Beruflich Dokumente
Kultur Dokumente
Romney/Steinbart
1 of 175
INTRODUCTION
Questions to be addressed in this chapter:
What is fraud, and how are frauds perpetrated? Who perpetrates fraud and why? What is computer fraud, and what forms does it take? What approaches and techniques are used to commit computer fraud?
Romney/Steinbart
2 of 175
INTRODUCTION
Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems.
Companies also face a growing risk of these systems being compromised. Recent surveys indicate 67% of companies suffered a security breach in the last year with almost 60% reporting financial losses.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 3 of 175
INTRODUCTION
Include: Fire or excessive heat Floods Earthquakes High winds disasters War and terrorist attack When a natural or political disaster strikes, many companies can be affected at the same time. Example: Bombing of the World Trade Center in NYC. The Defense Science Board has predicted that attacks on information systems by foreign countries, espionage agents, and terrorists will soon be widespread.
Romney/Steinbart 4 of 175
INTRODUCTION
Companies face four types of threats to their information systems: Include:
Natural and political disasters Software errors and equipment malfunction
Romney/Steinbart
Hardware or soft failures Software errors o Operating system Power outages a fluctuations Undetected data transmission erro Estimated annual ec losses due to softwa $60 billion. 60% of companies s
5 of 175
INTRODUCTION
Companies face four types of threats to their information systems:
Include Accidents caused by: Human carelessness Failure to follow established procedures Natural and political disasters Poorly trained or supervised Software errors and equipment malfunction personnel Unintentional acts Innocent errors or omissions Lost, destroyed, or misplaced data Logic errors Systems that do not meet needs or are incapable of performing intended tasks Information Systems Security Assn. estimates 65% of security problems are caused by human error.
Accounting Information Systems, 10/e Romney/Steinbart 6 of 175
Include: INTRODUCTION
Sabotage Computer fraud Misrepresentation, false use, or unauthorized disclosure of data Misappropriation of assets Natural and political Financial statement fraud disasters Information systems are increasingly Software errors and equipment malfunction vulnerable to these malicious attacks.
Romney/Steinbart
7 of 175
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
8 of 175
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
9 of 175
The definition is the same whether it is a criminal or civil fraud case. The only difference is the burden of proof required. Criminal case: Beyond a reasonable Fraud is any and all means a person uses to doubt. gain an unfair advantage over another person. Civil case: Preponderance of the evidence OR clear and convincing In most cases, to be considered fraudulent, an evidence.
A false statement (oral or in writing) About a material fact Knowledge that the statement was false when it was uttered (which implies an intent to deceive) A victim relies on the statement And suffers injury or loss as a result
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 10 of 175
Income tax fraud (the difference between what taxpayers owe and what they pay to the government) is estimated to be over $200 billion per year. Fraud in the healthcare industry is estimated to exceed $100 billion a year.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 11 of 175
Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company.
Romney/Steinbart
12 of 175
Romney/Steinbart
13 of 175
Types of Frauds
OCCUPATIONAL Fraudulent Statements
Financial Non-financial
OTHER
Intellectual property theft Financial institution fraud Check and credit card fraud Insurance fraud Healthcare fraud Bankruptcy fraud Tax fraud Securities fraud Money laundering Consumer fraud Computer and Internet fraud
Asset Misappropriation
Theft of Cash Fraudulent disbursements Inventory and other assets
Information is from the ACFEs 2004 Report to the Nation on Occupational Fraud and Abuse and from the Fraud Examiners Manual, also published by the ACFE.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 14 of 175
Romney/Steinbart
15 of 175
Romney/Steinbart
16 of 175
Romney/Steinbart
19 of 175
20 of 175
Romney/Steinbart
21 of 175
22 of 175
Romney/Steinbart
23 of 175
Romney/Steinbart
24 of 175
Romney/Steinbart
25 of 175
The audit team must gather evidence about the existence of fraud by: Looking for fraud risk factors Testing company records management, committee, A Askingpast orSAS-82, auditof fraud wastheothers ifin faces. revision to current the SAS-99, risksand organization know issued they of any fraud or 2002. SAS-99 in examining revenue accounts, Decemberneeds to be exercised requires auditors to: Special care Understand fraud popular fraud targets. since they are particularly
Romney/Steinbart
26 of 175
Use the gathered information to identify, assess, and respond to risks. Auditors can respond by varying the nature, timing, and extent of auditing procedures they perform. They should also carefully evaluate risks related to management override of controls.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 27 of 175
Romney/Steinbart
28 of 175
Romney/Steinbart
31 of 175
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
32 of 175
They found:
Significant differences between violent and white-collar criminals. Few differences between white-collar criminals and the general public.
