AIS Threats and Fraud in Information Systems

Questions and Answers

Which of the following is NOT a category of AIS threats?

Software errors

Employee incompetence (correct)

Unintentional acts

Natural disasters

Intentional acts

A "cookie" is a type of malicious software designed to steal personal information.

False (B)

Define "fraud" in the context of information systems.

Fraud is any act involving a false statement, material fact, intent to deceive, justifiable reliance, and resultant injury or loss, used to gain an unfair advantage.

A deliberate act intended to destroy a system or its components is called ______.

sabotage

Match the following terms to their corresponding definitions:

Intentional Act = A deliberate action to harm a system Unintentional Act = An accidental or innocent error Software Error = A flaw in the code causing system malfunction Hardware Failure = Malfunction of physical system components Natural Disaster = An event like fire or flood impacting systems

Which of these is NOT a requirement for an act to be considered fraudulent?

A significant financial loss (E)

White-collar criminals are typically involved in non-violent crimes that exploit confidence or trust.

True (A)

What is "corruption" in the context of information systems?

Corruption refers to dishonest conduct by those in power, involving illegitimate, immoral, or unethical actions, often involving breaches of trust within an information system.

Which of the following is NOT a step in the auditor’s process of responding to the risk of fraudulent financial reporting?

Incorporate a technology focus (G)

The majority of fraud perpetrators are professionals with prior criminal records.

False (B)

What are the three main ways auditors gather evidence for fraud risk factors?

Auditors gather evidence by looking for fraud risk factors, testing company records, and asking management, the audit committee of the board of directors, and others whether they know of past or current fraud.

Auditors must ______ whether identified misstatements indicate the presence of fraud and determine its impact on the financial statements and the audit.

evaluate

Match the following types of fraud perpetrators to their motivations:

Disgruntled employees = Revenge against employers Curious individuals = Challenge of beating the system Predatory individuals = Financial gain Malicious software creators = Profit from selling data and malware

Which type of fraud involves altering or falsifying computer input?

Input Fraud (B)

Processor fraud involves unauthorized use of computer systems and theft of services.

True (A)

What is the biggest cause of data breaches?

Employee negligence

Output fraud can occur when displayed or printed outputs are not properly __________.

safeguarded

Which category of computer fraud includes tampering with company software?

Computer Instructions Fraud (D)

Deleting files permanently removes them from the system.

False (B)

What is an example of output fraud?

Forging paychecks

Match the types of fraud with their definitions:

Input Fraud = Altering or falsifying computer input Processor Fraud = Unauthorized system use including theft of computer time Data Fraud = Illegally using or harming company data Output Fraud = Stealing or misusing displayed or printed outputs

What are the three conditions present when fraud occurs according to the Fraud Triangle?

Pressure, Opportunity, Rationalization (A)

Cyber-criminals typically conduct isolated attacks rather than organized fraud schemes.

False (B)

Name one method that fraud perpetrators use to conceal theft.

Lapping or Kiting

One common type of misappropriation in fraud is the theft of ______.

assets

What does 'kiting' involve in the context of fraud?

Creating cash using the lag between check deposit and clearance (D)

Match the following types of fraud with their descriptions:

Lapping = Delaying posting of collections to conceal theft Kiting = Creating cash from timing differences of check clearing Fraudulent financial reporting = Overstating assets or revenues Theft of assets = Misappropriation of company resources

What is considered a pressure condition for committing fraud?

Financial needs (D)

The lack of coordination between international law enforcement helps cyber-criminals hide their money.

True (A)

Which of the following is a type of fraud that involves misrepresenting facts to promote an investment?

Investment fraud (C)

Employee fraud is another term for fraudulent financial reporting.

False (B)

What common factor contributes significantly to misappropriations within companies?

Absence of internal controls

Which of the following is NOT a method to increase the difficulty of committing fraud?

Using poorly designed documents (D)

Fraudulent financial reporting may involve _______ the books early.

closing

What is the purpose of the Treadway Commission's recommendations?

To reduce fraudulent financial reporting (B)

Implementing proper segregation of duties can help deter fraud.

