The Effects Of Fraud On Information Technology IT Essay

Overview of Fraud

The Fraud Triangle

Fraud has become an important subject in the current business environment, especially in the light of scandals such as Enron and WorldCom. Even though many think of top commercial executives committing fraudulent serves, especially those considering financial reporting, it's important to note that lower level employees also enhance the risk of fraud within a company. The fraudulence triangle shows the three main elements necessary in order to create scams: pressure, rationalization, and opportunity [1].

Financial pressure is usually the first reason someone within a corporation would like to commit fraud. This could take the form of a lesser level staff who discovers himself in a hard personal situation and believes that he'd only reap the benefits of stealing from the company [2]. Alternatively, an employee may commit scams because they assume that the company or their job could maintain jeopardy if they do not meet their mentioned financial goals for the period. In either situation, the employee is actually a normally moral person, but sensed pressure to meet personal or company targets [3].

The second factor essential for fraudulence is rationalization. That's where the employee justifies to himself that committing the fraudulence is not as bad as it seems. Often a worker will rationalize by saying that the money will be paid back if it is stolen, or that the company could make up the loss later, if the problem involves financial confirming [2].

Finally, there must be an opportunity for the perpetrator to commit the fraud. Normally, this is permitted by weak inside controls in the business and weak shade at the very top regarding the ethical responsibility of employees. That is the most crucial aspect of the scam triangle because without opportunity, the employee would have no way of actually carrying out the fraudulent activity [3].

There are three main ways that companies can mitigate the potential risks associated with scams. First, set up a firm tone at the very top, making certain all employees understand and devote commitment to their ethical tasks. Management's view of ethics is of the utmost importance. Second, auditors should view companies with a healthy sense of skepticism in every work performed, remember that anyone can commit fraud. Finally, the business should make sure that there is plenty of communication whatsoever levels of the supply chain [4].

Information Technology's Effect on Fraud

Information technology can be both the cause to scam and the answer to scam. Auditors may use information technology to assist within an audit, while a firm can use computer software to make records easier to collect.

Information technology is becoming an increasingly more important part of your company's business strategy. Even though many companies are relying on information technology to curb fraudulence, it also heightens some risks. The use of information technology can result in unauthorized access to important company data and information. This may bring about someone to be able to record nonexistence deals or change information that was already updated in the machine. Additionally, because the utilization of it in accounting systems may necessitate technical expertise in using the machine, it is easier for those who can say for certain how to use the systems to change the adjustments or programs. These increased risks can increase fraud in the financial claims. By using it, auditors must be more aware of the implications of information technology on the chance of fraud from the audit [5].

Additionally, cybercrime is of particular concern to companies that make an online search for any part of the functions. Many cybercriminals have the ability to incorporate their computer skills with communal engineering to be able to access critical company information and personal customer data. Hacking techniques, such as phishing, have become more of a problem. Hackers are maintaining cyber security, and organizations must ensure they are aware of what is going on when it comes to their personal computers. In a business environment that increasingly relies more on it to assist procedures, it is becoming more very important to management and auditors to be aware of any technical changes designed to systems to keep an eye on any issues that could lead to deceptive financial reporting [6].

Responsibility for Fraud

According to auditing requirements, auditors aren't accountable for making assertions on fraud, but rather are accountable for determining set up financial assertions are free of material misstatement. Therefore, the responsibility of fraud is based on the hands of your company's management [5].

The Open public Company Accounting Reform and Buyer Protection Work of 2002 (better known as the Sarbanes-Oxley Take action) was placed into effect partially to restore investor assurance in financial claims after a series of fraudulent financial reporting situations [4]. This Act made management a lot more responsible for scam in financial statements than ever before. Section 303 of this act requires that the Chief Financial Officer and Chief Executive Officer of the company sign off on the ultimate statements and check that they are valid. In the end, management will be in charge of fraud, but there's always the argument that if scam is available that someone will seek settlement from the auditors [7].

