To download more slides, ebook, solutions and test bank, visit

CHAPTER 5
COMPUTER FRAUD AND SECURITY
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
5.1

The statement seems ironic because employees represent both the greatest control strength and
the greatest control weakness to an information system. Honest, skilled employees are the most
effective deterrent to computer fraud. However, when fraud does occur, it usually involves an
employee in a position of trust. Studies suggest that as many as 75 to 90% percent of all
computer frauds are insider jobs by employees.
The textbook suggests several important things employers can do to maintain the integrity of their
employees. (NOTE: The information to answer this question is introduced in this chapter but is
covered in more depth in Chapter 6)
Human Resource Policies. Implement human resource policies for hiring, compensating,
evaluating, counseling, promoting, and discharging employees that send messages about
the required level of ethical behavior and integrity
Hiring and Firing Practices: Effective hiring practices are aimed at screening potential
employees through thorough background checks before hiring. Potential employees
can also be screened with written tests that evaluate integrity. Care should also be
taken when an employee is fired. Employees who are fired should be removed from all
sensitive jobs and denied access to the computer system to avoid sabotage.
Managing Disgruntled Employees: Some employees who commit a fraud are
disgruntled and are seeking revenge or "justice" for some wrong that they perceive has
been done to them. Companies should have procedures for identifying these
individuals and helping them resolve their feelings or removing them from jobs that
allow them access to the system. One way to avoid disgruntled employees is to
provide grievance channels that allow employees to talk to someone outside the normal
chain of command about their grievances.
Culture. Create an organizational culture that stresses integrity and commitment to both

ethical values and competence
Management Style. Adopt an organizational structure, management philosophy, operating
style, and appetite for risk that minimizes the likelihood of fraud

Employee Training: Employees should be trained in appropriate behavior, which
is then reinforced by the corporate culture. Employees should be taught fraud
awareness, security measures, ethical considerations, and punishment for unethical
behavior

5-1
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 5: Computer Fraud and Security

5.2

According to the text, a kiting scheme involves the cover-up of a theft of cash by transferring money
between banks. Cash is created by depositing a check from bank A in bank B. The perpetrator then
withdraws the money from bank B and spends it. Since there are insufficient funds in bank A to
cover the check to bank B, the perpetrator must deposit a check to his account in bank A before his
check to bank B clears. This check comes from bank C, which also has insufficient funds to cover
the check written on the account. Therefore, funds must be deposited to bank C before its check to
bank A clears. The check to bank C comes from bank A, B, or D, which also have insufficient funds.
The scheme continues, with checks written and deposits made as needed to keep checks from
bouncing.
Kiting can be detected by analyzing all interbank transfers. Since the scheme requires constant
transferring of funds, the number of interbank transfers will usually increase significantly. This

increase is a red flag that should alert the auditors to begin an investigation.
When the employee confesses the company should immediately investigate the fraud and determine
the actual losses. Employees often "underconfess" the amount they have taken. When the
investigation is complete the company should determine what controls could be added to the system
to deter similar frauds and to detect them if they do occur.
Employers should consider the following issues before pressing charges:
How will prosecution of this case impact the future success of the business?
What effect would adverse publicity have upon the company's well being? Could such
publicity increase the incidence of fraud by exposing company weaknesses?
What social responsibility does the company have to press charges?
Does the evidence assure a conviction?
If charges were not made, what message would that send to other employees in the
organization?
Could failure to expose the crime subject the company to civil liability problems?

5-2
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.3

One fraud technique that the perpetrator definitely used is impersonation. He or she impersonated a
Digital repairman to obtain the necessary access codes to enter the system and destroy the data base.
The computers at U. S. Leasing began acting sluggish several hours before the impersonator called.
Therefore, it is likely that the impersonator knew the system was experiencing problems or caused
them. If the perpetrator knew the computer was having problems, he took advantage of the situation

to gain access. In such a case the person was either an insider or was familiar enough with the
system to know it was sluggish.
If the perpetrator was responsible for the sluggishness, he or she may have:
Infected the systems with some kind of virus or worm.
Hacked into the system and hijacked it or of a large part of its processing capability.
Infected it with a Trojan horse, trap door, logic or time bomb, or some other malware that is
causing the sluggishness.
The unauthorized use of superzap, a special software utility to bypass regular system controls.
To avoid such problems, the secrecy of company passwords and logon numbers should be protected.
Only reveal passwords and logon numbers on an authorized basis and to individuals whose
identities are assured.
Ensure that it is a Digital employee by calling Digital back on their known and published
service number and then give the company the access codes and passwords. Even better would
be to call back and talk to the Digital representative assigned to U. S. Leasing.
After the system had been fixed, the codes and password information should be changed.
Other control considerations that could reduce the incidence of unauthorized access include:
Improved control of sensitive data
Protection of phone lines
Alternate repair procedures
Increased monitoring of system activities.

