Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accounting Information Systems & Computer Fraud

Published bySukarno Sasmita Modified over 5 years ago

Similar presentations

Presentation on theme: "Accounting Information Systems & Computer Fraud"— Presentation transcript:

1 Accounting Information Systems & Computer Fraud
Dr. Stanley F. Seat

2 Information Security & Systems Integrity
Information Security Is A Critical Factor In Maintaining System Integrity Good Information Security Ensures That Systems And Their Contents Have Financial Management Fulfillment Of Oversight Responsibilities Safeguarding Of Assets Overseeing Business Performance Compliance With Laws And Regulations

3 Information Security & Systems Integrity
Information Security Management Is To Protect A Firm’s Information: Confidentiality Information Is Not Accessible To Unauthorized Individuals Or Processes Integrity Information Is Accurate And Complete Availability Information And Systems Are Accessible On Demand

4 Fraudulent Actions In Accounting Information Systems
Fraud Is Defined As Any Illegal Act Characterized By Deceit Concealment Violation Of Trust Frauds Are Perpetrated By Parties And Organizations To Obtain Money Property Services To Secure Personal Or Business Advantages

5 Fraudulent Actions In Accounting Information Systems
Most Valuable Items Desired By Individuals Committing Computer Fraud Is The Digital Assets Of The Firm Most Firms Gather, Create, Utilize, Store, And Discard Data That Are Valuable To Others Outside Of The Firm Such Data Could Be Employee Information Customer Information Bank Account Numbers Credit Card Numbers Other Personal Information Confidential Company Information Trade Secrets

6 Fraudulent Actions In Accounting Information Systems
Insiders Having Legitimate Access To Firm’s Data Systems And Networks Pose A Significant Risk Of Harm To The Firm May Steal Personal Information Confidential Information Proprietary Information Intellectual Property All Of This For Personal Gain

7 Association Of Certified Fraud Examiners

8 Incentive Or Pressure There Is A Incentive Or Pressure That Provides A Reason To Commit Fraud Greed Change In Lifestyle Obvious Wealth Spending Beyond Their Means Over-Extended With Credit Cards Longstanding Financial Difficulties Child Support And Alimony Legal Problems Addiction Interpersonal Issues Criminal Problems Gambling Infidelity Disgruntled Employee Medical Issues Psychological Propensity To Steal Unreasonable Financial Pressure From Spouse Or Significant Other 

9 Opportunity For Fraud Little Controls, Absence Of Controls, Poor Internal Controls Lack Of Supervision Not Safeguarding Assets Creating Fraud Opportunities Creating Displaced Power With Employees Lack Of Fraud Education Perpetrator’s Influence Within Organization Open Access To Data Unreasonable Trust Of Employees

10 Rationalization For Fraud
Fraudsters May Rationalize Their Behavior Is Okay Justify An Increase In Salary Company Has Enough Money And They Do Not Need Anymore Since Of Entitlement I Deserve The Money The Company Is Just Going To Spend It Recklessly Anyway The Mentality That They Will Never Be Caught

11 Common Computer Fraud The Theft, Misuse, Or Misappropriation Of Assets By Altering Computer Readable Records Or Files Altering Computer Readable Files Or Records Altering The Logic Of The Computer Software Illegal Uses Computer-Readable Information Copying Of Intentional Destruction Of Equipment Misappropriation Of Computer Hardware

12 Stages Of Computer Awareness
Identifying Relevant Information Technology Risks Factors Identifying Potential Information Technology Fraud Schemes And Prioritize Them Based On The Likelihood And Impact Mapping Existing Controls To Potential Fraud Schemes And The Identification Of Gaps Testing Operating Effectiveness Of Fraud Prevention And Detection Controls Assessing The Likelihood And Business Impact Of A Control Failure And A Fraud Incident

