![Page 1: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/1.jpg)
1
Computer-Based Information Systems Controls
![Page 2: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/2.jpg)
2
Learning Objectives
1. Describe the threats to an AIS and discuss why these threats are growing.
2. Explain the basic concepts of control as applied to business organizations.
3. Describe the major elements in the control environment of a business organization.
![Page 3: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/3.jpg)
3
Learning Objectives, continued
4. Describe control policies and procedures commonly used in business organizations.
5. Evaluate a system of internal accounting control, identify its deficiencies, and prescribe modifications to remedy those deficiencies.
6. Conduct a cost-benefit analysis for particular threats, exposures, risks, and controls.
![Page 4: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/4.jpg)
4
Threats to Accounting Information Systems
What are examples of natural and political disasters?– fire or excessive heat– floods– earthquakes– high winds– war
![Page 5: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/5.jpg)
5
Threats to Accounting Information Systems
What are examples of software errors and equipment malfunctions?– hardware failures– power outages and fluctuations– undetected data transmission errors
![Page 6: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/6.jpg)
6
Threats to Accounting Information Systems What are examples of unintentional
acts?– accidents caused by human
carelessness– innocent errors of omissions– lost or misplaced data– logic errors– systems that do not meet company
needs
![Page 7: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/7.jpg)
7
Threats to Accounting Information Systems
What are examples of intentional acts?– sabotage– computer fraud– embezzlement
![Page 8: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/8.jpg)
8
Why are AIS Threats Increasing? Increasing numbers of client/server systems
mean that information is available to an unprecedented number of workers.
Because LANs and client/server systems distribute data to many users, they are harder to control than centralized mainframe systems.
WANs are giving customers and suppliers access to each other’s systems and data, making confidentiality a concern.
![Page 9: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/9.jpg)
9
Overview of Control Concepts
What is the traditional definition of internal control?
Internal control is the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed managerial policies.
![Page 10: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/10.jpg)
10
Overview of Control Concepts What is management control? Management control encompasses the
following three features:1 It is an integral part of management
responsibilities.2 It is designed to reduce errors,
irregularities, and achieve organizational goals.
3 It is personnel-oriented and seeks to help employees attain company goals.
![Page 11: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/11.jpg)
11
Internal Control Classifications The specific control procedures used in the
internal control and management control systems may be classified using the following four internal control classifications:1 Preventive, detective, and corrective controls 2 General and application controls3 Administrative and accounting controls4 Input, processing, and output controls
![Page 12: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/12.jpg)
12
The Foreign Corrupt Practices Act In 1977, Congress incorporated language
from an AICPA pronouncement into the Foreign Corrupt Practices Act.
The primary purpose of the act was to prevent the bribery of foreign officials in order to obtain business.
A significant effect of the act was to require corporations to maintain good systems of internal accounting control.
![Page 13: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/13.jpg)
13
Committee of Sponsoring Organizations The Committee of Sponsoring
Organizations (COSO) is a private sector group consisting of five organizations:1 American Accounting Association 2 American Institute of Certified Public
Accountants3 Institute of Internal Auditors4 Institute of Management Accountants5 Financial Executives Institute
![Page 14: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/14.jpg)
14
Committee of Sponsoring Organizations
In 1992, COSO issued the results of a study to develop a definition of internal controls and to provide guidance for evaluating internal control systems.
The report has been widely accepted as the authority on internal controls.
![Page 15: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/15.jpg)
15
Committee of Sponsoring Organizations
The COSO study defines internal control as the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to:– effectiveness and efficiency of operations – reliability of financial reporting– compliance with applicable laws and
regulations
![Page 16: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/16.jpg)
16
Committee of Sponsoring Organizations
COSO’s internal control model has five crucial components: 1 Control environment2 Control activities3 Risk assessment4 Information and communication5 Monitoring
![Page 17: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/17.jpg)
17
Information Systems Auditand Control Foundation The Information Systems Audit and Control
Foundation (ISACF) recently developed the Control Objectives for Information and related Technology (COBIT).
