Studied by 10 people
Fraud
is knowingly misrepresenting the truth or concealing a material fact to induce another to act to his or her detriment
A False Statement
Straight-up lying or hiding the truth
Knowledge
The perpetrator knows the statement is false at the time it’s stated.
Reliance
The victim relies on the information when deciding or acting.
Damages
The victim suffers damages as a result of relying on this false statement.
External Fraud
Fraud perpetrated by customers, vendors, or other outside parties against a company
Since they are external risks and less preventable, companies often devote significantly less time to them in risk assessments
Internal Fraud (Occupational fraud)
committed by owners, executives, management, and employees who use their positions to enrich themselves at the expense of the company.
Three Categories of Occupational Fraud
Asset misappropriation
Financial statement fraud
Corruption
Corruption
inappropriate use of influence to obtain a benefit contrary to the perpetrator’s responsibility or the rights of other people.
Perpetrators internal to the organization may engage in four possible types of corruption fraud schemes:
Conflicts of interest
Illegal gratuities
Commercial bribery
Economic extortion
Behavioral Flags
clues that indicate the possibility a person may be involved in a fraud. The presence of red flags does not mean a fraud is being committed. There are six common behavioral red flags:
Financial difficulties
Living beyond one’s means
Close association with a vendor or customer
Recent divorce or family problems
Control issues or unwillingness to share duties
Unscrupulous “big shot” attitude
Fraud Triangle
a framework that identifies three motivational elements generally associated with fraud:
Perceived Pressure (Motivation)
the motive or incentive that pushes a person toward the decision to commit a fraud.
Opportunity
The element of the fraud triangle that a company can most influence, which is created when
1. a company has poor or no internal controls
when there is collusion to circumvent internal controls
or when management overrides the internal controls.
Rationalization
The attitude of the fraudster that justifies the fraud act in the fraudster’s mind.
non-behavioral red flags
Red flags that do not stem from behavioral issues
whistleblower
A way to narc on people or other red flags within a company
Horizontal Analysis
involves investigating changes in financial statement items by comparing two or more financial statements from different periods.
Vertical Analysis
involves calculating each line item in the same financial statement as a percentage of another line item in the same financial statement.
Asset Misappropriation
the theft of corporate assets including cash, inventory, fixed assets, and information such as customer lists and intellectual property.
Most common and least costly occupational fraud scheme
Skimming
happens when an employee steals cash and does not enter the transaction in the accounting records, leaving no audit trail or documentary evidence of the transaction.
Larceny
theft of company cash and non-cash assets after the company has recorded the assets in its books.
Cash – stealing cash
Non-cash – the defined based on the concealment method the perpetrator uses
Unconcealed - fraudster does not attempt to conceal the fraud
Fictitious sales - fraudster creates falsified documents or fraudulent journal entries.
Fraudulent Disbursements
occurs when an employee causes the business to make a payment for an inappropriate purpose.
Most common type of misappropriation
Occur on the books and the company will have an audit trail
Expense Reimbursements
the business reimburses the perpetrators for expenses they never incurred.
Double Dipping
involves submitting a valid credit card expense two times: once as a credit card transaction and once as a cash transaction
Payroll Schemes
the business pays the perpetrator for time not worked. Clocking out earlier/later than you should, not working on your shift, etc.
Billing Schemes
the business makes fraudulent payments to vendors, including fictitious vendors.
Financial Statement Fraud Materially
misrepresents the financial results and position of the company by manipulating amounts or inappropriately disclosing information in the financial statements to deceive investors, creditors, and other users of the financial statements. Financial statement fraud generally requires management complicity.
Least Common and Most Costly
Overstating Assets, Revenues, and Profit
This can be done in the following ways:
Sham Sales to overstate revenue
Unauthorized Sales to overstate revenue
Channel Stuffing to overstate revenue
Improper Sales Cutoff to overstate revenue
Understating Liabilities and Expenses
Common schemes include:
Capitalizing by reporting them as assets to understate expenses
Improper Expense Cutoffs by deferring expense recognition to understate liabilities
Understating the Company’s Performance
There are also a few reasons management might want to understate the company’s financial performance
To decrease taxes owed
To reduce the amount of money distributed in dividends to shareholders
To defer earnings to subsequent periods if current goals have been met
To reduce investors’ current expectations to create perception of growth in the future
A full-scale cyberattack consists of three stages (Cyber-Kill Chain)
Reconnaissance
Access
Disruption
Physical
Attackers threaten elements a network administrator has no control over, such as physical security, hardware, and people.
Logical
Attacks occur on a fully digital spectrum and require no human interaction other than the attacker instigating the attack.
