JIMMY DE VERA ROLDAN, MSIT

1. Natural and political disasters. Examples:

fire or excessive heat, floods, earthquakes,
hurricanes, tornadoes, blizzards,
snowstorms, freezing rain, war, terrorists
attack
2. Software errors and equipment
malfunction. Examples: hardware and
software failure, software errors or bugs,
OS crashes, power outages and
fluctuations, undetected data transmission
errors
3. Unintentional acts. Example: accidents caused
by human carelessness, failure to follow
established procedures, and poorly trained or
supervised personnel, innocent errors or
omission, lost, erroneous, destroyed, or
misplaced data, logic errors, systems that do
not meet company needs or cannot handle
intended tasks
4. Intentional acts. Examples: sabotage,
misrepresentation, false use, or unauthorized
disclosure of data, misappropriation of assets,
financial statement fraud, corruption,
computer fraud - malware
Fraud is gaining an unfair advantage over
another person. Legally, for an act to be
fraudulent, there must be:
1. A false statement, representation, or
disclosure.
2. A material fact, which is something that
induces a person to act.
3. An intent to deceive.
4. A justifiable reliance, that is, the person
relies on the misrepresentation to take an
action.
5. An injury or loss suffered by the victim.
Most fraud perpetrators are knowledgeable
insiders with the requisite access, skills, and
resources. Because employees understand a
company’s system and its weaknesses, they are
able to commit and conceal a fraud. The
controls used to protect corporate assets make
it more difficult for an outsider to steal from a
company. Fraud perpetrators are often
referred to as white-collar criminals.
Corruption is dishonest conduct by those in
power and it often involves actions that are
illegitimate, immoral, or incompatible with
ethical standards. There are many types of
corruption. Examples include bribery and bid
rigging.

Investment fraud is misrepresenting or leaving

out facts in order to promote an investment
that promises fantastic profits with little or no
risk.
2 types of frauds that are important to
businesses are misappropriation of assets
(sometimes called employee fraud) and
fraudulent financial reporting (sometimes
called management fraud).
Misappropriation of assets is the theft of
company assets by employees.

 AlbertMilano, a manager at Reader’s Digest

responsible for processing bills, embezzled
vices never performed, submitted them to
accounts payable, forged the endorsement on
the check, and deposited it in his account.
Milano used the stolen funds to pay an
expensive home, 5 cars, and a boat.
A bank vice president approved $1 million in
bad loans in exchange for $585,000 in
kickbacks. The loans cost the bank $800
million and helped trigger its collapse.
 A manager at Florida newspaper went to
work for a competitor after he was fired. The
first employer soon realized its reporters
were being scooped. An investigation
revealed that manager still had an active
account and password and regularly browsed
its computer files for information on
exclusive stories.
 Ina recent survey of 3,500 adults, half said
they would take company property when they
left and were more likely to steal e-data than
assets. More than 25% said they would take
customer data, including contact
information. Many employees did not believe
taking company data is equivalent to
stealing.
The most significant contributing factor in
most misappropriations is the absence of
internal control and/or the failure to enforce
existing internal control. A typical
misappropriation has the following important
elements or characteristics. The perpetrator:
 Gains the trust or confidence of the entity
being defrauded.
 Uses trickery, cunning, or false or misleading
information to commit fraud.
 Conceals the fraud by falsifying records or
other information.
 Rarely terminates the fraud voluntarily.
 Sees how easy it is to get extra money; need
or greed impels the person to continue. Some
frauds are self-perpetrating. If perpetrators
stop, their actions are discovered.
 Spend the ill-gotten gains. Rarely does the
perpetrator save or invest the money. Some
perpetrators come to depend on the “extra”
income, and others adopt a lifestyle that
requires even greater amounts of money. For
these reasons, there are no small frauds –
only large ones that are detected early.
 Gets greedy and takes ever-larger amounts of
money at intervals that are more frequent,
exposing the perpetrator to greater scrutiny
and increasing the chances the fraud is
discovered.
 Grows careless or overconfident as time
passes. If the size of the fraud does not lead
to its discovery, the perpetrator eventually
makes a mistake that does lead to the
discovery.
Fraudulent financial reporting is the
intentional or reckless conduct, whether by act
or omission, that results in materially
misleading financial statements. Management
falsifies financial statements to deceive
investors and creditors, increase a company’s
stock price, meet cash flow needs, or hide
company losses and problems.
 Understand fraud.
 Discuss the risk of material fraudulent
misstatements.
 Obtain information.
 Identify, assess, and respond to risks.
 Evaluate the results of their audit tests.
 Document and communicate findings.
 Incorporate a technology focus.
 Individuals who are disgruntled and unhappy
with their jobs and seek revenge against
employers.
 Dedicated, hardworking, and trusted
employees.
 People with no previous criminal records.
 Honest, valued, and respected members of
the community.
 They were
good people
who did bad
things.
 Computer fraud perpetrators are typically
younger and possess more computer
experience and skills. Some are motivated by
curiosity, a quest for knowledge, the desire
to learn how things work, and the challenge
of beating the system. Some view their
actions as a game rather than as dishonest
behaviour. Others commit computer fraud to
gain stature in the hacking community.
A large and growing number of computer
fraud perpetrators are more predatory in
nature to seek to turn their actions into
money. These fraud perpetrators are more
like the blue collar criminals that look to
prey on others by robbing them. The
difference is that they use the computer
instead of a gun.
 Many first time fraud perpetrators that are
not caught, or that are caught but not
prosecuted, move from being “unintentional”
fraudsters to “serial” fraudsters.
 Malicious software (malware) is a big business
and a huge profit engine for the criminal
underground, especially for digitally savvy
hackers in Eastern Europe. They break into
financial accounts and steal money. They sell
data to spammers, organized crime, hackers,
and the intelligence community. They market
malware such as virus-producing software to
others.
 Cyber criminals are a top FBI priority because
they have moved from isolated and
uncoordinated attacks to organized fraud
schemes targeted at specific individuals and
businesses. They use online payment
companies to launder their ill-gotten gains.
To hide their money, they take advantage of
the lack of coordination between
international law enforcement organizations.
 Fraud
Triangle

Pressure
 Pressure – a person’s incentive or motivation
for committing fraud. 3 types of pressures
that lead to misappropriations are Financial,
Lifestyle, and Emotional.