COBIT consolidates standards from 36 different sources into a single framework.
The framework addresses the issue of control from three vantage points, or dimensions:
![Page 18: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/18.jpg)
18
Information Systems Auditand Control Foundation1 Information: needs to conform to certain
criteria that COBIT refers to as business requirements for information
2 IT resources: people, application systems, technology, facilities, and data
3 IT processes: planning and organization, acquisition and implementation, delivery and support, and monitoring
![Page 19: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/19.jpg)
19
The Control Environment
The first component of COSO’s internal control model is the control environment.
The control environment consists of many factors, including the following:1 Commitment to integrity and ethical values2 Management’s philosophy and operating
style3 Organizational structure
![Page 20: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/20.jpg)
20
The Control Environment
4 The audit committee of the board of directors
5 Methods of assigning authority and responsibility
6 Human resources policies and practices
7 External influences
![Page 21: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/21.jpg)
21
Control Activities
The second component of COSO’s internal control model is control activities.
Generally, control procedures fall into one of five categories:1 Proper authorization of transactions
and activities2 Segregation of duties
![Page 22: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/22.jpg)
22
Control Activities
3 Design and use of adequate documents and records
4 Adequate safeguards of assets and records
5 Independent checks on performance
![Page 23: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/23.jpg)
23
Proper Authorization of Transactions and Activities Authorization is the empowerment
management gives employees to perform activities and make decisions.
Digital signature or fingerprint is a means of signing a document with a piece of data that cannot be forged.
Specific authorization is the granting of authorization by management for certain activities or transactions.
![Page 24: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/24.jpg)
24
Segregation of Duties
Good internal control demands that no single employee be given too much responsibility.
An employee should not be in a position to perpetrate and conceal fraud or unintentional errors.
![Page 25: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/25.jpg)
25
Segregation of Duties
Recording FunctionsPreparing source documents
Maintaining journalsPreparing reconciliations
Preparing performance reports
Custodial FunctionsHandling cash
Handling assetsWriting checks
Receiving checks in mail Authorization FunctionsAuthorization of
transactions
![Page 26: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/26.jpg)
26
Segregation of Duties
If two of these three functions are the responsibility of a single person, problems can arise.
Segregation of duties prevents employees from falsifying records in order to conceal theft of assets entrusted to them.
Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset thefts.
![Page 27: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/27.jpg)
27
Segregation of Duties
Segregation of duties prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized.
![Page 28: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/28.jpg)
28
Design and Use of Adequate Documents and Records
The proper design and use of documents and records helps ensure the accurate and complete recording of all relevant transaction data.
Documents that initiate a transaction should contain a space for authorization.
![Page 29: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/29.jpg)
29
Design and Use of Adequate Documents and Records The following procedures safeguard assets
from theft, unauthorized use, and vandalism:– effectively supervising and segregating
duties– maintaining accurate records of assets,
including information– restricting physical access to cash and paper
assets– having restricted storage areas
![Page 30: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/30.jpg)
30
Adequate Safeguards ofAssets and Records What can be used to safeguard
assets?– cash registers– safes, lockboxes– safety deposit boxes– restricted and fireproof storage areas– controlling the environment– restricted access to computer rooms,
computer files, and information
![Page 31: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/31.jpg)
31
Independent Checkson Performance
Independent checks ensure that transactions are processed accurately are another important control element.
![Page 32: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/32.jpg)
32
Independent Checkson Performance
What are various types of independent checks? – reconciliation of two independently
maintained sets of records– comparison of actual quantities with
recorded amounts– double-entry accounting– batch totals
![Page 33: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/33.jpg)
33
Independent Checkson Performance
Five batch totals are used in computer systems:1 A financial total is the sum of a dollar
field.2 A hash total is the sum of a field that
would usually not be added.
![Page 34: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/34.jpg)
34
Independent Checkson Performance
3 A record count is the number of documents processed.
4 A line count is the number of lines of data entered.
5 A cross-footing balance test compares the grand total of all the rows with the grand total of all the columns to check that they are equal.
