation Identification and Description of Protection Methods File alteration File alteration occurs when the defrauder revises specific data or manipulates data files For example: Fraudulently changing the rate of pay of an employee in the payroll master file via a program instruction Transferring balances among dormant accounts to conceal improper withdrawals of funds Restricted Access to Equipment/Files Restrict access to the computer center Programmers, analysts, and computer operators should not have direct access to production data files Production data files are maintained in a library under the control of a librarian Computer operators should not have access to applications documentation, except where needed to perform their duties This minimizes their ability to modify programs and data files Data theft Data theft can be accomplished by data interception or smuggling out computer data files or hard copies of reports/files Data transmitted by data communication lines can be tapped or intercepted Magnetic devices can be smuggled out in briefcases, employees' pockets, etc Electronic sensitization of all library materials for detection if unauthorized removal from the library is attempted The physical destruction of hardware or software Terminated employees immediately denied access to all computer equipment and information to prevent them from destroying or altering equipment or files Sabotage Tapping transmitted data minimized by encrypting sensitive data transmissions Maintain backup files at secure off-site Theft of Computer Time Theft of computer time is the unauthorized use of a company's computer for personal or outside business activities This can result in the computer being fully utilized and lead to unnecessary computer capacity upgrades Assigning blocks of time to processing jobs with operating system blockage to the user once the allocated time is exhausted Any additional time would require special authorization 5-10 © 2009 Pearson Education, Inc Publishing as Prentice Hall locations To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.4 Adapted from the CMA Examination a The following situational pressures in a public company increase the likelihood of fraud: Sudden deceases in revenue or market share Financial pressure from bonus plans that depend on short-term economic performance Pressure from stockholders to maintain or improve reported performance NOTE: Table 5.3 lists more corporate pressures that can lead to financial statement fraud b Fraud is easier to commit and detection is less likely when the following corporate opportunities are present: Weak or nonexistent internal accounting controls Unusual or complex transactions such as the consolidation of two companies Accounting estimates requiring significant subjective judgment by company management NOTE: The CMA solution can be supplemented with the information in Table 5-4 c For purposes of assessing the risk of fraudulent financial reporting, the external factors that should be considered in each of the company's environmental situations include the following: Industry environment Specific industry trends such as overall demand for the industry's products, economic events affecting the industry, and whether the industry is expanding or declining Whether the industry is currently in a state of transition affecting management's ability to control company operations Business environment The continued viability of the company's products in the marketplace Sensitivity of the company's operations and profits to economic and political factors Legal and regulatory environment The status of the company's business licenses or agreements, especially in light of the company's record of compliance with regulatory requirements The existence of significant litigation d To reduce the possibility of fraudulent financial reporting, top management should: Set the proper tone to establish a corporate environment contributing to the integrity of the financial reporting process Identify and understand the factors that can lead to fraudulent financial reporting Assess the risk of fraudulent financial reporting that these factors can cause within the company Design and implement internal controls that provide reasonable assurance that fraudulent financial reporting is prevented, such as establishing an Internal Audit Department 5-11 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security 5.5 Adapted from the CMA Examination a Inventory - The inventory shrinkage problem is an example of collusion While collusion is often difficult to prevent, the store could improve its control system by: Implementing job rotation so that the same employees are not always performing the same duties Separating the payment for expensive items from the pickup of these items at a separate location b Payroll - The payroll fraud could be prevented through the introduction of better internal controls including: Separation of duties A supervisor with the authority to sign time cards should not be allowed to distribute paychecks An individual with no other payroll-related duties should distribute checks Periodic floor checks for employees on the payroll c Accounts Payable - In order to prevent further occurrences of accounts payable fraud, the company should: Implement and enforce a policy that prohibits the payment of invoices based on copies of supporting documents All payments could be electronic funds transfers (EFT) to the vendor’s bank account Require all vendors to submit a numbered electronic invoice The computer could match the invoice to the supporting documents, automatically looking for duplicate invoices or duplicate supporting documents