Romney/Steinbart
33 of 175
Romney/Steinbart
34 of 175
Romney/Steinbart
35 of 175
Romney/Steinbart
37 of 175
Op
su
re
po
Pr es
rt u y n it
Rationalization
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 39 of 175
Op
Pr es su re
po rt u y n it
Rationalization
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 40 of 175
Romney/Steinbart
41 of 175
Romney/Steinbart
42 of 175
Romney/Steinbart
43 of 175
Romney/Steinbart
44 of 175
Romney/Steinbart
45 of 175
Romney/Steinbart
46 of 175
Romney/Steinbart
47 of 175
Romney/Steinbart
48 of 175
Romney/Steinbart
49 of 175
Pressures
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 50 of 175
Greed Unrecognized performance Job dissatisfaction Fear of losing job Power or control Pride or ambition Beating the system Frustration Non-conformity Envy, resentment Arrogance, dominance Non-rules oriented
LIFESTYLE Support gambling habit Drug or alcohol addiction Support sexual relationships Family/peer pressure
Romney/Steinbart
51 of 175
y y nt niit ru rttu po po Op Op
Pr es
2006 Prentice Hall Business Publishing
su
re
Rationalization
Accounting Information Systems, 10/e Romney/Steinbart 52 of 175
Romney/Steinbart
53 of 175
Romney/Steinbart
54 of 175
Romney/Steinbart
55 of 175
Romney/Steinbart
56 of 175
Romney/Steinbart
57 of 175
Romney/Steinbart
58 of 175
Steal a payment from Customer A. Charge a stolen asset to an expense account or to an Apply Customer Bs payment to Customer As account so account receivable that islate notice. be written off. about to Customer A wont get a Create a ghost employee who to Customer Bs account, so Apply Customer Cs payment receives an extra paycheck. Customer B wont get a late notice, etc. Lapping.
Romney/Steinbart
59 of 175
Romney/Steinbart
60 of 175
Romney/Steinbart
61 of 175
Romney/Steinbart
63 of 175
Romney/Steinbart
66 of 175
Romney/Steinbart
68 of 175
One control feature that many companies lack is a background check on all potential employees.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 69 of 175
Romney/Steinbart
70 of 175
Op
su
re
po
Pr es
rt u y n it
Rationalization
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 71 of 175
Romney/Steinbart
74 of 175
Unfortunately, there is usually a mixture of these forces in play, and it can be very difficult to determine the pressures that may apply to an individual and the rationalizations he/she may be able to produce.
Romney/Steinbart
75 of 175
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
76 of 175
APPROACHES TO COMPUTER FRAUD The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its:
Perpetration; Investigation; or Prosecution.
Romney/Steinbart
77 of 175
They may also leave very little evidence, which can make these crimes more difficult to detect.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 79 of 175
Romney/Steinbart
82 of 175
APPROACHES TO COMPUTER FRAUD Organizations that track computer fraud estimate that most U.S. businesses have been victimized by at least one incident of computer fraud.
Romney/Steinbart
83 of 175
APPROACHES TO COMPUTER FRAUD These frauds cost billions of dollars each year, and their frequency is increasing because:
Not everyone agrees on what constitutes computer fraud.
Many dont believe that taking an unlicensed copy of software is computer fraud. (It is and can result in prosecution.) Some dont think its a crime to browse through someone elses computer if their intentions arent malicious.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 84 of 175
There are a growing number of competent computer users, and they are aided by easier access to remote computers through the Internet and other data networks.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 85 of 175
APPROACHES TO COMPUTER FRAUD Economic espionage, the theft of information and intellectual property, is growing especially fast. This growth has led to the need for investigative specialists or cybersleuths.
Romney/Steinbart
87 of 175
Romney/Steinbart
88 of 175
Input Fraud
Processor Fraud
Output Fraud
Input Fraud
Processor Fraud
Output Fraud
Romney/Steinbart
91 of 175
Romney/Steinbart
92 of 175
Romney/Steinbart
93 of 175
Romney/Steinbart
94 of 175
Romney/Steinbart
95 of 175
Input Fraud
Processor Fraud
Output Fraud
Romney/Steinbart
97 of 175
Romney/Steinbart
98 of 175
Input Fraud
Processor Fraud
Output Fraud
Also might include developing a software program or module to carry out an unauthorized activity.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 100 of 175
Romney/Steinbart
101 of 175
Input Fraud
Processor Fraud
Output Fraud
In many cases, disgruntled employees have scrambled, altered, or destroyed data files. Theft of data often occurs so that perpetrators can sell the data.