Financial – living beyond one’s means; high

personal debt / expenses; inadequate salary /
income; poor credit ratings; heavy financial
losses; bad investments; tax avoidance;
unreasonable quotas / goals
Emotional – excessive greed, ego, pride,
ambition; performance not recognized; job
dissatisfaction; fear of losing job; need for
power or control; overt, deliberate non-
conformity; inability to abide by or respect
rules; challenge of beating the system; envy or
resentment against others; need to win
financial one-upmanship competition; coercion
by bosses / top management
Lifestyle – gambling habit; drug or alcohol
addiction; sexual relationship; family / peer
pressure.
 Opportunity is the condition or situation,
including one’s personal abilities, that allows
a perpetrator to do 3 things:
1. Commit the fraud.
2. Conceal the fraud.
3. Convert the theft or misrepresentation to
personal gain.
 Management Characteristics – questionable
management ethics, management style, and
track record; unduly aggressive earnings,
forecasts, performance standards, accounting
methods, or incentive programs;
management actions or transactions with no
clear business justification; failure to correct
errors on a timely basis, leading to even
greater problems; high management /
employee turnover.
 IndustryConditions – declining industry;
industry or technology changes leading to
declining demand or product obsolescence;
new regulatory requirements that impair
financial stability or profitability; significant
competition or market saturation with
declining margins; significant tax changes or
adjustments.
 Financial– intense pressure to meet or
exceed earnings expectations; significant
cash flow problems; unusual difficulty
collecting receivables, paying payables;
heavy losses, high dependence on debt;
heavy dependence on new or unproven
product lines; economic conditions (inflation,
recession); litigation, especially management
vs. stockholders; impending business failure
or bankruptcy.
 Rationalization allows perpetrators to justify
their illegal behaviour.

“I only took what they owed me.”

“The rules do not apply to me.”

“Getting what I want is more important than

being honest.”
 Perpetrators rationalize
that they are not being
dishonest, that honesty is
not required of them, or
that they value what they
take more than honesty and
integrity.
The most frequent rationalizations include the
following:
 I am only “borrowing” it, and I will repay my
“loan”.
 You would understand if you knew how badly
I needed it.
 What I did was not that serious.
 It was for a good cause (Robin Hood
syndrome).
 In my very important position of trust, I am
above the rules.
 Everyone else is doing it.
 No one will ever know.
 The company owes it to me; I am taking no
more than is rightfully mine.
Computer fraud is any fraud that requires
computer technology to perpetrate it.
Examples include:
 Unauthorized theft, use, access,
modification, copying, or destruction of
software, hardware, or data.
 Theft of assets covered up by altering
computer records.
 Obtaining information or tangible property
illegally using computers.
Computer systems are particularly vulnerable
for the following reasons:
1. People who break into corporate databases
steal, destroy, or alter massive amounts of
data in very little time, often leaving little
evidence.
2. Computer fraud can be much more difficult
to detect than other types of fraud.
3. Some organizations grant employees,
customers, and suppliers access to their
system.
4. Computer programs need to be modified
illegally only once for them to operate
improperly for as long as they are in use.
5. Personal computers are vulnerable.
6. Computer systems face a number of unique
challenges: reliability, equipment failure,
dependency on power, damage from water
or fire, vulnerability to electromagnetic
interference and interruption, and
eavesdropping.
The number of incidents, the money losses,
and the sophistication of the perpetrators and
the schemes used to commit computer fraud
are increasing rapidly for several reasons:
1. Not everyone agrees on what constitutes
computer fraud. Example: copying software
constitutes computer fraud; browsing
someone else’s computer files vs. Browsing
company data.
2. Many instances of computer fraud go
undetected.
3. A high percentage of frauds is not reported.
4. Many networks are not secure.
5. Internet sites offer step-by-step
instructions on how to perpetrate computer
fraud and abuse.
6. Law enforcement cannot keep up with the
growth of computer fraud.
7. Calculating losses is difficult.
 Input Fraud. The simplest and most common
way to commit computer fraud is to alter or
falsify computer input. It requires little skill.
Perpetrators need only understand how the
system operates so they can cover their
tracks.
 Processor Fraud. This include unauthorized
use of the system, including the theft of
computer time and services.
 Computer Instruction Fraud. This includes
tampering with company software, copying
software illegally, using software in an
unauthorized manner, and developing
software to carry out an unauthorized
activity.
 Data Fraud. Illegally using, copying,
browsing, searching, or harming company
data. The biggest cause of data breaches is
employee negligence.
 Output Fraud. Unless properly safeguarded,
displayed or printed output can be stolen,
copied, or misuse.
 Make fraud less likely to occur.
 Increase the difficulty of committing fraud.
 Improve detection methods.
 Reduce fraud losses.
 JIMMY DE VERA ROLDAN, MSIT