Term
|
Definition
- any and all means a person uses to gain an unfair advantage over another person
- gaining an unfair advantage over another person |
|
|
Term
| What an act must involve to be considered fraudulent |
|
Definition
- a false statement (oral or in writing)
- about a material fact
- knowledge that the statement was false when it was uttered (which implies an intent to deceive)
- a victim relies on the statement
- and suffers injury or loss as a result |
|
|
Term
|
Definition
- former and current employees
- much more likely than non-employees to perpetrate frauds (and big ones) against companies
- largely owing to their understanding of the company's systems and its weaknesses, which enables them to commit the fraud and cover their tracks |
|
|
Term
|
Definition
- fraud perpetrators
- distinguishes them from violent criminals, although some white-collar crime can ultimately have violent outcomes |
|
|
Term
| Misappropriation of assets |
|
Definition
- involves theft, embezzlement, or misuse of company assets for personal gain
- employee fraud |
|
|
Term
|
Definition
| - involves the wrongful use of a position, contrary to the responsibilities of that position, to procure a benefit |
|
|
Term
|
Definition
- financial statement fraud involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users
- financial statments can be misstated as a result of intentional efforts to deceive or as a result of undetected asset misappropriations that are so large that they cause misstatement |
|
|
Term
| Types of occupational fraud |
|
Definition
- misappropriation of assets
- corruption
- fraudulent statements |
|
|
Term
| Important elements of a typical employee fraud |
|
Definition
- perpetrator must gain the trust or confidence of the person or company being defrauded in order to commit and conceal the fraud
- instead of using a gun, knife, or physical force, fraudsters use weapons of deceit and misinformation
- frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed; most fraudsters can't stop once they get started, and their frauds grow in size
- the fraudsters often grow careless or overconfident over time
- fraudsters tend to spend what they steal; very few save it
- in time, the sheer magnitude of the frauds may lead to detection
- the most significant contributing factor in most employee frauds is the the absence of internal controls and/or the failure to enforce existing controls |
|
|
Term
| Why financial statements can be falsified |
|
Definition
- deceive investors and creditors
- cause a company's stock price to rise
- meet cash flow needs
- hide company losses and problems |
|
|
Term
| common approaches to "cooking the books" |
|
Definition
- recording fictitious revenues
- recording revenues prematurely
- recording expenses in later periods
- overstating inventories or fixed assets
- concealing losses and liabilities |
|
|
Term
| 4 actions recommended by the Treadway Commission to reduce the possibility of fraudulent financial reporting |
|
Definition
- establish an organizational environment that contributes to the integrity of the financial reporting process
- identify and understand the factors that lead to fraudulent financial reporting
- assess the risk of fraudulent financial reporting within the company
- design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented |
|
|
Term
|
Definition
- auditors can't effectively audit something they don't understand
- auditors are not lawyers and "do not make legal determinations of whether fraud has occurred
- external auditor's interest specifically relates to acts that result in a material misstatement of the financial statements
- internal auditors will have a more extensive interest in fraud than just those that impact financial statements |
|
|
Term
| Auditors must discuss the risks of material fraudulent misstatements |
|
Definition
| - while planning the audit, members of the audit team should discuss how and where the company's financial statements might be susceptible to fraud |
|
|
Term
| Auditors must obtain information |
|
Definition
- the audit team must gather evidence about the existence of fraud by looking for fraud risk factors, testing company records, and asking management, the audit committee, and others if they know of any past or current fraud or of fraud risks the organization faces
- special care needs to be exercised in examining revenue accounts, since they are particularly popular fraud targets |
|
|
Term
| Auditors must identify, assess, and respond to risks |
|
Definition
- use the gathered information to identify, assess, and respond to risks
- auditors can respond by varying the nature, timing, and extent of auditing procedures they perform
- they should also carefully evaluate risks related to management override of controls |
|
|
Term
| Auditors must evaluate the results of their audit tests |
|
Definition
- auditors must assess the risk of fraud throughout the audit
- when the audit is complete, they must evaluate whether any identified misstatements indicate the presence of fraud
- if so, they should determine the impact on the financial statementes and the audit |
|
|
Term
| Auditors must communicate findings |
|
Definition
| - auditors communicate their fraud findings to management, the audit committee, and others |
|
|
Term
| Auditors must document their audit work |
|
Definition
| - auditors must document their compliance with SAS-99 requirements |
|
|
Term
| Auditors must incorporate a technology focus |
|
Definition
| - SAS-99 recognizes that technology impacts fraud risks and notes opportunities that auditors have to use technology-oriented tools and techniques to design fraud auditing procedures |
|
|
Term
| SAS-99 Auditor Requirements |
|
Definition
- understand fraud
- discuss the risks of material fraudulent misstatements
- obtain information
- identify, assess, and respond to risks
- evaluate the results of their audit tests
- communicate findings
- document their audit work
- incorporate a technology focus |
|
|
Term
| What motivates hackers and computer fraud perps |
|
