It Controls

Types of Computer Fraud

2 Levels

a. Employee Fraud

- Committed by non-management personnel

- Usually consists of an employee taking cash or inventory for personal gain by circumventing a company’s system of internal controls

b. Management Fraud

- Perpetrated at levels of management above the one to which internal control structure relates

- Frequently involves using financial statements to create an illusion that an entity is more healthy and prosperous than it actually is

- Misappropriation of assets frequently shrouded in a maze of complex business transactions

4 stages of information processing (general Infomation System model)

a. Data Collection Fraud

- This aspect of the system is the most vulnerable because it is relatively easy to change data as it is being entered into the system.

- Also, the GIGO (garbage in, garbage out) principle reminds us that if the input data is inaccurate, processing will result in inaccurate output.

b. Data Processing Fraud

- Program Frauds: altering programs to allow illegal access to and/or manipulation of data files or destroying programs with a virus

- Operations Frauds: misuse of company resources, e.g. use computer for personal business

c. Database Management Fraud

- Altering, deleting, corrupting, destroying, or stealing an organization’s data

- Often conducted by disgruntled or ex-employee

d. Information Generation Fraud

- Stealing, misdirecting, or misusing computer output

- Scavenging: searching through the trash cans on the computer center for discarded output (the output should be shredded, but frequently is not)

Internal Controls

|Preventive controls |Key strategies: |

| |Supervision (Supervising physical access, CCTV,...