Most identity thefts occur when insiders in financial institutions, credit agencies, etc., steal and sell financial information about individuals from their employers database.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 103 of 175
Input Fraud
Processor Fraud
Output Fraud
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
106 of 175
Romney/Steinbart
107 of 175
Romney/Steinbart
108 of 175
Romney/Steinbart
109 of 175
Carried out as follows: The attacker infects dozens of computers that have broadband Internet access with denial-of-service programs. These infected computers are the Perpetrators have devisedzombies. many methods to commit The attacker then activates the denialcomputer fraud and abuse. These include: of-service programs, and the zombies Data diddling send pings (emails or requests for data) Data leakage to the target server. The victim Denial of service attacks responds to each, not realizing they have fictitious return addresses, and waits for responses that dont come. While the victim waits, system performance degrades until the system freezes up or crashes. The attacker terminates the program after an hour or two to limit the victims ability to trace the source.
Romney/Steinbart
110 of 175
Romney/Steinbart
111 of 175
Romney/Steinbart
112 of 175
COMPUTER FRAUD AND ABUSE A threatening message is sent to a victim to induce the victim to do TECHNIQUES something that would make it possible to be defrauded.
Several banks in the Midwest were contacted by an overseas Perpetratorswho indicated that: perpetrator have devised many methods to commit computer fraud and abuse. Thesesystem and obtained personal He had broken into their computer include: Data diddling information about all of the banks customers. and banking Data leakage He would notify the banks customers of this breach if he was not paid a specified sum of Denial of service attacks money. Eavesdropping Email threats
Romney/Steinbart
113 of 175
COMPUTER FRAUD AND ABUSE Involves sending an email message that TECHNIQUES come from someone other appears to have
Perpetrators have devised many methods to commit Email spoofers may: computer fraud and abuse. These include:
than the actual sender. Claim to be system administrators and Data diddling ask users to change their passwords to Data leakage specific values. Denial of service attacks Pretend to be management and request a copy of some sensitive information. Eavesdropping Email threats Email forgery (aka, spoofing)
Romney/Steinbart
114 of 175
Romney/Steinbart
115 of 175
Romney/Steinbart
116 of 175
Assuming someones identity, typically for economic gain, by illegally obtaining and using confidential information such Perpetrators have devised many methods to commit as the persons social security number, bank account computer fraud and abuse. These include: number, or credit card number. Data diddling Identity thieves benefit financially by: Data leakage Taking funds out of the victims bank account. Denial of service attacks Taking out mortgages or other loans under the victims Eavesdropping identity. Email Taking out credit cards and running up large balances. threats Email forgeryis careful and ensures that bills and notices are sent to If the thief (aka, spoofing) Hacking an address he controls, the scheme may be prolonged until such time as Phreaking the victim attempts to buy a home or car and finds out that his credit Hijacking is destroyed. Identity theft
Accounting Information Systems, 10/e Romney/Steinbart 118 of 175
Identity thieves can steal corporate or individual identities by: Shoulder surfing
sales clerks or others.
COMPUTER FRAUD AND ABUSE Watching people enter telephone calling card numbers or credit card TECHNIQUES numbers or listening to communications as they provide this information to
trash bins, and city dumps for documents with confidential company
many methods to commit Searching corporate or abuse. These rifling garbage cans, communal computer fraud and personal records by include:
Data diddling information. Data leakage May also look for personal information such as checks, credit card statements,service attacks tax returns, discarded applications for preDenial of bank statements, approved credit cards, or other records that contain social security numbers, Eavesdropping names, addresses, phone numbers, and other data that allow them to assumethreats Email an identity. Email forgery Redirecting mail (aka, spoofing) Hacking Intercepting mail and having it delivered to a location where others can access it. Phreaking Using Internet, email, and other technology in spoofing, phishing, Hijacking eavesdropping, impersonating, social engineering, and data leakage Identity theft schemes.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 120 of 175
Internet misinformation Using the Internet to spread false or misleading information about people or companies. May involve: Planting inflammatory messages in online chat rooms. Websites with misinformation. Pretending to be someone else online and making inflammatory comments that will be attributed to that person. A pump-and-dump occurs when an individual spreads misinformation, often through Internet chat rooms, to cause a run-up in the value a stock and then sells off his shares of the stock. A number of pump-and-dump cases have been prosecuted by the SEC.
