Running head: COMPUTER RISKS
1
The Risks of Using Computers in Accounting
Whitney Milford
MACC541 – Accounting Systems and Analysis
September 21, 2013
Professor Bill Sawatski
Southwestern College Professional Studies
COMPUTER RISKS
2
Abstract
The purpose of this paper is to discuss the risks of doing business on computers and what
can be done to prevent theft and fraud. Computers are becoming a necessity in businesses all
across the world. With the growth in computer use, the number of computer crimes is also
growing. Hackers are getting smarter in the ways that they can get into a company’s computer
system to download and steal information. They use this information to make false documents
and purchases. The company may not catch the attack until after several purchases have been
made and billions of dollars are stolen every year because of this. Not all computer crimes come
from an outside source; sometimes the crime is taking place right under the company’s nose. An
employee can set up false information in the accounting information system and send money to
false accounts that they can pick up later to deposit in their own accounts. This can be hard to
catch without levels of management set up or without the proper supervision. Authorized
transactions and separation of duties need to be in place in order to avoid being a victim of
computer fraud.
COMPUTER RISKS
3
The Risks of Using Computers in Accounting
Computers have become a major part of everyday life for almost all businesses in the
world. Over time, technology has grown to make work easier by making computers more and
more advanced in what they can accomplish. In order for these computers to accomplish the
work that they do, they have to have data input telling them the necessary information needed to
complete the job. For accounting information systems, this data is confidential and could be
detrimental to a company if it were to get in the wrong hands. It is important for companies to
have virus protection on their computers and strong passwords to try and avoid leaking any
private information. There are many ways that people break into a company’s computer system
by committing computer fraud and having poor ethical values. The best way to prevent fraud is
by “taking immediate and vigorous action if fraud is detected. [This] is not only necessary to
prevent future losses but also helps deter other frauds” (ACPO - Fraud Prevention). There are
some controls that can be put in to place to try to prevent computer fraud from occurring but
there is always the chance of fraud taking place.
Computer Crime and Fraud
Computer crime or computer fraud is committed when “someone manipulates a computer
or computer data, by whatever method, to dishonestly obtain money, property, or some other
advantage-or cause significant loss” (Simkin, Rose, & Norman, 2012, p. 343). Computers are
being broken into every day including laptops, home computers, and offices. By hacking into
computers, criminals can find all sorts of personal information that can be used to commit fraud.
They can find passwords to bank accounts and other important web sites. If purchases are made
COMPUTER RISKS
4
online using a credit card, they are able to find the card number and can use it whenever they
want. Because of these types of attacks “billions of dollars are lost every year” (FBI — Cyber
Crime). There are many ways that computer crimes can take place that range in severity.
Examples of Computer Crimes
The most common types of computer crimes or fraud that take place in the financial field
are fraudulent financial reporting and misappropriation of assets. One would think that most
computer crimes come from an outside source. Many times, though, the crime is being
committed from within the company itself. These two types of fraud are prime examples.
Fraudulent financial reporting takes place when someone in management or a higher-ranking
position falsely records data to misdirect investors, accountants, auditors, and other people
looking at the company’s books (Simkin et al, 344). By misrepresenting the company’s financial
information, investors might make decisions that they wouldn’t have otherwise and whoever
committed the fraud is probably making money off of the transactions.
Misappropriation of assets is similar to fraudulent financial reporting. Some examples of
misappropriation are “skimming, larceny, payroll tampering, and check tampering” (Simkin et
al, 344). All these things are usually committed by someone that works for the company. The
accounts payable clerk could set up a false vendor and have false invoices created for that
vendor. When it comes time to pay the bills, the check would be written and then sent to a fake
address where the employee would go to pick it up. The same could be done with creating a fake
employee and having the paycheck sent to the false address.