Definition
- curiosity
- a quest for knowledge
- the desire to learn how things work
- the challenge of beating the system |
|
|
Term
| Who to sell computer fraud info to |
|
Definition
- spammers
- organized crime
- other hackers
- the intelligence community |
|
|
Term
|
Definition
- pressure
- opportunity
- rationalization |
|
|
Term
|
Definition
- perceived non-shareable need
- the pressure could be related to finances, emotions, lifestyle, or some combination
- person's incentive or motivation for committing fraud |
|
|
Term
|
Definition
- not being able to pay one's debts, nor admit it to one's employer, family, or friends (which makes it non-shareable)
- fear of loss of status because of a personal failure
- business reversals
- physical isolation
- status gaining
- difficulties in employer-employee relations |
|
|
Term
| Financial statement fraud common pressures |
|
Definition
- to prop up earnings or stock price so that management can: receive performance-related compensation, preserve or improve personal wealth held in company stock or stock options, and keep their jobs
- to cover the inability to generate cash flow
- to obtain financing
- to appear to comply with bond covenants or other agreements
- may be opposite of propping up earnings in cases involving income-tax motivations, government contracts, or regulation |
|
|
Term
|
Definition
- the gateway that allows an individual to:
- commit the fraud
- conceal the fraud
- convert the proceeds |
|
|
Term
|
Definition
- misappropriating assets
- issuing deceptive financial statements
- accepting a bribe in order to make an arrangement that is not in the company's best interest |
|
|
Term
|
Definition
| - takes more time and effort and leaves more evidence than the actual theft or misrepresentation |
|
|
Term
|
Definition
- checks can be converted through alterations, forged endorsements, check washing, etc.
- non-cash assets cna be sold (online auctions are a favorite forum) or returned to the company for cash |
|
|
Term
| Possible gains of financial statement fraud |
|
Definition
- keep job
- value of stock or stock options rose
- receive a raise, promotion, or bonus
- have power |
|
|
Term
| Opportunities that enable fraud |
|
Definition
- lack of internal controls
- failure to enforce controls
- excessive trust in key employees
- incompetant supervisory personnel
- inattention to detail
- inadequate staff |
|
|
Term
|
Definition
- authorization procedures
- clear lines of authority
- adequate supervision
- adequate documents and records
- a system to safeguard assets
- independent checks on performance
- separation of duties |
|
|
Term
| how management may allow fraud |
|
Definition
- allows perpetrators to justify their illegal behavior
- not getting involved in the design or enforcement of internal controls
- inattention or carelessness
- overriding controls
- using their power to compel subordinates to carry out the fraud |
|
|
Term
|
Definition
- i was just borrowing the money
- it wasn't really hurting anyone
- everybody does it
- i've worked for them for 35 years and been underpaid all that time. i wasn't stealing; i was only taking what was owed to me
- i didn't take it for myself; i needed it to pay my child's medical bills |
|
|
Term
|
Definition
| - the intent of the threat is to destroy or harm a system or some of its components |
|
|
Term
|
Definition
| - data that Web sites store on your computer to identify their Web sites to your computer and to identify you to the Web site so you do not have to log on each time you visit the site |
|
|
Term
| fraudulent financial reporting |
|
Definition
| - intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements |
|
|
Term
|
Definition
- the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable
- funds received at a later date from customer B are used to pay off customer A's balance
- funds from customer C are used to pay off customer B, and so forth |
|
|
Term
|
Definition
| - the perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank |
|
|
Term
|
Definition
| - any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution |
|
|
Term
|
Definition
| - unauthorized access and use of computer systems, usually by means of a personal computer and a telecommunications network |
|
|
Term
|
Definition
| - driving around looking for unprotected wireless network |
|
|
Term
|
Definition
| - drawing chalk systems on sidewalks to mark unprotected wireless networks |
|
|
Term
|
Definition
- researchers sent rockets into the air that let loose wireless access points, each attached to a parachute
- as the parachutes decended, the access points detected unsecured wireless networks in a 50-square-mile area |
|
|
Term
|
Definition
|
|
Term
|
Definition
| - gaining control of someone else's computer to carry out illicit activities without the user's knowledge |
|
|
Term
|
Definition
|
|
Term
|
Definition
| - occurs when an attacker sends a recipient so many e-mail bombs (thousands per second), often from randomly generated false addresses, that the Internet service provider's e-mail server is overloaded and shuts down |
|
|
Term
|
Definition
| - e-mailing or text messaging the same unsolicited message to many people at the same time, often in an attempt to reach potential customers to sell them something |
|
|
Term
|
Definition
| - direct harvesting attacks |
|
|
Term
|
Definition
| - web sites containing online journals |
|
|
Term
|
Definition
|
|
Term
|
Definition
| - making an e-mail message look as if someone else sent it |
|
|
Term
|
Definition
| - attack between the time a new software vulnerability is discovered and the software developers and the security vendors release software |
|
|
Term
|
Definition
| - fixes a software problem |
|
|
Term
|
Definition
| - penetrating a system's defenses, stealing the file containing valid passwords, decrypting them, and using them to gain access to programs, files, and data |
|
|
Term
| masquerading / impersonation |
|
Definition
| - gaining access to the system by pretending to be an authorized user |
|
|
Term
|
Definition