![Page 35: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/35.jpg)
35
Risk Assessment
The third component of COSO’s internal control model is risk assessment.
Companies must identify the threats they face:– strategic — doing the wrong thing– financial — having financial resources lost,
wasted, or stolen– information — faulty or irrelevant information,
or unreliable systems
![Page 36: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/36.jpg)
36
Risk Assessment
Companies that implement electronic data interchange (EDI) must identify the threats the system will face, such as:1 Choosing an inappropriate technology2 Unauthorized system access3 Tapping into data transmissions4 Loss of data integrity
![Page 37: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/37.jpg)
37
Risk Assessment
5 Incomplete transactions6 System failures7 Incompatible systems
![Page 38: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/38.jpg)
38
Risk Assessment
Some threats pose a greater risk because the probability of their occurrence is more likely. For example:
A company is more likely to be the victim of a computer fraud rather than a terrorist attack.
Risk and exposure must be considered together.
![Page 39: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/39.jpg)
39
Estimate Cost and Benefits
No internal control system can provide foolproof protection against all internal control threats.
The cost of a foolproof system would be prohibitively high.
One way to calculate benefits involves calculating expected loss.
![Page 40: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/40.jpg)
40
Expected loss = risk × exposure
Estimate Cost and Benefits
The benefit of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it.
![Page 41: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/41.jpg)
41
Information and Communication
The fourth component of COSO’s internal control model is information and communication.
![Page 42: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/42.jpg)
42
Information and Communication Accountants must understand the following:
1 How transactions are initiated2 How data are captured in machine-readable
form or converted from source documents3 How computer files are accessed and
updated4 How data are processed to prepare
information5 How information is reported6 How transactions are initiated
![Page 43: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/43.jpg)
43
Information and Communication All of these items make it possible for the
system to have an audit trail. An audit trail exists when individual
company transactions can be traced through the system.
![Page 44: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/44.jpg)
44
Monitoring Performance
The fifth component of COSO’s internal control model is monitoring.
What are the key methods of monitoring performance?– effective supervision– responsibility accounting– internal auditing
![Page 45: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/45.jpg)
45
Computer Controls and Security
![Page 46: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/46.jpg)
46
Learning Objectives
1. Identify and explain the four principles of systems reliability and the three criteria used to evaluate whether the principles have been achieved.
2. Identify and explain the controls that apply to more than one principle of reliability.
3. Identify and explain the controls that help explain that a system is available to users when needed.
![Page 47: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/47.jpg)
47
Learning Objectives4. Identify and explain the security controls
that prevent unauthorized access to information, software, and other system resources.
5. Identify and explain the controls that help ensure that a system can be properly maintained, while still providing for system availability, security, and integrity.
6. Identify and explain the integrity controls that help ensure that system processing is complete, accurate, timely, and authorized.
![Page 48: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/48.jpg)
48
The Four Principles of a Reliable System
1. Availability of the system when needed.
2. Security of the system against unauthorized physical and logical access.
3. Maintainability of the system as required without affecting its availability, security, and integrity.
4. Integrity of the system to ensure that processing is complete, accurate, timely, and authorized.
![Page 49: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/49.jpg)
49
The Criteria Used To Evaluate Reliability Principles
For each of the four principles of reliability, three criteria are used to evaluate whether or not the principle has been achieved.1. The entity has defined, documented, and
communicated performance objectives, policies, and standards that achieve each of the four principles.
2. The entity uses procedures, people, software, data, and infrastructure to achieve each principle in accordance with established policies and standards.
3. The entity monitors the system and takes action to achieve compliance with the objectives, policies, and standards for each principle.
![Page 50: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/50.jpg)
50
Controls Related to More Than One Reliability Principle
Strategic Planning & Budgeting Developing a Systems Reliability Plan Documentation
![Page 51: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/51.jpg)
51
Controls Related to More Than One Reliability Principle Documentation may be classified into three
basic categories: Administrative documentation: Describes the
standards and procedures for data processing.
Systems documentation: Describes each application system and its key processing functions.
Operating documentation: Describes what is needed to run a program.