True (A)

Match the types of fraud to their descriptions:

Misappropriation of assets = Theft of company assets by employees Fraudulent financial reporting = Intentional misconduct resulting in misleading financial statements Investment fraud = Misrepresenting facts about investments Bribery = Offering something of value to influence an action

What is one benefit of conducting both internal and external audits?

They can help to detect fraudulent activities and ensure compliance.

The system should authenticate the person and their right to perform the __________ before allowing the transaction.

transaction

All fraudulent schemes have the same underlying motives.

False (B)

Name one example of fraudulent financial reporting activity.

Inflating revenues

Match the following actions with their purpose in fraud prevention:

Implement a fraud hotline = Encourage reporting of fraudulent behavior Conduct fraud risk assessments = Evaluate potential fraudulent activity Encrypt data = Protect against unauthorized access Destroy hard drives = Prevent data mining by criminals

Which of the following is an effective way to motivate employees to report fraud?

Whistleblower rewards and protections (D)

Using properly designed documents and records is essential for processing transactions.

True (A)

Name one method to safeguard assets and records.

Implementing computer-based controls or restricting access.

Flashcards

Computer Fraud

Deliberate acts to gain an unfair advantage using computers.

AIS Threats

Factors that can harm accounting information systems including natural disasters and human error.

Software Errors

Mistakes in software that can lead to failures or data loss.

Unintentional Acts

Accidental errors that can damage information systems, often due to carelessness.

Fraud Requirements

Conditions for fraud: false statement, material fact, intent to deceive, reliance, and injury.

White-Collar Criminals

Businesspeople committing fraud, typically through deceit and breach of trust.

Corruption

Dishonest actions by those in power, violating ethical standards.

Cookies

Text files created by websites to store user information on hard drives.

Internal Controls

Processes designed to prevent fraudulent financial reporting and ensure accuracy in financial statements.

SAS No. 99

A statement outlining auditors' responsibility to detect fraud during audits.

Fraud Risk Factors

Indicators that suggest the likelihood of fraudulent activities within an organization.

Assessing Risks

Evaluating fraud risks by examining evidence and determining audit approaches.

Communication of Findings

The process of documenting and sharing audit findings with management and committees.

Perpetrators of Fraud

Individuals who engage in fraud, often motivated by personal grievances or excitement.

Malicious Software

Software intended to harm by creating opportunities for fraud and facilitating cybercrime.

Fraud Evolution

The transition of first-time fraudsters into serial fraudsters if not caught.

Investment Fraud

Misrepresenting or omitting facts to promote high-profit, low-risk investments.

Misappropriation of Assets

Theft of company assets by employees, also known as employee fraud.

Fraudulent Financial Reporting

Intentional or reckless conduct leading to misleading financial statements.

Treadway Commission

A group that addressed and recommended actions against financial fraud.

Cook the Books

Scheming to fraudulently inflate revenues or hide liabilities.

Risk Assessment

Evaluating the likelihood of fraudulent financial reporting in a company.

Self-Perpetuating Fraud

Fraud that continues due to fear of discovery by stopping.

Cyber-criminals

Individuals engaging in illegal activities using the internet, often targeting specific people or businesses.

Fraud Triangle

A model explaining three conditions for fraud: pressure, opportunity, and rationalization.

Pressure

The motivation or incentive driving an individual to commit fraud, including financial or emotional factors.

Opportunity

The condition that allows a person to commit and conceal a dishonest act.

Lapping

A method of concealing theft by delaying postings of cash collections to accounts.

Kiting

Creating cash using the time lag between check deposits and clearances.

Rationalization

The cognitive process individuals use to justify their fraudulent actions.

Conceal

The act of hiding or covering up fraudulent activities to prevent detection.

Input Fraud

Altering or falsifying computer input data, often using forged numbers or accounts.

Processor Fraud

Unauthorized use of computer systems, including theft of computer time and services.

Computer Instructions Fraud

Tampering with software, copying illegally, or unauthorized software activities.

