One of the major components of risk is threat. Risks to business from the computer fraud in terms of threats are: (i) internal threats and (ii) external threats
a. What is threat?
b. What is/are internal threats? Discuss common types of frauds committed.
c. What is/are external threats? Discuss common types of frauds committed.
d. What are the measures that prevent or reduce the potential of risk from fraud?
a. A threat is an entity or event with potential to cause harm to a computer system. This may be intentional or unintentional. Threats should be identified and analyzed to determine the likelihood of their occurrence and potential to harm computer assets. Threats may arise from both intentional and unintentional acts and may come from internal and external sources. The threat may arise from technical conditions (program bugs, disk crash), natural disaster (fires, floods) environmental conditions (electric surges), human factors , lack of training, errors and omission, unauthorized access (hacking) or viruses.
b. Internal threats are those threats that originate from inside the organization, mostly employees. There is evidence that majority of frauds are originated the organization staff since they have easy access to the organization‘s system. This may be intentional or unintentional. Many times destructions are done disgruntled employees who have access that far exceeds what an outsider can do. The common techniques used are:
Data entry error
Alteration of the data during input
Equipment or software failure
Unauthorized computer use for personal gain including financial gain, personal entertainment on company time
Alteration of software instructions or functions.
Alteration or destruction or defacement of stored data in the system the employee.
Theft or misutilization of stored data.
Sudden shut down of the system
c. External threats are those that originate from outside the Organizations system. This originates from outside the system when it is connected thru internet to external networks. This may arise from technical condition, man-made reasons, natural disaster, environmental condition, unauthorized access, malicious acts, etc.
Removal of information during transmission through internet
Transmission of virus, worm, etc.
Interception of emails
Interception of electronic payment during transmission
Natural disaster like earthquake, flood, riot, etc.
Electric voltage surge
d. Prevention measures are:
i. Make fraud less likely to occur password control, access control etc. ii Use proper hiring and firing practices
iii Manage disgruntled employees properly addressing the issue. iv Train employees in security and fraud prevention measures
v Develop strong system of internal controls vi Adequate segregation of duties
vii Require mandatory vacation and jobs rotation
viii Restrict access to computer equipment and data files
ix Encrypt data and programs in storage and during transmission. x Protect telephone lines for misuse
xi. Protect the system from viruses
xii Control access to system and stored data
xiii. Control laptop computers
xiv. Fire and earthquake proof building
xv. Install surge protector