Beruflich Dokumente
Kultur Dokumente
dx.doi.org/10.1108/02686900810839820
James L. Bierstaker, Richard G. Brody, Carl Pacini, (2006),"Accountants' perceptions regarding fraud detection and
prevention methods", Managerial Auditing Journal, Vol. 21 Iss 5 pp. 520-535 http://dx.doi.org/10.1108/02686900610667283
William Hillison, Carl Pacini, David Sinason, (1999),"The internal auditor as fraud-buster", Managerial Auditing Journal, Vol.
14 Iss 7 pp. 351-363 http://dx.doi.org/10.1108/02686909910289849
Access to this document was granted through an Emerald subscription provided by emerald-srm:126209 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
Susan Haugen
University of Wisconsin-Eau Claire, Eau Claire, Wisconsin, USA
J. Roger Selin
University of Wisconsin-Eau Claire, Eau Claire, Wisconsin, USA
Abstract nizations have come to rely on computers for reported losses over 1997 from computer
Organizations today are more sus- a multitude of tasks, including electronic security breaches. Only 46 percent of the
ceptible to computer crime and respondents to their ``1998 Computer Crime
messaging, transaction processing, informa-
employee fraud than ever before.
tion retrieval and storage, and electronic and Security Survey'' were able to quantify
This paper presents some statis-
tics about the growth on fraud, commerce. Organizations are increasing their losses, but they still added up to almost
factors which cause fraud in the efforts to gain efficiencies and increase the $137 million. The New York State Society of
workplace, how businesses can
bottom line by shifting jobs from people to Certified Public Accountants found that half
protect their assets, and common the business and government institutions
computer-based frauds, techni- technology. As they make these shifts, man-
ques, and controls. Managers of agement is creating new risks and exposures surveyed uncovered at least one fraud during
all types of organizations need to for the enterprise. As organizations struggle 1996. Based on survey responses, they esti-
be knowledgeable about their
to remain competitive in a global market- mated the average loss from computer fraud
internal control system, and make to be in excess of $100,000. Romney (1996)
sure it has sufficient checks and place, systems are left open to employee
found that up to 90 percent of the companies
balances to ward against employ- manipulation, and without a finely tuned
he surveyed have lost money to computer
ees committing fraudulent acts. internal control system, the opportunity for
No organization is immune today fraud at one time or another.
significant loss is always present.
from both external and internal Fraud and computer crime are not limited
threats to the safety and security How serious is this problem of fraud in the
to the USA. KPMG Canada found that Cana-
of their data and information. workplace? The Association of Certified
da's largest companies reported an average
Therefore, it is imperative that Fraud Examiners (1996) conducted a study
managers understand the pro- loss of $1.3 million to fraud in 1997 (KPMG
which found that losses from fraud amounted
blems that fraud can cause and Fraud Survey Report, 1998). The same survey
how they can protect the organi- to over $9 per day per employee. While fraud
reported that 47 percent of respondents
zation. other than computer fraud is included in
believe fraud will increase in 1998, and only
these figures, they are nonetheless quite
11 percent of survey participants believe
staggering, with the total cost to US organi-
the Internet is a secure way to send infor-
zations exceeding $400 billion per year.
mation.
Another interesting outcome of the study was If these studies accurately reflect the
that men committed more than 75 percent of national, perhaps even international, trends,
all fraud, and the average losses caused by then annual fraud losses are in the billions
executives were 16 times those of their of dollars. We know that many computer
employees. KPMG Canada (1997) found that frauds go undetected, and many of those that
62 percent of the respondents to a recent are uncovered are never publicly reported.
survey of large public and private organiza- According to Federal Bureau of Investigation
tions indicated that fraud had taken place in estimates reported by Lohr (1997), only about
their organization in the past year, and that 1 percent of all computer crime is detected by
38 percent of the respondents believe that management. A high proportion of those
fraud is a major problem for business today. detected are never reported for fear of
As business becomes more complex and adverse publicity, management liability or
management strategists fret over slashing concern for providing public information
costs and boosting profits, employees are about system weaknesses.
gaining additional opportunities to commit
Industrial Management & fraud.