COMPUTER RISKS
5
Other types of computer crimes include phishing or hacking. Unlike fraudulent financial
reporting and misappropriation of assets, these types of crimes aren’t restricted to the financial
field and can take place on any computer at any time. When someone commits the crime of
phishing, an email or a pop-up link is sent to a computer and tricks the recipient into sending
money or buying something when there really isn’t anything to buy. When hacking into
someone’s computer, the hacker is breaking in and illegally obtaining private information that
could result in identity theft and fraudulent purchases (Cyber Crime | What is CyberCrime &
Types of Cyber Crime). These two types of computer crime are very common and are sometimes
hard to prevent.
Preventing Computer Crime and Fraud
With all the different types of computer crimes and ways of committing them it is hard to
find a system that will block everything; although, there are some precautions that can be put in
place to help deter computer fraud. One of the smaller controls that can be set up is to have a
secure network that is password protected (Cyber Crime | What is CyberCrime & Types of Cyber
Crime). This will slow down computer hackers and might send out a red flag if any suspicious
activity takes place. Another small way to prevent being a victim of a computer crime is to limit
the amount of personal information you give out publicly (FBI — Cyber Crime). The more
information that is readily available for a computer criminal, the easier it will be for them to
commit fraud. This is much harder to do if the fraud is being committed by someone within the
company and other controls will have to be set up.
COMPUTER RISKS
6
One of the best ways of preventing fraud that is taking place within a company is having
separation of duties. If an employee is taking care of multiple jobs within the company it makes
it much easier for them to cover up their crime. If the duties were separated out, someone would
be more likely to catch the fraud down the line before the final transaction takes place. The
writer of ACPO – Fraud Prevention outlines the objectives of individuals within a company that
will help in reducing fraud, these include:
“[A] clear definition of the responsibilities of individuals for
resources, activities, objectives and targets. This includes defining
levels of authority. This is a preventive measure which sets a limit
on the amounts which may be authorized by individual officers. To
be effective, checks need to be made to ensure that transactions
have been properly authorized;
Establishing clear reporting lines and the most effective spans of
command to allow adequate supervision;
Separation of duties to avoid opportunities for abuse. This is also
largely a preventive measure which ensures that the key functions
and controls over a process are not all carried out by the same
member of staff, e.g. ordering goods should be kept separate from
receipt of goods; similarly authorization and payment of invoices;
and
Avoiding undue reliance on any one individual”
If these measures are followed, the chance of fraud taking place would be greatly reduced. The
different levels of the company would be monitored and only authorized transactions would take
place. Creating a false vendor or a false employee, like in the example provided earlier, would
not occur because the information would have to be approved before it was entered into the
system.
COMPUTER RISKS
7
Conclusion
Computer crimes happen every day and are basically inevitable. These crimes can occur
at any time from an outside source or even from within the company. Hackers can get into the
system and download private information that they can use to make fraudulent purchases. Top
management or anyone who works with the financial books can “cook the books” to make them
look better or to hide fraudulent activity. This hurts investors and makes the company look like
they are doing better than they actually are. In the years to follow, the company will have to
continue to cook the books to stay ahead of where they were the year before. Employees are also
able to commit fraud against the company by setting up fake records and having money sent out
to those accounts. The best way to prevent these things from happening is to have different levels
of authority and to be constantly monitoring what is going in and out of the company. By doing
this, there is less chance that money is being pushed around behind the scenes.
COMPUTER RISKS
8
References
ACPO - Fraud Prevention. (n.d.). ACPO - Fraud Prevention. Retrieved September 18, 2013,
from http://www.fraud-stoppers.info/prevention/businesses.html.
Cyber Crime | What is CyberCrime & Types of Cyber Crime. (n.d.). Crime Stoppers | Prevent
and Stop Crime in Your Neighborhood. Retrieved September 18, 2013, from
http://www.c-s-i.org/cyber-crime/.
FBI — Cyber Crime. (n.d.). FBI — Homepage. Retrieved September 18, 2013, from
http://www.fbi.gov/about-us/investigate/cyber.
Simkin, Mark G., Rose, Jacob M., & Norman, Carolyn S. (2012). Core concepts of accounting
information systems (12th ed.). Hoboken, New Jersey: John Wiley & Sons, Inc.