In: Accounting
I need a literature review of understanding computer fraud in an accounting environment
ABSTRACT :-
As more and more organisations’ financial transaction systems are information system based, perpetrators of financial crimes must often circumvent accounting information system internal controls to commit their crimes. The ability of internal audit functions to audit information system internal control implementation and execution is receiving increased emphasis both in education and practice. This paper examines whether computer crime is more difficult to detect and investigate than traditional schemes. The study presents a detailed analysis of the ways the computer was used to assist the perpetrator in 72 cases. The study also examines differences between the computer fraud cases and 99 fraud cases without computer involvement. The fraud information was collected through the use of an electronic survey voluntarily completed by members of a professional accounting association in south Texas. The survey consisted of 73 questions that provided detailed information about the victim organisation, perpetrators, fraud schemes, detection, investigation, and outcomes. The results of the study will be useful to accounting information systems professionals, fraud examiners, and auditors.
THEORETICAL DEVELOPMENT :-
According to the Institute of Internal Auditors [16], an employee, outside individual, or a party representing another entity perpetrates a fraud against an organisation for direct or indirect personal benefit. In general, the perpetrator conceals or misrepresents events or data, or makes false claims. Although no single study provides a comprehensive theory of fraud, many do offer at least some insight into the complexities of this important issue. Several facets of fraud in general may apply to fraud committed through use of the computer.
Fraud Opportunities and Duration, and Red Flags and Detection:-
Within accounting literature, inappropriate management attitudes (particularly toward internal controls) have frequently been linked to fraud and its detection [15, 31]. The Committee of Sponsoring Organisations of the Tread way Commission [8]states that management concerns for effective internal control must “permeate the organisation”, and that “support from the board of directors and senior management is needed to get the right focus, resources and attention” for enterprise risk management. Controllers responding to a survey agreed that ethically oriented behaviour in an organisation is a broad-based management responsibility and that as part of a management team, controllers themselves had to model such behaviour [17]. On the basis of a comprehensive review of the literature, Hooks, Kaplan and Schultz [15] suggested that codes of conduct have little impact if not enforced. Thompson [30] noted that when top management displays “willful ignorance, [it] sends a powerful message that it will tolerate [wrongdoing].” Cressey [10] noted that frauds will occur in an organisation when the perpetrator, who lacks the moral strength to resist temptation, is offered an opportunity to commit an offense. Entities that display lax attitudes toward controls offer such opportunities.
Outcome of the Fraud Investigation:-
Shapiro [29] notes that when a perpetrator can mask illicit behaviour, the fraud examination may be both very timeconsuming and only partially successful. In many fraud examinations, investigators may need to link several seemingly unrelated situations in order to confirm the existence of fraud. The discrete nature of transactions, coupled with the power commanded by a given perpetrator, may allow the perpetrator to hinder or, in some instances, even block any investigations that do take place.
METHOD:-
The study presents a detailed analysis of the ways the computer was used as a tool to commit or cover up a fraud. The study also examines differences between 72 computer fraud cases and 99 fraud cases without computer involvement. The fraud information was collected by an electronic survey distributed to the membership of a professional accounting society in south Texas. The lengthy survey consisted of 73 questions that provided detailed information on the victim organisation, perpetrators, fraud schemes, detection, investigation, and outcomes. Some of the questions related to schemes had multiple components. Survey requests were sent to approximately 2,000 professional accountants in the summer of 2010.
RESULTS AND DISCUSSION :-
The perpetrators were able to use the computer systems of the organisation in the following schemes to assist in or conceal their frauds. The respondents were asked to check all that apply when responding to this question, so multiple schemes could have occurred on an individual case. The following table presents, in descending order, the number and percentage of cases where computer misuse occurred, when that scheme was checked.
SUMMARY AND CONCLUSIONS:-
Primary schemes used to commit the information system assisted frauds involved various types of fictitious entries. The primary internal control weaknesses exploited included lack of separation of duties, lack of proper authorisation, and lack of periodic checks and balances. Single control weaknesses were seldom the problem. The respondents in the study frequently identified multiple internal control weaknesses as contributing factors. Contrary to previous studies, women were equally involved as perpetrators as men. Also collusion was equally present in the information systems and non information systems frauds.