Why Scam and Forensic Auditing?

History of Scams and Forensic Auditing

Now that people have a simple understanding of what scams and forensic auditing is, it is important for us to look at the history of the field. Scam and forensic auditing emerged during the 1970s and 1980s with the explosion of technology-based business functions. As we realize all too well, technology can increase efficiency, while together increasing dangers to security and fraud. Also during this time period, concerns about scam, government waste products, and crime (white-collar and blue-collar) were being plastered on the news headlines. Therefore, it was quickly noticeable that businesses needed some form of intrusion diagnosis systems to control the risks of improper activities, thus leading to the self-control of scams and forensic auditing [7].

This new form of auditing goes beyond government polices and was created to be used in litigation for promises of insurance, personal bankruptcy, embezzlement, computer fraud, and other related crimes. Computer crimes and financial scams are carefully determined, intuitive attacks by criminals. Therefore, scam and forensic auditing requires more than simply a basic group of standards; it requires intuition. Because fraud is often diagnosed by accident, fraudulence auditors are suffering from a couple of "scenarios" to learn to be proactive and think just like a criminal. Jack Bologna, president of Computer Cover Systems, Inc. in 1984, stated that the best training for fraudulence auditors was on-the-job training. Bologna continued to state that because of the great degree of variability in scam there is absolutely no clear way to learn everything in the class, although scams auditors must have a basic understanding of accounting and auditing. Thus, the best experience originates from working in the field [7].

Fraud and forensic auditing is a strong and swiftly changing self-control. The first fraud and forensic auditing tools (referred to as intrusion diagnosis systems) involved systems administrators observing a computer unit to monitor user's actions. The purpose of these intrusion detection systems was to identify unauthorized or illegal use of the systems. Systems administrators seemed for "red-flags" on the machine, such as, vacationing employees remotely logging into the system or a seldom-used computer component suddenly being turned on for no visible reason. The results of the early intrusion detection devices were logged on sheets of folded computer paper that were subsequently stacked several feet high by the finish of each week. The systems administrators were then confronted with the daunting task of filtering through these stacks of information to find potential scams. Although the goal of this technique was to discover fraud and inappropriate or against the law use of the systems, it was more reactive than proactive. The strategy was poor and complicated with the detection system logs run during the night and not reviewed until the following day. Therefore, most intrusions weren't detected until after they had already happened. However, in the 1990s, real-time intrusion diagnosis scanners were created allowing systems administrators a much better possibility to review systems information as it was produced and the capability to reply in real-time. Anywhere near this much more proactive strategy increased the potency of the intrusion diagnosis systems, and perhaps, allowed administrators the ability to harm preemption [8].

However, as the intrusion detection systems changed, so have the types of fraud. Presently, the Securities and Exchange Commission rate hear over 100 instances of financial fraudulence and accounting instances per year, which is a stark increase before the explosion of technology running a business prior to the 1970s. In some cases, big named companies, such as, Bausch and Lomb, Sunbeam, and Knowledgeware have had to restate financial records due to scam. This in turn influences stock prices, and frequently leads to individual bankruptcy, changes in ownership, and layoffs, among other problems. In terms of financial fraud cases, however, no more than 2% make it to trial, 20% are dismissed; the remainder are settled out of court docket. Prosecution is costly both to the government and to investors and company employees. Nevertheless, as monetary times worsen, as we have seen in recent years, the quantity and variety of scams cases increases. Financial scam is a powerful, ever before changing market that changes every day with boosts in new technologies [9].

In order to keep tempo with the demand for scam detection systems, fraudulence and forensic auditors are being held in charge of the upsurge in the diagnosis of scam. However, as Jack Bologna mentioned, most fraud diagnosis systems cannot be learned in a class, but rather must be learned on-the-job [7]. Third, concept, most universities today still lack curriculum in financial scam diagnosis. Although, the demand for auditors trained in fraud detection is increasing at a rapid rate as the occurrence and variety of fraudulence increases. Together with the dynamic fraudulence environment, accountants and auditors likewise must stay up-to-date on fraud detection so that auditing programs are sufficiently designed to meet up with the changing needs of forensic auditing. Therefore, as most would agree with the fact, auditors must balance education and training to provide the best protection to overcome financial scams [9].

