Week 6 And 7 - Fraud

Question 1

What is the definition of ‘fraud’?

Answer 1

‘An intentional act by one or more individuals among management, those charged with governance employees or third parties, involving the use of deception to obtain an unjust or illegal advantage’

Question 2

What is the element that differentiates Fraud from theft?

Answer 2

The element of deception used to obtain the illegal advantage

Question 3

What is the definition of computer fraud?

Answer 3

‘Manipulation of a computer or computer data to dishonestly obtain money, property or some other advantage of value or cause a loss’

Question 4

What are the two main categories of fraud?

Answer 4

1. Misappropriation of assets

2. Fraudulent financial reporting

Question 5

What is meant by the ‘misappropriation’ of assets?

Answer 5

By fraudulent means, we partake in the theft of company assets which can include physical assets (cash/Inventory) and digital assets (intellectual property/customer data).

Question 6

What is meant by ‘Fraudulent financial reporting’?

Answer 6

‘Cooking the books’/Creative accounting

Question 7

What are the average characteristics of a fraudster?

Answer 7

Man ages 40-50
University educated
Worked for an organisation for a long time

Question 8

What are the 6 reasons fraud is committed?

Answer 8

1. Envious of wealth
2. Corrupt corporate culture
3. Ethic of capitalism
4. Believe that fraud is victimless
5. Rationalise abnormal situation (just borrowing the money)
6. Moral justification (employer owed it to me)

Question 9

The three elements that make put the fraud triangle are:

Answer 9

1. Opportunity - There needs to be an opportunity or a sense of opportunity otherwise a fraud will not take place.
2. Rationalisation - The person committing the fraud must be able to rationalise.
3. Pressure - There must be an element of pressure on the individual committing the fraud.

Question 10

On the extended fraud triangle, the opportunity triangle contains what elements?

Answer 10

Commit - Can somebody commit the crime? How easy is it to commit the crime?
Conceal - How easy is it for your o avoid being caught?
Convert - How easy is it to convert the fraud into something that provides me value?

Question 11

On the extended fraud triangle, rationalisation has what three elements?

Answer 11

Attitude - What is the attitude of the employee? Corporate culture?
Justification - Can the employee justify their actions?
Lack of personal integrity

Question 12

On the extended fraud triangle, pressure is split into between two subjects, who are they?

Answer 12

pressure can either be placed on the:

Employee
Firm

Question 13

Pressure on employees can come in 3 forms or a combination, what are the three forms?

Answer 13

Financial - I cant afford basic necessities.
Lifestyle - I can afford basic necessities but i cant afford ‘the finer things in life’
Emotional - My partner is pressuring me because she wants a bigger house

Question 14

Pressure on a firm can occur because of three main reasons, what are they?

Answer 14

Financial - If the firm is making a loss, you’re more likely to commit a fraud.
Industrial conditions - Are other firms doing better?
Management characteristics - A culture of managerial corruption

Question 15

As per the fraud triangle, when looking for fraud, what three things should be looked for?

Answer 15

Pressures
Opportunities
Rationalisation

Question 16

What are the auditors responsibilities in regards to fraud?

Answer 16

• Understand fraud
• Discuss the risks of material fraudulent misstatements
• Obtain information about the firm
• Identify, assess and respond to risks
• Evaluate the results of their audit tests - do we think fraud has occurred?
• Document and communicate findings
• Incorporate a technology focus

Question 17

What must be remembered when considering an auditors duty in relation to fraud?

Answer 17

They don’t have a duty to actively search for fraud

Question 18

When trying to make fraud less likely to occur in an organisation ,what sort of things can be done?

Answer 18

• Create a culture of integrity
• Adopt structure that minimises fraud (create governance)
• Assign authority for the completion of business objectives.
• Communicate business policies

Question 19

When trying to make fraud more difficult to commit within an organisation, what sort of things can be done?

Answer 19

• Develop strong internal controls
• Segregate accounting functions
• Use properly designed forms
• Require independent checks

Question 20

When trying to improve detection of fraud within an organisation, what sort of things can be done?

Answer 20

• Assess fraud risk
• External and internal audits
• Open a fraud hotline

Question 21

When trying to reduce the losses from fraud within an organisation, what sort of things can be done?

Answer 21

• Insurance

- Business continuity and disaster recovery plan

Question 22

What are the 3 types of computer attacks?

Answer 22

1. Hacking
2. Social engineering
3. Malware

Question 23

In relation to hacking, what two forms can it take? And what do they mean?

Answer 23

1. Hijacking - gaining control of a computer/system to carry out illicit activities.
2. Botnets (Robot networks)
   Denial of service attack (DoS) - The bot herder sends lots of data into a system, too much for the system to cope with.

Question 24

What is meant by the term ‘Spoofing’?

Answer 24

• Email spoofing
• Caller ID spoofing (hacker changes the ID for saved numbers on your phone).
• SMS spoofing
• Web-page spoofing

Question 25

What are three main types of hacking with computer code?

Answer 25

Cross-site scripting (XSS) - Injects malicious code into a web application.
Buffer overflow attack - Large amount of data is sent to the input memory causing the programme to crash.
SQL injection attack - Malicious code is inserted in place of a query to get the database information.

Question 26

What is ‘man-in-the middle’ hacking?

Answer 26

The hacker is placed between a client and a host to read, modify and steal data sent between two parties.

Question 27

What is ‘piggyback’ hacking?

Answer 27

The hacker piggybacks on the communications being sent between parties to gain access into he system.

Question 28

‘Social engineering fraud’ is…

Answer 28

A type of fraud that doesn’t use technological techniques such as hacking to steal data. Instead it often relies on praying on peoples compassion in situations.

Question 29

Name 4 social engineering fraud techniques and explain what they are.

Answer 29

Identity theft - Assuming someone’s identity.
Pretext it - using a situation to divulge information or to gain access.
Posing - Creating a fake business to get sensitive information.
Phishing - Sending emails asking for victims to respond to a link that appears legitimate.
Pharming - You get redirected to a spoofed website
Shoulder surfing - Snooping or using technology to gain confidential information

Question 30

Why do people fall victim to fraud?

Answer 30

Compassion - Desire to help others.
Greed - Want a good deal or something for free.
Sex appeal - More cooperative with those who are flirting.
Sloth - Lazy habits.
Trust - will cooperate if trust is gained.
Urgency - Cooperation occurs when there is a sense of immediate need.
Vanity - More likely to cooperate when a fraudster appeals to your vanity.

Question 31

What are 5 ways in which the risk of social engineering can be mitigated?

Answer 31

1. Never let someone into a restricted area.
2. Never log in for someone else on a computer.
3. never give out sensitive information over the phone or through email.
4. Never share passwords or user ID’s.
5. be cautious of someone you don’t know who is trying to gain access through you.

Question 32

What is ‘malware’? And name 3 different forms it can take.

Answer 32

malware is the implementation of illicit or illegal software in order to gain information or monetary gain.

1. Spyware - Secretly monitors an collects info.
2. keylogger - software that records users keystrokes.
3. Trojan horse - malicious software code in an authorised program.
4. Trap door - A set of instructions that allow users to bypass normal systems control.
5. Virus - A section of self replicating code that attaches to a program or file.