Data Fraud

Illegal use, copying, or harm to company data, often caused by negligence.

Output Fraud

Stealing or misusing printed or displayed computer outputs like paychecks.

Fraud Perpetrators

Individuals who commit fraud using their knowledge of systems.

Web Resources for Fraud

Internet sites provide instructions for committing computer fraud.

Employee Negligence

Lack of care which can lead to unauthorized data access or breaches.

Segregation of Duties

Dividing responsibilities among multiple people to reduce fraud risk.

Fraud Risk Assessment

Evaluation of potential fraud and effectiveness of controls to prevent it.

Audit Trail

A record that allows tracing transactions back to their source.

Fraud Detection Software

Software used to identify potentially fraudulent activities.

Whistleblower Rewards

Incentives offered to employees who report fraudulent activities.

Encryption

Coding information to prevent unauthorized access during storage and transmission.

Physical Security

Measures taken to protect physical assets and data from unauthorized access.

Study Notes

Accounting Information Systems (AIS) Chapter 5 - Computer Fraud

• AIS Threats: Natural disasters (fires, floods, etc.), software/hardware malfunctions, power outages, unintentional acts (human error), and intentional acts (computer crimes).

• Computer Crimes: Intentional acts that aim to harm or destroy a system or its components.

• Cookies: Text files created by websites and stored on a visitor's hard drive. They store information about the user.

• Fraud: Any means a person uses to gain an unfair advantage over another.

• Elements of Fraud: A false statement, concerning a material fact, with intent to deceive, justifiable reliance leading to action, and an injury or loss resulting from the deception.

White-Collar Criminals

• Often businesspeople who commit fraud. Usually involve trickery or cunning, violating trust. Knowledge of the system and resources are common traits.

Corruption

• Dishonest conduct by people in power, often involving actions that are illegitimate or unethical.

Types of Fraud in Business

• Misappropriation of Assets (Employee Fraud): Theft of company assets by employees. Usually stems from a lack of proper internal controls or their enforcement. Perpetrators often gain trust, use trickery, conceal fraud (falsifying records), continue the activities (through greed or need), and spend the funds ill-gotten.

• Fraudsulent Financial Reporting (Management Fraud): Intentional or reckless misrepresentation in financial statements; aim to mislead investors or stakeholders. National Commission on Fraudulent Financial Reporting (Treadway Commission) found that most schemes involve inflating revenues, holding the books open, and delaying current expenses.

Who Perpetrates Fraud and Why?

• Often disgruntled or unhappy employees seeking revenge.

• May lack a criminal record and be valued members of the community, but be motivated by curiosity, the desire to learn, or for gain in a hacking community.

• May view the action as a "game" rather than dishonesty.

• Sometimes are malicious actors, criminals looking for ways to monetize their activities, by selling data, spamming, or creating malware.

The Fraud Triangle

• Pressure: Incentives for committing fraud
• Opportunity: Conditions that allow the fraudulent act to occur
• Rationalization: Justifications to mask unethical behavior
• Many rationalizations involve self-serving justifications.
• Other forms include financial hardship, poor personal relationships, and feelings of lack of recognition.

Computer Fraud Classifications

• Input Fraud: Altering input data—a common and simple form of computer fraud.

• Process Fraud: Unauthorized use of computer systems or tampering with software is part of process fraud.

• Data Fraud: Unlawful, unauthorized copying, storage, or use of company data. Employee negligence is a frequent factor.

• Output Fraud: Obtaining and using falsified reports or documents from computer systems.

Preventing and Detecting Fraud

• Establishing a strong internal control system.
• Segregation of duties between authorization, recording, and custody.
• Monitoring system activities for suspicious activity or errors.
• Implementing fraud risk assessment programs.
• Creating an audit trail. - Detecting and preventing fraud (reporting channels & internal audits).
• Encouraging whistleblowing (and protecting whistleblowers).

Description

Test your knowledge on the various threats to Accounting Information Systems (AIS) and the nature of fraud within information systems. This quiz covers definitions, examples, and auditor processes related to fraud and security risks. Perfect for students studying information systems or finance.