Accounting Information Systems 12th Edition Solution By Romney - Paul - Test Bank

Accounting Information Systems 12th Edition Solution By Romney – Paul – Test Bank

Instant Download – Complete Test Bank With Answers

Sample Questions Are Posted Below

CHAPTER 5
COMPUTER FRAUD
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
5.1 Do you agree that the most effective way to obtain adequate system security is to rely
on the integrity of company employees? Why or why not? Does this seem ironic?
What should a company do to ensure the integrity of its employees?
The statement is ironic because employees represent both the greatest control strength and
the greatest control weakness. Honest, skilled employees are the most effective fraud
deterrent. However, when fraud occurs, it often involves an employee in a position of trust.
As many as 90% of computer frauds are insider jobs by employees.
Employers can do the following to maintain the integrity of their employees. (NOTE:
Answers are introduced in this chapter and covered in more depth in Chapter 7)
• Human Resource Policies. Implement human resource policies for hiring,
compensating, evaluating, counseling, promoting, and discharging employees that send
messages about the required level of ethical behavior and integrity
• Hiring and Firing Practices: Effective hiring and firing practices include:
o Screen potential employees using a thorough background checks and written tests
that evaluate integrity.
o
o Remove fired employees from all sensitive jobs and deny them access to the
computer system to avoid sabotage.
• Managing Disgruntled Employees: Some employees who commit a fraud are
disgruntled and they are seeking revenge or “justice” for some wrong that they perceive
has been done to them. Companies should have procedures for identifying these
individuals and helping them resolve their feelings or removing them from jobs that
allow them access to the system. One way to avoid disgruntled employees is to provide
grievance channels that allow employees to talk to someone outside the normal chain of
command about their grievances.
• Culture. Create an organizational culture that stresses integrity and commitment to both
ethical values and competence
• Management Style. Adopt an organizational structure, management philosophy,
operating style, and appetite for risk that minimizes the likelihood of fraud
• Employee Training: Employees should be trained in appropriate behavior, which is
reinforced by the corporate culture. Employees should be taught fraud awareness,
security measures, ethical considerations, and punishment for unethical behavior.
Ch. 5: Computer Fraud
5.2 You are the president of a multinational company where an executive confessed to
kiting $100,000. What is kiting and what can your company do to prevent it? How
would you respond to the confession? What issues must you consider before pressing
charges?
In a kiting scheme, cash is created using the lag between the time a check is deposited and
the time it clears the bank. Suppose a fraud perpetrator opens accounts in banks A, B, and
C. The perpetrator “creates” cash by depositing a $1,000 check from bank B in bank C and
withdrawing the funds. If it takes two days for the check to clear bank B, he has created
$1,000 for two days. After two days, the perpetrator deposits a $1,000 check from bank A
in bank B to cover the created $1,000 for two more days. At the appropriate time, $1,000
is deposited from bank C in bank A. The scheme continues, writing checks and making
deposits as needed to keep the checks from bouncing.
Kiting can be detected by analyzing all interbank transfers. Since the scheme requires
constant transferring of funds, the number of interbank transfers will usually increase
significantly. This increase is a red flag that should alert the auditors to begin an
investigation.
When the employee confesses, the company should immediately investigate the fraud and
determine the actual losses. Employees often “underconfess” the amount they have taken.
When the investigation is complete, the company should determine what controls could be
added to the system to deter similar frauds and to detect them if they do occur.
Employers should consider the following issues before pressing charges:
• How will prosecuting the case impact the future success of the business?
• What effect will adverse publicity have upon the company’s well being? Can the
publicity increase the incidence of fraud by exposing company weaknesses?
• What social responsibility does the company have to press charges?
• Does the evidence ensure a conviction?
• If charges are not made, what message does that send to other employees?
• Will not exposing the crime subject the company to civil liabilities?
Accounting Information Systems
5-3
5.3 Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every
foolproof system, there is a method for beating it.” Do you believe a completely
secure computer system is possible? Explain. If internal controls are less than 100%
effective, why should they be employed at all?
The old saying “where there is a will, there is a way” applies to committing fraud and to
breaking into a computer system. It is possible to institute sufficient controls in a system so
that it is very difficult to perpetrate the fraud or break into the computer system, but most
experts would agree that it just isn’t possible to design a system that is 100% secure from
every threat. There is bound to be someone who will think of a way of breaking into the
system that designers did not anticipate and did not control against.
If there were a way to make a foolproof system, it would be highly likely that it would be
too cost prohibitive to employ.
Though internal controls can’t eliminate all system threats, controls can:
• Reduce threats caused by employee negligence or error. Such threats are often more
financially devastating than intentional acts.
• Significantly reduce the opportunities, and therefore the likelihood, that someone can
break into the system or commit a fraud.
Ch. 5: Computer Fraud
5.4 Revlon hired Logisticon to install a real-time invoice and inventory processing system.
Seven months later, when the system crashed, Revlon blamed the Logisticon
programming bugs they discovered and withheld payment on the contract.
Logisticon contended that the software was fine and that it was the hardware that was
faulty. When Revlon again refused payment, Logisticon repossessed the software
using a telephone dial-in feature to disable the software and render the system
unusable. After a three-day standoff, Logisticon reactivated the system. Revlon sued
Logisticon, charging them with trespassing, breach of contract, and misappropriation
of trade secrets (Revlon passwords). Logisticon countersued for breach of contract.
The companies settled out of court.
Would Logisticon’s actions be classified as sabotage or repossession? Why? Would
you find the company guilty of committing a computer crime? Be prepared to defend
