COMPUTER FRAUD: CHALLENGES TO ACCOUNTANTS,
INTERNAL AUDITORS AND CASHIERS
1.1
INTRODUCTION
It is increasingly becoming a reality that organisations no matter their size
and orientation cannot avoid utilising computer systems for data storing,
analysis, and retrieval. This is more important when the reality of internet
and globalisation of the world community is put into focus. Despite the
benefits of computers and information technology, there is a growing
concern on how to ensure security and protection of data which can be used
in perpetrating fraudulent activities against organisations.
This paper
describes the fraud process. It also explores the reasons that fraud occurs.
The paper also describes the approaches to computer fraud and the specific
techniques used to commit it. Finally, several methods to deter and detect
fraud are analysed.
1.2
OBJECTIVES OF THE PAPER
 Understand what fraud is and the process one follows to perpetuate a
fraud.
 Identify conditions indicative of fraud
 Discuss why fraud occurs, including the pressures, opportunities, and
rationalizations that are present in most frauds.
 Compare and contrast the approaches and techniques that are used to
commit computer fraud.
 Describe how to deter and detect computer fraud.
1.3
MEANING OF FRAUD AND THE FRAUD PROCESS
Fraud may be defined as deceitfulness. That is criminal deception and using
false representation to obtain unjust advantage. It can also be defined as the
intentional use of deception, trickery or distortion of truth to induce another
to part with some valuable thing belonging to him. These definitions cover
fraud in such area as petty theft, pilfering, extortion, forgery, embezzlement,
419, kickback, direct stealing, over invoicing, inflation of contracts, overstatement of profits
Most frauds involve three steps: the theft of something; the conversion to
cash; and the concealment. The common way to hide a theft is to charge the
stolen item to an expense account. A payroll example is to add a fictitious
name to the company’s payroll (ghost worker), over-casting of gross and net
columns of wages sheets, statutory deductions not handed over to the
relevant statutory authority or unclaimed wages. In a lapping scheme, the
perpetrator steals cash received from customer A to pay its accounts
receivable. Funds received at a later date from customer B are used to pay
off customer A balance, etc.
1.4
CONDITIONS INDICATIVE OF FRAUD
There are certain conditions that are indicative of the existence of possible
fraud or scam. Some of these conditions are:
 Unsatisfactory explanations to probing questions
 Unaccounted for vouchers or sensitive documents
 Evidence of falsified documents
 Figures, trends or results which do not fall within expectations
 Unexplained items in a reconciliation
 Evidence of excessive spending lifestyles of employees
 Access to all aspects of a procedural system
 Refusal of an individual to proceed on leave
 Constant overtime by a particular staff
 Where a transaction is to be kept ‘confidential
1.5
CAUSES OF FRAUD
The common characteristics of fraud perpetrators include:




Most spend their illegal income rather than invest or save it.
Once they begin the fraud, it is very hard for them to stop.
They usually begin to rely on the extra income.
Perpetrators of computer fraud tend to be younger and possess more
computer knowledge, experience, and skills.
 Some computer fraud perpetrators are more motivated by curiosity and
the challenge of “beating the system.”
 Others commit fraud to gain stature among others in the computer
community.
It should be noted that three conditions are necessary for fraud to occur: a
pressure or motive; an opportunity; and a rationalization.
These are
described further.
Pressures
Financial pressures





living beyond means
high personal debt
“inadequate” income
heavy financial losses
large gambling debts
Work-related pressures




poor motivation and remuneration of staff
non-recognition of performance
job dissatisfaction
improper recruitment policy; understaffing,
unqualified staff
 fear of losing job
inexperienced
and
Other pressures





challenge
family/peer pressure
emotional instability
need for power or control
excessive pride or ambition
Opportunities
An opportunity is the condition or situation that allows a person to commit
and conceal a dishonest act. Opportunities often stem from a lack of internal
controls. However, the most prevalent opportunity for fraud results from an
organisation’s failure to enforce its system of internal controls.
Rationalizations
Most perpetrators have an excuse or a rationalization that allows them to
justify their illegal behaviour. Some rationalizations include:
 The perpetrator is just “borrowing” the stolen assets.
 The perpetrator is not hurting a real person, just a computer system.
Other causes of fraud include: failure of the Accountant or the Internal
Auditor to understand the system fully; lack of effective controls on
computer input forms; existence of an in house computer programmer with
unrestricted access to all aspects of the system.
1.6
APPROACHES AND TECHNIQUES USED IN COMMITTING
COMPUTER FRAUD
The U.S. Department of Justice defines computer fraud as any illegal act for
which knowledge of computer technology is essential for its perpetration,
investigation, or prosecution. Examples of computer fraud are:
 unauthorized use, access, modification, copying, and destruction of
software or data
 theft of money by altering computer records
 theft or destruction of computer hardware
 use or the conspiracy to use computer resources to commit a criminal act
 intent to illegally obtain information or tangible property through the use
of computers
The incidence of computer fraud has risen sharply of recent. Organizations
that track computer fraud estimate that 80% of U.S. businesses have been
victimized by at least one incident of computer fraud. However, no one
knows for sure exactly how much companies lose to computer fraud. The
reasons are not far fetched. Some of these reasons include:




