Exam 3 AC 389

studied byStudied by 10 people
5.0(1)
Get a hint
Hint

Fraud

1 / 82

flashcard set

Earn XP

Description and Tags

Exam 3 AC 389

83 Terms

1

Fraud

is knowingly misrepresenting the truth or concealing a material fact to induce another to act to his or her detriment

New cards
2

A False Statement

Straight-up lying or hiding the truth

New cards
3

Knowledge

The perpetrator knows the statement is false at the time it’s stated. 

New cards
4

Reliance

The victim relies on the information when deciding or acting. 

New cards
5

Damages

The victim suffers damages as a result of relying on this false statement. 

New cards
6

External Fraud 

  1. Fraud perpetrated by customers, vendors, or other outside parties against a company 

  1. Since they are external risks and less preventable, companies often devote significantly less time to them in risk assessments 

New cards
7

Internal Fraud (Occupational fraud)

committed by owners, executives, management, and employees who use their positions to enrich themselves at the expense of the company.  

New cards
8

Three Categories of Occupational Fraud

  1. Asset misappropriation 

  1. Financial statement fraud 

  1. Corruption 

New cards
9

Corruption

  1. inappropriate use of influence to obtain a benefit contrary to the perpetrator’s responsibility or the rights of other people.  

  1. Perpetrators internal to the organization may engage in four possible types of corruption fraud schemes: 

  1. Conflicts of interest 

  1. Illegal gratuities 

  1. Commercial bribery 

  1. Economic extortion 

New cards
10

Behavioral Flags 

  1. clues that indicate the possibility a person may be involved in a fraud. The presence of red flags does not mean a fraud is being committed. There are six common behavioral red flags: 

  1. Financial difficulties 

  1. Living beyond one’s means 

  1. Close association with a vendor or customer 

  1. Recent divorce or family problems 

  1. Control issues or unwillingness to share duties 

  1. Unscrupulous “big shot” attitude 

New cards
11

Fraud Triangle

a framework that identifies three motivational elements generally associated with fraud: 

New cards
12

Perceived Pressure (Motivation)

the motive or incentive that pushes a person toward the decision to commit a fraud. 

New cards
13

Opportunity

The element of the fraud triangle that a company can most influence, which is created when 

1. a company has poor or no internal controls 

  1. when there is collusion to circumvent internal controls 

  1. or when management overrides the internal controls. 

New cards
14

Rationalization

The attitude of the fraudster that justifies the fraud act in the fraudster’s mind. 

New cards
15

non-behavioral red flags

Red flags that do not stem from behavioral issues

New cards
16

whistleblower

A way to narc on people or other red flags within a company

New cards
17

Horizontal Analysis

involves investigating changes in financial statement items by comparing two or more financial statements from different periods. 

New cards
18

Vertical Analysis

involves calculating each line item in the same financial statement as a percentage of another line item in the same financial statement.  

New cards
19

Asset Misappropriation

  1. the theft of corporate assets including cash, inventory, fixed assets, and information such as customer lists and intellectual property.  

 

  1. Most common and least costly occupational fraud scheme 

New cards
20

Skimming

happens when an employee steals cash and does not enter the transaction in the accounting records, leaving no audit trail or documentary evidence of the transaction. 

New cards
21

Larceny

theft of company cash and non-cash assets after the company has recorded the assets in its books.  

  1. Cash – stealing cash 

  1. Non-cash – the defined based on the concealment method the perpetrator uses 

  1. Unconcealed - fraudster does not attempt to conceal the fraud 

  1. Fictitious sales - fraudster creates falsified documents or fraudulent journal entries. 

New cards
22

Fraudulent Disbursements

occurs when an employee causes the business to make a payment for an inappropriate purpose.  

  1. Most common type of misappropriation 

  1. Occur on the books and the company will have an audit trail 

New cards
23

Expense Reimbursements

the business reimburses the perpetrators for expenses they never incurred. 

New cards
24

Double Dipping

involves submitting a valid credit card expense two times: once as a credit card transaction and once as a cash transaction 

New cards
25

Payroll Schemes

the business pays the perpetrator for time not worked. Clocking out earlier/later than you should, not working on your shift, etc. 

New cards
26

Billing Schemes

the business makes fraudulent payments to vendors, including fictitious vendors. 

New cards
27

Financial Statement Fraud Materially

misrepresents the financial results and position of the company by manipulating amounts or inappropriately disclosing information in the financial statements to deceive investors, creditors, and other users of the financial statements. Financial statement fraud generally requires management complicity. 

