Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Accounting Information Systems
CHAPTER 5
COMPUTER FRAUD
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
5.1 Do you agree that the most effective way to obtain adequate system security is to rely
on the integrity of company employees? Why or why not? Does this seem ironic?
What should a company do to ensure the integrity of its employees?
The statement is ironic because employees represent both the greatest control strength and
the greatest control weakness. Honest, skilled employees are the most effective fraud
Employers can do the following to maintain the integrity of their employees. (NOTE:
Answers are introduced in this chapter and covered in more depth in Chapter 7)
• Human Resource Policies. Implement human resource policies for hiring,
compensating, evaluating, counseling, promoting, and discharging employees that send
messages about the required level of ethical behavior and integrity
• Managing Disgruntled Employees: Some employees who commit a fraud are
disgruntled and they are seeking revenge or "justice" for some wrong that they perceive
has been done to them. Companies should have procedures for identifying these
individuals and helping them resolve their feelings or removing them from jobs that
allow them access to the system. One way to avoid disgruntled employees is to provide
grievance channels that allow employees to talk to someone outside the normal chain of
command about their grievances.
Ch. 5: Computer Fraud
5.2 You are the president of a multinational company where an executive confessed to
kiting $100,000. What is kiting and what can your company do to prevent it? How
would you respond to the confession? What issues must you consider before pressing
charges?
In a kiting scheme, cash is created using the lag between the time a check is deposited and
the time it clears the bank. Suppose a fraud perpetrator opens accounts in banks A, B, and
C. The perpetrator “creates” cash by depositing a $1,000 check from bank B in bank C and
When the employee confesses, the company should immediately investigate the fraud and
determine the actual losses. Employees often "underconfess" the amount they have taken.
When the investigation is complete, the company should determine what controls could be
added to the system to deter similar frauds and to detect them if they do occur.
Employers should consider the following issues before pressing charges:
• How will prosecuting the case impact the future success of the business?
Accounting Information Systems
5.3 Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every
foolproof system, there is a method for beating it.” Do you believe a completely
secure computer system is possible? Explain. If internal controls are less than 100%
effective, why should they be employed at all?
The old saying "where there is a will, there is a way" applies to committing fraud and to
breaking into a computer system. It is possible to institute sufficient controls in a system so
that it is very difficult to perpetrate the fraud or break into the computer system, but most
If there were a way to make a foolproof system, it would be highly likely that it would be
too cost prohibitive to employ.
Though internal controls can't eliminate all system threats, controls can:
• Reduce threats caused by employee negligence or error. Such threats are often more
financially devastating than intentional acts.
Ch. 5: Computer Fraud
5.4 Revlon hired Logisticon to install a real-time invoice and inventory processing system.
Seven months later, when the system crashed, Revlon blamed the Logisticon
programming bugs they discovered and withheld payment on the contract.
Logisticon contended that the software was fine and that it was the hardware that was
faulty. When Revlon again refused payment, Logisticon repossessed the software
using a telephone dial-in feature to disable the software and render the system
unusable. After a three-day standoff, Logisticon reactivated the system. Revlon sued
Logisticon, charging them with trespassing, breach of contract, and misappropriation
of trade secrets (Revlon passwords). Logisticon countersued for breach of contract.
The companies settled out of court.
Would Logisticon’s actions be classified as sabotage or repossession? Why? Would
you find the company guilty of committing a computer crime? Be prepared to defend
your position to the class.
This problem has no clear answer. By strict definition, the actions of Logisticon in halting
the software represented trespassing and an invasion of privacy. Some states recognize
trespassing as a breach of the peace, thereby making Logisticon's actions illegal.
Accounting Information Systems
5.5 Because improved computer security measures sometimes create a new set of
problems—user antagonism, sluggish response time, and hampered performance—
some people believe the most effective computer security is educating users about
good moral conduct. Richard Stallman, a computer activist, believes software
licensing is antisocial because it prohibits the growth of technology by keeping
information away from the neighbors. He believes high school and college students
should have unlimited access to computers without security measures so that they can
learn constructive and civilized behavior. He states that a protected system is a puzzle
and, because it is human nature to solve puzzles, eliminating computer security so
that there is no temptation to break in would reduce hacking.
Do you agree that software licensing is antisocial? Is ethical teaching the solution to
computer security problems? Would the removal of computer security measures
reduce the incidence of computer fraud? Why or why not?
