Chapter 5&7 Flashcards
Primary scope of SAS No. 99
Audit standard that defines procedures to identify potential fraud
Why is computer fraud more difficult to detect than other types of fraud?
Computer fraud leaves little to no evidence
5 Components of the COSO Internal Control (IC) framework
1) Control Environment
2) Risk Assessment
3) Control Activities
4) Information and Communication
5) Monitoring
A cost/benefit analysis should be performed to determine the extent of controls needed to address risks in the __________ component of the COSO framework.
Risk Assessment
5 Components of Fraud
1) False statement/representation
2) Action is material
3) There was an intent to deceive
4) There is a justifiable reliance on the fraudulent fact
5) Victim suffers injury or loss
Fraud triangle components
1) Opportunity
2) Rationalization
3) Pressure
Misappropriation of assets
1) Most common type of fraud
2) Theft/misuse of a company’s assets
Corruption
Kickbacks or wrongful use of position to get a benefit
Lapping
Hiding the theft of cash by delaying collections to accounts receivable
Kiting
Creating cash using the lagtime between cashing a check and when it clears the bank
SAS 99 fraud requirements of auditors
1) Understand and obtain evidence of fraud
2) Evaluate other audit tests
3) Document findings
4) Professional skepticism
Types of computer fraud
1) Input fraud
2) Processor fraud
3) Computer instructions fraud
4) Output/data fraud
Input fraud
Alteration of input data in the AIS; must have input/recording abilities
Processor fraud
Using work computers for non-work activities, or using access you shouldn’t have been given.
Incidental access
When a user is accidentally given access they shouldn’t have