Safeguard accounting…
| Date | 01 January 1981 |
| Pages | 46-48 |
| Published date | 01 January 1981 |
| DOI | https://doi.org/10.1108/eb057176 |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
The role of the auditor, both internal and external,
is
changing today at a faster pace
than ever
before.
The public, management and regulatory authorities are attempting
to extend the scope of audit responsibilities into new areas such as forecasting,
management information systems, social accounting and the like. This pressure for
extended responsibility seems intended to help provide safeguards and controls
regarding a company's financial reporting, progress, plans, projections and internal
operations.
Safeguard accounting...
Naturally, to the extent that a mean-
ingful portion of a company's opera-
tional and financial reporting is com-
puterised, there must be coincident
extended concern regarding the
integrity of those computer processes.
We are now coming into contact with
increasingly complex computer sys-
tems which are open to a multiplicity
of interactions between a large
number of users and data structures,
thus widening the horizon for loss of
control and fraudulent activities.
DEFINITION OF FRAUD
One of the most difficult problems
in studying this topic, is adequately
defining FRAUD. For the purpose of
this paper, the following definitions
are proposed:
• Improper actions resulting in a
material misstatement of the finan-
cial statements.
• Improper actions resulting in the
defrauding of the consumer public.
• Embezzlement and defalcations
perpetrated by employees against
their employers.
• Other improper actions such as
bribes, kickbacks and violations of
regulatory/statutory rules.
While each of these four types of
fraud is of interest to accountants,
material misstatement of the financial
statements, probably represent the
kind that auditors fear the most.
It is the auditors responsibility to
attest to the fair representation of an
organisation's financial statements.
There are some auditors who assert
that the detection of fraud should be
included in this attestion function. In
fact, a survey conducted by Opinion
Research Corporation (U.S.A.) disc-
losed that 66% of the investing public
believe that "the most important
function of a Public Accountant's
audit of a company is to detect fraud".
DETECTION OF COMPUTER
FRAUD
There is actually no evidence to
suggest that fraud has increased with
the advent of computers, but certainly
additional hazards have been intro-
duced. With the advent of new com-
puter technologies, a greater degree
of RISK, by either accidental or
deliverate misuse of the data has
resulted.
The more usual reasons for detec-
tion appear to be accidental discov-
ery, information received, fraud
shows up (margins, employees living
standards) and through the internal-
/external audit function. Unfortu-
nately, these detection reasons are all
in the "after the fact" category. What
then should we be looking for prior to
the defalcation occurring. The major
areas to be examined are:
• Large volumes of transactions.
• Little human intervention/visibil-
ity.
• Unauditable system.
• Poor transaction controls.
• Frequent and uncontrolled
maintenance.
• Uninformed management.
To date, the prize for the most cost
effective fraud of the century, must go
to Mr. Stanley Mark Rifkin who man-
aged to gain access to the transfer
room of the Security Pacific Bank of
Los Angeles (tenth largest bank in the
United States) and cable $10.2m via
Irving Trust in New York to the Swiss
Bank account of Russelmanz, the
official diamond brokers of the Soviet
Government.
What astonishes one in this fraud is
the fact that it was not discovered
until eight days after the theft had
occurred. During this time, Mr.
Rif-
kin had flown to Zurich and returned
to California with 91bs of diamonds
which he attempted to fence in the
United States. When he was eventu-
ally apprehended by the police in a
friend's apartment in California, he
had cash to the value of $2m and
diamonds valued at more than $13m.
The fraud had been well planned
and probably researched over several
years.
Mr. Rifkin had gained informa-
tion and knowledge of Swiss Banking
operations during his previous emp-
loyment at an international nuclear
energy consortium. A report after the
Rifkin affair caused a bank official to
say that it had caught there personnel
at a very low level of security aware-
ness. Awareness is the first and most
important step in preventing loss,
whether accidental or deliberate in
origin. Deep, sophisticated awareness
can guard against virtually every con-
tingency.
Elements of this type of fraud
probably exist in nearly every organ-
isation that operates a computer
centre, and one wonders how many
instances, maybe not so spectacular,
are occurring at this point in time in
the United Kingdom. The United
Kingdom scene on computer fraud
and embezzlement appears, on the
surface, to be in a very minor league
compared to that experienced in the
United States.
One peculiar feature in the United
Kingdom is that companies tend to
cover up any fraud or computer crime
within their organisations. The
apparent reason for covering up any
defalcation is that the companies con-
cerned to not like to reveal the inade-
quacies of their security systems to the
general public for fear of losing busi-
ness.
The larger companies in the
United Kingdom typically operate in
the following environment.
* Large-scale computer systems
which have memory structures that
allow a lot of related data to be put
...by internal controls
46 INDUSTRIAL MANAGEMENT + DATA SYSTEMS
To continue reading
Request your trial