5-3
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 5: Computer Fraud and Security

5.4


This problem has no clear answer. By strict definition, the actions of Logisticon in halting the
software represented a trespassing and an invasion of privacy. Some states recognize trespassing as a
breach of the peace, thereby making Logisticon's actions illegal.
However, according to contract law, a secured party can repossess collateral if the contract has been
violated and repossession can occur without a breach of the peace.

5.5

Answers will vary. Students should give consideration to the following conflicting concepts:
Software licensing encourages the development of new ideas by protecting the efforts of businesses
seeking to develop new software products that will provide them with a profit and/or a competitive
advantage in the marketplace. This point is supported by the following ideas:
The prospect of a financial reward is the primary incentive for companies to expend the time
and money to develop new technologies.
If businesses were unable to protect their investment by licensing the software to others, it
would be much more difficult for them to receive a reward for their efforts in the research and
development of computer software.
Economic systems without such incentives are much more likely to fail in developing new
products to meet consumer needs.
The only way to foster new ideas is to make information and software available to all people. This
argument is supported by the following ideas:
The most creative ideas are developed when individuals are free to use all available resources
(such as software and information).
A free society should have no "secrets."
Many security experts and systems consultants view proper ethical teaching as an important solution
to most security problems. However, no single approach is a complete solution to the problem of
computer fraud. Proper ethical teachings can reduce but not eliminate the incidents of fraud.
Though no security system is impenetrable, system security measures can significantly reduce the
opportunity for damages from both intentional and unintentional threats by employees. Controls can

also make the cost (in time and resources) greater than the benefit to the potential perpetrator.
Ultimately, the reduction in security measures will increase opportunities for fraud. If the perpetrator
has sufficient motive and is able to rationalize his dishonest acts, increased opportunity will probably
lead to an increase in computer crimes.

5-4
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.6

The old saying "where there is a will, there is a way" applies to breaking into a computer system. It is
possible to institute sufficient controls in a system that it is very difficult to break in, but most experts
would agree that it just isn't possible to design a system that is 100% secure from every threat. There
is bound to be someone who will think of a way of breaking into the system that designers did not
anticipate and did not control against.
Though internal controls can't eliminate all system threats, controls can:
Reduce threats caused by employee negligence or error. Such threats are often more financially
devastating than intentional acts.
Significantly reduce the opportunities, and therefore the likelihood, that someone can break into
the system or commit a fraud.

5.7

The textbook defines hacking as the unauthorized access and use of computer systems, usually by
means of a personal computer and telecommunications networks. Most hackers are motivated by the

challenge of breaking and entering a system. Many do so with no intent to do harm. Others do so to
destroy data, to make unauthorized copies of the data, or to damage the system in some way.
Hacking has increased significantly in popularity for several reasons. Perhaps the most important is
the increasing use of personal computers and telecommunications and the corresponding rise in the
number and the skill level of the users. In other words, there are more systems to break into, and
there are more people capable of breaking in.
By legal definition, hacking represents illegal trespassing and is punishable as a federal crime under
the 1986 Computer Fraud and Abuse Act. However, many computer users feel that hacking is a
"right" enjoyed by computer users in a "free information" society. If a hacker can gain system access
illegally, then the business is at fault for not promoting adequate security measures. Many hackers
also argue that hacking rarely does any harm to a computer system and is acceptable behavior.

5-5
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 5: Computer Fraud and Security

SUGGESTED ANSWERS TO THE PROBLEMS
5.1

Adapted from the CIA Examination
a.

This is an indication of fraud because there is a conflict of interest situation which should have
alerted the auditor to the possibility of fraud. It is a red flag warning signal and may be in
conflict with the organization's code of ethics and conduct.


b.

This is a fraudulent act because there is a knowingly false representation.

c.

