Computer‐related crime: the role of control in its prevention, detection and correction
| Pages | 339-344 |
| DOI | https://doi.org/10.1108/eb025660 |
| Published date | 01 January 1995 |
| Date | 01 January 1995 |
| Author | John Mitchell |
| Subject Matter | Accounting & finance |
Journal
of
Financial Crime
Volume
2
Number
4
Computer-related
crime:
the role of control in its
prevention, detection and correction
John Mitchell
Received: 14th November, 1994
John A. Mitchell
PhD,
MBA, CEng,
FBCS,
CISA,
MIIA,
is Managing Director of
LHS — The
Audit &
Control Consultancy, and Chairman of BCS
Computer Audit Specialist Group. He founded
LHS in 1989 as a consultancy specialising
primarily in Audit and Information Technology
control matters. He obtained his Master of Busi-
ness Administration degree, with distinction, at
Middlesex Business School, where he majored in
Financial Management and Control. His
doctor-
ate,
from City University, was awarded for his
research into the use of computer systems for
audit planning purposes.
Dr Mitchell writes and lectures extensively on
the subject of audit and control and is a regular
speaker at international conferences. He is visit-
ing Professor to the University of Luton, visiting
Fellow to City University in London and external
course adviser to South Bank
University.
He can
be contacted on + 44 (0)1707 654040.
ABSTRACT
This
three-part briefing deals
with the preven-
tion,
detection and
correction
of computer
related crime by the application of straight-
forward control techniques. No attempt is
made to
identify
the scale
of
computer abuse as
the main thrust is that the
implementation
of
controls
to prevent mistakes will
also
help to
mitigate
abuse.
The
briefing raises
a number of
issues
that
are relevant
to
dealing
with
computer abuse as
a
control
issue.
First,
it
identifies
the
position
of the computer in an abuse event as being
either
the
object,
subject,
instrument or symbol
of the
crime.
Secondly,
it
suggests
that fraud is
only
achievable
where the three attributes of
ability, opportunity and
conversion
of
assets
come
together,
but that non-fraud
attacks
only
require ability and opportunity. Thirdly, it
hypothesises
that the number of
crimes
will
be
inversely proportional
to the skill
required
to
do them
and proves
the
hypothesis
by
reference
to the published
cases.
Finally, it makes the
point that for
real-time
systems,
prevention of
abuse by the
authorised
user may not
be
pos-
sible due to the very nature of the system.
Under
such circumstances
the
organisation
has
to rely on
detection mechanisms
with all the
problems
of living with a window of exposure.
PART
ONE:
INTRODUCTION
This is the first of a three briefing set
which deals with the subject of com-
puter related crime from a control view-
point. This means that extravagent
claims about the extent of the problem
will not be made, nor will concentration
be solely on the fraud element. Indeed,
fraud is only one aspect of computer
related crime and is, arguably, the one
least likely to have a major impact on the
organisation. Likewise, the writer will try
to address the problem of combating the
business exposures caused by computer
related crime by identifying the main
exposures, then the likely cause of those
exposures and finally by identifying
available counter measures.
Page
339
To continue reading
Request your trial