Computer Fraud and Security

Computer Fraud and Security

CHAPTERCHAPTER 55 COMPUTERCOMPUTER FRAUDFRAUD ANDAND SECURITYSECURITY www.azizd.com OverviewOverview •• InformationInformation systemssystems areare becomingbecoming increasinglyincreasingly moremore complexcomplex andand societysociety isis becomingbecoming increasinglyincreasingly moremore dependentdependent onon thesethese systems.systems. –– CompaniesCompanies alsoalso faceface aa growinggrowing riskrisk ofof thesethese systemssystems beingbeing compromised.compromised. –– RecentRecent surveyssurveys indicateindicate 67%67% ofof companiescompanies sufferedsuffered aa securitysecurity breachbreach inin thethe lastlast yearyear withwith almostalmost 60%60% reportingreporting financialfinancial losses.losses. www.azizd.com OverviewOverview TheThe informationinformation securitysecurity systemsystem isis thethe subsystemsubsystem ofof thethe organizationorganization thatthat controlscontrols thethe specialspecial risksrisks associatedassociated withwith computercomputer--basedbased informationinformation systems.systems. TheThe informationinformation securitysecurity systemsystem hashas thethe basicbasic elementselements ofof anyany informationinformation system,system, suchsuch asas hardware,hardware, databases,databases, procedures,procedures, andand reports.reports. www.azizd.com OverviewOverview •• CompaniesCompanies faceface fourfour typestypes ofof threatsthreats toto theirtheir informationinformation systems:systems: 11-- NaturalNatural andand politicalpolitical disastersdisasters • Include: – Fire or excessive heat – Floods – Earthquakes – High winds – War and terrorist attack • When a natural or political disaster strikes, many companies can be affected at the same time. – Example: Bombing of the World Trade Center in NYC. • The Defense Science Board has predicted that attacks on information systems by foreign countries, espionage agents, and terrorists will soon be widespread. www.azizd.com OverviewOverview 22-- SoftwareSoftware errorserrors andand equipmentequipment malfunctionmalfunction • Include: – Hardware or software failures – Software errors or bugs – Operating system crashes – Power outages and fluctuations – Undetected data transmission errors • Estimated annual economic losses due to software bugs = $60 billion. • 60% of companies studied had significant software errors in previous year. www.azizd.com OverviewOverview 33-- UnintentionalUnintentional actsacts • Include – Accidents caused by: • Human carelessness • Failure to follow established procedures • Poorly trained or supervised personnel – Innocent errors or omissions – Lost, destroyed, or misplaced data – Logic errors – Systems that do not meet needs or are incapable of performing intended tasks • Information Systems Security Assn. estimates 65% of security problems are caused by human error. www.azizd.com OverviewOverview 44-- IntentionalIntentional actsacts (computer(computer crime)crime) • Include: – Sabotage – Computer fraud – Misrepresentation, false use, or unauthorized disclosure of data – Misappropriation of assets – Financial statement fraud • Information systems are increasingly vulnerable to these malicious attacks. www.azizd.com TheThe InformationInformation SecuritySecurity SystemSystem inin thethe OrganizationOrganization TheThe informationinformation securitysecurity systemsystem mustmust bebe managedmanaged byby aa chiefchief securitysecurity officerofficer (CSO).(CSO). ThisThis individualindividual shouldshould reportreport directlydirectly toto thethe boardboard ofof directorsdirectors inin orderorder toto maintainmaintain completecomplete independence.independence. www.azizd.com TheThe FraudFraud ProcessProcess •• FraudFraud isis anyany andand allall meansmeans aa personperson usesuses toto gaingain anan unfairunfair advantageadvantage overover anotheranother person.person. •• InIn mostmost cases,cases, toto bebe consideredconsidered fraudulent,fraudulent, anan actact mustmust involve:involve: – A false statement (oral or in writing) – About a material fact – Knowledge that the statement was false when it was uttered (which implies an intent to deceive) – A victim relies on the statement – And suffers injury or loss as a result www.azizd.com TheThe FraudFraud ProcessProcess • Since fraudsters don’t make journal entries to record their frauds, we can only estimate the amount of losses caused by fraudulent acts: – The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004. • More than we spend on education and roads in a year. • 6 times what we pay for the criminal justice system. – Income tax fraud (the difference between