Computer Fraud: Challenges To Accountants, Internal Auditors And Area Council Management

COMPUTER FRAUD: CHALLENGES TO ACCOUNTANTS, INTERNAL AUDITORS AND CASHIERS

1.1 INTRODUCTION

It is increasingly becoming a reality that organisations no matter their size and orientation cannot avoid utilising computer systems for data storing, analysis, and retrieval. This is more important when the reality of internet and globalisation of the world community is put into focus. Despite the benefits of computers and information technology, there is a growing concern on how to ensure security and protection of data which can be used in perpetrating fraudulent activities against organisations. This paper describes the fraud process. It also explores the reasons that fraud occurs. The paper also describes the approaches to computer fraud and the specific techniques used to commit it. Finally, several methods to deter and detect fraud are analysed.

1.2 OBJECTIVES OF THE PAPER

· Understand what fraud is and the process one follows to perpetuate a fraud.

· Identify conditions indicative of fraud

· Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.

· Compare and contrast the approaches and techniques that are used to commit computer fraud.

· Describe how to deter and detect computer fraud.

1.3 MEANING OF FRAUD AND THE FRAUD PROCESS

Fraud may be defined as deceitfulness. That is criminal deception and using false representation to obtain unjust advantage. It can also be defined as the intentional use of deception, trickery or distortion of truth to induce another to part with some valuable thing belonging to him. These definitions cover fraud in such area as petty theft, pilfering, extortion, forgery, embezzlement, 419, kickback, direct stealing, over invoicing, inflation of contracts, over-statement of profits

Most frauds involve three steps: the theft of something; the conversion to cash; and the concealment. The common way to hide a theft is to charge the stolen item to an expense account. A payroll example is to add a fictitious name to the company’s payroll (ghost worker), over-casting of gross and net columns of wages sheets, statutory deductions not handed over to the relevant statutory authority or unclaimed wages. In a lapping scheme, the perpetrator steals cash received from customer A to pay its accounts receivable. Funds received at a later date from customer B are used to pay off customer A balance, etc.

1.4 CONDITIONS INDICATIVE OF FRAUD

There are certain conditions that are indicative of the existence of possible fraud or scam. Some of these conditions are:

? Unsatisfactory explanations to probing questions

? Unaccounted for vouchers or sensitive documents

? Evidence of falsified documents

? Figures, trends or results which do not fall within expectations

? Unexplained items in a reconciliation

? Evidence of excessive spending lifestyles of employees

? Access to all aspects of a procedural system

? Refusal of an individual to proceed on leave

? Constant overtime by a particular staff

? Where a transaction is to be kept ‘confidential

1. 5 CAUSES OF FRAUD

The common characteristics of fraud perpetrators include:

· Most spend their illegal income rather than invest or save it.

· Once they begin the fraud, it is very hard for them to stop.

· They usually begin to rely on the extra income.

· Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills.

· Some computer fraud perpetrators are more motivated by curiosity and the challenge of “beating the system.”

· Others commit fraud to gain stature among others in the computer community.

It should be noted that three conditions are necessary for fraud to occur: a pressure or motive; an opportunity; and a rationalization. These are described further.

Pressures

Financial pressures

· living beyond means

· high personal debt

· “inadequate” income

· heavy financial losses

· large gambling debts

Work-related pressures

· poor motivation and remuneration of staff

· non-recognition of performance

· job dissatisfaction

· improper recruitment policy; understaffing, inexperienced and unqualified staff

· fear of losing job

Other pressures

· challenge

· family/peer pressure

· emotional instability

· need for power or control

· excessive pride or ambition

Opportunities

An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act. Opportunities often stem from a lack of internal controls. However, the most prevalent opportunity for fraud results from an organisation’s failure to enforce its system of internal controls.

Rationalizations

Most perpetrators have an excuse or a rationalization that allows them to justify their illegal behaviour. Some rationalizations include:

· The perpetrator is just “borrowing” the stolen assets.

· The perpetrator is not hurting a real person, just a computer system.

Other causes of fraud include: failure of the Accountant or the Internal Auditor to understand the system fully; lack of effective controls on computer input forms; existence of an in house computer programmer with unrestricted access to all aspects of the system.