Data Systems
99/8 [1999] 340±344 Factors which cause fraud
The current issue and full text archive of this journal is available at
# MCB University Press There are many internal forces which can
[ISSN 0263-5577] http://www.emerald-library.com
make fraud more likely in the workplace,
[ 340 ]
Susan Haugen and such as poor internal controls, poor person- 1 an environment that does not tolerate
J. Roger Selin nel policies and practices, and poor examples fraud against the organization;
Identifying and controlling of honesty at the top levels of an organization 2 an environment that prohibits fraud for
computer crime and employee
fraud (Bologna, 1993). There are eight factors which the benefit of the organization; and
Industrial Management & Bologna identifies as enhancing the prob- 3 executives, managers and operating per-
Data Systems ability of fraud: inadequate rewards, inade- sonnel trained to know fraud exposures
99/8 [1999] 340±344 quate management controls, lack of or and symptoms (Thompson, 1992).
inadequate reinforcement and performance
Wells (1997) argues that raising the percep-
feedback mechanisms, inadequate support,
tion of detection is the key to deterrence, and
inadequate operation reviews, lax enforce-
this can be done with:
ment of disciplinary rules, fostering hostility,
1 employee education;
and other motivational issues. If manage-
2 proactive fraud policies;
ment pays too little attention to their em-
3 increased use of analytical reviews;
ployees and their internal control systems,
4 surprise audits; and
fraud will be perpetrated by those insiders in
5 dequate reporting programs.
a company who have access to assets and
accounting systems. The dollar amounts It is important to remember that the vast
Downloaded by Florida Atlantic University At 09:04 20 February 2016 (PT)
cash. This is not to say a disgruntled with shared printers, usually main-
employee would not be able to circumvent tained in a public location for ease of
these controls and gain access to the system, access. Desktop screens are often easily
but only to suggest physical security is observable, and output sent through
something most organizations have experi- interoffice mail is subject to intercep-
enced. tion. The more sensitive the informa-
Computer fraud, on the other hand, pre- tion contained on the output, the more
sents an ever-changing landscape of oppor- care and control needed.
tunity for manipulation, especially for the ± Unauthorized access to systems or net-
unhappy but trusted employee with knowl- works. With the proliferation of Inter-
edge of computer technology. Periodic audits net usage, and the flexibility and ease
may not be enough to contain this type of of use found with most networked
fraud. Manipulation of data and files may be systems, care needs to be taken to
the most difficult to deal with as there are no restrict and protect sensitive files.
outward signs or indicators that anything is Networks are particularly vulnerable
amiss. A problem facing most organizations to hackers taking advantage of the
is that computer knowledge is also required weak security provided for dial-in and
for the investigation and prosecution of remote access.
computer fraud. In the fast-paced and ever- . Computer-based fraud techniques:
changing world of information technology ± Trojan horse. A Trojan Horse is a set of
and computers, skilled fraud investigators unauthorized computer instructions in
are currently in short supply. a program that performs some illegal
There are a variety of ways that computer act at a pre-appointed time or under a
fraud is perpetrated. The techniques used to predetermined set of conditions.
commit the fraud are as extensive as the ± Salami technique. This fraud takes
frauds themselves. The first list below advantage of small sums gained when
describes some of the most common types rounding thousands of transactions,
of computer-based fraud, and the second list diverting only part of a cent for each
illustrates some of the more common fraud one every time accruals or financial
techniques: calculations are done. Another
. Common types of computer-based fraud: approach is to slice off a small sum,
± Altering input. Altering input does not a few cents or a few dollars, from
require extensive computer skills; the accounts that are generally not care-
perpetrators only need understand fully checked.
how the system operates to cover their ± Trapdoor. A trapdoor is a set of com-
tracks. puter instructions that allows a user to
± Theft of computer time. Using a com- bypass the system's normal controls,
puter system for unauthorized pur- allowing them to modify programs
poses constitutes fraud, such as after they have been accepted and
running a personal business or keep- made operational.
ing little league statistics, even though ± SuperZap. The unauthorized use of
in many cases the individual is not special system programs to bypass
aware that they are doing anything regular controls and perform illegal
wrong. acts.