Phishing
Social Engineering involves persuading people to perform acts that would give the hackers access to confidential information, such as birth dates, passwords, and user IDs
It is one of the most robust categories of cyberattacks: it can be used for reconnaissance, access, and even to cause damage
Its attacks are always physical in nature, as the target is always a person
Email Phishing is a deceptive request designed to trick victims into sharing private information
Dumpster Diving
look for sensitive information like passwords, network diagrams, and emails
Eavesdropping
is the unauthorized interception of communication
Logical Reconnaissance Attacks
digitally based and look for vulnerabilities in the network
Ping Sweep (I.P. Probe)
The purpose is to identify which hosts are active in the network by sending a communication to each IP address to see if there is a response packet, which is a small portion of the full message being sent over the network
The hacker pings, or calls, each network IP address, one at a time, and waits for the response packet
If an IP address does not send a response packet, the hacker assumes that IP address is not currently active and removes it from the list of prospective access points
Port Scans
Indicates which ports are open and sending or receiving data on the network
Like a ping sweep because hackers attempt to connect to a series of ports and wait for response packets to indicate if the ports are active
Vulnerability Scans
NIST recommends that companies perform to detect and classify security loopholes in their infrastructure
Penetration Test
also called pen testing—by attempting to hack their own systems
Patches
that systems are running up-to-date security by applying patches as soon as they are available
Brunt (Brute) Force
attackers force access to the network by attempting many passwords or phrases until finding the correct one
On-Path Attack
once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints by pretending to be each of the parties
IP Spoofing
an attacker creates IP packets with modified source addresses to disguise their identity and impersonate a legitimate computer on the network
Denial of Service (DOS)
attacks prohibit users from using resources such as computers, websites, servers, or an entire network
attacks deny users access to resources it has a legitimate need to use
To accomplish this, attackers continuously send fake requests to the business to consume the system’s capacity, resulting in loss of availability for real users
The resources become temporarily or even indefinitely unavailable
Botnets
While there are different DoS attack tools and techniques, the most common method is a brute-force attack
Attackers use computers infected with malware that function like robots
These computers are programmed to do whatever attackers want, such as flooding a specific host with repetitive requests to consume the target system’s capacity
Distributed Denial of Service (DDOS)
that uses multiple machines or IP addresses to force the target to shut down
Since the hacker uses multiple originating points of attack, it’s more difficult for a company to stop such attacks, as it must identify each source
Makes it difficult for a company to differentiate between an attack and legitimate business traffic
Virus
replicates itself in a system and spreads quickly, causing damage to core system functions
Worm
replicate without the assistance of human interaction
Logic Bomb
a piece of malicious code that is programmed into a system and remains dormant until certain conditions are met
Trojan Horse
disguised as benign software but carries malicious code that may be activated via a logic bomb. Non replicating
Organizational chart
a diagram that shows the employees in the company and their reporting relationships with one another
Checklists and questionnaires
used to gather information about specific procedures and internal controls.
Narratives
written descriptions of systems and processes that describe responsibilities and the processes and controls that are in place. A narrative is often associated with a visual depiction, such as a flowchart.
Flowchart
a graphical description of a system. There are 4 types.
Document flowchart
which shows the flow of documents and information between departments or areas of responsibility analyzing a current system for weaknesses in controls and reports
System flowchart
which illustrate the flow of information from the input, processing, and output in a system.
Program flowchart
provide the sequence of coded instructions in a computer program that enable it to perform specified logical and arithmetical operations
Process flowcharts
Depict the flow of activity through the company and include key parties and the actions they perform.
Business process model and notation (BPMN)
documentation method that depicts the steps of a business process from start to finish.
Like process flowcharts _____ creates a visual that can be easier to understand than a narrative description. Process flowcharts and ____ differ in the shapes and technical layouts they use, but they both serve the same purpose and can be used interchangeably.
Data flow diagram (DFD)
a graphical description of data sources, data flows, transformation processes, data storage, and data destinations.
Entity relationship diagram (ERD)
a graphical illustration of all the tables and their relationships in a database. Helps end users understand the layout and data within a relational database.
Information technology (IT)
is the technology that supports a company’s operations. IT governance involves ensuring the effective use of IT resources to obtain company goals.
Control Objectives for Information and Related Technologies (COBIT)
helps companies design an IT strategy that meets regulatory compliance requirements, manages IT risks, and aligns with corporate goals.
User Access Provision
New users are granted access through a formal process
Once users have access rights, they must prove to the system that they are the persons who are supposed to use the account when they log in
User Authentication
validates ownership of an account through controls such as
Something the user KNOWS: Passwords
Something the user HAS: Multifactor authentication (strong combination of identifiers)
Something the user IS: Biometrics
User access de-provisioning
changes a user’s access when it needs to be terminated or transferred.
Dormant access
user has not accessed the system for a significant period of time.
User Access reviews
assesses everyone in the system and their roles to determine if access is appropriate.
Piggybacking, also called tailgating
occurs when an unauthorized individual follows closely behind an authorized person when passing through a secure entry point. The authorized person scans a badge or uses another access method, and the unauthorized individual passes through the door before it closes.
Natural Disaster
causing damage to systems and equipment may result in a disruption of business activities and financial losses.
Unauthorized User
gaining access to physical equipment may result in theft, malicious attacks, fraud, or data breaches.
Failure
to maintain facilities in accordance with laws and regulations may result in fines and reputational losses.
Business continuity planning (BCP)
set of procedures that a business undertakes to protect employees, other stakeholders, and assets in the event of a disruptive event.
Disaster recovery
subpart of BCP that relates specifically to restoring IT operations
Different Types of Backup Sites
Hot: Fully operational and backing up data continuously
Warm: A room with some equipment available and possibly data as well
Cold: A room with an internal environment ready but no equipment or data, which means equipment must be installed before the site is operational
Full backups
Copy all existing data in its entirety every time
Differential backups
Copy all data created since the most recent full backup in its entirety with each backup
Incremental backups
Copy only new or updated data every time
Grandfather cycle
Full backup, once a month
Father cycle
Full backup, once a week
Son cycle
Incremental or differential backup, every day
Note 
Flashcard (39)