Académique Documents
Professionnel Documents
Culture Documents
Chapter 5
5-1
Learning Objectives
Explain the threats faced by modern information systems.
Define fraud and describe both the different types of fraud and the process
one follows to perpetuate a fraud.
Discuss who perpetrates fraud and why it occurs, including the pressures,
opportunities, and rationalizations that are present in most frauds.
Define computer fraud and discuss the different computer fraud
classifications.
Explain how to prevent and detect computer fraud and abuse.
5-2
INTRODUCTION
Information systems are becoming increasingly
more complex and society is becoming
increasingly more dependent on these systems.
Companies also face a growing risk of these
systems being compromised.
Recent surveys indicate 67% of companies
suffered a security breach in the last year with
almost 60% reporting financial losses.
Threats to AIS
Natural and Political disasters
Software errors and equipment malfunctions
Unintentional acts
Intentional acts
Copyright 2015 Pearson Education, Inc.
5-4
Fraud
Any means a person uses to gain an unfair
advantage over another person; includes:
5-5
5-7
SAS #99
Auditors responsibility to detect fraud
Understand fraud
Discuss risks of material fraudulent statements
Among members of audit team
Obtain information
Look for fraud risk factors
They found:
Significant differences between violent and white-collar
criminals.
Few differences between white-collar criminals and the general
public.
Financial Statement
Financial
Management
Industry conditions
Opportunity to:
Commit
Conceal
Convert to personal gain
Rationalize
Justify behavior
Attitude that rules dont apply
Lack personal integrity
5-10
Fraud Triangle
5-11
EMOTIONAL
Greed
Unrecognized
performance
Job dissatisfaction
Fear of losing job
Power or control
Pride or ambition
Beating the system
Frustration
Non-conformity
Envy, resentment
Arrogance,
dominance
Non-rules oriented
LIFESTYLE
Support gambling
habit
Drug or alcohol
addiction
Support sexual
relationships
Family/peer
pressure
Conceal
Convert
Commit
Opportunity
Computer Fraud
If a computer is used to commit fraud it is called
computer fraud.
In using a computer, fraud perpetrators can
steal:
More of something
In less time
With less effort
5-22
Processor Fraud
Unauthorized system use
Data Fraud
Illegally using, copying, browsing, searching, or harming company data
Output Fraud
Stealing, copying, or misusing computer printouts or displayed
information
Copyright 2015 Pearson Education, Inc.
Systems
Systems
Restrict access
System authentication
Implement computer controls
over input, processing, storage
and output of data
Use encryption
Fix software bugs and update
systems regularly
Destroy hard drives when
disposing of computers
5-27
Systems
5-28
Systems
Insurance
Business continuity and
disaster recovery plan
5-29