Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fraud and Forensic Auditing Pertemuan 23-24

Published byDerick Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "Fraud and Forensic Auditing Pertemuan 23-24"— Presentation transcript:

1

2 Fraud and Forensic Auditing Pertemuan 23-24
Matakuliah : F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun : 2008 Fraud and Forensic Auditing Pertemuan 23-24

3 Understanding Fraud 3 Bina Nusantara

4 Most frauds involve three steps.
The Fraud Process Most frauds involve three steps. The theft of something The conversion to cash The concealment Bina Nusantara

5 The Fraud Process What is a common way to hide a theft?
to charge the stolen item to an expense account What is a payroll example? to add a fictitious name to the company’s payroll Bina Nusantara

6 The Fraud Process What is lapping?
In a lapping scheme, the perpetrator steals cash received from customer A to pay its accounts receivable. Funds received at a later date from customer B are used to pay off customer A’s balance, etc. Bina Nusantara

7 The Fraud Process What is kiting?
In a kiting scheme, the perpetrator covers up a theft by creating cash through the transfer of money between banks. The perpetrator deposits a check from bank A to bank B and then withdraws the money. Bina Nusantara

8 The Fraud Process Since there are insufficient funds in bank A to cover the check, the perpetrator deposits a check from bank C to bank A before his check to bank B clears. Since bank C also has insufficient funds, money must be deposited to bank C before the check to bank A clears. The scheme continues to keep checks from bouncing. Bina Nusantara

9 Learning Objective 2 Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds. Bina Nusantara

10 Significant differences
Why Fraud Occurs Researchers have compared the psychological and demographic characteristics of three groups of people: White-collar criminals Few differences Significant differences General public Violent criminals Bina Nusantara

11 Significant differences
Why Fraud Occurs Researchers have compared the psychological and demographic characteristics of three groups of people: White-collar criminals Few differences Significant differences General public Violent criminals Bina Nusantara

12 Why Fraud Occurs What are some common characteristics of fraud perpetrators? Most spend their illegal income rather than invest or save it. Once they begin the fraud, it is very hard for them to stop. They usually begin to rely on the extra income. Bina Nusantara

13 Why Fraud Occurs Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Some computer fraud perpetrators are more motivated by curiosity and the challenge of “beating the system.” Others commit fraud to gain stature among others in the computer community. Bina Nusantara

14 Why Fraud Occurs Three conditions are necessary for fraud to occur:
A pressure or motive An opportunity A rationalization Bina Nusantara

15 Protection of the information technology architecture and assets:
15 Bina Nusantara

16 Computer Fraud The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. What are examples of computer fraud? unauthorized use, access, modification, copying, and destruction of software or data Bina Nusantara

17 Computer Fraud theft of money by altering computer records or the theft of computer time theft or destruction of computer hardware use or the conspiracy to use computer resources to commit a felony intent to illegally obtain information or tangible property through the use of computers Bina Nusantara

18 The Rise in Computer Fraud
Organizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud. However, no one knows for sure exactly how much companies lose to computer fraud. Why? Bina Nusantara

19 The Rise in Computer Fraud
There is disagreement on what computer fraud is. Many computer frauds go undetected, or unreported. Most networks have a low level of security. Many Internet pages give instructions on how to perpetrate computer crimes. Law enforcement is unable to keep up with fraud. Bina Nusantara

20 Computer Fraud Classifications
Data fraud Input fraud Output fraud Processor fraud Computer instruction fraud Bina Nusantara

21 Computer Fraud and Abuse Techniques
What are some of the more common techniques to commit computer fraud? Cracking Data diddling Data leakage Denial of service attack Eavesdropping forgery and threats Bina Nusantara

22 Computer Fraud and Abuse Techniques
Hacking Internet misinformation and terrorism Logic time bomb Masquerading or impersonation Password cracking Piggybacking Round-down Salami technique Bina Nusantara

23 Computer Fraud and Abuse Techniques
Software piracy Scavenging Social engineering Superzapping Trap door Trojan horse Virus Worm Bina Nusantara

24 Describe how to deter and detect computer fraud.
Learning Objective 4 Describe how to deter and detect computer fraud. Bina Nusantara