your position to the class.
This problem has no clear answer. By strict definition, the actions of Logisticon in halting
the software represented trespassing and an invasion of privacy. Some states recognize
trespassing as a breach of the peace, thereby making Logisticon’s actions illegal.
However, according to contract law, a secured party can repossess collateral if the contract
has been violated and repossession can occur without a breach of the peace.
The value of this discussion question is not in disseminating a “right answer” but in
encouraging students to examine both sides of an issue with no clear answer. In most
classes, some students will feel strongly about each side and many will sit on the fence and
not know.
Accounting Information Systems
5-5
5.5 Because improved computer security measures sometimes create a new set of
problems—user antagonism, sluggish response time, and hampered performance—
some people believe the most effective computer security is educating users about
good moral conduct. Richard Stallman, a computer activist, believes software
licensing is antisocial because it prohibits the growth of technology by keeping
information away from the neighbors. He believes high school and college students
should have unlimited access to computers without security measures so that they can
learn constructive and civilized behavior. He states that a protected system is a puzzle
and, because it is human nature to solve puzzles, eliminating computer security so
that there is no temptation to break in would reduce hacking.
Do you agree that software licensing is antisocial? Is ethical teaching the solution to
computer security problems? Would the removal of computer security measures
reduce the incidence of computer fraud? Why or why not?
Answers will vary. Students should consider the following conflicting concepts:
Software licensing encourages the development of new ideas by protecting the efforts of
businesses seeking to develop new software products that will provide them with a profit
and/or a competitive advantage in the marketplace. This point is supported by the
following ideas:
• The prospect of a financial reward is the primary incentive for companies to expend
the time and money to develop new technologies.
• If businesses were unable to protect their investment by licensing the software to
others, it would be much more difficult for them to receive a reward for their efforts
in the research and development of computer software.
• Economic systems without such incentives are much more likely to fail in developing
new products to meet consumer needs.
The only way to foster new ideas is to make information and software available to all
people. The most creative ideas are developed when individuals are free to use all
available resources (such as software and information).
Many security experts and systems consultants view proper ethical teaching as an
important solution to most security problems. However, no single approach is a complete
solution to the problem of computer fraud and abuse. Proper ethical teachings can reduce
but not eliminate the incidents of fraud.
Though no security system is impenetrable, system security measures can significantly
reduce the opportunity for damages from both intentional and unintentional threats by
employees. Controls can also make the cost (in time and resources) greater than the benefit
to the potential perpetrator.
Ch. 5: Computer Fraud
Ultimately, the reduction in security measures will increase opportunities for fraud. If the
perpetrator has sufficient motive and is able to rationalize his dishonest acts, increased
opportunity will probably lead to an increase in computer crimes.
Accounting Information Systems
5-7
SUGGESTED ANSWERS TO THE PROBLEMS
5.1 You were asked to investigate extremely high, unexplained merchandise shortages at
a department store chain. Classify each of the five situations as a fraudulent act, an
indicator of fraud, or an event unrelated to the investigation. Justify your answers.
Adapted from the CIA Examination
a. The receiving department supervisor owns and operates a boutique carrying
many of the same labels as the chain store. The general manager is unaware of
the ownership interest.
This is an indication of possible fraud. This conflict of interest is a fraud symptom
that alerts auditors to the possibility of fraud. The receiving department supervisor’s
ownership of the boutique may also be in conflict with the organization’s code of
ethics and conduct.
b. The receiving supervisor signs receiving reports showing that the total quantity
shipped by a supplier was received and then diverts 5% to 10% of each
shipment to the boutique.
This is a fraudulent act because there is a theft accompanied by:
1. A false statement, representation, or disclosure (signing the receiving report)
2. A material fact, (the signature on the receiving report causes the company to act;
that is, to pay the vendor)
3. An intent to deceive (The supervisory deceives the company so that it will pay for
the goods he steals)
4. A justifiable reliance (The store relies on the misrepresentation to pay the vendor)
5. An injury or loss (The supervisor steals goods the store pays for)
c. The store is unaware of the short shipments because the receiving report
accompanying the merchandise to the sales areas shows that everything was
received.
This is a weakness in internal control. Sales personnel should count the goods
received and match their counts to the accompanying receiving report. Failure to do
so allows the theft to go undetected.
d. Accounts Payable paid vendors for the total quantity shown on the receiving
report.
Ch. 5: Computer Fraud
Proper internal control says that Accounts Payable should match the vendor’s invoice
to both the purchase order and the receiving report. Because this matching would not
detect the theft, some may argue that this is a weakness in internal control. However,
the weakness lies in the sales department not counting (independently verifying) the
receiving department count. (see parts c and e)
Therefore, accounts payable paying the vendor the total amount due is not a fraud or
an indicator of fraud or an internal control weakness. It has no bearing on the
investigation.
e. Based on the receiving department supervisor’s instructions, quantities on the
receiving reports were not counted by sales personnel.
This is the same internal control weakness described in part c. The receiving
department supervisor gave those instructions to facilitate his or her fraud
In addition, sales personnel’s following the receiving department supervisor’s
instructions is another internal control weakness. The receiving department
supervisor should not have control over or manage sales personnel. There should be
a clear-cut segregation of duties between sales and receiving.
The receiving department supervisor having control over or supervising sales
personnel is also a fraud symptom that should alert auditors to the possibility of fraud.