Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
1. Natural and political disasters
2. Software errors and equipment malfunction 3. Unintentional acts 4. International acts (computer crime) |
4 Threats to a Company's Information Systems
|
|
Any and all means a person uses to gain an unfair advantage over another person.
|
Fraud
|
|
-False statement has to be made.
-Must be a material fact. (must be big enough to change the opinion of a person) -Prove that the person knew it was false. (difficult) -Victim placed justifiable reliance on it. -Suffers a FINANCIAL loss/injury. |
Needed to be Considered Fraudulent
|
|
Evidence must be beyond a reasonable doubt.
|
Criminal Fraud (government)
|
|
Preponderance of the evidence (51% or more evidence than not)
|
Civil Fraud (lawsuit)
|
|
Embezzlement or misuse of company's assets. 62% of reported frauds.
|
Occupational Fraud: Misappropriation of Assets
|
|
Using your position in a way you're not supposed to.
|
Occupational Fraud: Corruption
|
|
Misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users.
|
Occupational Fraud: Fraudulent Statements
|
|
-Recording fictitious revenues
-Recording revenues prematurely -Recording expenses in later periods -Overstating inventories or fixed assets -Concealing losses and liabilities |
Common Approaches to "Cooking the Books"
|
|
1. Establish an organizational environment that contributes to the integrity of the financial reporting process
2. Identify and understand the factors that lead to fraudulent financial reporting 3. Assess the risk of fraudulent financial reporting within the company 4. Design and implement internal controls to provide reasonable assurance that fraudlent financial reporting is prevented. |
4 Actinos to Reduce the Possibility of Fraudulent Financial Reporting from The Treadway Commission
|
|
In 1997, SAS-82, Consideration of Fraud in a Financial Statement Audit, was issued to clarify the auditor's responsibility to detect fraud.
|
SAS 99: The Auditor's Responsibility to Detect Fraud
|
|
-Understand Fraud
-Discuss the risks of material fraudulent misstatements -Obtain information -Identify, assess, and respond to risks -Evaluate the results of their audit tests -Communicate findings -Document their audit work -Incorporate a technology foucs |
SAS-99 Issued in December 2002, requires auditors to:
|
|
Pressure
Rationalization Opportunity |
The "Fraud" Triangle
|
|
Perceived non-shareable need, emotional, lifestyle, financial.
|
Pressure
|
|
The opening or gateway that allows an individual to commit the fraud, conceal the fraud, convert the proceeds. "ARC" needs at least two people involved.
|
Opportunity
|
|
-Lack of internal controls
-Internal controls not enforced -Excessive trust in employees -Incompetent supervisory personnel -Inattention to details -Inadequate staff |
Opportunities that Enable Fraud
|
|
The way to commit fraud while maintaining your self image as a principled individual.
|
Rationalization
|
|
An illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.
|
Computer Fraud
|
|
-Input
-Processor -Stored Data -Output -Computer Instructions |
Computer Fraud Classifications According to Data Processing Model
|
|
Simplest type of fraud to commit, most common with computers, doesn't take computer savvy. Can take a number of forms including disbursement, inventory, payroll, cash receipt, and fictitious refund frauds.
|
Input Fraud
|
|
Most misunderstood type of fraud. Stealing/using system in unauthorized manner. Theft of computer time/systems. Common types: employees surfing the internet, using the company computer to conduct personal business, using the company computer to conduct competing business.
|
Processor Fraud
|
|
Tamper with software of company which may include: modifying software, piracy, using code in unauthorized manner, developing a software program or module to carry out an unauthorized activity.
|
Computer Instructions Fraud
|
|
Involves tampering of storage data, in many cases, by disgruntled employees, theft of data often occurs so that perpetrators can sell it. Modifying/deleting data after its in the system.
|
Data Fraud
|
|
Process data into meaningful information, organized/useful fraud messes with this.
|
Output Fraud
|
|
-Data diddling
-Data leakage -Denial of service attacks -Eavesdropping -Email threats -Email forgery (aka spoofing) -Hacking -Phreaking -Hijacking -Identity Theft |
Computer Fraud and Abuse Techniques
|
|
Using the internet to spread false or misleading information about people or companies.
|
Internet Misinformation
|
|
Occurs when an individual spreads misinformation, often through internet chat rooms, to cause a run-up in the value of a stock and then sells off his shares.
|
Pump/Dump Scams
|
|
Needs human interaction/intervention to spread.
|
Virus
|
|
-Computer will not start or execute
-Performs unexpected read or write operations -Unable to save files -Long time to load programs -Abnormally large file sizes -Slow systems operation -Unusual screen activity -Error messages |
Symptoms of a Virus
|
|
A stand-alone program, will replicate itself automatically. Short lived and damaging.
|
Worm
|
|
-Make fraud less likely to occur
-Increase the difficulty of committing fraud -Improve detection methods -Reduce fraud losses |
Preventing and Detecting Computer Fraud
|
|
-Maintain adequate insurance
-Develop comprehensive fraud contingency, disaster recovery, and business continuity plans. -Store backup copies of program and data files in a secure, off-site location -Use software to monitor system activity and recover from fraud. |
Reduce Fraud Losses
|