25 Preventing and Detecting Computer Fraud
What are some measures that can decrease the potential of fraud? Make fraud less likely to occur. Increase the difficulty of committing fraud. Improve detection methods. Reduce fraud losses. Prosecute and incarcerate fraud perpetrators. Bina Nusantara

26 Preventing and Detecting Computer Fraud
Make fraud less likely to occur. Use proper hiring and firing practices. Manage disgruntled employees. Train employees in security and fraud prevention. Manage and track software licenses. Require signed confidentiality agreements. Bina Nusantara

27 Preventing and Detecting Computer Fraud
Increase the difficulty of committing fraud. Develop a strong system of internal controls. Segregate duties. Require vacations and rotate duties. Restrict access to computer equipment and data files. Encrypt data and programs. Bina Nusantara

28 Preventing and Detecting Computer Fraud
Improve detection methods. Protect telephone lines and the system from viruses. Control sensitive data. Control laptop computers. Monitor hacker information. Bina Nusantara

29 Preventing and Detecting Computer Fraud
Reduce fraud losses. Maintain adequate insurance. Store backup copies of programs and data files in a secure, off-site location. Develop a contingency plan for fraud occurrences. Use software to monitor system activity and recover from fraud. Bina Nusantara

30 Preventing and Detecting Computer Fraud
Prosecute and incarcerate fraud perpetrators. Most fraud cases go unreported and unprosecuted. Why? Many cases of computer fraud are as yet undetected. Companies are reluctant to report computer crimes. Bina Nusantara

31 Preventing and Detecting Computer Fraud
Law enforcement officials and the courts are so busy with violent crimes that they have little time for fraud cases. It is difficult, costly, and time consuming to investigate. Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes. Bina Nusantara

32 Disaster recovery & Rebuild File
32 Bina Nusantara

33 Minimizing System Downtime
Significant financial losses can be incurred if hardware or software malfunctions cause an AIS to fail. What are some methods used to minimize system downtime? preventive maintenance uninterruptible power system fault tolerance Bina Nusantara

34 Disaster Recovery Plan
Every organization should have a disaster recovery plan so that data processing capacity can be restored as smoothly and quickly as possible in the event of a major disaster. What are the objectives of a recovery plan? Minimize the extent of the disruption, damage, and loss. Temporarily establish an alternative means of processing information. Bina Nusantara

35 Disaster Recovery Plan
Resume normal operations as soon as possible. Train and familiarize personnel with emergency operations. A sound disaster plan should contain the following elements: Priorities for the recovery process Backup data and program files Bina Nusantara

36 Disaster Recovery Plan
Specific assignments Complete documentation Backup computer and telecommunications facilities reciprocal agreements hot and cold sites Bina Nusantara

37 Disaster Recovery Plan
There are other aspects of disaster recovery planning that deserve mention: The recovery plan is incomplete until it has been satisfactorily tested by simulating a disaster. The recovery plan must be continuously reviewed and revised to ensure that it reflects current situation. The plan should include insurance coverage. Bina Nusantara

38 Protection of PCs and Client/Server Networks
Why are PCs more vulnerable to security risks than are mainframes? It is difficult to restrict physical access. PC users are usually less aware of the importance of security and control. Many people are familiar with the operation of PCs. Segregation of duties is very difficult. Bina Nusantara

39 Data Processing and File Maintenance Controls
What are some of the more common controls that help preserve the accuracy and completeness of data processing? data currency checks default values data matching exception reporting Bina Nusantara

40 Data Processing and File Maintenance Controls
external data reconciliation control account reconciliation file security file conversion controls Bina Nusantara

41 Learning Objective 6 Identify and explain the integrity controls that help ensure that system processing is complete, accurate, timely, and authorized. Bina Nusantara

Download ppt "Fraud and Forensic Auditing Pertemuan 23-24"

Similar presentations

FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT

FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.

1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy

Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
Computer Fraud and Security Merle P. Martin College of Business CSU Sacramento 7/11/02.

Computer Fraud and Security Merle P. Martin College of Business CSU Sacramento 7/11/02.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 9-1 Accounting Information Systems 9 th Edition Marshall.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Computer-Based Information Systems Controls

Computer-Based Information Systems Controls
Audit Procedures for Misappropriation of Assets Pertemuan XXIV Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007.

Audit Procedures for Misappropriation of Assets Pertemuan XXIV Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Similar presentations

Ads by Google