Accounting Information Systems, 10/e Romney/Steinbart 122 of 175
Another common form of Internet misinformation is the spreading of urban legendsoften by innocently forwarding emails. Urban legends may often include damaging implications about company products, such as a recent email many methods to commit contain Perpetrators have devised suggesting that certain lipsticks lead or that using plastic cookware in the microwave can cause cancer. computer fraud and abuse. These include: Before forwarding any emails with negative information about individuals, Internet misinformation companies, or their products, its a good idea to check the veracity of the information first. Emails with urban legends often attribute their facts to credible sources, such as the federal government, Stanford University researchers, the FBI, etc. There are several websites that attempt to verify the truth of emails that are circulated. One such website is www.snopes.com. You can easily locate the email you received on these websites, by searching under a key term in the email, such as lipstick. You are likely to find that most emails you were getting ready to forward are either false or only partially true.
Accounting Information Systems, 10/e Romney/Steinbart 123 of 175
Romney/Steinbart
124 of 175
Romney/Steinbart
125 of 175
The perpetrator gains access to the system by pretending to be an authorized user. The perpetrator must know the legitimate users ID and password. Once in the system, he enjoys the same privileges as the legitimate user.
Romney/Steinbart
126 of 175
Programs that capture data from information packets as they travel over the Internet or company networks. Confidential information and access information can be gleaned from the captured datasome of which is later sold.
Romney/Steinbart
127 of 175
An intruder penetrates a systems defenses, steals the file of valid passwords, decrypts them, and then uses them to gain access to almost any system resources.
Romney/Steinbart
128 of 175
Internet misinformation The recipient is advised that information or a security check is needed on his account, and advised to click on a link to the companys website Internet terrorism to provide the information. Logic time bombs The link connects theimpersonation website that is an imitation of the Masquerading or individual to a spoofed companys actual website. These counterfeit websites appear Packet sniffers very authentic, as do the emails. Password cracking Phishing
Romney/Steinbart
129 of 175
COMPUTER FRAUD AND ABUSE TECHNIQUES One newly graduated college student recently took a job in California
and deposited his first paycheck of approximately $5,000 in the bank. Perpetrators have devised many methods to commit That same night, he received an email from the bank, inviting him to computer fraud the email to setThese include: for his new bank click on the link in and abuse. up online banking Internet account. misinformation followed directions He Internet terrorism and provided the requested information to set up online banking. Logic time bombs Two hours later, he was nervous and called the bankonly to find out Masquerading or impersonation thatPacket sniffers his bank account had been cleaned out and closed. Password cracking Phishing
Romney/Steinbart
130 of 175
COMPUTER FRAUD AND ABUSE As a rule of thumb, it is a good idea not to click on any link provided in TECHNIQUES an email and to go directly to the website instead.
PayPal, whose email address is commonly spoofed for phishing scams, Perpetrators have devised many methods to commit offers the following advice: computer fraud sendsabuse. email, they will include your first and If PayPal ever and you an These include: Internet misinformation last name in the salutation of the email. Internet terrorism PayPals website, type https: in the URL If you need to enter instead of bombs Logic time http: in order to enter on the companys secured server. If you receive or impersonation Masqueradinga suspicious email, get out of your browser and go back in before Packet sniffers proceeding directly to a company website. Password cracking Phishing
Romney/Steinbart
131 of 175
Romney/Steinbart
132 of 175
Romney/Steinbart
133 of 175
Romney/Steinbart
134 of 175
Romney/Steinbart
135 of 175
Romney/Steinbart
138 of 175
Romney/Steinbart
139 of 175
Romney/Steinbart
140 of 175
Companies may use filtering software to detect dictionary attacks, search mail for competitive leaks, and block inappropriate attachments, such as pornography and illegal MP3 files. Filtering is not always viable. The director of Perpetrators have devised many methods to commit internal audit at a major healthcare company computer fraud and abuse. These include: changes email addresses frequently because Social engineering of the volume of spam email in his inbox. Software piracy When asked why his company did not filter Spamming the spam, he replied, Because were a healthcare company, we cannot filter out any references to body parts or prescription medications. There is increasing public clamor for laws to clamp down on spamming. In December 2004, a federal judge awarded over $1 billion to a small Midwestern Internet service provider in an action against three spammers.
Romney/Steinbart
142 of 175
Romney/Steinbart
143 of 175
Usually comes bundled with COMPUTER FRAUD AND ABUSE freeware and shareware TECHNIQUES from the Internet. downloaded
May be disclosed in the licensing Perpetrators have devised many methods to commit agreement, but users are unlikely computer fraud and abuse. to read it. These include: Reputable adware companies Social engineering claim they dont collect sensitive Software piracy or identifying data. Spamming But there is no way for users to Spyware control or limit the activity.
