Accounting
Information
Systems
9th Edition
Marshall B. Romney
Paul John Steinbart
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-1
Computer Fraud
Chapter 9
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-2
Learning Objectives
1
Understand what fraud is and the process one
follows to perpetuate a fraud.
2
Discuss why fraud occurs, including the
pressures, opportunities, and rationalizations
that are present in most frauds.
3
Compare and contrast the approaches and
techniques that are used to commit computer
fraud.
4
Describe how to deter and detect computer
fraud.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-3
Introduction
Jason Scott finished his tax return.
| Everything was in order except his
withholding amount.
| For some reason, the federal income
tax withholdings on his final paycheck
was $5 higher than on his W-2 form.
| What did he discover?
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-4
Introduction
|
|
Most of the 1,500 company employees had
a $5 discrepancy between their reported
withholdings and the actual amount
withheld.
The W-2 of Don Hawkins, one of the
programmers in charge of the payroll
system, showed that thousands of dollars
more in withholding had been reported to
the IRS than had been withheld from his
paycheck.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-5
Introduction
Jason knew that when he reported the
situation, management was going to
ask a lot a questions:
| What constitutes a fraud, and is the
withholding problem a fraud?
| If this is indeed a fraud, how was it
perpetrated?
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-6
Introduction
Why did the company not catch these
mistakes earlier?
| Was there a breakdown in controls?
| What can the company do to detect
and prevent fraud?
| Just how vulnerable are computer
systems to fraud?
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-7
Introduction
This chapter describes the fraud
process.
| It also explores the reasons that fraud
occurs.
| The chapter also describes the
approaches to computer fraud and the
specific techniques used to commit it.
| Finally, several methods to deter and
detect fraud are analyzed.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-8
Learning Objective 1
Understand what fraud
is and the process one
follows to perpetuate a
fraud.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-9
The Fraud Process
Most frauds involve three steps.
The theft of
something
The conversion
to cash
The
concealment
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-10
The Fraud Process
|
What is a common way to hide a
theft?
–
|
to charge the stolen item to an
expense account
What is a payroll example?
–
to add a fictitious name to the
company’s payroll
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-11
The Fraud Process
What is lapping?
| In a lapping scheme, the perpetrator
steals cash received from customer A
to pay its accounts receivable.
| Funds received at a later date from
customer B are used to pay off
customer A’s balance, etc.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-12
The Fraud Process
What is kiting?
In a kiting scheme, the perpetrator
covers up a theft by creating cash
through the transfer of money
between banks.
| The perpetrator deposits a check from
bank A to bank B and then withdraws
the money.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-13
The Fraud Process
|
|
|
Since there are insufficient funds in bank A
to cover the check, the perpetrator deposits
a check from bank C to bank A before his
check to bank B clears.
Since bank C also has insufficient funds,
money must be deposited to bank C before
the check to bank A clears.
The scheme continues to keep checks from
bouncing.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-14
Learning Objective 2
Discuss why fraud
occurs, including the
pressures, opportunities,
and rationalizations that
are present in most
frauds.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-15
Why Fraud Occurs
Researchers have compared the psychological and
demographic characteristics of three groups of people:
White-collar
criminals
Significant
differences
General
public
Violent
criminals
Few
differences
Why Fraud Occurs
Researchers have compared the psychological and
demographic characteristics of three groups of people:
White-collar
criminals
Significant
differences
General
public
Few
differences
Violent
criminals
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-17
Why Fraud Occurs
What are some common characteristics
of fraud perpetrators?
|
|
|
Most spend their illegal income rather than
invest or save it.
Once they begin the fraud, it is very hard for
them to stop.
They usually begin to rely on the extra income.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-18
Why Fraud Occurs
|
|
|
Perpetrators of computer fraud tend to be
younger and possess more computer
knowledge, experience, and skills.
Some computer fraud perpetrators are more
motivated by curiosity and the challenge of
“beating the system.”
Others commit fraud to gain stature among
others in the computer community.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-19
Why Fraud Occurs
|
Three conditions are necessary for
fraud to occur:
1
2
3
A pressure or motive
An opportunity
A rationalization
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-20
Pressures
|
What are some financial pressures?
–
–
–
–
–
–
living beyond means
high personal debt
“inadequate” income
poor credit ratings
heavy financial losses
large gambling debts
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-21
Pressures
|
What are some work-related
pressures?
–
–
–
–
–
low salary
nonrecognition of performance
job dissatisfaction
fear of losing job
overaggressive bonus plans
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-22
Pressures
|
What are other pressures?
–
–
–
–
–
challenge
family/peer pressure
emotional instability
need for power or control
excessive pride or ambition
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-23
Opportunities
An opportunity is the condition or
situation that allows a person to
commit and conceal a dishonest act.
| Opportunities often stem from a lack
of internal controls.
| However, the most prevalent
opportunity for fraud results from a
company’s failure to enforce its
system of internal controls.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-24
Rationalizations
Most perpetrators have an excuse or
a rationalization that allows them to
justify their illegal behavior.
| What are some rationalizations?
| The perpetrator is just “borrowing” the
stolen assets.
| The perpetrator is not hurting a real
person, just a computer system.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-25
Fraud or Honesty?
