Term
1) natural and political
2) software errors/equipment malfunctions
3) unintentional acts
4) intentional acts |
|
Definition
| what are the 4 types of threats to an AIS? |
|
|
Term
| natural/political threats |
|
Definition
| fire, floods, earthquakes, hurricanes, war & terrorist attacks |
|
|
Term
| software errors/equipment malfunctions |
|
Definition
• Hardware or software failure
• Bugs or software errors
• System crashes
• Power outages and fluctuations
• Undetected data transmission |
|
|
Term
|
Definition
• Human errors
• Innocent errors or omissions
• Logic errors
• Systems don’t meet company needs
• Failure to follow standard procedures
• Poorly trained or supervised personnel
• Los erroneous, destroyed or misplaced data
• Systems that do not meet company needs or cannot handle their intended task |
|
|
Term
|
Definition
• Sabotage-deliberate destruction or harm to a system
• Misrepresentation
• false use or unauthorized disclosures of data
• misappropriation of assets
• financial statement fraud
• corruption and computer fraud |
|
|
Term
|
Definition
| Gaining an unfair advantage over another person |
|
|
Term
1) A false statement, representation, or disclosure
2) A material fact, which is something that induces a person to act (suppressions of the truth??)
3) An intent to deceive (tricks/cunning)
4)A justifiable reliance; that is, the person relies on the misrepresentation to take an action (often involve a violation of trust?? or confidence)
5) An injury or loss suffered by the victim |
|
Definition
| legally, for an act to be fraudulent there must be: (5 things) |
|
|
Term
• Income tax fraud—almost $400 billion/year
• Healthcare industry fraud—exceeds $100 billion/year
• Costs the U.S. a total of $994 billion/year
• Employees are more likely
• Fraud peers are referred to as white-collar criminals
• Estimated $400 billion in losses because of fraud
• Most common are corruption and fraudulent billing schemes
• Most are first time offenders |
|
Definition
|
|
Term
| Misappropriation of Assets |
|
Definition
The Theft of company assets (embezzlement). The absence of internal controls is the leading cause for misappropriation of assets
-17 times more likely, but amounts are smaller |
|
|
Term
| fraudulent financial reporting |
|
Definition
Intentional or reckless conduct that results in materially misleading financial statements
• falsified to deceive investors and creditors, increase companies stock price, meet CF needs, hide company losses and problems
• more concerned with this type |
|
|
Term
• Clarify the auditor’s responsibility to detect fraud
• Understand fraud
• Discuss risk of fraudulent misstatements
• Obtain information
• Identify, asses, and respond to risks
• Evaluate the results
• Document and communicate findings
• Incorporate a technology focus |
|
Definition
| what does SAS 99 require of auditors? (8 things) |
|
|
Term
1) Commit the fraud- theft of assets is the most common type (missapp)
2) Conceal the fraud- takes more effort and time and leaves behind more evidence than theft
3)Covert the theft or misrepresentation to personal gain |
|
Definition
| what are the 3 things that opportunity allows a person to do (3 parts of opportunity triangle) |
|
|
Term
|
Definition
| conditions or situation that allows a person or organization to do 3 things and steams from the lack of internal controls but most results from the failure to enforce the internal controls |
|
|
Term
| a. Commit the fraud (how/what) |
|
Definition
theft of assets is the most common type (missap. of assets)
o Overstatements of assets or revenues, understatements of liabilities or failure to disclose info |
|
|
Term
| conceal the fraud (what/how) |
|
Definition
1. Charge the stolen item to an expense account
2. Lapping- steals cash or checks customers send in the mail to pay its accounts receivable, funds from a different customer are used to pay off customer A’s balance; Cover-up must continue indefinitely
3. check Kiting- cash is created using the lag between the time a check is deposited and the time it clears the bank |
|
|
Term
|
Definition
| steals cash or checks customers send in the mail to pay its accounts receivable, funds from a different customer are used to pay off customer A’s balance |
|
|
Term
|
Definition
| cash is created using the lag between the time a check is deposited and the time it clears the bank |
|
|
Term
1) a pressure (motive)
2) an opportunity
3) rationalization |
|
Definition
| 3 things necessary for fraud to occur |
|
|
Term
|
Definition
| persons incentive or motivation for committing fraud |
|
|
Term
1) financial
2) emotional
3) lifestyle |
|
Definition
| 3 types of employee pressures |
|
|
Term
|
Definition
| what type of pressures often motivate missap. frauds by employees? |
|
|
Term
| examples of EMPLOYEE financial pressures |
|
Definition
| living beyond ones means, high personal debt, inadequate salary, poor credit ratings, heavy financial losses, bad investments, tax avoidance, unreasonable quotas |
|
|
Term
| examples of EMPLOYEE emotional pressures |
|
Definition
| greed, performance not recognized, job dissatisfaction, fear of losing job, need for power or control, excessive pride or ambition, overt, deliberate nonconformity, inability to abide by or respect rules, challenge of beating the system, envy of others |
|
|
Term
| examples of EMPLOYEE lifestyle pressures |
|
Definition
| gambling habit, drug or alcohol addiction, sexual relationships, family/peer pressure |
|
|
Term
1) Financial,
2) Mgmt characteristics,
3) industry conditions |
|
Definition
| 3 types of financial statement pressures |
|
|
Term
| examples of F/S management characteristic pressures |
|
Definition
| questionable mgmt. ethics, mgmt style, and track record; aggressive earnings forecast/performance standards; incentive compensation, eps accounting treatment; bad relationship w/past auditors; high mgmt/employee turnover |