13 Computer Fraud Prevention And Detection
Starts With A Fraud Risk Assessment Across The Entire Firm Taking Into Account All Of The Operations Management Is Responsible For Fraud Risk Assessments Audit Committee Sometimes Works With The Internal Auditors To Determine Both Fraud Risk And Control Risk Inappropriate Use Of Information Technology By Users Exposes A Business To Fraud Risks Making Employees Aware Of Their Obligation Concerning Fraud And Misconduct Begins With Communication And Training

14 Computer Fraud And Prevention Detection
Acceptable Use Policies (AUP)s Should Be In Place Should Explain What The Firm Considers To Be An Acceptable Use Employees Should Sign the Acceptable Use Policies (AUP)s Acceptable Use Policies (AUP)s Should Protect Both The Employee And The Firm

15 Fraud Detection Programs
Should Include An Evaluation By Internal Auditors On The Effectiveness Of Business Processes Analysis Of Transactions Effectiveness Of Internal Controls Identifying Indicators Of Fraud Risk And Actual Fraudulent Activities Constant Monitoring Systems With Controls To Create Transactional Testing

16 Vulnerability Assessment And Management
Consider Risks, Weaknesses, Or Exposures To Information Technology Assets Or Processes That May Lead To Business Risk Compliance Risk Security Risk Vulnerability And Risk Management Have The Same Objective Reduce The Probability Of The Occurrence Of Detrimental Events Risk Management Is A Long-Term End Endeavor And Is Geared To Information Technology Asset-Based Approach Asset-Based Approach Is To Categorize And Prioritize Further Investigation Approaches On Each Asset

17 Framework For Vulnerability Assessment & Management
Two Prerequisites For Vulnerability Assessment And Management First, A Firm Should Determine The Main Objectives Of Its Vulnerabilities Management Should Comply With Applicable Laws Regulations Standards Second, A Firm Should Assign Roles And Responsibilities For Vulnerability Management Selection Of A Team Internal Auditors Risk Managers All Levels Of Management Should Be Responsible For Self-Assessment

18 Threats & Vulnerabilities
System Intrusions Software Not Patched And Updated Software That Is Outdated Outdated Intrusion Detection And Prevention Systems Logical Access Control Failure Work Performed Not Aligned With Business Requirements Poor Choice Of Passwords Or Sharing Of Passwords Failure To Audit And Terminate Unused Accounts In A Timely Manner

19 Threats & Vulnerabilities
Interruption Of A System Improper System Configuration Poor Service Level Agreement Monitoring Of Service Providers Social Engineering Employee Training And Not Providing Information About Social Engineering Attempts

20 Threats & Vulnerabilities
Unintentional Disclosure Of Sensitive Information By Employee Inappropriate Data Classification Rule Allowing Certain Users To Retrieve Information Not Pertaining To Their Roles And Responsibilities Intentional Destruction Of Information Approval Not Required Prior To Deleting Sensitive Data Poor Employee Morale

21 Threats & Vulnerabilities
Inappropriate End-Use Computing Ineffective Training As To The Proper Use Of The Computer End-User Computing Policy Not Reviewed Poor Firewalls Allowing Users To Access Illegitimate Websites

22 Framework For Vulnerability Assessment & Management
Stages For Vulnerability Management Firm Should Determine The Main Objectives Of Its Vulnerability Management Comply With Laws And Regulations Firm Should Assign Roles And Responsibilities Management Should Designate A Team Internal Control And Risk Management Committee Developing And Implementing A Vulnerability Management Program Implementing A Control Self-Assessment Program Management’s Commitment And Support Within All Levels

Download ppt "Accounting Information Systems & Computer Fraud"

Similar presentations

FRAUD AWARENESS 1 Presented by Audit Services. Why is the Prevention and Detection of Fraud/Waste/Abuse Important? It is our responsibility to administer.

FRAUD AWARENESS 1 Presented by Audit Services. Why is the Prevention and Detection of Fraud/Waste/Abuse Important? It is our responsibility to administer.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT

FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy

Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Similar presentations

Ads by Google