![Page 52: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/52.jpg)
52
Availability Availability
Minimizing Systems Downtime• Preventive maintenance
• UPS• Fault tolerance
• Disaster Recovery Plan• Minimize the extent of disruption, damage,
and loss• Temporarily establish an alternative means of
processing information• Resume normal operations as soon as
possible
![Page 53: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/53.jpg)
53
Availability Disaster Recovery, continued• Train and familiarize personnel with emergency
operations• Priorities for the recovery process• Insurance• Backup data and program files
• Electronic vaulting• Grandfather-father-son concept• Rollback procedures
• Specific assignments• Backup computer and telecommunication facilities• Periodic testing and revision• Complete documentation
![Page 54: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/54.jpg)
54
Developing a Security Plan
Developing and continuously updating a comprehensive security plan is one of the most important controls a company can identify.What questions need to be asked?Who needs access to what information? When do they need it?On which systems does the information
reside?
![Page 55: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/55.jpg)
55
Segregation of Duties Withinthe Systems Function In a highly integrated AIS, procedures that
used to be performed by separate individuals are combined.
Any person who has unrestricted access to the computer, its programs, and live data could have the opportunity to both perpetrate and conceal fraud.
To combat this threat, organizations must implement compensating control procedures.
![Page 56: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/56.jpg)
56
Segregation of Duties Withinthe Systems Function Authority and responsibility must be clearly divided
among the following functions:
1. Systems administration2. Network management3. Security management4. Change management5. Users6. Systems analysis7. Programming8. Computer operations9. Information system library10. Data control
![Page 57: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/57.jpg)
57
Segregation of Duties Withinthe Systems Function
It is important that different people perform these functions.
Allowing a person to perform two or more of them exposes the company to the possibility of fraud.
![Page 58: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/58.jpg)
58
Physical Access Controls How can physical access security be achieved?
– Place computer equipment in locked rooms and restrict access to authorized personnel
– Have only one or two entrances to the computer room– Require proper employee ID– Require that visitors sign a log– Use a security alarm system– Restrict access to private secured telephone lines and
terminals or PCs.– Install locks on PCs.– Restrict access of off-line programs, data and equipment– Locate hardware and other critical system components
away from hazardous materials.– Install fire and smoke detectors and fire extinguishers
that don not damage computer equipment
![Page 59: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/59.jpg)
59
Logical Access Controls
Users should be allowed access only to the data they are authorized to use and then only to perform specific authorized functions.
What are some logical access controls?– passwords– physical possession identification– biometric identification– compatibility tests
![Page 60: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/60.jpg)
60
Protection of PCs and Client/Server Networks
Many of the policies and procedures for mainframe control are applicable to PCs and networks.
The following controls are also important: Train users in PC-related control concepts. Restrict access by using locks and keys on
PCs. Establish policies and procedures.
![Page 61: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/61.jpg)
61
Protection of PCs and Client/Server Networks
Portable PCs should not be stored in cars. Keep sensitive data in the most secure environment
possible. Install software that automatically shuts down a
terminal after its been idle for a certain amount of time.
Back up hard disks regularly. Encrypt or password protect files. Build protective walls around operating systems. Ensure that PCs are booted up within a secure
system. Use multilevel password controls to limit employee
access to incompatible data. Use specialists to detect holes in the network.
![Page 62: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/62.jpg)
62
Internet and e-Commerce Controls
Why caution should be exercised when conducting business on the Internet.– the large and global base of people
that depend on the Internet– the variability in quality, compatibility,
completeness, and stability of network products and services
![Page 63: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/63.jpg)
63
Internet and e-Commerce Controls
– access of messages by others– security flaws in Web sites– attraction of hackers to the Internet
What controls can be used to secure Internet activity?– passwords– encryption technology– routing verification procedures
![Page 64: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/64.jpg)
64
Internet and e-Commerce Controls Another control is installing a firewall,
hardware and software that control communications between a company’s internal network (trusted network) and an external network. The firewall is a barrier between the
networks that does not allow information to flow into and out of the trusted network.