 Least Common and Most Costly

New cards
28

Overstating Assets, Revenues, and Profit

This can be done in the following ways: 

  1. Sham Sales to overstate revenue 

  1. Unauthorized Sales to overstate revenue 

  1. Channel Stuffing to overstate revenue 

  1. Improper Sales Cutoff to overstate revenue 

 

New cards
29

Understating Liabilities and Expenses

Common schemes include: 

  1. Capitalizing by reporting them as assets to understate expenses 

  1. Improper Expense Cutoffs by deferring expense recognition to understate liabilities 

 

New cards
30

Understating the Company’s Performance

There are also a few reasons management might want to understate the company’s financial performance 

  1. To decrease taxes owed 

  1. To reduce the amount of money distributed in dividends to shareholders 

  1. To defer earnings to subsequent periods if current goals have been met 

  1. To reduce investors’ current expectations to create perception of growth in the future 

New cards
31

A full-scale cyberattack consists of three stages (Cyber-Kill Chain)

  1. Reconnaissance  

  1. Access  

  1. Disruption  

 

New cards
32

Physical

Attackers threaten elements a network administrator has no control over, such as physical security, hardware, and people. 

New cards
33

Logical

Attacks occur on a fully digital spectrum and require no human interaction other than the attacker instigating the attack. 

New cards
34

Phishing 

  1. Social Engineering involves persuading people to perform acts that would give the hackers access to confidential information, such as birth dates, passwords, and user IDs 

  1. It is one of the most robust categories of cyberattacks: it can be used for reconnaissance, access, and even to cause damage 

  1. Its attacks are always physical in nature, as the target is always a person 

  1. Email Phishing is a deceptive request designed to trick victims into sharing private information 

New cards
35

Dumpster Diving

look for sensitive information like passwords, network diagrams, and emails 

New cards
36

Eavesdropping

is the unauthorized interception of communication 

New cards
37

Logical Reconnaissance Attacks

digitally based and look for vulnerabilities in the network

New cards
38

Ping Sweep (I.P. Probe)

  1. The purpose is to identify which hosts are active in the network by sending a communication to each IP address to see if there is a response packet, which is a small portion of the full message being sent over the network 

  1. The hacker pings, or calls, each network IP address, one at a time, and waits for the response packet 

  1. If an IP address does not send a response packet, the hacker assumes that IP address is not currently active and removes it from the list of prospective access points 

New cards
39

Port Scans 

  1. Indicates which ports are open and sending or receiving data on the network 

  1. Like a ping sweep because hackers attempt to connect to a series of ports and wait for response packets to indicate if the ports are active 

New cards
40

Vulnerability Scans

NIST recommends that companies perform to detect and classify security loopholes in their infrastructure 

New cards
41

Penetration Test

also called pen testing—by attempting to hack their own systems  

New cards
42

Patches

  1. that systems are running up-to-date security by applying patches as soon as they are available 

New cards
43

Brunt (Brute) Force

attackers force access to the network by attempting many passwords or phrases until finding the correct one

New cards
44

On-Path Attack

once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints by pretending to be each of the parties

New cards
45

IP Spoofing

an attacker creates IP packets with modified source addresses to disguise their identity and impersonate a legitimate computer on the network  

New cards
46

Denial of Service (DOS)

attacks prohibit users from using resources such as computers, websites, servers, or an entire network 

  1. attacks deny users access to resources it has a legitimate need to use 

  1. To accomplish this, attackers continuously send fake requests to the business to consume the system’s capacity, resulting in loss of availability for real users  

  1. The resources become temporarily or even indefinitely unavailable 

New cards
47

Botnets 

  1. While there are different DoS attack tools and techniques, the most common method is a brute-force attack 

  1. Attackers use computers infected with malware that function like robots 

  1. These computers are programmed to do whatever attackers want, such as flooding a specific host with repetitive requests to consume the target system’s capacity 

New cards
48

Distributed Denial of Service (DDOS)

that uses multiple machines or IP addresses to force the target to shut down  

  1. Since the hacker uses multiple originating points of attack, it’s more difficult for a company to stop such attacks, as it must identify each source 

  1. Makes it difficult for a company to differentiate between an attack and legitimate business traffic 

New cards
49

Virus

replicates itself in a system and spreads quickly, causing damage to core system functions 

New cards
50

Worm

replicate without the assistance of human interaction

New cards
51

Logic Bomb

a piece of malicious code that is programmed into a system and remains dormant until certain conditions are met

New cards
52

Trojan Horse

disguised as benign software but carries malicious code that may be activated via a logic bomb. Non replicating

New cards
53

Organizational chart

a diagram that shows the employees in the company and their reporting relationships with one another

New cards
54

Checklists and questionnaires

used to gather information about specific procedures and internal controls.  

New cards
55

Narratives

written descriptions of systems and processes that describe responsibilities and the processes and controls that are in place. A narrative is often associated with a visual depiction, such as a flowchart. 