This is a fraudulent act by the supervisor of receiving because there is an intent to deceive as
indicated by the efforts to conceal the act. Alternately, this is unrelated to the investigation
because while the chain is damaged by the theft, it is not due to an act by the buyers.

d.

This is a weakness in the system of internal control, and is unrelated to the investigation.

e.

This is an indicator of fraud because the receiving supervisor is advocating a system of weak
internal control.

5-6
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.2

Adapted from the CIA Examination.

a.

Fraud encompasses an array of irregularities and illegal acts characterized by intentional
deception. It can be perpetrated for the benefit of or to the detriment of the organization and by
persons outside as well as inside the organization.
Fraud deterrence consists of those actions taken to discourage the perpetration of fraud.
Fraud detection consists of identifying indicators of fraud sufficient to warrant recommending
an investigation.
Fraud investigation consists of performing the extended procedures needed to determine
whether fraud, as suggested by the indicators, has occurred.

b.

Any four (4) of the following:
High personal debts or great financial losses.
Expensive lifestyle.
Extensive gambling or use of alcohol or drugs.
Heavy investments.
Significant personal or family problems.
Rewriting records, under the guise of neatness.
Refusing to leave custody of records during the day.
Extensive overtime.
Skipping vacations.
Questionable background and references.
Feeling that pay is not commensurate with responsibilities.
Strong desire to beat the system.
Regular borrowing of small amounts from fellow employees.
Personal checks returned for insufficient funds.
Collectors and creditors appearing at the place of business.
Placing unauthorized IOUs in petty cash funds.

Inclination toward covering up inefficiencies or "plugging" figures.
Pronounced criticism of others.
Association with questionable characters.
Annoyance with reasonable questions; replying to questions with unreasonable answers.
Unusually large bank balance.
Bragging about exploits.
Carrying unusually large amounts of cash.

c.

The fraudulent behavior of the purchases journal clerk may be detected by:
1. Inspecting the documentation supporting the release of a check to a vendor.

5-7
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 5: Computer Fraud and Security

2. Tracing all payments back to the supporting documentation. The receiving department
would have no record of the receipt of the goods. The purchasing department would have
no record of having ordered the materials or of having such materials requested.

5-8
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit


Accounting Information Systems

5.3

Adapted from the CMA Examination.

Type of Fraud
Input
manipulation

Program
alteration

Explanation

Identification and Description of
Protection Methods

This requires the least amount of
technical skill and almost no knowledge
of how the computer system operates.
Input data are improperly altered or
revised without authorization. For
example:
Payroll time cards/time sheets can be
altered to pay overtime or an extra
salary.

Documentation and Authorization

Data input format properly
documented and authorized.
Control over blank documents.
Comprehensive editing
Control source of data

Program alteration requires
programming skills and knowledge of
the program.
The program coding is revised for
fraudulent purposes. For example:
Ignore certain transactions such as
overdrafts against the programmers'
account
Draw checks and have them sent to a
falsely constructed account
Grant excessive discounts to certain
specified trade accounts

Programmers should only make
changes to copies of production source
programs and data files, never to the
actual files.

Programmed Terminal/User protection
Programs designed to accept only
certain inputs from designated users,
locations, terminals, and/or times of
the day.


Segregation of Duties
Computer operators should not have
access to production programs or
data files.
Periodic Comparisons
Internal Audit or some other
independent group should have
access to the master programs,
periodically process actual data, and
compare the output with output
obtained from normal operations.
Any output changes would be
indicative of unauthorized program
changes.
Periodic comparisons of on-line
programs to off-line backup copies to
detect changes.

5-9
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 5: Computer Fraud and Security

Type of Fraud

Explanation


Identification and Description of
Protection Methods

File alteration

File alteration occurs when the defrauder
revises specific data or manipulates data
files. For example:
Fraudulently changing the rate of pay
of an employee in the payroll master
file via a program instruction
Transferring balances among dormant
accounts to conceal improper
withdrawals of funds.

Restricted Access to Equipment/Files
Restrict access to the computer
center.
Programmers, analysts, and computer
operators should not have direct
access to production data files.
Production data files are maintained
in a library under the control of a
librarian.
Computer operators should not have
access to applications
documentation, except where needed
to perform their duties. This
minimizes their ability to modify
programs and data files.


Data theft

Data theft can be accomplished by data
interception or smuggling out computer
data files or hard copies of reports/files.
Data transmitted by data communication
lines can be tapped or intercepted.
Magnetic devices can be smuggled out in
briefcases, employees' pockets, etc.

