Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 5 : FRAUD - Coggle Diagram
CHAPTER 5 : FRAUD
5. THE FRAUD TRIANGLE
lapping
- Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable.
check kiting
- Creating cash using the lag between the time a check is deposited and the time it clears the bank.
opportunity
- The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain.
rationalization
- The excuse that fraud perpetrators use to justify their illegal behavior.
pressure
- A person’s incentive or motivation for committing fraud.
Conceal the fraud
. To prevent detection when assets are stolen or financial statements are overstated, perpetrators must keep the accounting equation in balance by inflating other assets or decreasing liabilities or equity. Concealment often takes more effort and time and leaves behind more evidence than the theft or misrepresentation. Taking cash requires only a few seconds; altering records to hide the theft is more challenging and time-consuming.
Convert the theft or misrepresentation to personal gain
. In a misappropriation, fraud perpetrators who do not steal cash or use the stolen assets personally must convert them to a spendable form. For example, employees who steal inventory or equipment sell the items or otherwise convert them to cash. In cases of falsified financial statements, perpetrators convert their actions to personal gain through indirect benefits; that is, they keep their jobs, their stock rises, they receive pay raises and promotions, or they gain more power and influence.
Commit the fraud
. The theft of assets is the most common type of misappropriation. Most instances of fraudulent financial reporting involve overstatements of assets or revenues, understatements of liabilities, or failures to disclose information.
7. THE RISE IN COMPUTER FRAUD
Not everyone agrees on what constitutes computer fraud. Many people do not believe that copying software constitutes computer fraud. Software publishers think otherwise and prosecute those who make illegal copies. Some people do not think it is a crime to browse someone else’s computer files if they do no harm, whereas companies whose data are browsed feel much differently.
Many networks are not secure. Dan Farmer, who wrote SATAN (a network security testing tool), tested 2,200 high-profile websites at government institutions, banks, and newspapers. Only three sites detected and contacted him.
Law enforcement cannot keep up with the growth of computer fraud. Because of lack of funding and skilled staff, the FBI investigates only 1 in 15 computer crimes.
Many instances of computer fraud go undetected. A few years ago, it was estimated that U.S. Defense Department computers were attacked more than a half million times per year, with the number of incidents increasing 50% to 100% per year. Defense Department staffers and outside consultants made 38,000 “friendly hacks” on their networks to evaluate security. Almost 70% were successful, and the Defense Department detected only 4% of the attacks.
Internet sites offer step-by-step instructions on how to perpetrate computer fraud and abuse. For instance, an Internet search found thousands of sites telling how to conduct a “denial of service” attack, a common form of computer abuse.
Calculating losses is difficult. It is difficult to calculate total losses when information is stolen, websites are defaced, and viruses shut down entire computer systems.
A high percentage of frauds is not reported. Many companies believe the adverse publicity would result in copycat fraud and a loss of customer confidence, which could cost more than the fraud itself.
COMPUTER FRAUD CLASSIFICATIONS
COMPUTER INSTRUCTIONS FRAUD
- includes tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity. This approach used to be uncommon because it required specialized programming knowledge. Today, it is more frequent because of the many web pages that tell users how to create them.
INPUT FRAUD
- The simplest and most common way to commit a computer fraud is to alter or falsify computer input.
PROCESSOR FRAUD
- Processor fraud includes unauthorized system use, including the theft of computer time and services.
OUTPUT FRAUD
- Unless properly safeguarded, displayed or printed output can be stolen, copied, or misused.
DATA FRAUD
- Illegally using, copying, browsing, searching, or harming company data constitutes data fraud. The biggest cause of data breaches is employee negligence.
1. AIS THREAT
Natural and political disasters
—such as fires, floods, earthquakes, hurricanes, tornadoes, blizzards, wars, and attacks by terrorists that can destroy an information system and cause many companies to fail.
sabotage
- An intentional act where the intent is to destroy a system or some of its components.
cookie
- A text file created by a website and stored on a visitor’s hard drive. Cookies store information about who the user is and what the user has done on the site.
Software errors, operating system crashes, hardware failures, power outages and fluctuations, and undetected data transmission errors constitute a second type of threat. A federal study estimated yearly economic losses due to software bugs at almost $60 billion. More than 60% of companies studied had significant software errors.
2. INTRODUCTION TO FRAUD
investment fraud
- Misrepresenting or leaving out facts in order to promote an investment that promises fantastic profits with little or no risk. Examples include Ponzi schemes and securities fraud.
fraud
- Any and all means a person uses to gain an unfair advantage over another person.
Legally, for an act to be fraudulent there must be:
An intent to deceive
A justifiable reliance; that is, the person relies on the misrepresentation to take an action
A material fact, which is something that induces a person to act
A false statement, representation, or disclosure
An injury or loss suffered by the victim
white-collar criminals
- Typically, businesspeople who commit fraud. White-collar criminals usually resort to trickery or cunning, and their crimes usually involve a violation of trust or confidence.
corruption
- Dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical standards. Examples include bribery and bid rigging.
4. FRAUDULENT FINANCIAL REPORTING
fraudulent financial reporting
- Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
The Treadway Commission recommended four actions to reduce fraudulent financial reporting:
Establish an organizational environment that contributes to the integrity of the financial reporting process.
Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting.
Assess the risk of fraudulent financial reporting within the company.
Identify and understand the factors that lead to fraudulent financial reporting.
SAS NO. 99 (AU-C SECTION 240): THE AUDITOR’S RESPONSIBILITY TO DETECT FRAUD Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, became effective in December 2002. SAS No. 99 requires auditors to:
●
Identify, assess, and respond to risks
. The evidence is used to identify, assess, and respond to fraud risks by varying the nature, timing, and extent of audit procedures and by evaluating carefully the risk of management overriding internal controls.
●
Evaluate the results of their audit tests
. Auditors must evaluate whether identified misstatements indicate the presence of fraud and determine its impact on the financial statements and the audit.
●
Obtain information
. The audit team gathers evidence by looking for fraud risk factors; testing company records; and asking management, the audit committee of the board of directors, and others whether they know of past or current fraud. Because many frauds involve revenue recognition, special care is exercised in examining revenue accounts.
●
Document and communicate findings
. Auditors must document and communicate their findings to management and the audit committee.
●
Discuss the risks of material fraudulent misstatements
. While planning the audit, team members discuss among themselves how and where the company’s financial statements are susceptible to fraud.
●
Incorporate a technology focus
. SAS No. 99 recognizes the impact technology has on fraud risks and provides commentary and examples recognizing this impact. It also notes the opportunities auditors have to use technology to design fraud-auditing procedures.
●
Understand fraud
. Because auditors cannot effectively audit something they do not understand, they must understand fraud and how and why it is committed.
3. MISAPPROPRIATION OF ASSETS
misappropriation of assets
- Theft of company assets by employees.
6. COMPUTER FRAUD
computer fraud
- Any type of fraud that requires computer technology to perpetrate.
● Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data
● Theft of assets covered up by altering computer records
● Obtaining information or tangible property illegally using computers