[ 342 ]
Susan Haugen and ± Piggybacking. This technique involves minimize and control the critical exposure
J. Roger Selin tapping into a telecommunications points and reinforce system weak points. The
Identifying and controlling system and attaching a fraudulent objective of managing risk is to balance the
computer crime and employee
fraud signal to a legitimate signal in the exposure to loss and the cost of protecting the
Industrial Management & perpetration of a fraud. organization from that loss. Just as with auto
Data Systems ± Masquerading. This occurs when an insurance, financial institutions making
99/8 [1999] 340±344 unauthorized user uses a legitimate auto loans may insist on low deductible
user's identification numbers and collision insurance, whereas a car that is
passwords to gain illegal access to a paid for is insured at the discretion of the
computer system. owner. If the value is small, the owner may
± Hacking. The unauthorized access and wish to assume the risk of loss without
use of computer systems, usually insurance protection, saving premium costs.
through a telecommunications link, If the value is high, the premium can be
often for the challenge of breaking and reduced with a high deductible policy with
entering into supposedly secure sys- the owner assuming some of the risk. We all
tems. balance risk and reward (the cost of protec-
± Evesdropping. Listening to transmis- tion) in our personal lives in much the same
way that organizations do. The list below
Downloaded by Florida Atlantic University At 09:04 20 February 2016 (PT)
[ 344 ]
This article has been cited by:
1. Elham Hady Nia, Jamaliah Said. 2015. Assessing Fraud Risk Factors of Assets Misappropriation: Evidences from Iranian
Banks. Procedia Economics and Finance 31, 919-924. [CrossRef]
2. Madan Lal Bhasin. 2013. Corporate Accounting Fraud: A Case Study of Satyam Computers Limited. Open Journal of
Accounting 02, 26-38. [CrossRef]
3. Guido Nassimbeni, Marco Sartor, Daiana Dus. 2012. Security risks in service offshoring and outsourcing. Industrial
Management & Data Systems 112:3, 405-440. [Abstract] [Full Text] [PDF]
4. Michel Dion. 2009. Corporate crime and the dysfunction of value networks. Journal of Financial Crime 16:4, 436-445.
[Abstract] [Full Text] [PDF]
5. Russell Haines, Lori N.K. Leonard. 2007. Individual characteristics and ethical decision‐making in an IT context. Industrial
Management & Data Systems 107:1, 5-20. [Abstract] [Full Text] [PDF]
6. Ahmad A. Abu‐Musa. 2006. Exploring perceived threats of CAIS in developing countries: the case of Saudi Arabia.
Managerial Auditing Journal 21:4, 387-407. [Abstract] [Full Text] [PDF]
7. Lori N.K. Leonard, Timothy Paul Cronan. 2005. Attitude toward ethical behavior in computer use: a shifting model.
Industrial Management & Data Systems 105:9, 1150-1171. [Abstract] [Full Text] [PDF]
8. Charles B. Foltz, Timothy Paul Cronan, Thomas W. Jones. 2005. Have you met your organization's computer usage policy?.
Industrial Management & Data Systems 105:2, 137-146. [Abstract] [Full Text] [PDF]
9. A. Seetharaman, M. Senthilvelmurugan, Rajan Periyanayagam. 2004. Anatomy of computer accounting frauds. Managerial
Downloaded by Florida Atlantic University At 09:04 20 February 2016 (PT)