Page 1 of 23
CHAPTER 5
COMPUTER FRAUD
Instructors Manual
Learning Objectives:
1. Explain the threats faced by modern information systems.
3. Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present
in most frauds.
5. Explain how to prevent and detect computer fraud and abuse.
Jason anticipated the following questions that management was going to
ask:
1. What constitutes a fraud, and is the withholding problem a fraud?
2. How was the fraud perpetrated? What motivated Don to commit it?
Introduction
Our society has become increasingly dependent on accounting information
systems.
As system complexity and our dependence on systems increase, companies
face the growing risk of their systems being compromised.
A recent survey disclosed that
1. 67 percent of companies had a security breach
The four types of threats a company faces are explained in Table 5-1 on
page 122.
Page 2 of 23
AIS Threats
Four Types of Systems Threats:
1. Natural and political disasters
3. Unintentional acts
1. Natural and political disasters
Fires, excessive heat, floods, earthquakes, high winds,
war, and attacks by terrorists
World Trade Center in New York City
2. Software Errors and Equipment Malfunctions
Losses due to software bugs are at almost $60 billion a
year.
More than 60 percent of the companies studied had
significant software errors in the previous year. For
example,
Learning Objective One
Explain the threats faced by modern information
systems.
Page 3 of 23
3. Unintentional Acts
The Computing Technology Industry Association estimates
that human errors cause 80 percent of security problems.
Forrester Research estimates that employees unintentionally
create legal, regulatory, or financial risks in 25 percent
of their outbound e-mails.
Programmers make logic errors. Examples include the
following:
An error in a Fannie Mae spreadsheet resulted in a
$1.2 billion misstatement of its earnings.
UPS lost a cardboard box with computer tapes
containing information, such as names, Social
Security numbers, account numbers, and payment
histories on 3.9 million Citigroup customers.
Note to Instructor: The following example is not in the 11th
edition of this book. However, it was in the 10th edition of
the book.
A data entry clerk at Giant Food mistake in quarterly
4. Intentional Acts (Computer Crimes)
The most frequent type of computer crime is fraud. This is
where the intent is to steal something of value.
Page 4 of 23
The threat can also be in the form of sabotage, in which
the intent is to destroy or harm a system or some of its
components.
A cookie is data that Websites store on your
computer. The cookie identifies the Websites to your
computer and identifies you to the Website so you do
not have to log on each time you visit the site.
At OpenTable, the customer number stored in the
cookie was very easy to change.
Multiple Choice 1
Operating system crashes is an example of:
a. natural and political disasters
b. intentional acts
c. unintentional acts
INTRODUCTION TO FRAUD
Fraud is any and all means a person uses to gain an unfair
advantage over another person. Legally, for an act to be
considered fraudulent there must be:
1. A false statement, representation, or disclosure
Page 5 of 23
3. An intent to deceive
Attempts to Estimate the Staggering Losses from Fraud:
1. The Association of Certified Fraud Examiners estimates
total fraud losses in the United States to be about $660
billion a year.
75 to 90 percent of all computer crimes are perpetrated by
insiders.
Fraud perpetrators are also referred to as white-collar
criminals.
Statement on Auditing Standards (SAS) No. 99:
Fraud takes two forms
1. Misappropriation of assets and
Misappropriation of Assets
Misappropriation of assets is often referred to as employee
fraud
A typical employee fraud has a number of important elements
or characteristics:
2. Instead of a weapon or physical force to commit a
3. They hide their tracks by falsifying records or other
information.
Page 6 of 23
5. Fraud perpetrators spend their ill-gotten gains,
usually on an extravagant lifestyle. Rarely do they
save or invest the money they take. Some of these
high cost luxurious items include big homes, fancy
cars, gambling, or just a big spender type person.
6. Many perpetrators that become greedy not only start
7. As previously mentioned, perpetrators at some point
8. The fraud perpetrator cannot get away with stealing
9. The most significant contributing factors in most
employee frauds are the absence of internal controls
or failure to enforce existing internal controls.
Fraudulent Financial Reporting
The Treadway Commission defined fraudulent financial
reporting as intentional or reckless conduct, whether by
act or omission, that results in materially misleading
financial statements.
The Treadway Commission studied 450 lawsuits against
auditors and found undetected fraud to be a factor in
half of them.
Page 7 of 23
1. Establish an organizational environment that
contributes to the integrity of the financial
reporting process.
3. Assess the risk of fraudulent financial reporting
within the company.
SAS No. 99: The Auditor’s Responsibility to Detect Fraud
SAS No. 99 requires auditors to:
1. Understand fraud.
4. Identify, assess, and respond to risks.
5. Evaluate the results of their audit tests.
Multiple Choice 2
The Association of Certified Fraud Examiners estimates total fraud
losses in the United States to be more than
a. $350 billion a year
Multiple Choice 3
Which of the following statements is FALSE?
a. For an act to be fraudulent there must be a false statement,
representation, or disclosure.
Page 8 of 23
b. Fraud perpetrators are often referred to as management fraud.
c. Misappropriation of assets is often referred to as employee
fraud.
Who Perpetrates Fraud and Why It Occurs
Perpetrators of computer fraud tend to be younger and possess
more computer knowledge, experience, and skills.
Most have no previous criminal record.
Research shows that three conditions are necessary for fraud to
occur: a pressure, an opportunity, and a rationalization. This is
referred to as the fraud triangle and is shown as the middle
triangle in Figure 5-1 on page 127.
Pressures
A pressure is a person’s incentive or motivation for
Opportunities
As shown in the opportunity triangle in Figure 5-1 on page
127, opportunity is the condition or situation that allows
a person or organization to do three things:
1. Commit the fraud
Most fraudulent financial reporting consists of the
2. Conceal the fraud
Page 9 of 23
Another way to hide a decrease in assets is by
lapping. In a lapping scheme, the perpetrator steals
the cash or check that customer A mails in to pay its
accounts receivable. Funds received at a later date
from customer B are used to pay off customer A’s
balance. Funds from customer C are used to pay off
customer B, and so forth.
Note to Instructor: Because most banks would require you to
deposit some money to start a checking account, an initial
deposit of $100 in each bank was included above. In addition, the
charts below provide a somewhat picture explanation of the above
kiting scheme. The chart below uses dates, balances, and NSF due
dates.
Rationalizations
Rationalization allows perpetrators to justify their illegal
behavior.
A list of some of the rationalizations people use:
1. I am only “borrowing” the money (or asset) and will
repay my “loan.”
4. It was for a good cause (the Robin Hood syndrome,
robbing from the rich to give to the poor).
5. I occupy a very important position of trust. I am
above the rules.
Multiple Choice 4
The three conditions that are present when fraud occurs includes:
a. attitude
b. opportunity
Multiple Choice 5
The pressures that can lead to employee fraud include
a. fear of losing job
Multiple Choice 6
Internal control factors that provide an opportunity for employee and
financial statement fraud includes
a. incompetent personnel
b. operating on a crisis basis