|
|
Term
| examples of F/S industry condition pressures |
|
Definition
-declining industry
-industry/tech changes lead to obsolescence
-new regulations that impair earnings
-increased market competition/saturation
-major tax changes |
|
|
Term
| examples of F/S financial pressures |
|
Definition
-meet earnings expectations
-cash flow problems
-heavy losses/high debt
-dependence on new/unproven products
-inventory obsolescence/inv build up
-inflation/recession
-litigation
-impending bankruptcy
-problems w/regulatory bodies
-rise in interest rates
-bad financial position
-unusually fast growth compared to industry
-significant estimates |
|
|
Term
1) attitude
2) justification
3) lack of personal integrity |
|
Definition
| 3 parts of rationalization triangle |
|
|
Term
|
Definition
| allows perps to justify their illegal behavior |
|
|
Term
|
Definition
| "I only took what they owed me" |
|
|
Term
|
Definition
| "the rules do not apply to me" |
|
|
Term
| ex of a lack of personal integrity |
|
Definition
| "getting what I want is more important than being honest" |
|
|
Term
| examples of attitude, justification, & lack of personal integrity |
|
Definition
o I am only borrowing the money and will repay it
o you would understand if you knew how badly I needed it
o what I did was not that serious
o It was for a good cause- Robin Hood syndrome
o In my very important position of trust I am above the rules
o Everyone else is doing it
o No one will ever know
o The company owes it to me |
|
|
Term
|
Definition
| fraud that requires computer technology knowledge to perpetrate, investigate or prosecute it |
|
|
Term
| examples of computer fraud |
|
Definition
o Theft of money by altering computer records or theft of computer time
o Theft or destruction of computer hardware
o Use of the conspiracy to use computer resources to commit a felony
o Intent to illegally obtain info or tangible property |
|
|
Term
|
Definition
| what % of companies have been victimized by comp fraud? |
|
|
Term
|
Definition
| theft of info and intellectual property |
|
|
Term
| why has comp fraud increased? (7 reasons) |
|
Definition
o Not everyone agrees on what it is
o Many instances of computer fraud go undetected
o High % of frauds is not reported
o Many networks are not secure
o Internet sites offer instructions on how to
o Law enforcement cannot keep up with the growth of it
o Calculating losses is difficult |
|
|
Term
o Input fraud
o Processor fraud
o Computer instruction fraud
o Data fraud
o Output data |
|
Definition
| how to commit computer fraud (5 ways) |
|
|
Term
| simplest and most common way to commit comp fraud is to falsify comp input; takes little skill--need to know how sys operates to cover tracks |
|
Definition
|
|
Term
|
Definition
| unauthorized system use including theft of comp time and services |
|
|
Term
| computer instructions fraud |
|
Definition
| tampering w/company software, copying software illegally, using software in unauthorized manner, developing software to carryout unauthorized activity--requires special programming skills |
|
|
Term
|
Definition
| illegally using, copying, browsing, searching, or harming company data |
|
|
Term
|
Definition
| unless properly safeguarded, displayed or printed output can be stolen, copied, or misused |
|
|
Term
1) make fraud less likely to occur
2) increase the difficulty of committing fraud
3) improve detection methods
4) reduce fraud losses |
|
Definition
| 4 ways to prevent and detect fraud |
|
|
Term
| o Make fraud less likely to occur (examples) |
|
Definition
• Stress integrity and commitment to ethical values and competence
• Adopt an organizational structure, management philosophy, operating style, and appetite for risk that minimizes the likelihood of fraud.
• Require oversight from an active, involved, and independent audit committee.
• Assign authority and responsibility for business objectives to specific departments and individuals, encourage initiative in solving problems, and hold them accountable for achieving those objectives. |
|
|
Term
| o Increase the difficulty of committing fraud (examples) |
|
Definition
• Develop a strong system of internal controls
• Segregate the accounting functions of:
Authorization
Recording
Custody
• Implement a program segregation of duties between systems functions
• Restrict physical and remote access to system resources to authorized personnel
• Require transactions and activities to be authorized by appropriate supervisory personnel. Have the system authenticate the person and their right to perform the transaction before allowing the transaction to take place.
• Use properly designed documents and records to capture and process transactions.
• Safeguard all assets, records, and data.
• Require independent checks on performance, such as reconciliation of two independent sets of records, where possible and appropriate. |
|
|
Term
| o Improve detection methods (examples) |
|
Definition
• Create an audit trail so individual transactions can be traced through the system to the financial statements and vice versa.
• Conduct periodic external and internal audits, as well as special network security audits.
• Install fraud detection software.
• Implement a fraud hotline.
• Employ a computer security officer, as well as computer consultants and forensic specialists as needed.
• Monitor system activities, including computer and network security efforts, usage and error logs, and all malicious actions.
• Use intrusion detection systems to help automate the monitoring process. |
|
|
Term
| o Reduce fraud losses (examples) |
|
Definition
• Maintain adequate insurance.
• Develop comprehensive fraud contingency, disaster recovery, and business continuity plans.
• Store backup copies of program and data files in a secure, off-site location.
• Use software to monitor system activity and recover from fraud. |
|
|