New cards
56

Flowchart

a graphical description of a system. There are 4 types.

New cards
57

Document flowchart

which shows the flow of documents and information between departments or areas of responsibility analyzing a current system for weaknesses in controls and reports 

New cards
58

System flowchart

which illustrate the flow of information from the input, processing, and output in a system. 

New cards
59

Program flowchart

provide the sequence of coded instructions in a computer program that enable it to perform specified logical and arithmetical operations

New cards
60

Process flowcharts

Depict the flow of activity through the company and include key parties and the actions they perform.  

New cards
61

Business process model and notation (BPMN)

documentation method that depicts the steps of a business process from start to finish.  

  1. Like process flowcharts _____ creates a visual that can be easier to understand than a narrative description. Process flowcharts and ____ differ in the shapes and technical layouts they use, but they both serve the same purpose and can be used interchangeably. 

New cards
62

Data flow diagram (DFD)

a graphical description of data sources, data flows, transformation processes, data storage, and data destinations. 

New cards
63

Entity relationship diagram (ERD)

a graphical illustration of all the tables and their relationships in a database. Helps end users understand the layout and data within a relational database. 

New cards
64

Information technology (IT)

is the technology that supports a company’s operations. IT governance involves ensuring the effective use of IT resources to obtain company goals.  

New cards
65

Control Objectives for Information and Related Technologies (COBIT)

helps companies design an IT strategy that meets regulatory compliance requirements, manages IT risks, and aligns with corporate goals.

New cards
66

User Access Provision

New users are granted access through a formal process  

  1. Once users have access rights, they must prove to the system that they are the persons who are supposed to use the account when they log in

New cards
67

User Authentication

validates ownership of an account through controls such as 

  1. Something the user KNOWS: Passwords 

  1. Something the user HAS: Multifactor authentication (strong combination of identifiers) 

  1. Something the user IS: Biometrics  

 

New cards
68

User access de-provisioning

changes a user’s access when it needs to be terminated or transferred. 

New cards
69

Dormant access

user has not accessed the system for a significant period of time.

New cards
70

User Access reviews

assesses everyone in the system and their roles to determine if access is appropriate.  

New cards
71

Piggybacking, also called tailgating

occurs when an unauthorized individual follows closely behind an authorized person when passing through a secure entry point. The authorized person scans a badge or uses another access method, and the unauthorized individual passes through the door before it closes.

New cards
72

Natural Disaster

causing damage to systems and equipment may result in a disruption of business activities and financial losses. 

New cards
73

Unauthorized User

gaining access to physical equipment may result in theft, malicious attacks, fraud, or data breaches. 

New cards
74

Failure

to maintain facilities in accordance with laws and regulations may result in fines and reputational losses.

New cards
75

Business continuity planning (BCP)

set of procedures that a business undertakes to protect employees, other stakeholders, and assets in the event of a disruptive event.  

New cards
76

Disaster recovery

subpart of BCP that relates specifically to restoring IT operations

New cards
77

Different Types of Backup Sites

  1. Hot: Fully operational and backing up data continuously 

  1. Warm: A room with some equipment available and possibly data as well 

  1. Cold: A room with an internal environment ready but no equipment or data, which means equipment must be installed before the site is operational 

New cards
78

Full backups

Copy all existing data in its entirety every time 

New cards
79

Differential backups

Copy all data created since the most recent full backup in its entirety with each backup 

New cards
80

Incremental backups

Copy only new or updated data every time 

New cards
81

Grandfather cycle

Full backup, once a month

New cards
82

Father cycle

Full backup, once a week 

New cards
83

Son cycle

Incremental or differential backup, every day

New cards

Explore top notes

note Note
studied byStudied by 352 people
... ago
5.0(1)
note Note
studied byStudied by 44 people
... ago
4.0(1)
note Note
studied byStudied by 34 people
... ago
4.5(2)
note Note
studied byStudied by 8 people
... ago
5.0(1)
note Note
studied byStudied by 141 people
... ago
4.3(7)
note Note
studied byStudied by 18 people
... ago
5.0(1)
note Note
studied byStudied by 24 people
... ago
5.0(1)
note Note
studied byStudied by 9 people
... ago
5.0(3)

Explore top flashcards

flashcards Flashcard (102)
studied byStudied by 23 people
... ago
5.0(1)
flashcards Flashcard (31)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (71)
studied byStudied by 26 people
... ago
5.0(1)
flashcards Flashcard (230)
studied byStudied by 6 people
... ago
5.0(1)
flashcards Flashcard (82)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (23)
studied byStudied by 97 people
... ago
5.0(1)
flashcards Flashcard (404)
studied byStudied by 4 people
... ago
5.0(3)
robot