1. 6 APPROACHES AND TECHNIQUES USED IN COMMITTING COMPUTER FRAUD

The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. Examples of computer fraud are:

· unauthorized use, access, modification, copying, and destruction of software or data

· theft of money by altering computer records

· theft or destruction of computer hardware

· use or the conspiracy to use computer resources to commit a criminal act

· intent to illegally obtain information or tangible property through the use of computers

The incidence of computer fraud has risen sharply of recent. Organizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud. However, no one knows for sure exactly how much companies lose to computer fraud. The reasons are not far fetched. Some of these reasons include:

· There is disagreement on what computer fraud is.

· Many computer frauds go undetected, or unreported.

· Most networks have a low level of security.

· Many Internet pages give instructions on how to perpetrate computer crimes.

· Law enforcement is unable to keep up with fraud.

Some of the more common techniques used in committing computer fraud are enumerated below:

· cracking

· input manipulation

· file alteration

· data leakage

· program alteration

· e-mail forgery and threats

· hacking

· internet misinformation and terrorism

· logic time bomb

· masquerading or impersonation

· password cracking

· salami technique

· software piracy

· scavenging

· Trojan horse

· virus

· worm

1. 7 HOW TO DETER AND DETECT COMPUTER FRAUD.

The following measures can decrease the potential of computer fraud in organisations.

· Make fraud less likely to occur.

· Increase the difficulty of committing fraud.

· Improve detection methods.

· Reduce fraud losses.

· Prosecute and incarcerate fraud perpetrators.

Make fraud less likely to occur:

· Use proper hiring and firing practices.

· Manage disgruntled employees.

· Train employees in security and fraud prevention.

· Manage and track software licenses.

· Require signed confidentiality agreements.

Increase the difficulty of committing fraud:

· Develop a strong system of internal controls.

· Segregation of duties.

· Require vacations and rotate duties.

· Restrict access to computer equipment and data files.

· Encrypt data and programs.

Improve detection methods.

· Protect the system from viruses.

· Control sensitive data.

· Control laptop computers.

· Monitor hacker information.

Reduce fraud losses:

· Maintain adequate insurance.

· Store backup copies of programs and data files in a secure, off-site location.

· Develop a contingency plan for fraud occurrences.

· Use software to monitor system activity and recover from fraud.

In the world of internet and networking, unauthorized access is usually gained by a "hacker" masquerading as an authorized user by means of sophisticated packages which are able to break passwords and match login names. Entry to an organisation’s network may also be gained via "trap doors" which are usually left by system programmers and which can bypass all of the security measures built into the program.

It is estimated that approximately 4,000 malicious software applications are circulating in cyberspace, which may include, amongst others, Trojan horses, logic bombs, and applications known as Devil Dialers, Satan, Brute and Nutcracker.

It is essential that information security is incorporated into an organisation’s policy and procedures and is formally documented and adhered to. Management appear to be unaware of the vulnerability and ease of accessibility of information by computer criminals. Some prevention strategies may include:

· A regular risk assessment on the vulnerabilities of the network

· The installation of a "firewall", which restricts unauthorized access from the Internet. Firewall software and hardware applications are readily available in the market. There are also a number of applications available to the forensic specialist which would function undetected from the internal and external auditors, and which store deleted files, monitor system administrators and are watchdogs to the organisation’s electronic dealings.

As with the growth of malicious software applications, a number of applications have been designed for use by computer specialists. Traditionally, computer programmers designed packages like Norton Utilities which retrieves undeleted files, views hidden files, indicates time and date of access to data etc. The level of sophistication has been enhanced, and new products on the market are:

· "PC Investigator", which incorporates all the Norton Utilities functions, and links hidden files common to one another.

· "Little Brother is Watching You", features include log-in tracing, and location activation for Web-site monitoring and networks (i.e. sites visited, duration and user).

Despite all this most computer fraud cases go unreported and un-prosecuted due to the following reasons:

· Many cases of computer fraud are as yet undetected.

· Companies are reluctant to report computer crimes.

· Law enforcement officials and the courts are so busy with violent crimes that they have little time for fraud cases.

· It is difficult, costly, and time consuming to investigate.

· Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes.

1. 8 CONCLUSIONS

This paper is a modest attempt at identifying the main causes and types of computer frauds. The paper prescribes some necessary measures to curb or at least minimise the incidence of computer fraud in Local governments. Admittedly, it is near impossible to stamp-out fraud in its entirety, however, it can be minimised. The measures put forward in this paper are by no means exhaustive but the paper it is believed serves as food for thought.