Electronic sensitization of all library
materials for detection if unauthorized
removal from the library is attempted.

The physical destruction of hardware or
software.

Terminated employees immediately
denied access to all computer
equipment and information to
prevent them from destroying or
altering equipment or files.

Sabotage

Tapping transmitted data minimized by
encrypting sensitive data
transmissions.


Maintain backup files at secure off-site
Theft of
Computer Time

Theft of computer time is the
unauthorized use of a company's
computer for personal or outside
business activities. This can result in the
computer being fully utilized and lead to
unnecessary computer capacity
upgrades.

Assigning blocks of time to processing
jobs with operating system blockage
to the user once the allocated time is
exhausted.
Any additional time would require
special authorization.

5-10
© 2009 Pearson Education, Inc. Publishing as Prentice Hall

locations


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.4


Adapted from the CMA Examination.
a.

The following situational pressures in a public company increase the likelihood of fraud:
Sudden deceases in revenue or market share.
Financial pressure from bonus plans that depend on short-term economic performance.
Pressure from stockholders to maintain or improve reported performance.
NOTE: Table 5.3 lists more corporate pressures that can lead to financial statement fraud

b.

Fraud is easier to commit and detection is less likely when the following corporate
opportunities are present:
Weak or nonexistent internal accounting controls.
Unusual or complex transactions such as the consolidation of two companies.
Accounting estimates requiring significant subjective judgment by company management.
NOTE: The CMA solution can be supplemented with the information in Table 5-4.

c.

For purposes of assessing the risk of fraudulent financial reporting, the external factors that
should be considered in each of the company's environmental situations include the following:
Industry environment
Specific industry trends such as overall demand for the industry's products, economic
events affecting the industry, and whether the industry is expanding or declining.
Whether the industry is currently in a state of transition affecting management's ability to
control company operations.
Business environment
The continued viability of the company's products in the marketplace.

Sensitivity of the company's operations and profits to economic and political factors.
Legal and regulatory environment
The status of the company's business licenses or agreements, especially in light of the
company's record of compliance with regulatory requirements.
The existence of significant litigation.

d.

To reduce the possibility of fraudulent financial reporting, top management should:
Set the proper tone to establish a corporate environment contributing to the integrity of the
financial reporting process.
Identify and understand the factors that can lead to fraudulent financial reporting.
Assess the risk of fraudulent financial reporting that these factors can cause within the
company.
Design and implement internal controls that provide reasonable assurance that fraudulent
financial reporting is prevented, such as establishing an Internal Audit Department.
5-11
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

5.5

Adapted from the CMA Examination.
a.

Inventory - The inventory shrinkage problem is an example of collusion. While collusion is

often difficult to prevent, the store could improve its control system by:
Implementing job rotation so that the same employees are not always performing the same
duties.
Separating the payment for expensive items from the pickup of these items at a separate
location.

b.

Payroll - The payroll fraud could be prevented through the introduction of better internal
controls including:
Separation of duties. A supervisor with the authority to sign time cards should not be
allowed to distribute paychecks. An individual with no other payroll-related duties should
distribute checks.
Periodic floor checks for employees on the payroll.

c.

Accounts Payable - In order to prevent further occurrences of accounts payable fraud, the
company should:
Implement and enforce a policy that prohibits the payment of invoices based on copies of
supporting documents.
All payments could be electronic funds transfers (EFT) to the vendor’s bank account.
Require all vendors to submit a numbered electronic invoice. The computer could match
the invoice to the supporting documents, automatically looking for duplicate invoices or
duplicate supporting documents.
Require specific authorization if a situation arises where payment on the basis of copies of
supporting documents is necessary.

5-12
© 2009 Pearson Education, Inc. Publishing as Prentice Hall



To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.6

Adapted from the CIA Examination.
a.

The following incidents should have caused the auditor to suspect a possible fraud:
Departure from the established policy of requiring sealed bids to dispose of vehicles being
salvaged.
Management's justification for departing from established policy.
The fact that vehicles had been repaired before they were sold for salvage.

b.

