Computer Fraud: Financial and Ethical Implications

Article excerpt

Estimates of computer fraud run as high as $9 billion a year, but the full extent is unknown because most crimes are not reported. These misdeeds distort the integrity of financial statements and harm both investors and creditors. The nature of computer crime is not well-known and difficult to detect during a conventional audit. The public and regulators believe that auditors can and should discover fraud in the normal course of their work. As a result, the accounting profession is taking steps to decrease the incidence of fraud and increase the integrity of the financial reporting process. A three-tier line of defense to deal with computer crime includes prevention, detection and minimization through corporate ethics policies. Financial managers and accountants should be aware of these strategies and take appropriate actions to minimize fraudulent activities.


The consequences of computer fraud are significant with estimates as high as $9 billion a year in the U.S. alone [9]. No one knows the correct figure since most crimes go unreported. Fraudulent activities distort the integrity of financial statements generated by corrupted processing systems. Computer criminals are found at different levels: data processing operators, entry clerks, accounting personnel, programmers, supervisors and managers. Since the nature of computer crime is not well-known, it is difficult to detect. Many business managers and auditors are not prepared by attitude or training to detect and prevent fraud, but the public, legislators and regulators believe that auditors should discover computer fraud during the normal course of their work. However, auditors have a responsibility only to develop well-integrated and realistic approaches to detecting fraud.

To enhance the auditor's role, the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) recently issued Statement on Auditing Standards (SAS) No. 82, "Consideration of Fraud in Financial Statement Audits" [2]. The objective is to increase the probability of detecting fraud in order to improve the integrity of the financial reporting process. The management of a business entity has the primary responsibility for developing internal control systems and ethics policies that will discourage fraud and reduce its occurrence. A three-tier line of defense can help thwart computer fraud: prevention, detection and minimization of occurrences through corporate ethics policies.

Characteristics of Fraud

The National Commission on Fraudulent Financial Reporting (NCFFR, also known as the Treadway Commission) defines fraudulent financial reporting as "intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements" [8]. Outsiders as well as insiders within an organization are responsible for computer fraud. People with or without a high level of expertise can commit fraud; however, the former are more dangerous and more difficult to stop.

Both employees and management commit internal fraud. Between 85-90% of all computer security problems involve an unethical individual inside the corporation [6]. Unfortunately, the majority of computer crime goes unreported because companies fear bad publicity and future attacks by hackers who perceive a weakness in the company's security system. A person seeking financial gain often commits employee fraud by using a computer to illegally access payroll records to increase his salary. Management fraud is of greater concern to independent auditors because management is often able to override internal controls. The aim of management fraud is to benefit the company rather than particular individuals by intentionally reporting misleading financial data about the company.

Treadway Commission Report

In 1987, the Treadway Commission suggested several ways to reduce the possibility of fraudulent financial reporting:

* Identify factors of fraudulent financial reporting

* Establish an environment of integrity

* Design internal controls to prevent fraudulent reporting

* Assess the risk of fraudulent reporting. …