Answers will vary. Students should consider the following conflicting concepts:
Software licensing encourages the development of new ideas by protecting the efforts of
businesses seeking to develop new software products that will provide them with a profit
and/or a competitive advantage in the marketplace. This point is supported by the
following ideas:
• The prospect of a financial reward is the primary incentive for companies to expend
the time and money to develop new technologies.
The only way to foster new ideas is to make information and software available to all
people. The most creative ideas are developed when individuals are free to use all
available resources (such as software and information).
Ch. 5: Computer Fraud
Accounting Information Systems
SUGGESTED ANSWERS TO THE PROBLEMS
5.1 You were asked to investigate extremely high, unexplained merchandise shortages at
a department store chain. Classify each of the five situations as a fraudulent act, an
indicator of fraud, or an event unrelated to the investigation. Justify your answers.
Adapted from the CIA Examination
a. The receiving department supervisor owns and operates a boutique carrying
many of the same labels as the chain store. The general manager is unaware of
the ownership interest.
This is an indication of possible fraud. This conflict of interest is a fraud symptom
b. The receiving supervisor signs receiving reports showing that the total quantity
shipped by a supplier was received and then diverts 5% to 10% of each
shipment to the boutique.
This is a fraudulent act because there is a theft accompanied by:
1. A false statement, representation, or disclosure (signing the receiving report)
c. The store is unaware of the short shipments because the receiving report
accompanying the merchandise to the sales areas shows that everything was
received.
This is a weakness in internal control. Sales personnel should count the goods
d. Accounts Payable paid vendors for the total quantity shown on the receiving
report.
Ch. 5: Computer Fraud
Proper internal control says that Accounts Payable should match the vendor’s invoice
to both the purchase order and the receiving report. Because this matching would not
e. Based on the receiving department supervisor’s instructions, quantities on the
receiving reports were not counted by sales personnel.
This is the same internal control weakness described in part c. The receiving
department supervisor gave those instructions to facilitate his or her fraud
Accounting Information Systems
5.2 A client heard through its hot line that John, the purchases journal clerk, periodically
enters fictitious acquisitions. After John creates a fictitious purchase, he notifies
Alice, the accounts payable ledger clerk, so she can enter them in her ledger. When
the payables are processed, the payment is mailed to the nonexistent supplier’s
address, a post office box rented by John. John deposits the check in an account he
opened in the nonexistent supplier’s name. Adapted from the CIA Examination.
a. Define fraud, fraud deterrence, fraud detection, and fraud investigation.
Fraud is gaining an unfair advantage over another person. Legally, for an act to be
fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to act
b. List four personal (as opposed to organizational) fraud symptoms, or red-flags,
that indicate the possibility of fraud. Do not confine your answer to this example.
• High personal debts or significant financial or investment losses.
• Expensive lifestyle; living beyond your means.
Ch. 5: Computer Fraud
• Regular borrowing from fellow employees.
• Personal checks returned for insufficient funds.
c. List two procedures you could follow to uncover John’s fraudulent behavior.
1. Inspecting the documentation supporting the release of a check to a vendor.
2. Tracing all payments back to the supporting documentation. The receiving
department would have no record of the receipt of the goods. The purchasing
Accounting Information Systems
5.3 The computer frauds that are publicly revealed represent only the tip of the iceberg.
Although many people perceive that the major threat to computer security is
external, the more dangerous threats come from insiders. Management must
recognize these problems and develop and enforce security programs to deal with the
many types of computer fraud.
Explain how each of the following six types of fraud is committed. Using the format
provided, also identify a different method of protection for each and describe how it
works Adapted from the CMA Examination.
Type of
Fraud
Explanation
Identification and Description of
Protection Methods
Input
manipulation
This requires the least amount of
technical skill and little
knowledge of how the computers
operate.
Documentation and Authorization
− Data input format authorized and
properly documented.
− Control over blank documents.
Program
alteration
Program alteration requires
programming skills and
knowledge of the program.
Program coding is revised for
fraudulent purposes. For
example:
Programmers should not be allowed to
make changes to actual production
source programs and data files.
Segregation of Duties
− Programmers should not have access to
production programs or data files.
Ch. 5: Computer Fraud
File
alteration
Defrauder revises specific data or
manipulates data files. For example:
Restrict Access to Equipment/Files
− Restrict access to computer center.
