Professional Documents
Culture Documents
COMPUTER FRAUD
Learning Objectives:
1. Explain the threats faced by modern information systems.
2. Define fraud and describe the process one follows to perpetuate a
fraud.
3. Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present in
most frauds.
4. Define computer fraud and discuss the different computer fraud
classifications.
5. Explain how to prevent and detect computer fraud and abuse.
Introduction
Our society has become increasingly dependent on accounting information
systems.
As system complexity and our dependence on systems increase, companies
face the growing risk of their systems being compromised.
A recent survey disclosed that
1. 67 percent of companies had a security breach
2. More than 45 percent were targeted by organized crime
3. 60 percent reported financial losses
The four types of threats a company faces are explained in Table 5-1 on
page 122.
AIS Threats
Four Types of Systems Threats:
1. Natural and political disasters
2. Software errors and equipment malfunctions
3. Unintentional acts
4. Intentional acts (computer crimes)
1. Natural and political disasters
Page 1 of 18
Flood in Chicago
Heavy rains
3. Unintentional Acts
The Computing Technology Industry Association estimates that
human errors cause 80 percent of security problems.
Forrester Research estimates that employees unintentionally
create legal, regulatory, or financial risks in 25 percent
of their outbound e-mails.
Programmers make logic errors. Examples include the
following:
Page 2 of 18
INTRODUCTION TO FRAUD
Page 3 of 18
Misappropriation of Assets
Misappropriation of assets is often referred to as employee
fraud
A typical employee fraud has a number of important elements
or characteristics:
1. The fraud perpetrator must gain the trust or
confidence of the person or company being defrauded.
2. Instead of a weapon or physical force to commit a
Page 4 of 18
Page 5 of 18
Page 6 of 18
Pressures
A pressure is a persons incentive or motivation for
committing the fraud. The three common types of pressures
are 1) financial, emotional, and lifestyle, which is
summarized in Table 5-2 on page 127. Table 5-3 on page 128
provides the pressures that can lead to financial statement
fraud.
Opportunities
As shown in the opportunity triangle in Figure 5-1 on page
127, opportunity is the condition or situation that allows a
person or organization to do three things:
1. Commit the fraud
Most fraudulent financial reporting consists of the
overstatement of assets or revenues or the
understatement of liabilities, or the failure to
disclose information.
2. Conceal the fraud
A common and effective way to hide a theft is to
charge the stolen item to an expense account. For
example, charge supplies to an expense account when
they are initially purchased; before they are used.
This allows the perpetrator the opportunity to use
some of the supplies for personal benefit at the
expense of the company. These unused supplies should
have been recorded as an asset called Supplies until
they are used.
Another way to hide a decrease in assets is by
lapping. In a lapping scheme, the perpetrator steals
the cash or check that customer A mails in to pay its
accounts receivable. Funds received at a later date
from customer B are used to pay off customer As
Page 7 of 18
Page 8 of 18
Rationalizations
Rationalization allows perpetrators to justify their illegal
behavior.
A list of some of the rationalizations people use:
1. I am only borrowing the money (or asset) and will
repay my loan.
2. You would understand if you know how badly I needed
it.
3. What I did was not that serious.
4. It was for a good cause (the Robin Hood syndrome,
robbing from the rich to give to the poor).
5. I occupy a very important position of trust. I am
above the rules.
6. Everyone else is doing it, so it is not that wrong.
7. No one will ever know.
8. The company owes it to me, and I am taking no more
than is rightfully mine.
Computer Fraud
The U.S. Department of Justice defines computer fraud as any
illegal act for which knowledge of computer technology is
essential for its perpetration, investigation, or prosecution.
More specifically, computer fraud includes the following:
1. Unauthorized theft, use, access, modification, copying, and
destruction of software or data
Page 9 of 18
Page 10 of 18
Page 11 of 18
Page 12 of 18
Page 13 of 18
The Association of CFEs, the body conducting the study, concluded that
most occupational fraud and abuse can be prevented and detected with
common sense and inexpensive solutions, mainly through use of so-called
soft controls. First, since regular audits are not designed specifically
for fraud and abuse, a CFE should be consulted to assess a firms unique
fraud risks and to design programs that cost-effectively reduce
exposures. Second, employees who view their managers as ethical and
honest are more inclined to emulate their behavior. Third, a written
code of conduct sets forth what the organization expects from its
employees. Fourth, sound human resource policies and practices should be
followed, such as checking employee references and conducting other prescreening procedures. Fifth, a hot line is highly desirable.
