Search results

A survey of external auditors aimed to discover the response of their organisations to the threat of computer fraud, and their opinions about risks and counter‐measures. Four main topic areas were covered: responsibility within the firm for the prevention and detection of computer fraud; what the internal audit does to prevent computer fraud; what the internal audit department does to detect computer fraud; and the opinions of internal auditors on computer fraud.

Organizations today are more susceptible to computer crime and employee fraud than ever before. This paper presents some statistics about the growth on fraud, factors which cause fraud in the workplace, how businesses can protect their assets, and common computer‐based frauds, techniques, and controls. Managers of all types of organizations need to be knowledgeable about their internal control system, and make sure it has sufficient checks and balances to ward against employees committing fraudulent acts. No organization is immune today from both external and internal threats to the safety and security of their data and information. Therefore, it is imperative that managers understand the problems that fraud can cause and how they can protect the organization.

The crux of the paper's argument is that, if organisations are to counter computer fraud, they must adopt suitable personnel procedures. The authors start by examining previous research into computer fraud focusing on the work of Albrecht et al and Bologna. They then set out personnel practices and procedures which, it is maintained, provide a powerful deterrent to computer crime. The paper ends with an analysis of the Audit Commission's publication, ‘Survey of Computer Fraud and Abuse’ and an examination of cases where improved personnel procedures may have deterred computer abuse.

This paper introduces fraud as asset misappropriations (85 per cent of cases), corruption and fraudulent statements. Symptoms include accounting anomalies, lack of internal control environment, lifestyle and behaviour. The most effective tools for fraud detection are internal audit review, specific investigation by management, and whistle‐blowing. The paper details the fraud investigation process and the role of auditors as fraud examiners. The correlation of fraud perpetrators' personality with the size of losses is examined. Personality is analysed into age, gender, position, educational background and collusion. A strong system of internal control is most effective in fraud prevention. Fraud prevention procedures, targeted goals and improvements to system weaknesses feature in the paper. Fraud impacts on accounting transactions in accounts receivable, receipts and disbursements, accounts payable, inventories and fixed assets, and financial reporting. The monetary impact resulting from fraud is analysed by the type of victim and the amount of loss. Internal control and good employment practices prevent fraud and mitigate loss.

This paper examines the role of professional associations, governmental agencies, and international accounting and auditing bodies in promulgating standards to deter and detect fraud, domestically and abroad. Specifically, it focuses on the role played by the US Securities and Exchange Commission (SEC), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Institute of Management Accountants (IMA), the Association of Certified Fraud Examiners (ACFE), the US Government Accounting Office (GAO), and other national and foreign professional associations, in promulgating auditing standards and procedures to prevent fraud in financial statements and other white‐collar crimes. It also examines several fraud cases and the impact of management and employee fraud on the various business sectors such as insurance, banking, health care, and manufacturing, as well as the role of management, the boards of directors, the audit committees, auditors, and fraud examiners and their liability in the fraud prevention and investigation.

Reviews the findings of the Audit Commission′s fifth triennial report on computer fraud and abuse, published in October 1994. This shows that, while computer fraud and abuse is a growth industry, many organizations do not seem to take computer security seriously. Also considers a survey conducted by an undergraduate of Leeds Metropolitan University. This reached broadly similar conclusions. Many organizations do not have basic computer security procedures in place. Simple matters such as proper management of passwords and virus checking are often neglected. Management should ensure basic procedures are in place. These low‐cost procedures can do much to reduce the incidence of computer fraud and thereby avoid the associated cost and inconvenience.

This paper argues that many of the losses owing to computer‐related fraud could be avoided if organizations adopt a more pragmatic approach in dealing with such incidents. The paper suggests that in implementing controls, both within organizations and computer systems, a balanced approach be adopted. Such an approach should place equal emphasis on technical, formal and informal interventions. The argument is conducted by reviewing the nature of security breaches that have taken place in different parts of the world.

Computer hacking is discussed sequentially with respect to: social and business ethics, fraud legislation, computer misuse legislation and computer controls. Enacting computer‐specific statutes is the approach that is increasingly popular – UK, US and Canadian responses are described. But law can only serve as one plank in prevention and deterrence of hacking, while enforcement will present problems. Computer auditors and security specialists must play a more significant role. Security precautions are summarised.

The initial role of computers and information technology (IT) systems consisted of improving business daily's operation. However, this quest of efficiency serves more obscure goals as fraudsters exploit the electronic dimension for personal profits with a maximum devastating impact on businesses and their client. The purpose of this paper is to suggest an analysis of the role of the electronic dimension in financial market crimes. It proposes reconsidering its importance based on its role rather than on its complexity and, consequently, better understanding the basic elements of a fraud.

The paper takes the form of a case analysis and field work.

The complexity of an IT system facilitates the commitment of a fraud and, at the same time, complicates its investigation. However, an IT system does not initiate a fraud. It is an accessory, a tool at the service of a criminal mind which is where the scheme originates.

Information regarding the two case studies comes only from public sources (mainly written media and books) and is not confirmed by any confidential data available to the author.

Many computer crime experts (re: Cybercriminality Conference in Canada, April 2008, and in Luxembourg, June 2008) agree upon accessorial aspect of IT systems. For investigation purposes, it switches the focus from the computer element back to the main event: the environment in which the fraud occurs.

This three‐part briefing deals with the prevention, detection and correction of computer related crime by the application of straight‐forward control techniques. No attempt is made to identify the scale of computer abuse as the main thrust is that the implementation of controls to prevent mistakes will also help to mitigate abuse. The briefing raises a number of issues that are relevant to dealing with computer abuse as a control issue. First, it identifies the position of the computer in an abuse event as being either the object, subject, instrument or symbol of the crime. Secondly, it suggests that fraud is only achievable where the three attributes of ability, opportunity and conversion of assets come together, but that non‐fraud attacks only require ability and opportunity. Thirdly, it hypothesises that the number of crimes will be inversely proportional to the skill required to do them and proves the hypothesis by reference to the published cases. Finally, it makes the point that for real‐time systems, prevention of abuse by the authorised user may not be possible due to the very nature of the system. Under such circumstances the organisation has to rely on detection mechanisms with all the problems of living with a window of exposure.