Week 6 And 7 - Fraud Flashcards
What is the definition of ‘fraud’?
‘An intentional act by one or more individuals among management, those charged with governance employees or third parties, involving the use of deception to obtain an unjust or illegal advantage’
What is the element that differentiates Fraud from theft?
The element of deception used to obtain the illegal advantage
What is the definition of computer fraud?
‘Manipulation of a computer or computer data to dishonestly obtain money, property or some other advantage of value or cause a loss’
What are the two main categories of fraud?
- Misappropriation of assets
2. Fraudulent financial reporting
What is meant by the ‘misappropriation’ of assets?
By fraudulent means, we partake in the theft of company assets which can include physical assets (cash/Inventory) and digital assets (intellectual property/customer data).
What is meant by ‘Fraudulent financial reporting’?
‘Cooking the books’/Creative accounting
What are the average characteristics of a fraudster?
Man ages 40-50
University educated
Worked for an organisation for a long time
What are the 6 reasons fraud is committed?
- Envious of wealth
- Corrupt corporate culture
- Ethic of capitalism
- Believe that fraud is victimless
- Rationalise abnormal situation (just borrowing the money)
- Moral justification (employer owed it to me)
The three elements that make put the fraud triangle are:
- Opportunity - There needs to be an opportunity or a sense of opportunity otherwise a fraud will not take place.
- Rationalisation - The person committing the fraud must be able to rationalise.
- Pressure - There must be an element of pressure on the individual committing the fraud.
On the extended fraud triangle, the opportunity triangle contains what elements?
Commit - Can somebody commit the crime? How easy is it to commit the crime?
Conceal - How easy is it for your o avoid being caught?
Convert - How easy is it to convert the fraud into something that provides me value?
On the extended fraud triangle, rationalisation has what three elements?
Attitude - What is the attitude of the employee? Corporate culture?
Justification - Can the employee justify their actions?
Lack of personal integrity
On the extended fraud triangle, pressure is split into between two subjects, who are they?
pressure can either be placed on the:
Employee
Firm
Pressure on employees can come in 3 forms or a combination, what are the three forms?
Financial - I cant afford basic necessities.
Lifestyle - I can afford basic necessities but i cant afford ‘the finer things in life’
Emotional - My partner is pressuring me because she wants a bigger house
Pressure on a firm can occur because of three main reasons, what are they?
Financial - If the firm is making a loss, you’re more likely to commit a fraud.
Industrial conditions - Are other firms doing better?
Management characteristics - A culture of managerial corruption
As per the fraud triangle, when looking for fraud, what three things should be looked for?
Pressures
Opportunities
Rationalisation
What are the auditors responsibilities in regards to fraud?
- Understand fraud
- Discuss the risks of material fraudulent misstatements
- Obtain information about the firm
- Identify, assess and respond to risks
- Evaluate the results of their audit tests - do we think fraud has occurred?
- Document and communicate findings
- Incorporate a technology focus
What must be remembered when considering an auditors duty in relation to fraud?
They don’t have a duty to actively search for fraud
When trying to make fraud less likely to occur in an organisation ,what sort of things can be done?
- Create a culture of integrity
- Adopt structure that minimises fraud (create governance)
- Assign authority for the completion of business objectives.
- Communicate business policies
When trying to make fraud more difficult to commit within an organisation, what sort of things can be done?
- Develop strong internal controls
- Segregate accounting functions
- Use properly designed forms
- Require independent checks
When trying to improve detection of fraud within an organisation, what sort of things can be done?
- Assess fraud risk
- External and internal audits
- Open a fraud hotline
When trying to reduce the losses from fraud within an organisation, what sort of things can be done?
- Insurance
- Business continuity and disaster recovery plan
What are the 3 types of computer attacks?
- Hacking
- Social engineering
- Malware
In relation to hacking, what two forms can it take? And what do they mean?
- Hijacking - gaining control of a computer/system to carry out illicit activities.
- Botnets (Robot networks)
Denial of service attack (DoS) - The bot herder sends lots of data into a system, too much for the system to cope with.
What is meant by the term ‘Spoofing’?
- Email spoofing
- Caller ID spoofing (hacker changes the ID for saved numbers on your phone).
- SMS spoofing
- Web-page spoofing
What are three main types of hacking with computer code?
Cross-site scripting (XSS) - Injects malicious code into a web application.
Buffer overflow attack - Large amount of data is sent to the input memory causing the programme to crash.
SQL injection attack - Malicious code is inserted in place of a query to get the database information.
What is ‘man-in-the middle’ hacking?
The hacker is placed between a client and a host to read, modify and steal data sent between two parties.
What is ‘piggyback’ hacking?
The hacker piggybacks on the communications being sent between parties to gain access into he system.
‘Social engineering fraud’ is…
A type of fraud that doesn’t use technological techniques such as hacking to steal data. Instead it often relies on praying on peoples compassion in situations.
Name 4 social engineering fraud techniques and explain what they are.
Identity theft - Assuming someone’s identity.
Pretext it - using a situation to divulge information or to gain access.
Posing - Creating a fake business to get sensitive information.
Phishing - Sending emails asking for victims to respond to a link that appears legitimate.
Pharming - You get redirected to a spoofed website
Shoulder surfing - Snooping or using technology to gain confidential information
Why do people fall victim to fraud?
Compassion - Desire to help others.
Greed - Want a good deal or something for free.
Sex appeal - More cooperative with those who are flirting.
Sloth - Lazy habits.
Trust - will cooperate if trust is gained.
Urgency - Cooperation occurs when there is a sense of immediate need.
Vanity - More likely to cooperate when a fraudster appeals to your vanity.
What are 5 ways in which the risk of social engineering can be mitigated?
- Never let someone into a restricted area.
- Never log in for someone else on a computer.
- never give out sensitive information over the phone or through email.
- Never share passwords or user ID’s.
- be cautious of someone you don’t know who is trying to gain access through you.
What is ‘malware’? And name 3 different forms it can take.
malware is the implementation of illicit or illegal software in order to gain information or monetary gain.
- Spyware - Secretly monitors an collects info.
- keylogger - software that records users keystrokes.
- Trojan horse - malicious software code in an authorised program.
- Trap door - A set of instructions that allow users to bypass normal systems control.
- Virus - A section of self replicating code that attaches to a program or file.