In this study, the majority of fraud and cases were discovered through
tips and complaints by fellow employees. Sixth, the firms unopened bank
statement should be reviewed at the highest possible level by a
responsible person uninvolved with the bank reconciliation. Finally, a
positive and open work environment should be created to reduce the
motivation of employees to commit fraud and abuse.
*Report to the Nation on Occupational Fraud and Abuse (Austin, Tex:
Association of Certified Fraud Examiners, 1996). p. 43
COMPUTER CRIME
At Omega Engineering*
A fired employee intentionally launched a logic bomb that permanently
caused irreparable damage to Omegas computer system by deleting all of
the firms software, inflicting $10 million in damages. Could it have
been prevented? Maybe! Could the damages and computer downtime have been
minimized through effective internal controls? Definitely. Thats the
assessment of control experts after the recent indictment of Timothy
Lloyd, the former chief computer network program designer and network
administrator at Omega Engineering in Bridgeport, N.J.
Omega is the classic situation of an inside hack attack, in this case a
logic bomb that detonates at a specified time. They are the most
difficult to defend against, said William Cook, a partner at Brinks,
Hofer, Gilson & Lione, a Chicago-based law firm. That is exactly what
happened, said Al DiFrancesco, Omegas director of human resources.
Three weeks after Lloyd was fired, our employees came to work and could
not boot their computers, he said.
Like many victimized businesses, Omega had thought it had implemented
reliable control mechanisms into its information systems. These control
mechanisms did lead back to Lloyd and resulted in his indictment,
Difrancesco said. Moreover, Omega canceled all of Lloyds access rights
and privileges on the date of his termination.
So what went wrong? For starters, besides being Omegas chief computer
network program designer, Lloyd was also the companys network
administrator. Thus he knew the ins and outs of the system and had all
the supervisory privileges to make network additions, changes, and
deletions. In the wake of the damage caused by the logic bomb, Omega has
installed state-of-the-art internal controls, and the firm will no
longer put all its eggs in one basket. It is making sure that duplicates
Page 14 of 18
of all database information, software code, and files are stored offsite.
*Adapted from Kim Girard, Ex-Employee Nabbed in $10M Hack Attack,
Computerworld, February 28, 1998 p. 6.
EMPLOYEE FRAUD SCHEMES
Cash
Cash is the focal point of most accounting entries. Cash, both on
deposit in banks and petty cash, can be misappropriated through many
different schemes. These schemes can be either on-book or off-book,
depending on where they occur. Generally, cash schemes are smaller than
other internal fraud schemes because companies have a tendency to have
comprehensive internal controls over cash and those internal controls
are adhered to. Cash fraud schemes follow general basic patterns,
including skimming, voids/under-rings, swapping checks for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
journal entries and kiting.
Skimming
Skimming involves removing cash from the entity before the cash is
recorded in the accounting system. This is an off-book scheme; receipt
of the cash is never reported to the entity. A related type of scheme is
to ring up a sale for less than the actual sale amount. (The difference
between the actual sale and the amount on the cash register tape can
then be diverted.) This is of particular concern in retail operations
(for example, fast food restaurants) where much of the daily sales are
in cash, and not by check or credit card.
EXAMPLE
According to an investigation, fare revenues on the Chicago
Transit Authoritys (CTA) rail system allegedly were
misappropriated by agency employees. The statistics indicate that
the thefts are not confined to the one station that originally was
suspected and that the fare-skimming by transit workers might have
been reduced by news of the investigation. In the four days after
reports of skimming surfaced, about $792,000 was turned in by
station agents system wide. In a similar Monday through Friday
period only $723,000 was turned in by station agents.
CTA officials estimated that a planned installation of a $38
million automated fare-collection system would eliminate $6.5
million annually in revenue shrinkage, mostly from employee
theft. At least 10 workers have been investigated, including nine
ticket agents and one supervisor or clerk. Early reports indicated
that agents pocketed money after recording transfer or monthly
passes as cash-paying customers passed through turnstiles.
Voids/Under-Rings
There are three basic voids/under-ring schemes. The first is to record a
sale/cash receipt and then void the same sale, thereby removing the cash
Page 15 of 18
from the register. The second, and more common variation, is to purchase
merchandise at unauthorized discounts. The third scheme, which is a
variation of the unauthorized discount, is to sell merchandise to a
friend or co-conspirator using the employees discount. The coconspirator then returns the merchandise for a full refund, disregarding
the original discount.