Electronic envelopes can protect e-mail messages
![Page 65: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/65.jpg)
65
Maintainability
Two categories of controls help ensure the maintainability of a system:Project development and acquisition
controlsChange management controls
![Page 66: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/66.jpg)
66
Project Development and Acquisition Controls
Project development and acquisition controls include:Strategic Master PlanProject ControlsData Processing ScheduleSystem Performance MeasurementsPostimplementation Review
![Page 67: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/67.jpg)
67
Change Management Controls Change management controls include: Periodically review all systems for needed
changes Require all requests to be submitted in
standardized format Log and review requests form authorized
users for changes and additions to systems Assess the impact of requested changes on
system reliability objectives, policies and standards
![Page 68: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/68.jpg)
68
Change Management Controls, continued
Categorize and rank all changes using established priorities
Implement procedures to handle urgent matters
Communicate all changes to management Require IT management to review, monitor,
and approve all changes to software, hardware and personnel responsibilities
Assign specific responsibilities to those involved in the change and monitor their work.
![Page 69: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/69.jpg)
69
Change Management Controls, continued
Control system access rights to avoid unauthorized systems and data access
Make sure all changes go through the appropriate steps
Test all changes Make sure there is a plan for backing our of
any changes in the event they don’t work properly
Implement a quality assurance function Update all documentation and procedures
when change is implemented
![Page 70: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/70.jpg)
70
Integrity
A company designs general controls to ensure that its overall computer system is stable and well managed.
Application controls prevent, detect and correct errors in transactions as they flow through the various stages of a specific data processing program.
![Page 71: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/71.jpg)
71
Integrity: Source Data Controls
Companies must establish control procedures to ensure that all source documents are authorized, accurate , complete and properly accounted for, and entered into the system or sent ot their intended destination in a timely manner.
Source data controls include:
![Page 72: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/72.jpg)
72
Integrity: Source Data Controls Forms design Prenumbered forms sequence test Turnaround documents Cancellation and storage of documents Authorization and segregation of duties Visual scanning Check digit verification Key verification
![Page 73: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/73.jpg)
73
Integrity:Input Validation Routines
Input validation routines are programs the check the integrity of input data. They include:
Limit check
Range check
Reasonableness test
Redundant data check
Sequence check
Field check
Sign check
Validity check
Capacity check
![Page 74: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/74.jpg)
74
Integrity: On-line Data Entry Controls
The goal of on-line data entry control is to ensure the integrity of transaction data entered from on-line terminals and PCs by minimizing errors and omissions.
They include:
![Page 75: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/75.jpg)
75
Integrity: On-line Data Entry Controls Field, limit, range, reasonableness, sign, validity,
redundant data checks User ID numbers Compatibility tests Automatic entry of transaction data, where possible Prompting Preformatting Completeness check Closed-lop verification Transaction log Error messages Retain data for legal purposes
![Page 76: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/76.jpg)
76
Integrity: Data Processing and Storage Controls
Controls to help preserve the integrity of data processing and stored data:
Policies and procedures Data control function Reconciliation procedure External data reconciliation Exception reporting
![Page 77: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/77.jpg)
77
Integrity: Data Processing and Storage Controls, continued
Data currency checks Default values Data matching File labels Write protection mechanisms Database protection mechanisms Data conversion controls Data security
![Page 78: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/78.jpg)
78
Output Controls
The data control functions should review all output for reasonableness and proper format and should reconcile corresponding output and input control totals.
Data control is also responsible for distributing computer output to the appropriate user departments.
![Page 79: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/79.jpg)
79
Output Controls
Users are responsible for carefully reviewing the completeness and accuracy of all computer output that they receive.
A shredder can be used to destroy highly confidential data.
![Page 80: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/80.jpg)
80
Data Transmission Controls
To reduce the risk of data transmission failures, companies should monitor the network.
How can data transmission errors be minimized?– using data encryption (cryptography)– implementing routing verification
procedures– adding parity– using message acknowledgment
techniques
![Page 81: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/81.jpg)
81
Data Transmission Controls
Data Transmission Controls take on added importance in organizations that utilize electronic data interchange (EDI) or electronic funds transfer (EFT).