Require specific authorization if a situation arises where payment on the basis of copies of supporting documents is necessary 5-12 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.6 Adapted from the CIA Examination a The following incidents should have caused the auditor to suspect a possible fraud: Departure from the established policy of requiring sealed bids to dispose of vehicles being salvaged Management's justification for departing from established policy The fact that vehicles had been repaired before they were sold for salvage b Audit procedures that could have been employed to establish the fact that a fraud had taken place include: Thorough review of sales documentation identifying persons to whom sales were made at "negotiated prices." Evaluating the adequacy of proceeds obtained in negotiated sales This could be accomplished in one or more of the following ways: compare to "blue book" prices or to proceeds of sales of comparable vehicles made based on sealed bids; locate the actual vehicles and have their values appraised Reviewing maintenance records for charges associated with salvaged vehicles 5-13 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security 5.7 a A computer virus is a segment of executable code that attaches itself to an application program or some other executable component When the hidden program is triggered, it makes unauthorized alterations in the way a system operates There are a number of reasons why no one is completely safe from a virus: Viruses are contagious and are easily spread from one system to another A virus spreads when users share programs or data files, download data from the Internet, or when they access and use programs from external sources such as suppliers of free software Viruses can spread very quickly In a network environment a virus can spread to thousands of systems in a relatively short period of time When the virus is confined to a single machine or to a small network, it will soon run out of computers to infect Many viruses lie dormant for extended periods of time without doing any specific damage except propagating itself The hidden program leaves no external signs of infection while it is reproducing itself Many computer viruses have long lives because they can create copies of themselves faster than the virus can be destroyed b Viruses are a significant threat to information systems because they make unauthorized alterations to the way a system operates and cause widespread damage by destroying or altering data or programs If adequate backup is not maintained, viral damage may also mean permanent loss of important or unique information, or time consuming reentry of the lost information A virus can cause significant damage when it takes control of the computer, destroys the hard disk's file allocation table, and makes it impossible to boot (start) the system or to access data on a hard drive They can also intercept and change transmissions, print disruptive images or messages on the screen, or cause the screen image to disappear As the virus spreads it takes up space, clogs communications, and hinders system performance c A virus is like a Trojan horse in that it can lie dormant for extended periods of time undetected before being triggered by an event or condition d Focus 5-2 lists several steps individuals can take to keep their computers virus free In recent years, anti-virus programs have been developed to detect and destroy viruses, improving our ability to reduce damage caused by a virus 5-14 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.8 Adapted from the CIA Examination The circumstances are symptomatic of lapping, which is generally considered to be one of the most common forms of embezzlement by lower-level employees in positions that handle cash receipts In a lapping scheme, the perpetrator steals cash, such as a payment on accounts receivable by customer A Funds received at a later date from customer B are used to pay off customer A's balance Funds from customer C are used to pay off B, and so forth Since the time between the theft of cash and the subsequent recording of a payment is usually short the theft can be effectively hidden However, the cover-up must continue indefinitely unless the money is replaced, since the theft would be uncovered if the scheme is stopped 5.9 a The UCLA computer lab is an excellent breeding ground for computer viruses because A large population of computers is present, providing numerous potential hosts Users are allowed to create and store programs Users share programs regularly Numerous external data storage devices are used each day by students without adequate controls over their contents University students send lots of emails and download lots of software, music, and videos from the Internet, all of which are excellent ways to pass viruses to others b The system exhibited the following signs of a computer virus: Destroyed or altered data and programs The inability to boot the system or to access data on a hard disk Clogged communications Hindered system performance However, the system did not print disruptive images or messages on the screen Some people who write viruses cause some sort of message or image to appear to give some indication that the system has been compromised c Focus 5-2 lists several steps individuals can take to keep their computers virus free 5-15 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security 5.10 a This is an attempt by a fraudster to acquire confidential information and use it for illicit purposes such as identity theft Since the email looks authentic and appears authoritative, unsuspecting and naïve employees are