It is not illegal, but many find it objectionable.
Software has been developed to detect and eliminate spyware, but it may also impair the downloaded software.
Some is intentionally difficult to uninstall.
Romney/Steinbart
144 of 175
COMPUTER FRAUD AND ABUSE A keystroke logger records users TECHNIQUES emails themato or saves keystrokes and
them for the party that planted the Perpetrators have devisedlogger. These are sometimes used by: many methods to commit computer fraud and abuse. These include: their childrens Parents to monitor Social engineering computer usage. Software piracy Businesses to monitor employee activity. Spamming Fraudsters to capture passwords, Spyware credit card numbers, etc. Keystroke loggers A keystroke logger can be a hardware device attached to a computer or can be downloaded on an individuals computer in the same way that any Trojan horse might be downloaded.
Romney/Steinbart
145 of 175
Romney/Steinbart
146 of 175
Unauthorized use of special system programs to bypass regular system controls and perform illegal acts. The name is derived from an IBM software utility called Superzap that was used to restored crashed systems.
Romney/Steinbart
147 of 175
Romney/Steinbart
148 of 175
Romney/Steinbart
149 of 175
Romney/Steinbart
152 of 175
COMPUTER may take many forms: ABUSE FRAUD AND Damage TECHNIQUES Send email with the victims name as the alleged
source. Perpetrators have devised many methods to commit Destroy or alter data or programs. computer fraud and abuse. of the computer. Take control These include: Virus Destroy or alter file allocation tables. Delete or rename files or directories. Reformat the hard drive. Change file content. Prevent users from booting. Intercept and change transmissions. Print disruptive images or messages on the screen. Change screen appearance. As viruses spread, they take up much space, clog communications, and hinder system performance.
Romney/Steinbart
153 of 175
154 of 175
Romney/Steinbart
155 of 175
Virus protections include: Install reliable virus software that scans for, identifies, and destroys viruses. Keep the antivus program up to date. devised many methods to commit Perpetrators haveScan incoming email at the server level, rather than when hits the computer fraud and abuse.it These desktops. include: Certify all software as virus-free before loading Virus it. Software from unknown sources may be virus bait, especially if it seems too good to be true. Deal with trusted software retailers. Use electronic techniques to make tampering evident. Check new software on an isolated machine. Have two backups of all files. Do not put diskettes or CDs in strange machines, or let others put unscanned disks in your machine.
Romney/Steinbart
156 of 175
Romney/Steinbart
157 of 175
Virus of code hidden in a host program or executable file. Worms will replicate itself automatically, while a virus requires a A worm human to do something like open a file. Worms often reproduce by mailing themselves to the recipients mailing list. They are not confined to PCs and have infected cell phones in Japan. A worm typically has a short but very destructive life. It takes little technical knowledge to create worms or viruses; several websites provide instructions. Most exploit known software vulnerabilities that can be corrected with a software patch, making it important to install all patches as soon as they are available.
Accounting Information Systems, 10/e Romney/Steinbart 158 of 175
has previously sent you an email that was infected with a virus. Virus The friends email gives you instructions to look for and remove the Worms offending virus. do-it-yourself attack The low-tech, You delete the file from your hard drive. The only problem is that the file you just deleted was part of your operating system. Your friend was well-intended and has done the same thing to his/her computer. REMEDY: Before even considering following instructions of this sort, check the list of hoaxes that are available on any virus protection website, such as:
www.norton.com www.mcafee.com
Romney/Steinbart
159 of 175
INTRODUCTION
In this chapter well discuss:
The fraud process Why fraud occurs Approaches to computer fraud Specific techniques used to commit computer fraud Ways companies can deter and detect computer fraud
Romney/Steinbart
160 of 175
Romney/Steinbart
161 of 175
Romney/Steinbart
162 of 175
Romney/Steinbart
164 of 175
165 of 175
Romney/Steinbart
166 of 175
Implement a program segregation of duties between systems functions Restrict physical and remote access to system resources to authorized personnel
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart
167 of 175
168 of 175
Romney/Steinbart
169 of 175
Romney/Steinbart
170 of 175
Romney/Steinbart
171 of 175
Romney/Steinbart
172 of 175
Romney/Steinbart
173 of 175
Romney/Steinbart
174 of 175
SUMMARY
In this chapter, youve learned what fraud is, who commits fraud, and how its perpetrated. Youve learned about the many variations of computer fraud, and youve learned about techniques to reduce an organizations vulnerability to these types of fraud.
2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart
175 of 175