Audit procedures that could have been employed to establish the fact that a fraud had taken
place include:
Thorough review of sales documentation identifying persons to whom sales were made at
"negotiated prices."
Evaluating the adequacy of proceeds obtained in negotiated sales. This could be
accomplished in one or more of the following ways: compare to "blue book" prices or to
proceeds of sales of comparable vehicles made based on sealed bids; locate the actual
vehicles and have their values appraised.
Reviewing maintenance records for charges associated with salvaged vehicles.

5-13

© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

5.7
a.

A computer virus is a segment of executable code that attaches itself to an application program
or some other executable component. When the hidden program is triggered, it makes
unauthorized alterations in the way a system operates.
There are a number of reasons why no one is completely safe from a virus:
Viruses are contagious and are easily spread from one system to another. A virus spreads
when users share programs or data files, download data from the Internet, or when they
access and use programs from external sources such as suppliers of free software.
Viruses can spread very quickly. In a network environment a virus can spread to
thousands of systems in a relatively short period of time. When the virus is confined to a
single machine or to a small network, it will soon run out of computers to infect.
Many viruses lie dormant for extended periods of time without doing any specific damage
except propagating itself. The hidden program leaves no external signs of infection while it
is reproducing itself.
Many computer viruses have long lives because they can create copies of themselves faster
than the virus can be destroyed.

b.

Viruses are a significant threat to information systems because they make unauthorized
alterations to the way a system operates and cause widespread damage by destroying or altering

data or programs. If adequate backup is not maintained, viral damage may also mean
permanent loss of important or unique information, or time consuming reentry of the lost
information.
A virus can cause significant damage when it takes control of the computer, destroys the hard
disk's file allocation table, and makes it impossible to boot (start) the system or to access data
on a hard drive. They can also intercept and change transmissions, print disruptive images or
messages on the screen, or cause the screen image to disappear. As the virus spreads it takes
up space, clogs communications, and hinders system performance.

c.

A virus is like a Trojan horse in that it can lie dormant for extended periods of time undetected
before being triggered by an event or condition.

d.

Focus 5-2 lists several steps individuals can take to keep their computers virus free. In recent
years, anti-virus programs have been developed to detect and destroy viruses, improving our
ability to reduce damage caused by a virus.

5-14
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.8


Adapted from the CIA Examination.
The circumstances are symptomatic of lapping, which is generally considered to be one of the most
common forms of embezzlement by lower-level employees in positions that handle cash receipts.
In a lapping scheme, the perpetrator steals cash, such as a payment on accounts receivable by
customer A. Funds received at a later date from customer B are used to pay off customer A's
balance. Funds from customer C are used to pay off B, and so forth. Since the time between the
theft of cash and the subsequent recording of a payment is usually short the theft can be effectively
hidden. However, the cover-up must continue indefinitely unless the money is replaced, since the
theft would be uncovered if the scheme is stopped.

5.9
a.

The UCLA computer lab is an excellent breeding ground for computer viruses because
A large population of computers is present, providing numerous potential hosts.
Users are allowed to create and store programs.
Users share programs regularly.
Numerous external data storage devices are used each day by students without adequate
controls over their contents.
University students send lots of emails and download lots of software, music, and videos
from the Internet, all of which are excellent ways to pass viruses to others.

b.

The system exhibited the following signs of a computer virus:
Destroyed or altered data and programs
The inability to boot the system or to access data on a hard disk
Clogged communications
Hindered system performance.
However, the system did not print disruptive images or messages on the screen. Some people

who write viruses cause some sort of message or image to appear to give some indication that
the system has been compromised.

c.

Focus 5-2 lists several steps individuals can take to keep their computers virus free

5-15
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

5.10
a.

This is an attempt by a fraudster to acquire confidential information and use it for illicit
purposes such as identity theft. Since the email looks authentic and appears authoritative,
unsuspecting and naïve employees are likely to follow the emails instructions.
Justin’s should:
Notify all employees and management that the email is fraudulent and that no information
should be entered on the indicated website
Delete the email without responding to its sender
Launch an education program for all employees and management about computer fraud
practices that could target their business.
Notify Big Bank regarding the email.

b.


Once Big Bank becomes aware of the fraudulent emails it should:
Immediately alert all customers about the email and ask them to forward any suspicious
email to them.
Establish a quick and convenient method that encourages customers and employees to
notify Big Bank of suspicious emails. The warnings received by customers and employees
should be investigated and remedial actions should be taken.
Notify and cooperate with enforcement agencies so the perpetrator can be apprehended
Notify the ISP from which the email originated, demanding that the perpetrator’s account
be discontinued.

c.