How is Fraud and Forensic Auditing Different from a normal Audit?

With the introduction of the Sarbanes-Oxley Act of 2002, the auditing and accounting world was turned on its brain. The Sarbanes-Oxley Action was a game-changer in scam detection. Prior to the Act, auditing firms were primarily self-regulated, which proved to be problematic [10]. Firms, such as Arthur Anderson, exhibited a lack of integrity conspired to commit fraud right combined with the deceptive companies. Therefore, Sarbanes-Oxley created the general public Company Oversight Plank (PCAOB) to provide more oversight and rules to the accounting career. In 2004, fraudulence cost the United States market $684 billion, twenty times the expense of standard street crime, further illustrating the importance of a strong fraud detection system [11].

Although it could seem that fraud and forensic auditing are virtually exactly like a regular audit, there are a few differences. Both scams and forensic audits and regular financial audits show the goal of detecting materials misrepresentation of the financial assertions; however, fraudulence and forensic auditing requires auditing a step further. Scams and forensic audits are at the mercy of stricter recommendations and rules and are primarily concerned with inner controls. They examine audit paths for variances or deviations in strong interior control. Scam and forensic auditors tend to be described as one part accountant, one part lawyer, one part detective, and completely professional. These auditors must have the ability to prove almost all their findings. Fraudulence and forensic auditors count on the use of methodology furniture to show flows of deals and examine deviations. They need to have a lot detail, because they have the responsibility of evidence to provide proof to juries of non-accountants. Therefore, the data must be layed out in lay terms and must be beyond an acceptable doubt [11].

Even though there are dissimilarities between a traditional audit and a scams or forensic audit, the fraud and forensic auditor's work can greatly help financial accountants and auditors with their duties. Sarbanes-Oxley Section 404 requires top management to sign-off and be in charge of all financial information, including interior control because of their company. Towards the advantage of traditional auditors, fraudulence and forensic audits assure the use of Section 404. Because fraud and forensic auditors promise such degrees of detail in inner controls, financial auditors can more easily understand the entity's inside control structure and better design audit strategies to detect threat of material misstatement in the financial claims. This greatly lessens the quantity of time in planning the audit and allows the financial auditors more time to design further audit types of procedures that will be more responsible to determine the risk of material misstatement [11].

Computers and Forensic auditing

Role of Computer Forensics

Due to the increase of potential fraud, especially with pcs being used by individuals and in every company on the day-to-day basis, forensic auditing and accounting is becoming an essential requirement in dealing with these troubles. One way of quickly and easily handling scam and abuse cases is through computer matching and other various computer technologies and techniques. And, considering that computer systems and online use add for some reason to nearly every kind of unlawful activity existing today, the information found is the key to the recognition of the criminals behind these scam activities [12].

Computer forensics is the key source of analyzing facts during investigations because anything done on a network can be tracked and essential information can be captured. It is the idea of reconstructing occurrences and completely studying all electronic data to provide accurate documentation and preserve the integrity of the info to effectively accuse or defend in a courtroom of rules. If computer forensics is not utilised correctly, then any information found might not exactly be admissible in judge. Which means that law enforcement officials must have a general understanding of computer forensics in order to properly utilize evidence and better understand how to recognize and manage information a computer could potentially have to assist in legal investigations [12, 13].

Two typical areas of computer forensics are to understand the potential evidence they are looking for and to select the appropriate tools. Crimes concerning your computer can range between identity theft to damage of intellectual property, so it is important to really know what kind of evidence to be looking for in the inspection. To prevent any more damage to the files, it is important to know how to recover the information that may have been erased or tampered with by a legal [13].