- clandestine use of a neighbor's Wi-Fi network
- tapping into a telecommunications line and electronically latching on to a legitimate user before the user enters a secure system
- an unauthorized person passing through a secure door when an authorized person opens it, thereby physical security control such as keypads, ID cards, or biometric identification scanners |
|
|
Term
|
Definition
| - changing data before, during, or after it is entered into the system to delete, alter, add, or incorrectly update key system data |
|
|
Term
|
Definition
| - unauthorized copying of company data |
|
|
Term
|
Definition
| - embezzle large sums of money a "salami slice" at a time from many different accounts |
|
|
Term
|
Definition
| - all interest calculations are truncated at two decimal places and the excess decimals put into an account the perpetrator controls |
|
|
Term
|
Definition
| - attacking phone systems to obtain free phone line access |
|
|
Term
|
Definition
| - theft of information, trade secrets, and intellectual property |
|
|
Term
|
Definition
| - fraud perpetrators threaten to harm a company if it does not pay a specified amount of money |
|
|
Term
|
Definition
| - hackers use the internet to disrupt electronic commerce and to destroy company and individual communications |
|
|
Term
|
Definition
| - using the Internet to spread false or misleading information about people or companies |
|
|
Term
|
Definition
| - intentionally clicking on ads numerous times to inflate advertising bills |
|
|
Term
|
Definition
| - copying software without the publisher's permission |
|
|
Term
|
Definition
| - refers to techniques used to obtain confidential information, often by tricking people |
|
|
Term
|
Definition
| - assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information, such as a social security, bank account, or credit card number |
|
|
Term
|
Definition
| - people act under false pretenses to gain confidential information |
|
|
Term
|
Definition
| - creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering a product |
|
|
Term
|
Definition
| - sending an e-mail, instant message, or text message pretending to be a legitimate company, usually a financial institution, and requesting information |
|
|
Term
|
Definition
- voice phishing
- e-mail recipients are asked to call a specified phone number, where a recording tells them to enter confidential data |
|
|
Term
|
Definition
| - redirected a Web site's traffic to a bogus (spoofed) Web site, usually to gain access to personal and ocnfidential information |
|
|
Term
|
Definition
| - when a hacker sets up a wireless network with the same name as the wireless access point at a local hot spot or a corporation's wireless network |
|
|
Term
|
Definition
- URL hijacking
- setting up Web sites so when users make mistakes, such as typographical errors, in entering a Web site name the user is sent to an invalid site |
|
|
Term
| scavenging / dumpster diving |
|
Definition
| - gaining access to confidential information by searching corporate or personal records |
|
|
Term
|
Definition
| - watching or listening to people give out confidential information |
|
|
Term
|
Definition
| - double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use |
|
|
Term
|
Definition
| - posing as a service engineer and planting a small chip in a legitimate credit card reader |
|
|
Term
|
Definition
| - enables perpetrators to observe private communications or transmissions of data |
|
|
Term
|
Definition
| - any software that can be used to harm |
|
|
Term
|
Definition
| - software secretly collects personal information about users and sends it to someone else without the user's permission |
|
|
Term
|
Definition
| - type of spyware that causes banner ads to pop up on a monitor as users surf the net, to collect information about the user's Web-surfing and spending habits, and to forward it to the company gathering the data |
|
|
Term
|
Definition
| - destroys competing malware, resulting in "malware warfare" between competing developers |
|
|
Term
|
Definition
| - sofware that records computer activity, such as a user's keystrokes, e-mails sent and received, web sites visited, and chat session participation |
|
|
Term
|
Definition
| - set of malicious computer instructions in an authorized and otherwise properly functioning program |
|
|
Term
|
Definition
| - trojan horses that lie idle until triggered by a specified time or circumstance |
|
|
Term
|
Definition
| - way into a system that bypasses normal system controls |
|
|
Term
|
Definition
| - programs that capture data from information packets as they travel over the internet or company networks |
|
|
Term
|
Definition
| - hide data from one file inside a host file, such as a large image or sound file |
|
|
Term
|
Definition
| - software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs |
|
|
Term
|
Definition
| - software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs |
|
|
Term
|
Definition
| - software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs |
|
|
Term
|
Definition
| - unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail |
|
|
Term
|
Definition
| - segment of self-replicating, executable code that attaches itself to a file or program |
|
|
Term
|
Definition
| - stealing (snarfing) contact lists, images, and other data from other devices using Bluetooth |
|
|
Term
|
Definition
| - taking control of someone else's phone to make calls or send text messages, or to listen to phone calls and monitor text messages received |
|
|
Term
|
Definition
- self-replicating computer program similar to a virus except for the following three differences:
- a virus is a segment of code hidden in or attached to a host program or executable file, while a worm is a stand-alone program
- a virus requires a human to do something (run a program, open a file, etc.) to replicate itself, whereas a worm does not and actively seeks to send copies of itself to other devices on a network
- worms harm networks (if only by consuming bandwidth), whereas viruses infect or corrupt files or data on a targeted computer |
|
|