Decision determined by interaction of three forces:
White
Collar
Crime
No
White
Collar
Crime
Situational Pressures
High
Low
Opportunities
High
Low
Integrity
Low
High
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-26
Learning Objective 3
Compare and contrast
the approaches and
techniques that are
used to commit
computer fraud.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-27
Computer Fraud
|
|
The U.S. Department of Justice defines
computer fraud as any illegal act for which
knowledge of computer technology is
essential for its perpetration, investigation,
or prosecution.
What are examples of computer fraud?
–
unauthorized use, access, modification,
copying, and destruction of software or data
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-28
Computer Fraud
–
–
–
–
theft of money by altering computer
records or the theft of computer time
theft or destruction of computer
hardware
use or the conspiracy to use computer
resources to commit a felony
intent to illegally obtain information or
tangible property through the use of
computers
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-29
The Rise in Computer Fraud
Organizations that track computer
fraud estimate that 80% of U.S.
businesses have been victimized by
at least one incident of computer
fraud.
| However, no one knows for sure
exactly how much companies lose to
computer fraud.
|
z
Why?
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-30
The Rise in Computer Fraud
|
|
|
|
|
There is disagreement on what computer
fraud is.
Many computer frauds go undetected, or
unreported.
Most networks have a low level of security.
Many Internet pages give instructions on
how to perpetrate computer crimes.
Law enforcement is unable to keep up with
fraud.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-31
Computer Fraud
Classifications
Data fraud
Input
fraud
Processor fraud
Output
fraud
Computer
instruction fraud
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-32
Computer Fraud and
Abuse Techniques
What are some of the more common
techniques to commit computer fraud?
–
–
–
–
–
–
Cracking
Data diddling
Data leakage
Denial of service attack
Eavesdropping
E-mail forgery and threats
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-33
Computer Fraud and
Abuse Techniques
–
–
–
–
–
–
–
–
Hacking
Internet misinformation and terrorism
Logic time bomb
Masquerading or impersonation
Password cracking
Piggybacking
Round-down
Salami technique
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-34
Computer Fraud and
Abuse Techniques
–
–
–
–
–
–
–
–
Software piracy
Scavenging
Social engineering
Superzapping
Trap door
Trojan horse
Virus
Worm
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-35
Learning Objective 4
Describe how to deter
and detect computer
fraud.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-36
Preventing and Detecting
Computer Fraud
What are some measures that can
decrease the potential of fraud?
1
2
3
4
5
Make fraud less likely to occur.
Increase the difficulty of committing
fraud.
Improve detection methods.
Reduce fraud losses.
Prosecute and incarcerate fraud
perpetrators.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-37
Preventing and Detecting
Computer Fraud
1
Make fraud less likely to occur.
Use proper hiring and firing practices.
z Manage disgruntled employees.
z Train employees in security and fraud
prevention.
z Manage and track software licenses.
z Require signed confidentiality
agreements.
z
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-38
Preventing and Detecting
Computer Fraud
2
Increase the difficulty of committing
fraud.
Develop a strong system of internal
controls.
z Segregate duties.
z Require vacations and rotate duties.
z Restrict access to computer
equipment and data files.
z Encrypt data and programs.
z
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-39
Preventing and Detecting
Computer Fraud
3
Improve detection methods.
Protect telephone lines and the
system from viruses.
z Control sensitive data.
z Control laptop computers.
z Monitor hacker information.
z
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-40
Preventing and Detecting
Computer Fraud
4
Reduce fraud losses.
Maintain adequate insurance.
z Store backup copies of programs and
data files in a secure, off-site location.
z Develop a contingency plan for fraud
occurrences.
z Use software to monitor system
activity and recover from fraud.
z
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-41
Preventing and Detecting
Computer Fraud
5
Prosecute and incarcerate fraud
perpetrators.
z
Most fraud cases go unreported and
unprosecuted. Why?
• Many cases of computer fraud are as yet
undetected.
• Companies are reluctant to report
computer crimes.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-42
Preventing and Detecting
Computer Fraud
|
|
|
Law enforcement officials and the courts
are so busy with violent crimes that they
have little time for fraud cases.
It is difficult, costly, and time consuming to
investigate.
Many law enforcement officials, lawyers,
and judges lack the computer skills needed
to investigate, prosecute, and evaluate
computer crimes.
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-43
Case Conclusion
What did Jason present to the
president?
| A copy of his own withholding report
filed with the IRS and a printout of
withholdings from the payroll records.
| How did Jason believe the fraud was
perpetrated?
| The payroll system had undergone
some minor modifications.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-44
Case Conclusion
|
|
|
The payroll project had been completed
without the usual review by other
systems personnel.
An unusual code subtracted $5 from
most employees’ withholdings and
added it to Don’s.
What guidelines should Jason suggest
to prevent this from happening again?
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-45
Case Conclusion
Strictly enforce existing controls.
| New controls should be put into
place to detect fraud.
| Employees should be trained in
fraud awareness, security
measures, and ethical issues.
| Jason also urged the president
to prosecute the case.
|
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-46
End of Chapter 9
©2003 Prentice Hall Business Publishing,
Accounting Information Systems, 9/e, Romney/Steinbart
9-47