Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
what are the four types of threats a company faces
|
natural and political disasters; software errors and equipment malfunctions; unintentional acts; intentional acts
|
|
for an act to be considered fraudulent there must be
|
a false statement, a material fact, an intent to deceive, a justifiable reliance, and an injury or loss
|
|
what is the theft of assets committed by a person or group of people for personal financial gain
|
misappropriation of assets
|
|
the intentional or reckless conduct that results in materially misleading financial statements
|
fraudulent financial reporting
|
|
what four actions are recommended to reduce the possibility of fraudulent financial reporting
|
establish an environment that contributes to the integrity of the reporting process, identify and understand the factors that lead to fraudulent reporting, assess the risk of fraudulent reporting within the company, design and implement internal controls
|
|
SAS no 99 requires auditors to
|
understand fraud, discuss the risks of material fraudulent misstatements, obtain information, identify and respond to risks, evaluate the results of audit tests, document findings, incorporate a technology focus
|
|
three conditions are necessary for fraud to occur
|
pressure, opportunity, and rationalization
|
|
a person's incentive or motivation for committing the fraud
|
pressure, opportunity, and rationalization
|
|
what types of pressure are there
|
financial, emotional, lifestyle
|
|
opportunity allows a person to do three things
|
commit the fraud, conceal the fraud, and the opportunity to convert the theft or misrepresentation to personal gain
|
|
when the perpetrator covers up a theft by creating cash through the transfer of money between banks
|
kiting
|
|
when the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable, and then allocates payment from customer B to pay A's AR, and so on
|
lapping
|
|
what are some of the internal control factors that would provide opportunity to commit and conceal fraud
|
failure to enforce internal controls, management not involved in controls, management override of controls, management inattention to details, unchallenged management, no effective internal auditing staff, infrequent third party reviews, inadequate documents, no audit trails, failure to conduct background checks
|
|
what are some of the "non internal" control factors that would provide opportunity to commit and conceal fraud
|
complex transactions, numerous adjusting entries, related party transactions, understaffed accounting department, rapid turnover of key employees, lengthy tenure in a key job, mo code of conduct, operating on a crisis basis, pushing accounting principles to the limit, failure to prosecute dishonest employees
|
|
any illegal act for which knowledge of computer technology is essential for its perpetration
|
computer fraud
|
|
computer fraud includes
|
unauthorized theft of software or data, theft of money by altering computer records, theft of computer hardware, use of computer resources to commit a felony, intent to illegally obtain information or tangible property through the use of computers
|
|
estimates are that between __ and ___ % of all computer crimes are detected
|
5 and 20
|
|
an estimated ___ of uncovered computer frauds are not reported
|
80-90%
|
|
the theft of information and intellectual property
|
economic espionage
|
|
using the data processing model, how would you classify computer fraud
|
input, output, processor, computer instructions, and stored data
|
|
the changing of data before during or after it is entered into the system
|
data diddling
|
|
using software to collect web surfing and spending data
|
adware
|
|
copying company data without permission
|
data leakage
|
|
sending e-mail bombs from randomly generated false addresses
|
denial of service attack
|
|
using special software to guess company addresses and send them blank e-mail addresses, and then add the addresses of unreturned e-mail to spam lists
|
dictionary attack
|
|
using a computer system without permission
|
hacking
|
|
gaining control of someone else's computer to carry out illicit activities
|
hijacking
|
|
using spyware to record keystrokes
|
key logger
|
|
sabotaging a system using a program that lies idle until some specified time or circumstance
|
logic time bomb
|
|
using a computer to find user names and passwords as they travel through networks
|
packet sniffing
|
|
sending e-mails to people requesting them to fill in personal details on fake websites
|
phishing
|
|
attacking phone systems and using phone lines to transmit viruses and destroy data
|
phreaking
|
|
tapping into telecommunications line and latching onto a legitimate user before they log in
|
piggybacking
|
|
stealing tiny slices of money over a period of time,
|
salami technique
|
|
searching corporate resources from trashcans or printouts or computer memory
|
dumpster diving
|
|
watching people enter credit card numbers, or listen as they give them to a clerk
|
shoulder surfing
|
|
tricking an employee into providing the information needed to get into a system
|
social engineering
|
|
making an email message appear to be from someone else
|
spoofing
|
|
how can you reduce fraud losses
|
maintain adequate insurance, develop comprehensive fraud contingency, disaster recovery and continuity plans, store backup copes of program and data files in a secure off site location, use software to monitor system activity
|