Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

39 Cards in this Set

  • Front
  • Back
what are the four types of threats a company faces
natural and political disasters; software errors and equipment malfunctions; unintentional acts; intentional acts
for an act to be considered fraudulent there must be
a false statement, a material fact, an intent to deceive, a justifiable reliance, and an injury or loss
what is the theft of assets committed by a person or group of people for personal financial gain
misappropriation of assets
the intentional or reckless conduct that results in materially misleading financial statements
fraudulent financial reporting
what four actions are recommended to reduce the possibility of fraudulent financial reporting
establish an environment that contributes to the integrity of the reporting process, identify and understand the factors that lead to fraudulent reporting, assess the risk of fraudulent reporting within the company, design and implement internal controls
SAS no 99 requires auditors to
understand fraud, discuss the risks of material fraudulent misstatements, obtain information, identify and respond to risks, evaluate the results of audit tests, document findings, incorporate a technology focus
three conditions are necessary for fraud to occur
pressure, opportunity, and rationalization
a person's incentive or motivation for committing the fraud
pressure, opportunity, and rationalization
what types of pressure are there
financial, emotional, lifestyle
opportunity allows a person to do three things
commit the fraud, conceal the fraud, and the opportunity to convert the theft or misrepresentation to personal gain
when the perpetrator covers up a theft by creating cash through the transfer of money between banks
when the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable, and then allocates payment from customer B to pay A's AR, and so on
what are some of the internal control factors that would provide opportunity to commit and conceal fraud
failure to enforce internal controls, management not involved in controls, management override of controls, management inattention to details, unchallenged management, no effective internal auditing staff, infrequent third party reviews, inadequate documents, no audit trails, failure to conduct background checks
what are some of the "non internal" control factors that would provide opportunity to commit and conceal fraud
complex transactions, numerous adjusting entries, related party transactions, understaffed accounting department, rapid turnover of key employees, lengthy tenure in a key job, mo code of conduct, operating on a crisis basis, pushing accounting principles to the limit, failure to prosecute dishonest employees
any illegal act for which knowledge of computer technology is essential for its perpetration
computer fraud
computer fraud includes
unauthorized theft of software or data, theft of money by altering computer records, theft of computer hardware, use of computer resources to commit a felony, intent to illegally obtain information or tangible property through the use of computers
estimates are that between __ and ___ % of all computer crimes are detected
5 and 20
an estimated ___ of uncovered computer frauds are not reported
the theft of information and intellectual property
economic espionage
using the data processing model, how would you classify computer fraud
input, output, processor, computer instructions, and stored data
the changing of data before during or after it is entered into the system
data diddling
using software to collect web surfing and spending data
copying company data without permission
data leakage
sending e-mail bombs from randomly generated false addresses
denial of service attack
using special software to guess company addresses and send them blank e-mail addresses, and then add the addresses of unreturned e-mail to spam lists
dictionary attack
using a computer system without permission
gaining control of someone else's computer to carry out illicit activities
using spyware to record keystrokes
key logger
sabotaging a system using a program that lies idle until some specified time or circumstance
logic time bomb
using a computer to find user names and passwords as they travel through networks
packet sniffing
sending e-mails to people requesting them to fill in personal details on fake websites
attacking phone systems and using phone lines to transmit viruses and destroy data
tapping into telecommunications line and latching onto a legitimate user before they log in
stealing tiny slices of money over a period of time,
salami technique
searching corporate resources from trashcans or printouts or computer memory
dumpster diving
watching people enter credit card numbers, or listen as they give them to a clerk
shoulder surfing
tricking an employee into providing the information needed to get into a system
social engineering
making an email message appear to be from someone else
how can you reduce fraud losses
maintain adequate insurance, develop comprehensive fraud contingency, disaster recovery and continuity plans, store backup copes of program and data files in a secure off site location, use software to monitor system activity