![Page 82: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/82.jpg)
82
Data Transmission Controls
In these types of environments, sound internal control is achieved using the following control procedures:1 Physical access to network facilities should be
strictly controlled.2 Electronic identification should be required for all
authorized network terminals.3 Strict logical access control procedures are
essential, with passwords and dial-in phone numbers changed on a regular basis.
![Page 83: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/83.jpg)
83
Data Transmission Controls
Control procedures, continued4 Encryption should be used to secure
stored data as well as data being transmitted.
5 Details of all transactions should be recorded in a log that is periodically reviewed.
![Page 84: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/84.jpg)
84
Computer Fraud
![Page 85: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/85.jpg)
85
Learning Objectives
1. Describe fraud and describe the process one follows to perpetuate a fraud.
2. Discuss why fraud occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.
3. Compare and contrast the approaches and techniques that are used to commit computer fraud.
4. Describe how to deter and detect computer fraud.
![Page 86: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/86.jpg)
86
The Fraud Process
Most frauds involve three steps.
The theft ofsomething
The conversionto cash
Theconcealment
![Page 87: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/87.jpg)
87
The Fraud Process
What is a common way to hide a theft?– to charge the stolen item to an
expense account What is a payroll example?
– to add a fictitious name to the company’s payroll
![Page 88: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/88.jpg)
88
The Fraud Process
What is lapping? In a lapping scheme, the perpetrator
steals cash received from customer A to pay its accounts receivable.
Funds received at a later date from customer B are used to pay off customer A’s balance, etc.
![Page 89: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/89.jpg)
89
The Fraud Process
What is kiting? In a kiting scheme, the perpetrator
covers up a theft by creating cash through the transfer of money between banks.
The perpetrator deposits a check from bank A to bank B and then withdraws the money.
![Page 90: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/90.jpg)
90
The Fraud Process
Since there are insufficient funds in bank A to cover the check, the perpetrator deposits a check from bank C to bank A before his check to bank B clears.
Since bank C also has insufficient funds, money must be deposited to bank C before the check to bank A clears.
The scheme continues to keep checks from bouncing.
![Page 91: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/91.jpg)
91
Why Fraud Occurs
Researchers have compared the psychological and demographic characteristics of three groups of people:
White-collarcriminals
Violentcriminals
Generalpublic
Few differencesSignificant differences
![Page 92: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/92.jpg)
92
Why Fraud Occurs
What are some common characteristics of fraud perpetrators?
Most spend their illegal income rather than invest or save it.
Once they begin the fraud, it is very hard for them to stop.
They usually begin to rely on the extra income.
![Page 93: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/93.jpg)
93
Why Fraud Occurs
Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills.
Some computer fraud perpetrators are more motivated by curiosity and the challenge of “beating the system.”
Others commit fraud to gain stature among others in the computer community.
![Page 94: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/94.jpg)
94
Why Fraud Occurs
Three conditions are necessary for fraud to occur:1 A pressure or motive2 An opportunity3 A rationalization
![Page 95: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/95.jpg)
95
Pressures
What are some financial pressures?– living beyond means– high personal debt– “inadequate” income– poor credit ratings– heavy financial losses– large gambling debts
![Page 96: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/96.jpg)
96
Pressures
What are some work-related pressures?– low salary– nonrecognition of performance– job dissatisfaction– fear of losing job– overaggressive bonus plans
![Page 97: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/97.jpg)
97
Pressures
What are other pressures?– challenge– family/peer pressure– emotional instability– need for power or control– excessive pride or ambition
![Page 98: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/98.jpg)
98
Opportunities
An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act.
Opportunities often stem from a lack of internal controls.
However, the most prevalent opportunity for fraud results from a company’s failure to enforce its system of internal controls.
![Page 99: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/99.jpg)
99
Rationalizations
Most perpetrators have an excuse or a rationalization that allows them to justify their illegal behavior.
What are some rationalizations? The perpetrator is just “borrowing” the stolen
assets. The perpetrator is not hurting a real person, just a
computer system. No one will ever know.
