Escolar Documentos
Profissional Documentos
Cultura Documentos
INTRODUCTION TO FRAUD
Fraud is any and all means a person uses to gain an unfair advantage over another
person. Legally, for an act to be considered fraudulent there must be:
3. An intent to deceive
Misappropriation of Assets
Page 1 of 23
An Accounting Information Systems manager at a Florida newspaper
went to work for a competitor after he was fired.
It’s at this point where they get braver, or should we see more
relaxed, where the perpetrator gets greedy and starts stealing
larger amounts of money; this is where they normally get caught.
Page 2 of 23
this makes it very easy for them to become a fraud
perpetrator and start stealing cash or property
Some hackers and computer fraud perpetrators are more motivated by curiosity, a
quest for knowledge, the desire to learn how things work, and the challenge of
“beating the system.”
Research shows that three conditions are necessary for fraud to occur: a pressure,
an opportunity, and a rationalization. This is referred to as the fraud triangle
and is shown as the middle triangle in Figure 5-1 on Page 148.
Pressures
Page 3 of 23
summarized in Table 5-2 on Page 149. Table 5-3 on Page 150 provides the pressures
that can lead to financial statement fraud.
Opportunities
As shown in the opportunity triangle in Figure 5-1 on Page 148, opportunity is the
condition or situation that allows a person or organization to do three things:
A common and effective way to hide a theft is to charge the stolen item to an
expense account. For example, charge supplies to an expense account when they
are initially purchased; before they are used. This allows the perpetrator
the opportunity to use some of the supplies for personal benefit at the
expense of the company. These unused supplies should have been recorded as an
asset called Supplies until they are used.
Since most banks would require you to deposit so money to start a checking account,
an initial deposit of $100 in each bank was included above. In addition, the below
charts provide a somewhat picture explanation of the above kiting scheme. The chart
below uses dates, balances and NSF due dates.
Page 4 of 23
BANK A BANK B
PERPETRATOR BANK C
Note #1: At this point the perpetrator may want to deposit the
$1,000 he has had for 5 days (1/2 through 1/6), on the morning of
1/7 and start over again with Bank A.
Table 5-4 on Page 152 list some of the more frequently mentioned
opportunities that permit employee and financial statement fraud.
Rationalizations
Page 5 of 23
I am only “borrowing” the money (or asset) and will
repay my “loan.”
Computer Fraud
The U.S. Department of Justice defines computer fraud as any
illegal act for which knowledge of computer technology is
essential for its perpetration, investigation or prosecution.
More specifically, computer fraud includes the following:
Page 6 of 23
The Association of the Certified Fraud Examiners provides the
general definition of computer fraud:
Page 7 of 23
The FBI estimated that only one percent of all computer
crime was detected; while others estimated it to be between
5 and 20%.
Input
Processor
Computer Instructions
Page 8 of 23
Data
Page 9 of 23
Deleting files does not erase them. Even reformatting a hard
drive often does not erase files or wipe the drive clean.
Output
Computer Attacks
Page 10 of 23
Hackers who search for dial-up modem lines by programming
computers to dial thousands of phone lines is referred to
as war dialing.
Page 11 of 23
The attacker terminates the attack after an hour or two
to limit the victim’s ability to trace the source of the
attacks.
Page 12 of 23
Piggybacking has several meanings:
Page 13 of 23
Internet misinformation is using the Internet to spread false or
misleading information about people or companies. This can be
done in a number of ways, including inflammatory messages in
online chats, setting up Web sites and spreading urban legends.
Many companies advertise online and pay based on how many users
click on ads that take them to the company’s Web site.
Advertisers pay from a few cents to over $10 for each click.
Click fraud is intentionally clicking on these ads numerous times
to inflate advertising bills.
Social Engineering
Page 14 of 23
In voice phishing, or vishing e-mail recipients are asked to call
a specified phone number, where a recording tells them to enter
confidential data.
Page 15 of 23
Shoulder surfing – watching people as they enter telephone
calling card or credit card numbers or listening to conversations
as people give their credit card number over the telephone or to
sales clerks.
Malware
A worm or virus
Page 16 of 23
habits and forwards it to the company gathering the data, often
an advertising or large media organization.
Time bombs and logic bombs are Trojan horses that lie idle until
triggered by a specified time or circumstance. Once triggered,
the bomb goes off, destroying programs, data or both.
Stenography programs hide data from one file inside a host file,
such as a large image or sound file. There are more than 200
different stenographic software programs available on the
Internet.
Page 17 of 23
occurs. In the attack phase, also triggered by some predefined
event, the virus carries out its mission.
Page 18 of 23
2. A virus requires a human to do something (run a program,
open a file, etc.) to replicate itself, whereas a worm does
not and actively seeks to send copies of itself to other
devices on a network.
Table 5-6 on Page 174 provides a Summary of ways to Prevent and Detect
Computer Fraud.
Cash
Page 19 of 23
are adhered to. Cash fraud schemes follow general basic patters,
including skimming, voids/underrings, swapping checks for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
journal entries and kiting.
Skimming
Skimming involves removing cash from the entity before the cash is
recorded in the accounting system. This is an off-book scheme; receipt
of the cash is never reported to the entity. A related type of scheme
is to ring up a sale for less than the actual sale amount. (The
difference between the actual sale and the amount on the cash register
tape can then be diverted.) This is of particular concern in retail
operations (for example, fast food restaurants) where much of the daily
sales are in cash, and not by check or credit card.
EXAMPLE
Voids/Under-Rings
EXAMPLE
Page 20 of 23
program at many cities around Indiana. Fellerman was in charge of
the sale of the books from the book store.
EXAMPLE
EXAMPLE
Page 21 of 23
An elected county treasurer allegedly stole $62,400 over a three
year period from property tax receipts. Every other day, after
cash receipt transactions were batched and posted to the
subsidiary accounting records, the treasurer altered the total
cash receipts and the actual deposit. Therefore, the control
account and the deposit were equal but that total did not match
the total postings to the individual tax payers’ accounts. In
each of the three years, the difference between the control
account receivable and the summation of the individuals in the
subsidiary accounts was written off. These were unsupported
accounting adjustments.
EXAMPLE
Kiting
Kiting is the process whereby cash is recorded in more than one bank
account, but in reality, the cash is either nonexistent or is in
Page 22 of 23
transit. Kiting schemes can be perpetrated using one bank and more than
one account or between several banks and several different accounts.
EXAMPLE
Page 23 of 23