in black and white
Main menu
Home About us Share a book
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics

Fraud Exprosed Whot you Dont Could Cost your company millions - Joseph W.

Joseph W. Fraud Exprosed Whot you Dont Could Cost your company millions - Wiley Publishing, 2003. - 289 p.
ISBN: 0-471-27475-5
Download (direct link): fraudexposedwhatyoudont2003.pdf
Previous << 1 .. 23 24 25 26 27 28 < 29 > 30 31 32 33 34 35 .. 147 >> Next

Among the 200 computer criminals I have interviewed over the past 35 years,
I find that unpredictability of the environment and circumstances of their crime is the most important aspect to being successful in their crime.... The perpetrator has to be able to predict the circumstances and environment of his crime successfully or he will be caught and his crime will fail. So control over that environment or those circumstances is critical.... This is one reason that computers, as objects of attack, or as tools to engage in fraud, are so attractive, because computers are predictable. They will do exactly the same thing under exactly the same circumstances, predictably, whereas people are assured to do something different every time. People are unpredictable.39
Interestingly, while hackers and computer criminal stories seem to appear in the media with increasing regularity, the 1999 Business Fraud Survey conducted by
IOMA and the IIA is reported to have found that 72 percent of respondents indicated their organizations did not even have fraud detection software in place!40
These observations are supported by data and analysis provided by the ACFE. In reflecting on its 1996 Report to the Nation occupational fraud survey, the ACFE reported that small organizations, those with fewer than 100 employees, are particularly susceptible to occupational fraud. In such organizations the median fraud loss was $120,000. The median loss per incident to occupational fraud goes down as organizations get bigger, up to 10,000 employees. Above the 10,000-employee level, fraud begins to go up again in terms of median size per incident.
This is particularly troublesome since smaller organizations are usually less likely to be able to absorb such a loss. Several of those cited in the study went out of business because of their occupational fraud losses. The ACFE proposes two theories to explain why smaller organizations have such heavy losses. The first is that they have fewer divisions of responsibility. Separation of duties is normally one of the more basic controls used to mitigate financial risk. We shall discuss controls in more detail later in this book, but we have recently seen from examples like Allfirst Bank and Frank Gruttadauria of Lehman Brothers that even large organizations can apparently have control lapses that lead to serious problems. The second rationale proffered is that in small organizations there is a greater level of intimacy and, therefore, trust. The ACFE notes this presents a challenge for executives in smaller organizations:
[F]raud cannot occur without trust, but neither can commerce. If one makes controls and security measures too strict, one’s business will suffer because it will be inefficient, ...if one makes controls and security measures too loose, one’s business will be a sitting duck for occupational fraud.41
Interestingly, the question of balance in approaching such issues was suggested in a poll conducted of ACFE members in April 2002. When asked what measures would be most effective in deterring fraudulent financial reporting, respondents offered the following as their top three recommendations42:
1. Encouraging whistleblowers (28%)
2. Surprise audits (25%)
3. Assigning at least one CFE to every public audit (24%)
The parity provided in these responses is perhaps revealing. Although the question and answers were not intentionally structured to provide relative choices, the fact that almost the same percentage of experienced practitioners suggested each of the techniques may argue both for the perceived effectiveness of each but also for the potential synergy to be obtained from utilizing all three in a coordinated manner.
No matter how deep our experience or well honed our professional skills, however, we may expect occupational fraud to continue to evolve and grow. Each new technological advance triggers new opportunities for those so inclined to misuse it, whether inside the organization or without. Last year, for example, federal authorities conducted a series of inquires into various forms of Internet fraud that resulted in criminal charges being brought against 90 persons and businesses. Losses to victims were estimated to be $117 million.43 Richard L. Johnson, the director of the National White Collar Crime Complaint Center, has been quoted as believing that Internet fraud complaints, now running about
1,000 per week, will soon reach 1,000 per day.44
Internet connections have, for the fourth year in a row, been cited as the most frequent point of attack in cybercrime incidents in the 2001 Computer Crime and Security Survey conducted by the Computer Security Institute and the FBI. The rate of such incidents reported by respondents to the survey increased from 59 percent of those contacted in 2000 to 70 percent in 2001. Of the 538 computer security professionals surveyed in the project, 64 percent reported that these attacks resulted in financial losses to their organizations. One of the most common potential sources of Internet-connected fraud, according to Howard Cox, acting deputy general counsel with the Office of Inspector General of the U. S. Postal Service, is: “Internal employees who use the Internet to anonymously gain access to data that is not related to their jobs and then misuse it for personal gain, compromising the organization’s security. These people usually are about to be fired or are unhappy in their jobs.”
Previous << 1 .. 23 24 25 26 27 28 < 29 > 30 31 32 33 34 35 .. 147 >> Next