This computer fraud and abuse technique is called phishing. Its purpose is to get the
information need to commit identity theft. The perpetrator probably also used brand spoofing
on the indicated web sites.

5-16
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.11 Students will likely present many different solutions to this problem.
Table 5-5 in the text provides a comprehensive list of computer fraud and abuse techniques from
which the students may draw upon.
Potential solutions should at least include
identity theft

packet sniffing
spyware
eavesdropping to capture the card number.
Using RAN can limit the amount of money stolen. If the card or card number is stolen, it can only be
used for the specific vendor and time period it is issued for. In addition, it can only be used for one
purchase or only a set number of purchases identified when the card number was issued. At any rate,
restricting the card to only a specific merchant and for a specific time period and number of
transactions, the card severely restricts the thief's ability to steal.
Using RAN can help prevent identity fraud Since the card is only linked to the actual customer at
the bank, the identity of the customer is shielded to anyone who steals the card or the card number.
The thief would need to hack into the banks system to find the identity of the RAN card holder since
it would not be printed on the card itself.
Also, RAN can frustrate those who capture card numbers through packet sniffing, spyware, and
eavesdropping. These techniques may capture the card number, but once the thieves have it, there
ability to exploit the card for monetary gain is severely restricted.

5-17
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

5.12

AICPA adapted
a.

As shown below, the cashier embezzled $719.50.

Balance per Books, November 30
18,901.62
Add: Outstanding Checks
Number
62
183
284
8621
8622
8632

Amount
116.25
150.00
253.25
190.71
206.80
145.28
1,062.29
100.00

Bank credit

1,162.29

b.

Subtract: Deposits in transit

(3,794.41)


Balance per bank
Balance per bank (according to the bank)
Amount of theft

16,269.50
15,550.00
719.50

Methods:
1.

Not including 3 outstanding checks totaling 519.50 in the reconciliation:
 No. 62 – 116.25
 No. 183 – 150.00
 No. 284 – 253.25
519.50

2.

Error in totaling (footing) the outstanding checks. The total of the checks listed on the
reconciliation is actually 542.79 not 442.79.

3.

Deducting instead of adding the bank credit (100) after the balance per bank is calculated.

4.

The total is 719.50 (19.50 + 100 + 100)


5-18
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.13 NOTE: Students are better able to answer questions 3 and 4 if they have read Chapters 6

and 7. These questions provide a great lead in to those chapters and help students
understand why a knowledge of controls is important. These questions can be revisited
after the student have read those chapters.
1.

Council fit the fraud profile in that he was younger; possessed knowledge, experience,
and skills; and was loyal and very trusted by his superiors. However, Council
invested a portion of his ill-gotten gains instead of spending it like the typical
fraudster.

2.

Council set up fictitious entities with names very similar to legitimate companies that
the Atlanta Olympic Committee (AOC) had contract with. Council then prepared fake
invoices and wrote checks to these fake companies from the AOC accounts.

3.

Several controls could have prevented Council’s fraud.

Separating accounting duties (custody of assets, record keeping for those assets,
and the authority to authorize payments)
Restricting access to company checks and the check signing machine.

4.

Several controls could have detected Council’s fraud, including
A bank reconciliation prepared by someone other than Council. An Olympic
Committee official should have reviewed bank statements and cancelled checks
Periodic confirmations of invoices with vendors.

5-19
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

5.14
1. I
2. O
3. R
4. U
5. T
6. C
7. L
8. S
9. M
10. Q

11. N
12. J
13. E
14. H
15. A
16. K
17. F

5. 15
1. I
2. K
3. F
4. M
5. A
6. J
7. D
8. B
9. H
10. C

5.16
1.
2.
3.
4.
5.
6.
7.

E

I
F
A
J
D
B

5-20
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Accounting Information Systems

5.17
1. J
2. W
3. S
4. L
5. N
6. C
7. E
8. X
9. U
10. Q
11. V
12. F
13. R
14. P

15. G
16. A
17. I
18. K
19. B
20. M
21. H

5-21
© 2009 Pearson Education, Inc. Publishing as Prentice Hall


To download more slides, ebook, solutions and test bank, visit

Ch. 9: Computer Fraud and Security

SUGGESTED ANSWERS TO THE CASES

5-22
© 2009 Pearson Education, Inc. Publishing as Prentice Hall