Académique Documents
Professionnel Documents
Culture Documents
9th Edition
Marshall B. Romney Paul John Steinbart
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-1
Computer Fraud
Chapter 9
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-2
Learning Objectives
1. Describe fraud and describe the process one follows to perpetuate a fraud. 2. Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds. 3. Compare and contrast the approaches and techniques that are used to commit computer fraud. 4. Describe how to deter and detect computer fraud.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-3
Introduction
Jason Scott finished his tax return. Everything was in order except his withholding amount. For some reason, the federal income tax withholdings on his final paycheck was $5 higher than on his W-2 form. What did he discover?
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-4
Introduction
Most of the 1,500 company employees had a $5 discrepancy between their reported withholdings and the actual amount withheld. The W-2 of Don Hawkins, one of the programmers in charge of the payroll system, showed that thousands of dollars more in withholding had been reported to the IRS than had been withheld from his paycheck.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-5
Introduction
What constitutes a fraud, and is the withholding problem a fraud? If this is indeed a fraud, how was it perpetrated?
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-6
Introduction
Why did the company not catch these mistakes earlier? Was there a breakdown in controls? What can the company do to detect and prevent fraud? Just how vulnerable are computer systems to fraud?
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-7
Introduction
This chapter describes the fraud process. It also explores the reasons that fraud occurs. The chapter also describes the approaches to computer fraud and the specific techniques used to commit it. Finally, several methods to deter and detect fraud are analyzed.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-8
Learning Objective 1
Understand what fraud is and the process one follows to perpetuate a fraud.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-9
9-10
to charge the stolen item to an expense account to add a fictitious name to the companys payroll
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-11
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-12
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-13
Since there are insufficient funds in bank A to cover the check, the perpetrator deposits a check from bank C to bank A before his check to bank B clears. Since bank C also has insufficient funds, money must be deposited to bank C before the check to bank A clears. The scheme continues to keep checks from bouncing.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-14
Learning Objective 2
Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-15
9-16
Most spend their illegal income rather than invest or save it. Once they begin the fraud, it is very hard for them to stop. They usually begin to rely on the extra income.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-17
Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Some computer fraud perpetrators are more motivated by curiosity and the challenge of beating the system. Others commit fraud to gain stature among others in the computer community.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-18
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-19
Pressures
living beyond means high personal debt inadequate income poor credit ratings heavy financial losses large gambling debts
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-20
Pressures
low salary nonrecognition of performance job dissatisfaction fear of losing job overaggressive bonus plans
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-21
Pressures
challenge family/peer pressure emotional instability need for power or control excessive pride or ambition
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-22
Opportunities
An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act. Opportunities often stem from a lack of internal controls. However, the most prevalent opportunity for fraud results from a companys failure to enforce its system of internal controls.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-23
Rationalizations
Most perpetrators have an excuse or a rationalization that allows them to justify their illegal behavior. What are some rationalizations?
The perpetrator is just borrowing the stolen assets. The perpetrator is not hurting a real person, just a computer system. No one will ever know.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-24
Learning Objective 3
Compare and contrast the approaches and techniques that are used to commit computer fraud.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-25
Computer Fraud
The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. What are examples of computer fraud?
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-26
Computer Fraud
theft of money by altering computer records or the theft of computer time theft or destruction of computer hardware use or the conspiracy to use computer resources to commit a felony intent to illegally obtain information or tangible property through the use of computers
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-27
Organizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-28
There is disagreement on what computer fraud is. Many computer frauds go undetected, or unreported. Most networks have a low level of security. Many Internet pages give instructions on how to perpetrate computer crimes. Law enforcement is unable to keep up with fraud.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-29
Processor fraud
9-30
Cracking Data diddling Data leakage Denial of service attack Eavesdropping E-mail forgery and threats
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-31
Hacking Internet misinformation and terrorism Logic time bomb Masquerading or impersonation Password cracking Piggybacking Round-down Salami technique
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-32
Software piracy Scavenging Social engineering Superzapping Trap door Trojan horse Virus Worm
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-33
Learning Objective 4
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-34
Make fraud less likely to occur. Increase the difficulty of committing fraud. Improve detection methods. Reduce fraud losses. Prosecute and incarcerate fraud perpetrators.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-35
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-36
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-37
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-38
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-39
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-40
Law enforcement officials and the courts are so busy with violent crimes that they have little time for fraud cases. It is difficult, costly, and time consuming to investigate. Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-41
Case Conclusion
A copy of his own withholding report filed with the IRS and a printout of withholdings from the payroll records.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-42
Case Conclusion
The payroll system had undergone some minor modifications. The payroll project had been completed without the usual review by other systems personnel. An unusual code subtracted $5 from most employees withholdings and added it to Dons.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-43
Case Conclusion
What guidelines should Jason suggest to prevent this from happening again?
Strictly enforce existing controls. New controls should be put into place to detect fraud. Employees should be trained in fraud awareness, security measures, and ethical issues. Jason also urged the president to prosecute the case.
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-44
End of Chapter 9
2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart
9-45