A forensic auditor's tool equipment will consist of a variety of tools and programs essential for recovering data, disassembling a computer case, or taking images. A few examples of tools in the toolkit include physical tools of any screwdriver and pliers, archive media, and an electronic camera and software and applications including disk wiping, disk imaging, hash calculations, search utilities, data file and data recovery, file taking a look at, and password breaking [2].

A screwdriver and pliers are being used when having to disassemble the computer case to gain access to the hard drive. A kind of archive mass media, recordable Dvd and blu-ray or CD-ROM, is used to duplicate and store the details of the hard drive and a digital camera will be needed to save images of the physical composition of the computer and anything that might need to be captured. Considering the applications and software, drive wiping ensures the hard drives are cleaned and overwritten with binary information while disk imaging creates a bit-stream back-up retaining the hard drive's information. Hash computations are used to check that the source and destination files have the same 32-tad hash value. Auditors then search for wording strings and use EnCase to recuperate and view files and data [2].

Two applications, digital analysis and data query models, have the precise purpose of detecting scam. Digital examination uses Benford's Law, which can be an exponential distribution predicated on the first digit of naturally occurring numbers that do not appear in a set in place pattern. Phone numbers and zip rules do have a pattern and therefore cannot be used; however, invoice sums and substance interest don't have recurring patterns and may be utilized. Benford's Law helps IT auditors detect fraud by assessing the expected regularity distributions with the recognized rate of recurrence distributions. Data query models compare computer assisted audit technique results with other proof obtained during the audit, making sure that the evidence is practical and supports assertions made [2].

Not only can computer forensics be used to accuse criminals, but it can be used to discover evidence thought to have been deleted in cases including the Enron scandal. Regardless of the efforts of employees and many finance institutions to mislead buyers, internal e-mails, considered to have been deleted, led to suspicions of lending options and then the investigations of the true numbers Enron must have been confirming. Anything saved, opened up or viewed over a computer is entirely recorded somewhere. Unless it is properly overwritten, it is capable of being found and restored. When McKesson, Inc. bought HBO & Inc. and company auditors found irregularities in their accounting documents. A detailed audit using computer forensic tools recovered several deleted e-mail and files removed which were part of an effort to cover HBO's falsification of these literature [14, 15].

Future of Computer Forensic Technology

Cyber-forensics is becoming more important and you will be extremely important in the near future because computer systems and the net are the speediest growing technology tools employed by criminals. These cybercrimes and white collar offences have become well-liked by criminals because of the high profit yields and low risk of conviction and sentencing if found. Computer forensics will soon be as essential as an officer's handcuffs or radio. The truth is that so many forms of communication, banking, shopping, and interpersonal networking happen online, so normally, it has become the perfect place for criminals to be involved [13].

Another forthcoming use of it is the application of business intelligence with pcs. Business cleverness is a means of extracting information and examining it through various tools. The info that is analyzed helps identify fraud by using patterns and operates as helpful information to investigations [16].

Investigations are still led by cops and investigators, but the use of personal computers and computer systems aid procedures and allow for more comprehensive searches, the ability to analyze relevant information, and provide the capability of tracing or retrieving documents from computer sites considering that a lot of fraud created today stems from online activity [16].

Future of Forensic Auditing

Trends in Forensic Auditing

Forensic auditing increased its existence in the auditing environment typically due to the fraud scandals of companies like Enron and WorldCom in 2002. Immediately soon after the Auditing Standards Board (ASB) approved a new standard, No. 99, in order to more obviously define the financial auditors' responsibility regarding the diagnosis of fraud [17]. However, because financial audits are not designed to identify fraud, they can not be relied upon to uncover it at any significant level. That is shown in a statistic around ten and twelve percent of most fraud detected is licensed to financial auditors [18]. Because of this insufficient fraud diagnosis in financial auditing, an increasing dependence on forensic auditing has arisen along with an increase in fraud education and training in all different regions of auditing.

