Chapter 5 Computer Fraud
There are four types of AIS threat a company faces, these are the following:
1. Natural and political disasters such as fire, floods, war and attack by terrorist
2. Software errors and equipment malfunctions like hard- or software failure, errors or bugs
3. Unintentional acts such as logic errors, accidents, innocent errors or omissions
4. Intentional acts such as sabotage, financial statement fraud or corruption, this can be done by
using cookies, these are text files which store information about who the user is and what the user
has done on the site.
Introduction to fraud:
Fraud is gaining an unfair advantage over another person, legally there has to be; (1) a false
statement; (2) a material fact; (3) an intent to deceive; (4) a justifiable reliance; (5) An injury or loss
suffered by the victim. Overall fraud at the owner/executive level is overall nine times as costly as
fraud by an employee. Fraud perpetrators are often insider who know the system and the
weaknesses, they are often referred to as ‘white-collar criminals’ businesspeople who commit fraud,
which usually resort to trickery and their crimes often involves a violation of trust or confidence. Two
of the most important types of fraud are corruption which is defined as dishonest conduct by those
in power which often involves immoral or unethical standards, an example is bribery. The second
type is investment fraud, this is misrepresenting or leaving out facts in order to promote an
investment that promises low risk. The following two types of investment fraud are important to
discuss in greater depth:
Misappropriation of assets:
This is defined as theft of company assets by employees, the most significant contribution to this is
de absence of internal controls and/or failure to enforce existing internal controls. Most of the times
the perpetrator gains the trust or confidence, then uses trickery or misleading information to commit
fraud, he then conceals the fraud by falsifying information.
Fraudulent financial reporting:
This is defined as international or reckless conduct whether by act or omission that result in
materially misleading financial statements to deceive investors and creditors, increase the stock
price, meet cashflow needs or hide losses and problems. Four actions to reduce this are: (1)
establishing an environment that contributes to the integrity of the financial reporting; (2) identify
and understand factors that lead to fraud; (3) Asses the risks; (4) Design and implement internal
controls.
To prevent this the statement on auditing standards (SAS) implemented no. 99 consideration of
fraud in a financial statement audit, auditors now are required to: Understand fraud, discuss the risk
of fraudulent misstatements while planning the audit, obtain information the team gathers
evidence by looking for fraud risk factors, testing records and asking employees if they know about
fraud. Identify, asses and respond to risks, evaluate the results of the audit test the team has to
evaluate if misstatements indicate the presence of fraud and what the impact is. Finally, they have to
document and communicate their findings.
Who perpetrates fraud and why:
Some perpetrators are unhappy and seek revenge while others are trusted, hard-working employees.
Most of the computer fraud perpetrators are youngsters who possess more experience and skills,
some motivated by curiosity and other to gain stature in the hacking community. For most fraud
perpetrators all they need is an opportunity and the criminal mind-set, for most perpetrators three
,conditions are present when the fraud occurs, these are pressure, opportunity and rationalization.
These three conditions are called the fraud triangle
Pressure:
This is a person’s incentive or motivation for committing fraud, there are three main types of
pressure that lead to fraudulent behavior by employees. The first type is financial pressure, often the
perpetrator feels the pressure cannot be shared and believes fraud is the best way out of a difficult
situation. The second type is emotional pressure, many frauds are motivated by greed, others are
motivated by beating the system other people commit fraud due to some combination of greed, ego,
pride or ambition that causes them to believe that no matter how much they have, it’s never enough.
A third type of pressure is a person’s lifestyle, the person may need to fund to support a gambling
habit or support a drug or alcohol addiction.
Pressures that can lead to financial statement fraud are (1) management characteristics like
questionable ethics, aggressive earnings forecasts or failure to correct errors; (2) Industry conditions
such as a declining industry or technological changes and significant tax changes or adjustments; (3)
financial pressure; like the pressure to meet or exceed earnings expectations, heavy losses, heavy
dependence on new product lines or economic conditions.
Opportunities:
These are conditions or situations that allows a person or organization to commit and conceal a
dishonest act and convert it to a personal gain. So, an opportunity allows a perpetrator to do three
things: (1) Commit the fraud, such as, overstating assets or revenues or stealing assets; (2) conceal
the fraud to prevent detection, this often takes more time and leaves behind more efference than
the fraud itself. A way to hide the theft of cash is by lapping which is making a series of delays in
posting collections to accounts receivable, another way in by check kiting which is creating cash by
using the lag between the time a check is deposited and the time it clears the bank, there is time
between the withdrawal of the bank account and the collection of the cash, this way a fraudulent
person can create cash for a few days, when the money will be withdrawn the person deposits a new
check from another bank; (3) Convert the theft to personal gain; When perpetrators do not steal
cash they have to convert it to a spendable form.
Many opportunities are the result of a deficient systems of internal controls such as management
override of controls, managerial carelessness to details, ineffective oversight by board of directors,
no effective internal audit staff or inadequate supervisions. Most opportunities result from a
company’s failure design and enforce its internal control system. Other factors are unclear policies
and procedures, fails to teach and stress corporate honesty and fails to prosecute those who
perpetrate fraud.
Rationalizations:
This is the excuse that fraud perpetrators use to justify their illegal behavior, this can take the form of
a justification, an attitude or a lack of personal integrity. In other words, perpetrators rationalize that
they are not being dishonest, that honesty is not required of them, or that they take more than
honesty and integrity. Some perpetrators rationalize that they are not hurting a real person, but a
faceless and nameless computer system or an impersonal company that will not miss the money.
Fraud occurs have high pressures; an opportunity to commit, conceal and convert; and the ability to
rationalize away their personal integrity. Fraud is less likely to occur when people have few
pressures, little opportunity and high personal integrity. Likewise, fraud can be prevented by
, eliminating one or more fraud triangle elements, the greatest opportunity to prevent fraud lies in
reducing by implementing a good system of internal controls.