likely to follow the emails instructions Justin’s should: Notify all employees and management that the email is fraudulent and that no information should be entered on the indicated website Delete the email without responding to its sender Launch an education program for all employees and management about computer fraud practices that could target their business Notify Big Bank regarding the email b Once Big Bank becomes aware of the fraudulent emails it should: Immediately alert all customers about the email and ask them to forward any suspicious email to them Establish a quick and convenient method that encourages customers and employees to notify Big Bank of suspicious emails The warnings received by customers and employees should be investigated and remedial actions should be taken Notify and cooperate with enforcement agencies so the perpetrator can be apprehended Notify the ISP from which the email originated, demanding that the perpetrator’s account be discontinued c This computer fraud and abuse technique is called phishing Its purpose is to get the information need to commit identity theft The perpetrator probably also used brand spoofing on the indicated web sites 5-16 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.11 Students will likely present many different solutions to this problem Table 5-5 in the text provides a comprehensive list of computer fraud and abuse techniques from which the students may draw upon Potential solutions should at least include identity theft packet sniffing spyware eavesdropping to capture the card number Using RAN can limit the amount of money stolen If the card or card number is stolen, it can only be used for the specific vendor and time period it is issued for In addition, it can only be used for one purchase or only a set number of purchases identified when the card number was issued At any rate, restricting the card to only a specific merchant and for a specific time period and number of transactions, the card severely restricts the thief's ability to steal Using RAN can help prevent identity fraud Since the card is only linked to the actual customer at the bank, the identity of the customer is shielded to anyone who steals the card or the card number The thief would need to hack into the banks system to find the identity of the RAN card holder since it would not be printed on the card itself Also, RAN can frustrate those who capture card numbers through packet sniffing, spyware, and eavesdropping These techniques may capture the card number, but once the thieves have it, there ability to exploit the card for monetary gain is severely restricted 5-17 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security 5.12 AICPA adapted a As shown below, the cashier embezzled $719.50 Balance per Books, November 30 18,901.62 Add: Outstanding Checks Number 62 183 284 8621 8622 8632 Amount 116.25 150.00 253.25 190.71 206.80 145.28 1,062.29 100.00 Bank credit 1,162.29 b Subtract: Deposits in transit (3,794.41) Balance per bank Balance per bank (according to the bank) Amount of theft 16,269.50 15,550.00 719.50 Methods: Not including outstanding checks totaling 519.50 in the reconciliation:  No 62 – 116.25  No 183 – 150.00  No 284 – 253.25 519.50 Error in totaling (footing) the outstanding checks The total of the checks listed on the reconciliation is actually 542.79 not 442.79 Deducting instead of adding the bank credit (100) after the balance per bank is calculated The total is 719.50 (19.50 + 100 + 100) 5-18 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.13 NOTE: Students are better able to answer questions and if they have read Chapters and These questions provide a great lead in to those chapters and help students understand why a knowledge of controls is important These questions can be revisited after the student have read those chapters Council fit the fraud profile in that he was younger; possessed knowledge, experience, and skills; and was loyal and very trusted by his superiors However, Council invested a portion of his ill-gotten gains instead of spending it like the typical fraudster Council set up fictitious entities with names very similar to legitimate companies that the Atlanta Olympic Committee (AOC) had contract with Council then prepared fake invoices and wrote checks to these fake companies from the AOC accounts Several controls could have prevented Council’s fraud Separating accounting duties (custody of assets, record keeping for those assets, and the authority to authorize payments) Restricting access to company checks and the check signing machine Several controls could have detected Council’s fraud, including A bank reconciliation prepared by someone other than Council An Olympic Committee official should have reviewed bank statements and cancelled checks Periodic confirmations of invoices with vendors 5-19 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security 5.14 I O R U T C L S M 10 Q 11 N 12 J 13 E 14 H 15 A 16 K 17 F 15 I K F M A J D B H 10 C 5.16 E I F A J D B 5-20 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.17 J W S L N C E X U 10 Q 11 V 12 F 13 R 14 P 15 G 16 A 17 I 18 K 19 B 20 M 21 H 5-21 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 9: Computer Fraud and Security SUGGESTED ANSWERS TO THE CASES 5-22 © 2009 Pearson Education, Inc Publishing as Prentice Hall ... caused by a virus 5-14 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information. .. download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.11 Students will likely present many different solutions to this problem... Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 5.2 Adapted from the CIA Examination a