Even prior to the Sarbanes-Oxley Work (SOX) of 2002, accounting students didn't have adequate ethics or fraud training. Without students having that training or education, a great deal of difficulty arose in the industry in spotting fraud [17]. However, after many fraudulent scandals and the passing of SOX, fraudulence and ethics training has been an important part of each accounting student's education. These reforms resulting from SOX have specifically taken to light a number of areas where auditing companies have been vulnerable. A absence or lack of staffing and experience of employees employed in audit companies are a few of the vulnerable areas that resulted in a positive trend in the education of auditors. Because of auditing companies having to meet regulatory requirements and the actual fact that seniors are actually retiring, demand for auditors is high. Along with trained in ethics, risk management, and financial statement research, forensic accounting is more and more being taught and offered in accounting advanced schooling to be able to meet market needs with such a high demand for auditors [20].

Not only are components of forensic auditing being permeated into financial auditing in general, but also they are finding their way into specific areas of auditing such as internal auditing. Methods, techniques, and targets that inner auditors use are quite a lot like those forensic auditors use, which paves a way for scam investigations to be more an integral part of inner auditing now and in the future. Historically, inside auditors have just been involved with fraud investigations after the fact: to examine the breakdown of internal adjustments that resulted in the fraud and to provide recommendations to avoid it from going on in the foreseeable future [19]. However, companies are actually looking to interior auditors to have significantly more of a job in fraudulence investigations. With no need to hire external resources for each fraud investigation, there's a prospect of high cost benefits in the foreseeable future. However, when investigations come up where a considerably more comprehensive knowledge and experience in forensic auditing is necessary, failing woefully to outsource for higher competent resources can become more costly over time because of a poorly carried out or failed research [19].

Careers in Forensic Auditing

In the forensic auditing field there are not only specific forensic auditing jobs, but also opportunities to apply forensic auditing ways to every area of auditing as afore brought up. One does not have to be a forensic auditor to be trained in and use the same techniques. In the large organizations, like the Big Four CPA Organizations, there are particular professions for auditors to execute fraud audits. They can be called in separately from an twelve-monthly audit team if there is a predication of scams in just a company [17]. However, in smaller companies where there isn't as much staff or means of having another forensic department, you have the potential for financial record auditors to become more experienced and been trained in fraudulence audits [17].

Another kind of profession in auditing that we have mentioned recently is in the cyber-forensics or computer forensics field. That is a comparatively new field in auditing as they have only been around in the last 2 decades and mostly in the last ten years, but one which is rapidly growing. There's a limited amount of cyber-forensics being taught in higher education scheduled to it being found out relatively recent, but as of now there's a greater dependence on it than ever before. With the go up in the digital world and it, auditors have become more reliant on it and digital information in undertaking audits and looking into fraud. These components have become critical in forensic auditing [18].

Along with forensic auditing or elements of it being grafted into higher education in accounting degrees, there are also lots of certifications that may be gained or are required in order to really have the training and experience that auditing businesses would like in their workers. First, accounting programs for the most part prepare students to be a Certified Public Accountant (CPA) by training them specifically for the CPA exam [18]. Other specific accreditations are a qualified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP), both which are ideal for occupations in computer forensics [18]. Particular qualifications that forensic auditors can buy which will help them take specific routes within forensic auditing are a qualified Internal Auditor (CIA), a Certified Government Auditing Professional (CGAP), or a qualified Financial Services Auditor (CFSA) [21].


Fraud and forensic auditing will continue steadily to impact businesses in the future. Companies will need to ensure that their scams practices are keeping up with emerging technologies. Equally as technology has advanced before thirty years, so have incidences of fraud. Thus, as we've seen the complexity of fraud and forensic audit techniques have greatly improved. Computer forensics has extended the capabilities of the techniques and can continue to expand in importance as a result of continuing progress in technology. Scam and forensic auditors have become more informed and been trained in scam and forensic auditing which will increase the amount of scams uncovered. Overall, fraudulence and forensic auditing is essential to properly utilizing facts in a judge of rules.

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)