Data theft
Smuggling out data on:
- Hard copies of reports/files.
- Magnetic devices in briefcases,
employees' pockets, etc.
Tap or intercept data transmitted by
data communication lines
Electronic sensitization of all library
materials to detect unauthorized
removals.
Encrypt sensitive data transmissions.
Sabotage
Physical destruction of hardware or
software.
Terminated employees immediately
denied access to all computer
equipment and information to prevent
them from destroying or altering
equipment or files.
Accounting Information Systems
5.4 Environmental, institutional, or individual pressures and opportune situations, which
are present to some degree in all companies, motivate individuals and companies to
engage in fraudulent financial reporting. Fraud prevention and detection require that
pressures and opportunities be identified and evaluated in terms of the risks they pose
to a company. Adapted from the CMA Examination.
a. Identify two company pressures that would increase the likelihood of fraudulent
financial reporting.
• Sudden deceases in revenue or market share
• Financial pressure from bonus plans that depend on short-term economic
performance
b. Identify three corporate opportunities that make fraud easier to commit and
detection less likely.
• Weak or nonexistent internal controls
• Failure to enforce/monitor internal controls
• Management not involved in control system or overriding controls
Ch. 5: Computer Fraud
• No independent checks on performance or infrequent third-party reviews
The list show here can be augmented by the items in Table 5-4 listed in the Other
Factors column.
c. For each of the following, identify the external environmental factors that should
be considered in assessing the risk of fraudulent financial reporting
• The company’s industry
o Specific industry trends such as overall demand for the industry's products,
• The company’s business environment
o The continued viability of the company's products in the marketplace.
o Sensitivity of the company's operations and profits to economic and political
factors.
• The company’s legal and regulatory environment
o The status of the company's business licenses or agreements, especially in
d. What can top management do to reduce the possibility of fraudulent financial
reporting?
• Set the proper tone to establish a corporate environment contributing to the
integrity of the financial reporting process.
Ch. 5: Computer Fraud
5.5 For each of the following independent cases of employee fraud, recommend how to
prevent similar problems in the future. Adapted from the CMA Examination
a. Due to abnormal inventory shrinkage in the audiovisual department at a retail
chain store, internal auditors conducted an in-depth audit of the department.
They learned that a customer frequently bought large numbers of small electronic
components from a certain cashier. The auditors discovered that they had
colluded to steal electronic components by not recording the sale of items the
customer took from the store.
While collusion is difficult to prevent, the store could improve its control system by:
• Implementing job rotation so that the same employees are not always performing
the same duties.
b. During an unannounced audit, auditors discovered a payroll fraud when they
distributed paychecks instead of department supervisors. When the auditors
investigated an unclaimed paycheck, they discovered that the employee quit four
months previously after arguing with the supervisor. The supervisor continued to
turn in a time card for the employee and pocketed his check.
The payroll fraud could be prevented with better internal controls, including:
• Separation of duties. A supervisor with the authority to approve time cards should
not be allowed to distribute paychecks. An individual with no other payroll-related
c. Auditors discovered an accounts payable clerk who made copies of supporting
documents and used them to support duplicate supplier payments. The clerk
deposited the duplicate checks in a bank account she had opened using a name
similar to the supplier’s.
The accounts payable fraud could be prevented with better internal controls, including:
Accounting Information Systems
• Implement and enforce a policy that prohibits the payment of invoices based on
copies of supporting documents.
Ch. 5: Computer Fraud
5.6 An auditor found that Rent-A-Wreck management does not always comply with its
stated policy that sealed bids be used to sell obsolete cars. Records indicated that
several vehicles with recent major repairs were sold at negotiated prices.
Management vigorously assured the auditor that performing limited repairs and
negotiating with knowledgeable buyers resulted in better sales prices than the sealed-
bid procedures. Further investigation revealed that the vehicles were sold to
employees at prices well below market value. Three managers and five other
employees pleaded guilty to criminal charges and made restitution. Adapted
from the CIA Examination
a. List the fraud symptoms that should have aroused the auditor’s suspicion.
• Failure to follow the established policy of requiring sealed bids to dispose of
vehicles being salvaged.
b. What audit procedures would show that fraud had in fact occurred.
• Review thoroughly the sales documentation that identifies the people who bought
the vehicles at negotiated prices, including comparing the buyers to a list of
company employees.
