Computer Fraud - PowerPoint Presentation

Slide1

Computer Fraud

Chapter 5

5-1Slide2

Learning Objectives

Explain the threats faced by modern information systems.

Define fraud and describe both the different types of fraud and the process one follows to perpetuate a fraud.

Discuss

who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.

Define computer fraud and discuss the different computer fraud classifications.Explain how to prevent and detect computer fraud and abuse.

5-

2Slide3

Threats to AIS

Natural and Political disasters

Software errors and equipment malfunctions

Unintentional acts

Intentional acts

5-3Slide4

Fraud

Any means a person uses to gain an unfair advantage over another person; includes:

A false statement, representation, or disclosureA material fact, which induces a victim to actAn intent to deceive

Victim relied on the misrepresentation

Injury or loss was suffered by the victim

Fraud is white collar crime5-4Slide5

Two Categories of Fraud

Misappropriation of assetsTheft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data)Fraudulent financial reporting

“cooking the books” (e.g.,booking fictitious revenue, overstating assets, etc.)

5-

5Slide6

Conditions for Fraud

These three conditions must be present for fraud to occur:

PressureEmployeeFinancial

Lifestyle

Emotional

Financial StatementFinancialManagement Industry conditions

Opportunity

to:

Commit

Conceal

Convert to personal gain

Rationalize

Justify behavior

Attitude that rules don’t apply

Lack personal integrity

5-

6Slide7

Fraud Triangle

5-

7Slide8

Computer FraudIf a computer is used to commit fraud it is called computer fraud.

Computer fraud is classified as:InputProcessorComputer instruction

Data Output

5-

8Slide9

Preventing and Detecting Fraud1. Make Fraud Less Likely to Occur

Organizational

Systems

Create a culture of integrity

Adopt structure that minimizes fraud, create governance (e.g., Board of Directors)

Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employeesCommunicate policiesDevelop security policies to guide and design specific control proceduresImplement change management controls and project development acquisition controls5-

9Slide10

Preventing and Detecting Fraud2. Make It Difficulty to Commit

Organizational

Systems

Develop strong internal controls

Segregate accounting functions

Use properly designed formsRequire independent checks and reconciliations of dataRestrict accessSystem authenticationImplement computer controls over input, processing, storage and output of data

Use encryption

Fix software bugs and update systems regularly

Destroy hard drives when disposing of computers

5-

10Slide11

Preventing and Detecting Fraud3. Improve Detection

Organizational

Systems

Assess fraud risk

External and internal audits

Fraud hotlineAudit trail of transactions through the systemInstall fraud detection softwareMonitor system activities (user and error logs, intrusion detection)5-11Slide12

Preventing and Detecting Fraud4. Reduce Fraud Losses

Organizational

Systems

Insurance

Business continuity and disaster recovery plan

Store backup copies of program and data files in secure, off-site locationMonitor system activity5-12Slide13

Key Terms

SabotageCookieFraudWhite-collar criminalsCorruptionInvestment fraud

Misappropriation of assetsFraudulent financial reportingPressureOpportunityrationalization

Lapping

Check kiting

Computer fraud5-13