978-0133428537 Chapter 5 Solution Manual Part 1

Unlock access to all the studying documents.

View Full Document

CHAPTER 5

COMPUTER FRAUD

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

5.1 Do you agree that the most effective way to obtain adequate system security is to rely

on the integrity of company employees? Why or why not? Does this seem ironic?

What should a company do to ensure the integrity of its employees?

5.2 You are the president of a multinational company in which an executive confessed to

kiting $100,000. What is kiting and what can your company do to prevent it? How

would you respond to the confession? What issues must you consider before pressing

charges?

5.3 Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every

foolproof system, there is a method for beating it.” Do you believe a completely

secure computer system is possible? Explain. If internal controls are less than 100%

effective, why should they be employed at all?

5.4 Revlon hired Logisticon to install a real-time invoice and inventory processing system.

Seven months later, when the system crashed, Revlon blamed the Logisticon

programming bugs they discovered and withheld payment on the contract.

Logisticon contended that the software was fine and that it was the hardware that was

faulty. When Revlon again refused payment, Logisticon repossessed the software

using a telephone dial-in feature to disable the software and render the system

unusable. After a three-day standoff, Logisticon reactivated the system. Revlon sued

Logisticon, charging them with trespassing, breach of contract, and misappropriation

of trade secrets (Revlon passwords). Logisticon countersued for breach of contract.

The companies settled out of court.

Would Logisticon’s actions be classified as sabotage or repossession? Why? Would

you find the company guilty of committing a computer crime? Be prepared to defend

5.5 Because improved computer security measures sometimes create a new set of

problems—user antagonism, sluggish response time, and hampered performance—

some people believe the most effective computer security is educating users about

good moral conduct. Richard Stallman, a computer activist, believes software

licensing is antisocial because it prohibits the growth of technology by keeping

information away from the neighbors. He believes high school and college students

should have unlimited access to computers without security measures so that they can

learn constructive and civilized behavior. He states that a protected system is a puzzle

and, because it is human nature to solve puzzles, eliminating computer security so

that there is no temptation to break in would reduce hacking.

Do you agree that software licensing is antisocial? Is ethical teaching the solution to

computer security problems? Would the removal of computer security measures

reduce the incidence of computer fraud? Why or why not?

5.1 You were asked to investigate extremely high, unexplained merchandise shortages at

a department store chain. Classify each of the five situations as a fraudulent act, an

indicator of fraud, or an event unrelated to the investigation. Justify your answers.

Adapted from the CIA Examination

a. The receiving department supervisor owns and operates a boutique carrying

many of the same labels as the chain store. The general manager is unaware of

the ownership interest.

b. The receiving supervisor signs receiving reports showing that the total quantity

shipped by a supplier was received and then diverts 5% to 10% of each

shipment to the boutique.

c. The store is unaware of the short shipments because the receiving report

accompanying the merchandise to the sales areas shows that everything was

received.

d. Accounts Payable paid vendors for the total quantity shown on the receiving

report.

e. Based on the receiving department supervisor’s instructions, quantities on the

receiving reports were not counted by sales personnel.

5.2 A client heard through its hot line that John, the purchases journal clerk, periodically

enters fictitious acquisitions. After John creates a fictitious purchase, he notifies

Alice, the accounts payable ledger clerk, so she can enter them in her ledger. When

the payables are processed, the payment is mailed to the nonexistent supplier’s

address, a post office box rented by John. John deposits the check in an account he

opened in the nonexistent supplier’s name. Adapted from the CIA Examination.

a. Define fraud, fraud deterrence, fraud detection, and fraud investigation.

Fraud is gaining an unfair advantage over another person. Legally, for an act to be

fraudulent there must be:

Fraud investigation is performing the procedures needed to determine the nature and

amount of a fraud that has occurred.

b. List four personal (as opposed to organizational) fraud symptoms, or red flags,

that indicate the possibility of fraud. Do not confine your answer to this example.

c. List two procedures you could follow to uncover John’s fraudulent behavior.