![Page 100: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/100.jpg)
100
Computer Fraud
The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution.
What are examples of computer fraud?– unauthorized use, access, modification,
copying, and destruction of software or data
![Page 101: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/101.jpg)
101
Computer Fraud
– theft of money by altering computer records or the theft of computer time
– theft or destruction of computer hardware
– use or the conspiracy to use computer resources to commit a felony
– intent to illegally obtain information or tangible property through the use of computers
![Page 102: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/102.jpg)
102
The Rise in Computer Fraud
Organizations that track computer fraud estimate that 80% of U.S. businesses have been victimized by at least one incident of computer fraud.
![Page 103: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/103.jpg)
103
The Rise in Computer Fraud
No one knows for sure exactly how much companies lose to computer fraud. Why? There is disagreement on what computer fraud is. Many computer frauds go undetected, or
unreported. Most networks have a low level of security. Many Internet pages give instructions on how to
perpetrate computer crimes. Law enforcement is unable to keep up with fraud.
![Page 104: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/104.jpg)
104
Computer Fraud Classifications
Computerinstruction fraud
Processor fraud
Data fraud
Inputfraud
Outputfraud
![Page 105: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/105.jpg)
105
Computer Fraud andAbuse Techniques
What are some of the more common techniques to commit computer fraud?– Cracking– Data diddling– Data leakage– Denial of service attack– Eavesdropping– E-mail forgery and threats
![Page 106: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/106.jpg)
106
Computer Fraud andAbuse Techniques
– Hacking– Internet misinformation and terrorism– Logic time bomb– Masquerading or impersonation– Password cracking– Piggybacking– Round-down– Salami technique
![Page 107: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/107.jpg)
107
Computer Fraud andAbuse Techniques
– Software piracy– Scavenging– Social engineering– Superzapping– Trap door– Trojan horse– Virus – Worm
![Page 108: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/108.jpg)
108
Preventing and Detecting Computer Fraud
What are some measures that can decrease the potential of fraud?1 Make fraud less likely to occur.2 Increase the difficulty of committing
fraud.3 Improve detection methods.4 Reduce fraud losses.5 Prosecute and incarcerate fraud
perpetrators.
![Page 109: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/109.jpg)
109
Preventing and Detecting Computer Fraud
1 Make fraud less likely to occur.Use proper hiring and firing practices.Manage disgruntled employees.Train employees in security and fraud
prevention.Manage and track software licenses.Require signed confidentiality
agreements.
![Page 110: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/110.jpg)
110
Preventing and Detecting Computer Fraud2 Increase the difficulty of committing
fraud.Develop a strong system of internal
controls.Segregate duties.Require vacations and rotate duties.Restrict access to computer
equipment and data files.Encrypt data and programs.
![Page 111: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/111.jpg)
111
Preventing and Detecting Computer Fraud
3 Improve detection methods.Protect telephone lines and the
system from viruses.Control sensitive data.Control laptop computers.Monitor hacker information.
![Page 112: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/112.jpg)
112
Preventing and Detecting Computer Fraud
4 Reduce fraud losses.Maintain adequate insurance.Store backup copies of programs and
data files in a secure, off-site location. Develop a contingency plan for fraud
occurrences.Use software to monitor system activity
and recover from fraud.
![Page 113: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/113.jpg)
113
Preventing and Detecting Computer Fraud
5 Prosecute and incarcerate fraud perpetrators.Most fraud cases go unreported and
unprosecuted. Why?• Many cases of computer fraud are as yet
undetected.• Companies are reluctant to report
computer crimes.
![Page 114: 1 Computer-Based Information Systems Controls. 2 Learning Objectives 1. Describe the threats to an AIS and discuss why these threats are growing. 2. Explain](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d2b5503460f94a007a6/html5/thumbnails/114.jpg)
114
Preventing and Detecting Computer Fraud Law enforcement officials and the courts
are so busy with violent crimes that they have little time for fraud cases.
It is difficult, costly, and time consuming to investigate.
Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes.