CHAPTER 5 Computer Fraud Flashcards
- Which of the following is a fraud in which employees use the company’s computer time
to run their own data processing business?
a. Input fraud
b. Processor fraud
c. Computer instructions fraud
d. Output fraud
b. Processor fraud [Correct. Processor fraud includes unauthorized system use, including
the theft of computer time and services.]
- Which type of fraud is associated with 50% of all auditor lawsuits?
a. kiting
b. fraudulent financial reporting
c. Ponzi schemes
d. lapping
b. fraudulent financial reporting (Correct. Attesting to fraudulent financial statements is
the basis of a large percentage of lawsuits against auditors.)
- Which of the following statements is FALSE?
a. The psychological profiles of white-collar criminals differ from those of violent criminals.
b. The psychological profiles of white-collar criminals are significantly different from
those of the general public.
c. There is little difference between computer fraud perpetrators and other types of whitecollar criminals.
d. Some computer fraud perpetrators do not view themselves as criminals.
b. The psychological profiles of white-collar criminals are significantly different from
those of the general public. (Correct. This is false; the psychological profile of whitecollar
criminals is similar to that of the general public.)
- Which of the following conditions is/are usually necessary for a fraud to occur? (Select all correct answers)
a. pressure
b. opportunity
c. explanation
d. rationalization
a b d
- Which of the following is NOT an example of computer fraud?
a. theft of money by altering computer records
b. obtaining information illegally using a computer
c. failure to perform preventive maintenance on a computer
d. unauthorized modification of a software program
c. failure to perform preventive maintenance on a computer (Correct. This is poor management
of computer resources, but it is not computer fraud.)
- Which of the following causes the majority of computer security problems?
a. human errors
b. software errors
c. natural disasters
d. power outages
a. human errors (Correct. The Computing Technology Industry Association estimates
that human errors cause 80% of security problems. These unintentional acts usually
are caused by human carelessness, failure to follow established procedures, and poorly
trained or supervised personnel.)
- Which of the following is NOT one of the responsibilities of auditors in detecting fraud
according to SAS No. 99?
a. evaluating the results of their audit tests.
b. incorporating a technology focus.
c. discussing the risks of material fraudulent misstatements.
d. catching the perpetrators in the act of committing the fraud.
d. catching the perpetrators in the act of committing the fraud. (Correct. SAS No. 99 does
not require auditors to witness the perpetrators committing fraud.)
- Which of the following control procedures is most likely to deter lapping?
a. encryption
b. continual update of the access control matrix
c. background check on employees
d. periodic rotation of duties
d. periodic rotation of duties (Correct. Lapping requires a constant and ongoing cover-up
to hide the stolen funds. Rotating duties such that the perpetrator does not have access
to the necessary accounting records will most likely result in the fraud’s discovery.)
- Which of the following is the most important, basic, and effective control to deter fraud?
a. enforced vacations
b. logical access control
c. segregation of duties
d. virus protection controls
c. segregation of duties (Correct. Segregating duties among different employees is the
most effective control for the largest number of fraud schemes, because it makes it difficult
for any single employee to both commit and conceal a fraud.)
- Once fraud has occurred, which of the following will reduce fraud losses? (Select all correct answers.)
a. insurance
b. regular backup of data and programs
c. contingency plan
d. segregation of duties
a. insurance (Correct. The right insurance will pay for all or a portion of fraud losses.)
b. regular backup of data and programs (Correct. Regular backup helps the injured party
recover lost or damaged data and programs.)
c. contingency plan (Correct. A contingency plan helps the injured party restart operations
on a timely basis.)