AIS Ch 8 pt. 1

Chapter 8: Fraud and Errors

Page 3: AIS Threats

  • Threat Examples:

    • Natural and Political Disasters:

      • Fire or excessive heat

      • Floods, earthquakes, landslides, hurricanes, tornadoes, blizzards, snowstorms, and freezing rain

    • War and Attacks:

      • Terrorism

    • Software Errors and Failures:

      • Hardware or software failure

      • Software errors or bugs

      • Operating system crashes

      • Power outages and fluctuations

      • Undetected data transmission errors

    • Unintentional Acts:

      • Human carelessness, failure to follow procedures, poorly trained personnel

      • Innocent errors or omissions, lost/erroneous/destroyed/misplaced data

      • Logic errors from inadequate systems

    • Intentional Acts:

      • Sabotage

      • Misrepresentation or unauthorized data disclosure

      • Misappropriation of assets (financial statement fraud, corruption, computer fraud)

      • Techniques: attacks, social engineering, malware, etc.

Page 4: What is “Fraud”?

  • Definition of Fraud:

    • A false statement, representation, or disclosure

    • A material fact inducing action

    • Intent to deceive

    • Justifiable reliance on misrepresentation

    • Injury or loss suffered by the victim

Page 5: Report on Occupational Fraud

  • Published by the Association of Certified Fraud Examiners

  • Key Findings (refer to page 227):

    • Cost of fraud

    • Length of detection

    • Perpetrators' profiles and associated costs

    • Most common detection methods

Page 6: Types of Fraud

  • Critical Categories:

    • Corruption

    • Investment Fraud

    • Misappropriation of Assets

    • Financial Statement Fraud

Page 7: Statement on Auditing Standards (SAS) No. 99

  • Definition of auditor's responsibility for detecting fraud

  • Codified in AU-C Section 240 of AICPA Professional Auditing Standards

    • #1: Misappropriation of Assets (Employee Fraud): Theft/misuse of company assets

Page 8: Fraudulent Financial Reporting

  • #2: Intentional/Reckless conduct causing materially misleading financial statements

  • Less common but more costly than asset misappropriation

Page 9: Professional Skepticism

  • Auditors must have professional skepticism

  • Required to understand two fraud categories

  • Audit engagement team discusses risks to identify "red flags" for material fraudulent misstatements

  • Meaning of materiality in fraud context

Page 10: Risk Management in Auditing

  • Auditors must obtain information about risks

  • Understanding client’s business and systems

  • Identifying, assessing, and responding to risks throughout the audit process

  • Evaluating results of audit tests

Page 11: Communicating Findings

  • Document and communicate findings to company governance, like the audit committee

  • Technology focus incorporated in audits

Page 12: Focus of Auditors

  • Categories of fraud concerning their materiality to financial statements

  • Determining which fraud category will be the focus for auditors

Page 13: What is Computer Fraud?

  • Fraud requiring specific computer knowledge to execute

  • Examples:

    • Unauthorized use/modification/copying or destruction of software/hardware/data

    • Theft of assets by altering computer records

    • Illegally obtaining information or tangible property via computers

Page 14: Computer Fraud Classifications

  • Overview of types of computer fraud and abuse techniques (summarized in Table 9-1)

  • Relation to data processing cycle (referenced in Figure 2-1)

Page 15: Reducing Fraud Risks

  • Recommendation: Strong internal controls are vital

  • Reference to best practices illustrated in Table 8-5