what taxpayers owe and what they pay to the government) is estimated to be over $200 billion per year. – Fraud in the healthcare industry is estimated to exceed $100 billion a year. www.azizd.com TheThe FraudFraud ProcessProcess •• FraudFraud againstagainst companiescompanies maymay bebe committedcommitted byby anan employeeemployee oror anan externalexternal party.party. – Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies. • Largely owing to their understanding of the company’s systems and its weaknesses, which enables them to commit the fraud and cover their tracks. – Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company. www.azizd.com TypesTypes ofof FraudsFrauds • OCCUPATIONAL OTHER • Fraudulent Statements • Intellectual property theft – Financial • Financial institution fraud – Non-financial • Financial institution fraud • Asset Misappropriation • Check and credit card fraud – Theft of Cash • Insurance fraud – Fraudulent • Healthcare fraud disbursements • Bankruptcy fraud – Inventory and other • Bankruptcy fraud assets • Tax fraud • Bribery and Corruption • Securities fraud – Bribery • Money laundering – Illegal gratuities • Consumer fraud – Economic extortion – Conflict of interest • Computer and Internet fraud www.azizd.com TheThe FraudFraud ProcessProcess •• ThreeThree typestypes ofof occupationaloccupational fraud:fraud: 11-- MisappropriationMisappropriation ofof assetsassets • Involves theft, embezzlement, or misuse of company assets for personal gain. • Examples include billing schemes, check tampering, skimming, and theft of inventory. • In the 2004 Report to the Nation on Occupational Fraud and Abuse, 92.7% of occupational frauds involved asset misappropriation at a median cost of $93,000. www.azizd.com TheThe FraudFraud ProcessProcess 22-- CorruptionCorruption • Corruption involves the wrongful use of a position, contrary to the responsibilities of that position, to procure a benefit. • Examples include kickback schemes and conflict of interest schemes. • About 30.1% of occupational frauds include corruption schemes at a median cost of $250,000. www.azizd.com TheThe FraudFraud ProcessProcess 33-- FraudulentFraudulent statementsstatements • Financial statement fraud involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users. • Financial statements can be misstated as a result of intentional efforts to deceive or as a result of undetected asset misappropriations that are so large that they cause misstatement. • About 7.9% of occupational frauds involve fraudulent statements at a median cost of $1 million. (The median pales in comparison to the maximum cost.) www.azizd.com TheThe FraudFraud ProcessProcess • A typical employee fraud has a number of important elements or characteristics: – The fraud perpetrator must gain the trust or confidence of the person or company being defrauded in order to commit and conceal the fraud. – Instead of using a gun, knife, or physical force, fraudsters use weapons of deceit and misinformation. – Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed. Most fraudsters can’t stop once they get started, and their frauds grow in size. – The fraudsters often grow careless or overconfident over time. – Fraudsters tend to spend what they steal. Very few save it. – In time, the sheer magnitude of the frauds may lead to detection. – The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure to enforce existing controls. www.azizd.com TheThe FraudFraud ProcessProcess •• FinancialFinancial statementsstatements cancan bebe falsifiedfalsified to:to: –– DeceiveDeceive investorsinvestors andand creditorscreditors –– CauseCause aa companycompany’’ss stockstock priceprice toto riserise –– MeetMeet cashcash flowflow needsneeds –– HideHide companycompany losseslosses andand problemsproblems www.azizd.com TheThe FraudFraud ProcessProcess •• FraudulentFraudulent financialfinancial reportingreporting isis ofof greatgreat concernconcern toto independentindependent auditors,auditors, becausebecause undetectedundetected fraudsfrauds leadlead toto halfhalf ofof thethe lawsuitslawsuits againstagainst auditors.auditors. •• InIn thethe casecase ofof Enron,Enron, aa financialfinancial statementstatement fraudfraud ledled toto thethe totaltotal eliminationelimination ofof ArthurArthur Andersen,Andersen, aa premierepremiere internationalinternational publicpublic accountingaccounting firm.firm. www.azizd.com TheThe FraudFraud ProcessProcess •• SASSAS 9999:: TheThe AuditorAuditor’’ss ResponsibilityResponsibility toto DetectDetect

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    53 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us