978-0133428537 Chapter 5 Solution Manual Part 2

Unlock access to all the studying documents.

View Full Document

5.3 The computer frauds that are publicly revealed represent only the tip of the iceberg.

Although many people perceive that the major threat to computer security is

external, the more dangerous threats come from insiders. Management must

recognize these problems and develop and enforce security programs to deal with the

many types of computer fraud.

Explain how each of the following six types of fraud is committed. Using the format

provided, also identify a different method of protection for each and describe how it

works. Adapted from the CMA Examination.

Type of

Fraud

Explanation

Identification and Description of

Protection Methods

Input

manipulation

This requires the least amount of

technical skill and little

knowledge of how the computers

operate.

Input data are improperly altered

or revised without authorization.

For example, payroll time sheets

can be altered to pay overtime or

an extra salary.

Documentation and Authorization

− Data input format authorized and

properly documented.

− Control over blank documents.

− Comprehensive editing

− Control source of data

Programmed Terminal/User protection

− Programs that only accept inputs from

certain designated users, locations,

terminals, and/or times of the day.

Program

alteration

Program alteration requires

programming skills and

knowledge of the program.

Program coding is revised for

fraudulent purposes. For

example:

− Ignore certain transactions

such as overdrafts against the

programmers’ account

− Grant excessive discounts to

controls custody/access to programs

Programmers should not be allowed to

make changes to actual production

source programs and data files.

Segregation of Duties

− Programmers should not have access to

production programs or data files.

Periodic Comparisons

− Internal Audit or an independent group

should periodically process actual data,

File

alteration

Defrauder revises specific data or

manipulates data files. For example:

− Using program instructions to

fraudulently change an

employee’s pay rate in the payroll

master file

− Transferring balances among

dormant accounts to conceal

improper withdrawals of funds.

Restrict Access to Equipment/Files

− Restrict access to computer center.

− Programmers and analysts should not

have direct access to production data

files.

− Have a librarian maintain production

data files in a library.

− Restrict computer operator access to

applications documentation, except

where needed to perform their duties,

to minimize their ability to modify

programs and data files.

Data theft

Smuggling out data on:

– Hard copies of reports/files.

– Magnetic devices in briefcases,

employees’ pockets, etc.

Tap or intercept data transmitted by

data communication lines

Electronic sensitization of all library

materials to detect unauthorized

removals.

Encrypt sensitive data transmissions.

Sabotage

Physical destruction of hardware or

software.

Terminated employees immediately

denied access to all computer

equipment and information to prevent

them from destroying or altering

equipment or files.

Maintain backup files at secure off-site

locations.

Theft of

computer

time

Unauthorized use of a company’s

computer for personal or outside

business activities. This can result

in the computer being fully utilized

and lead to unnecessary computer

capacity upgrades.

Assigning blocks of time to processing

jobs and using the operating system to

block out the user once the allocated

time is exhausted. Any additional time

would require special authorization.

5.4 Environmental, institutional, or individual pressures and opportune situations, which

are present to some degree in all companies, motivate individuals and companies to

a. Identify two company pressures that would increase the likelihood of fraudulent

financial reporting.

b. Identify three corporate opportunities that make fraud easier to commit and

detection less likely.

c. For each of the following, identify the external environmental factors that should

be considered in assessing the risk of fraudulent financial reporting.

• The company’s industry

• The company’s business environment

• The company’s legal and regulatory environment

d. What can top management do to reduce the possibility of fraudulent financial

reporting?

5.5 For each of the following independent cases of employee fraud, recommend how to

prevent similar problems in the future. Adapted from the CMA Examination

a. Abnormal inventory shrinkage in the audiovisual department at a retail chain

store led internal auditors to conduct an in-depth audit of the department. They

learned that one customer frequently bought large numbers of small electronic

components from a certain cashier. The auditors discovered that they had

colluded to steal electronic components by not recording the sale of items the

customer took from the store.

b. During an unannounced audit, auditors discovered a payroll fraud when they

distributed paychecks instead of department supervisors. When the auditors

investigated an unclaimed paycheck, they discovered that the employee quit four

months previously after arguing with the supervisor. The supervisor continued to

turn in a time card for the employee and pocketed his check.

c. Auditors discovered an accounts payable clerk who made copies of supporting

documents and used them to support duplicate supplier payments. The clerk

deposited the duplicate checks in a bank account she had opened using a name

similar to the supplier’s.

5.6 An auditor found that Rent-A-Wreck management does not always comply with its

stated policy that sealed bids be used to sell obsolete cars. Records indicated that

several vehicles with recent major repairs were sold at negotiated prices.

Management vigorously assured the auditor that performing limited repairs and

negotiating with knowledgeable buyers resulted in better sales prices than the sealed–

bid procedures. Further investigation revealed that the vehicles were sold to

employees at prices well below market value. Three managers and five other

employees pleaded guilty to criminal charges and made restitution.

Adapted from the CIA Examination

a. List the fraud symptoms that should have aroused the auditor’s suspicion.

b. What audit procedures would show that fraud had in fact occurred?

5.7 A bank auditor met with the senior operations manager to discuss a customer’s

complaint that an auto loan payment was not credited on time. The customer said the

payment was made on May 5, its due date, at a teller’s window using a check drawn

on an account in the bank. On May 10, when the customer called for a loan pay-off

balance so he could sell the car, he learned that the payment had not been credited to

the loan. On May 12, the customer went to the bank to inquire about the payment

and meet with the manager. The manager said the payment had been made on May

11. The customer was satisfied because no late charge would have been assessed until

May 15. The manager asked whether the auditor was comfortable with this situation.

The auditor located the customer’s paid check and found that it had cleared on May

5. The auditor traced the item back through the computer records and found that

the teller had processed the check as being cashed. The auditor traced the payment

through the entry records of May 11 and found that the payment had been made with

cash instead of a check.

What type of embezzlement scheme is this, and how does it work?

Adapted from the CIA Examination

The circumstances are symptomatic of lapping, which is a common form of embezzlement

by lower-level employees in positions that handle cash receipts.

5.8 An accountant with the Atlanta Olympic Games was charged with embezzling over

$60,000 to purchase a Mercedes-Benz and to invest in a certificate of deposit. Police alleged

that he created fictitious invoices from two companies that had contracts with the Olympic

Committee: International Protection Consulting and Languages Services. He then wrote

checks to pay the fictitious invoices and deposited them into a bank account he had opened

under the name of one of the companies. When he was apprehended, he cooperated with

police to the extent of telling them of the bogus bank account and the purchase of the

Mercedes-Benz and the CD. The accountant was a recent honors graduate from a

respected university who, supervisors stated, was a very trusted and loyal employee.

a. How does the accountant fit the profile of a fraudster?

The accountant fit the fraud profile in that he was

How does he not fit the profile?

b. What fraud scheme did he use to perpetrate his fraud?

c. What controls could have prevented his fraud?

d. What controls could have detected his fraud?