EXAMPLE
Roberta Fellerman, a former Ball State University employee, was
indicted on federal charges of stealing about $105,000 from the
schools bookstore operations. Fellerman was charged with stealing
the money over a thirty-three month period.
The thefts allegedly were from proceeds of the sales of books to
students who took Ball State courses through an off-campus
program at many cities around Indiana. Fellerman was in charge of
the sale of the books from the book store.
Fellerman was accused of altering records and taking currency from
a cash drawer. She was also charged with income tax violations for
failing to report the stolen money on her federal tax returns.
Swapping Checks for Cash
One common method where an employee can misappropriate cash is to
exchange his own check for cash in the cash register or cash drawer.
Periodically, a new check is written to replace the old check. This
process can be continued so that on any given day, there is a current
check for the cash removed. This is a form of unauthorized borrowing
from the company. Obviously, if it is the company policy that cash
drawers or registers are reconciled at the conclusion of each day and
turned over to a custodian, then this fraud scheme is less likely to be
committed. However, if personnel are allowed to keep their own cash
drawers and only remit the days receipts, then this method of
unauthorized borrowing will be more common.
EXAMPLE
Lisa Smith, a Garfield High School fiscal clerk at a central
treasurer function allegedly borrowed $2,400 by placing 23
personal checks in deposits which were made from various student
activities at decentralized locations. Ms. Smith placed a personal
check in each deposit as a method of keeping track of the amount
of money which had been borrowed. The transactions were
inappropriately delayed for up to 5 months.
Auditors detected the delayed transactions during an unannounced
cash count. On the day of the count, the fund custodian had only a
few hundred dollars in his bank account (confirmed by telephone
upon receipts of custodians authorization). When all 23 personal
checks were deposited in the districts account, several were
returned as NSF. After payday, all NSF checks subsequently cleared
the bank. The custodians employment with the district was
terminated.
Alteration of Cash Receipts Documentation
Page 16 of 18
Page 17 of 18
funds. These students were kept unaware of this because the checks
were deposited into bank accounts in Manhattan and New Jersey that
allegedly were controlled by the Malfricis. These checks were made
over to Elizabeth Pappa before being deposited into accounts in
that name. Some other checks were made payable directly to Pappa.
The FBI was unable to locate Elizabeth Pappa and believes that
such a person never existed. Reportedly, the Malfricis spent
$785,000 of the funds in question on expensive jewelry and $85,000
of the money on Florida real estate.
Kiting
Kiting is the process whereby cash is recorded in more than one bank
account, but in reality, the cash is either nonexistent or is in
transit. Kiting schemes can be perpetrated using one bank and more than
one account or between several banks and several different accounts.
Although banks generally have a daily repot that indicates potential
kiting schemes, experience has shown that they are somewhat hesitant to
report the scheme until the balance in their customers accounts is
zero.
There is one important element to check kiting schemes: all kiting
schemes require banks to pay on unfunded deposits. This is not to say
that all payments on unfunded deposits are kiting schemes, but rather,
that all kiting schemes require payments be made on unfunded deposits.
In other words, if a bank allows its customers to withdraw funds on
deposits that the bank has not yet collected the cash, then kiting
schemes are possible. In todays environment where customers use wire
transfers, kiting schemes can be perpetrated very quickly and in very
large numbers.
EXAMPLE
Ronald W.P. Sylvia, 59, and his son-in-law, Philip L. Grandone,
33, both of Dartmouth, admitted to participating in a check-kiting
scheme that bilked the Bank of Boston out of $907,000. Grandone,
owner of two pharmacies in the New Bedford area, had cash-flow
problems when Sylvia, operator of two auto sales and leasing
businesses, offered to write a check to cover some of his son-inlaws operating expenses. Grandone repaid that $50,000 loan within
a few days, but borrowed again and again in every-increasing
amounts to bring fresh infusions of cash into his faltering
pharmacy businesses. An exchange of checks between Grandone and
Sylvia eventually occurred literally daily until Sylvias bank
caught on to the float scheme and froze Sylvias account.
Cut off from Sylvias supply of cash, Grandones account with the
Bank of Boston was left overdrawn by $907,000. Grandone was
ordered to make restitution to the Bank of Boston.
Page 18 of 18