After studying this chapter, you should be able to: Explain the threats faced by modern information systems; define fraud and describe the process one follows to perpetuate a fraud; discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds;. | Computer Fraud Chapter 5 5-1 Learning Objectives Explain the threats faced by modern information systems. Define fraud and describe both the different types of fraud and the process one follows to perpetuate a fraud. Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds. Define computer fraud and discuss the different computer fraud classifications. Explain how to prevent and detect computer fraud and abuse. 5-2 Threats to AIS Natural and Political disasters Software errors and equipment malfunctions Unintentional acts Intentional acts 5-3 Fraud Any means a person uses to gain an unfair advantage over another person; includes: A false statement, representation, or disclosure A material fact, which induces a victim to act An intent to deceive Victim relied on the misrepresentation Injury or loss was suffered by the victim Fraud is white collar crime 5-4 Two Categories of Fraud Misappropriation of assets Theft of company assets which can include physical assets (., cash, inventory) and digital assets (., intellectual property such as protected trade secrets, customer data) Fraudulent financial reporting “cooking the books” ( fictitious revenue, overstating assets, etc.) 5-5 Conditions for Fraud These three conditions must be present for fraud to occur: Pressure Employee Financial Lifestyle Emotional Financial Statement Financial Management Industry conditions Opportunity to: Commit Conceal Convert to personal gain Rationalize Justify behavior Attitude that rules don’t apply Lack personal integrity 5-6 Fraud Triangle 5-7 Computer Fraud If a computer is used to commit fraud it is called computer fraud. Computer fraud is classified as: Input Processor Computer instruction Data Output 5-8 Preventing and Detecting Fraud 1. Make Fraud Less Likely to Occur Organizational Systems Create a culture of integrity Adopt structure that minimizes fraud, create governance (., Board of Directors) Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employees Communicate policies Develop security policies to guide and design specific control procedures Implement change management controls and project development acquisition controls 5-9 Preventing and Detecting Fraud 2. Make It Difficulty to Commit Organizational Systems Develop strong internal controls Segregate accounting functions Use properly designed forms Require independent checks and reconciliations of data Restrict access System authentication Implement computer controls over input, processing, storage and output of data Use encryption Fix software bugs and update systems regularly Destroy hard drives when disposing of computers 5-10 Preventing and Detecting Fraud 3. Improve Detection Organizational Systems Assess fraud risk External and internal audits Fraud hotline Audit trail of transactions through the system Install fraud detection software Monitor system activities (user and error logs, intrusion detection) 5-11 Preventing and Detecting Fraud 4. Reduce Fraud Losses Organizational Systems Insurance Business continuity and disaster recovery plan Store backup copies of program and data files in secure, off-site location Monitor system activity 5-12 Key Terms Sabotage Cookie Fraud White-collar criminals Corruption Investment fraud Misappropriation of assets Fraudulent financial reporting Pressure Opportunity rationalization Lapping Check kiting Computer fraud 5-13