There is disagreement on what computer fraud is.
Many computer frauds go undetected, or unreported.
Most networks have a low level of security.
Many Internet pages give instructions on how to perpetrate computer
crimes.
 Law enforcement is unable to keep up with fraud.
Some of the more common techniques used in committing computer fraud
are enumerated below:
















cracking
input manipulation
file alteration
data leakage
program alteration
e-mail forgery and threats
hacking
internet misinformation and terrorism
logic time bomb
masquerading or impersonation
password cracking
salami technique
software piracy
scavenging
Trojan horse
virus
 worm
1.7
HOW TO DETER AND DETECT COMPUTER FRAUD.
The following measures can decrease the potential of computer fraud in
organisations.





Make fraud less likely to occur.
Increase the difficulty of committing fraud.
Improve detection methods.
Reduce fraud losses.
Prosecute and incarcerate fraud perpetrators.
Make fraud less likely to occur:





Use proper hiring and firing practices.
Manage disgruntled employees.
Train employees in security and fraud prevention.
Manage and track software licenses.
Require signed confidentiality agreements.
Increase the difficulty of committing fraud:





Develop a strong system of internal controls.
Segregation of duties.
Require vacations and rotate duties.
Restrict access to computer equipment and data files.
Encrypt data and programs.
Improve detection methods.




Protect the system from viruses.
Control sensitive data.
Control laptop computers.
Monitor hacker information.
Reduce fraud losses:
 Maintain adequate insurance.
 Store backup copies of programs and data files in a secure, off-site
location.
 Develop a contingency plan for fraud occurrences.
 Use software to monitor system activity and recover from fraud.
In the world of internet and networking, unauthorized access is usually
gained by a "hacker" masquerading as an authorized user by means of
sophisticated packages which are able to break passwords and match login
names. Entry to an organisation’s network may also be gained via "trap
doors" which are usually left by system programmers and which can bypass
all of the security measures built into the program.
It is estimated that approximately 4,000 malicious software applications are
circulating in cyberspace, which may include, amongst others, Trojan
horses, logic bombs, and applications known as Devil Dialers, Satan, Brute
and Nutcracker.
It is essential that information security is incorporated into an organisation’s
policy and procedures and is formally documented and adhered to.
Management appear to be unaware of the vulnerability and ease of
accessibility of information by computer criminals. Some prevention
strategies may include:

A regular risk assessment on the vulnerabilities of the network

The installation of a "firewall", which restricts unauthorized access
from the Internet. Firewall software and hardware applications are
readily available in the market. There are also a number of
applications available to the forensic specialist which would function
undetected from the internal and external auditors, and which store
deleted files, monitor system administrators and are watchdogs to the
organisation’s electronic dealings.
As with the growth of malicious software applications, a number of
applications have been designed for use by computer specialists.
Traditionally, computer programmers designed packages like Norton
Utilities which retrieves undeleted files, views hidden files, indicates time
and date of access to data etc. The level of sophistication has been enhanced,
and new products on the market are:

"PC Investigator", which incorporates all the Norton Utilities
functions, and links hidden files common to one another.

"Little Brother is Watching You", features include log-in tracing, and
location activation for Web-site monitoring and networks (i.e. sites
visited, duration and user).
Despite all this most computer fraud cases go unreported and un-prosecuted
due to the following reasons:
 Many cases of computer fraud are as yet undetected.
 Companies are reluctant to report computer crimes.
 Law enforcement officials and the courts are so busy with violent crimes
that they have little time for fraud cases.
 It is difficult, costly, and time consuming to investigate.
 Many law enforcement officials, lawyers, and judges lack the computer
skills needed to investigate, prosecute, and evaluate computer crimes.
1.8
CONCLUSIONS
This paper is a modest attempt at identifying the main causes and types of
computer frauds. The paper prescribes some necessary measures to curb or
at least minimise the incidence of computer fraud in Local governments.
Admittedly, it is near impossible to stamp-out fraud in its entirety, however,
it can be minimised. The measures put forward in this paper are by no
means exhaustive but the paper it is believed serves as food for thought.