NCJ Number
68026
Journal
Financial Executive Volume: 45 Issue: 7 Dated: (JULY 1977) Pages: 36-41
Date Published
1977
Length
6 pages
Annotation
THE ARTICLE DETAILS SEVERAL METHODS THAT FINANCIAL EXECUTIVES CAN USE TO DETER AND DETECT COMPUTER FRAUD, INCLUDING TESTING PROGRAMS DESIGNED ESPECIALLY FOR COMPUTERS.
Abstract
COMPUTER FRAUD INVOLVES LARGE AMOUNTS OF MONEY AND INCREASES STEADILY AS COMPUTER USAGE GROWS. ELECTRONIC DATA PROCESSING SYSTEMS ARE MORE VULNERABLE TO FRAUD THAN MANUAL OPERATIONS FOR MANY REASONS, INCLUDING THE HIGH CONCENTRATION OF RECORDS KEPT IN ONE SYSTEM AND THE ABILITY TO CHANGE PROGRAMS WITHOUT LEAVING ANY TRACES. INSTALLATIONS VICTIMIZED BY FRAUD USUALLY FAIL TO SEPARATE JOB FUNCTIONS OR FINANCIAL RECORDS, ALLOW EASY ACCESS TO THE SYSTEM, AND HAVE PROBLEMS WITH EMPLOYEE MORALE. TO DETER FRAUD, A SYSTEM SHOULD HAVE BUILT-IN AUDITING CONTROLS AND SEPARATION OF DUTIES AS PART OF THE DESIGN. PERSONNEL SHOULD BE CAREFULLY SCREENED BEFORE THEY ARE HIRED AND SHOULD BE EDUCATED ABOUT THE IMPORTANCE OF THEIR JOBS AND SECURITY. TOOLS TO IMPLEMENT PSYCHOLOGICAL CONTROLS ARE IDENTIFIED, SUCH AS SPECIFYING OWNERSHIP AND VALUE ON ALL PROGRAMS, SECURITY POSTERS, AND EMPLOYEE AGREEMENTS. ALL TRANSACTIONS SHOULD BE HANDLED BY PREDETERMINED PROCEDURES WITH PROGRAM CHANGES MADE ONLY UPON AUTHORIZATION OF TOP MANAGEMENT. ACCESS TO THE SYSTEM SHOULD BE STRICTLY CONTROLLED. AN INDEPENDENT AUDIT COMMITTEE COMPOSED OF OUTSIDE DIRECTORS TO WHOM THE INTERNAL AUDITORS REPORT DIRECTLY CAN BECOME A STRONG DETERRENT FORCE. THE COMPUTER AUDIT SHOULD REVIEW ALL ASPECTS OF THE SYSTEM FROM SECURITY PROCEDURES TO PROGRAM CHANGES. SEVERAL SOFTWARE AUDIT PACKAGES ARE AVAILABLE WHICH ALLOW THE PROGRAMMER TO AUDIT THROUGH THE COMPUTER RATHER THAN AROUND IT. THE INTEGRATED TEST FACILITIES (ITF), COBOL MISSED BRANCH INDICATOR (COMBI), TAGGING SYSTEMS, AND SYSTEM MANAGEMENT FACILITIES (SMF) ARE DESCRIBED. A NEW METHOD, DATA SENTINEL, WHEREBY COMPUTERS MONITOR ONE ANOTHER, IS DISCUSSED. (MJM)