微信客服:xiaoxionga100
微信客服:ITCS521
程序代写案例-UTORIAL 7
时间:2022-05-19
University of Adelaide Adelaide Business School
ACCOUNTING SYSTEMS and PROCESSES (M)
TUTORIAL 7 – Answers Guide
BEFORE TUTORIAL 7
1 Read the material indicated below and attempt answers to the questions that
follow.
Material to read:
MyUni>
Data Analytics – Microsoft Power BI Material>
Topic 6 – Analyze sales data from Excel and OData feed.pdf
Key aims of Topic 6 are to strengthen understanding of importing from
heterogeneous data feeds (e.g., MS Excel and OData); preparing the data;
creating custom calculated columns; setting new field data type; importing
transformed queries; managing relationships between datasets; creating
visualisation and interacting with report visuals.
Students are expected to learn basic hands-on skills to carry out these tasks.
Students are expected to attempt tasks in this document before the tute and
raise questions about issues encountered during the tute.
2 Prepare the answers to the following questions from Computer Fraud and
Abuse Techniques (Romney & Steinbart Chapters 8 and 9):
Question 1
Discuss the following statement by Roswell Steffen, a convicted embezzler: “For
every foolproof system, there is a method for beating it.” Do you believe a
completely secure computer system is possible? Explain. If internal controls are less
than 100% effective, why should they be employed at all?
The old saying "where there is a will, there is a way" applies to committing
fraud and to breaking into a computer system. It is possible to institute
sufficient controls in a system so that it is very difficult to perpetrate the fraud or
break into the computer system, but most experts would agree that it just isn't
possible to design a system that is 100% secure from every threat. There is
bound to be someone who will think of a way of breaking into the system that
designers did not anticipate and did not control against.
If there were a way to make a foolproof system, it would be highly likely that it
would be too cost prohibitive to employ.
Though internal controls can't eliminate all system threats, controls can:
• Reduce threats caused by employee negligence or error. Such threats are
often more financially devastating than intentional acts.
• Significantly reduce the opportunities, and therefore the likelihood, that
someone can break into the system or commit a fraud.
Accounting Systems and Processes (M) Tutorial 7 Page 2
Question 2
A client heard through its hot line that John, the purchases journal clerk, periodically
enters fictitious acquisitions. After John creates a fictitious purchase, he notifies
Alice, the accounts payable ledger clerk, so she can enter them in her ledger. When
the payables are processed, the payment is mailed to the nonexistent supplier’s
address, a post office box rented by John. John deposits the check in an account he
opened in the nonexistent supplier’s name. Adapted from the CIA Examination.
a. Define fraud, fraud deterrence, fraud detection, and fraud
investigation.
Fraud is gaining an unfair advantage over another person. Legally, for an
act to be fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on the misrepresentation
to take an action
5. An injury or loss suffered by the victim
Fraud can be perpetrated for the benefit of or to the detriment of the
organization and by persons outside as well as inside the organization.
Fraud deterrence is the actions taken to discourage the perpetration of
fraud.
Fraud detection is using any and all means, including fraud symptoms
(also called red flags of fraud) to determine whether fraud is taking place
Fraud investigation is performing the procedures needed to determine the
nature and amount of a fraud that has occurred.
b. List four personal (as opposed to organizational) fraud symptoms, or
red flags, that indicate the possibility of fraud. Do not confine your
answer to this example.
• High personal debts or significant financial or investment losses.
• Expensive lifestyle; living beyond your means.
• Extensive gambling, alcohol, or drug problems.
• Significant personal or family problems.
• Rewriting records, under the guise of neatness.
• Refusing to leave custody of records during the day.
• Extensive overtime.
• Skipping vacations.
• Questionable background and references.
• Feeling that pay is not commensurate with responsibilities.
• Strong desire to beat the system.
• Regular borrowing from fellow employees.
• Personal checks returned for insufficient funds.
• Collectors and creditors appearing at the place of business.
• Placing unauthorized IOUs in petty cash funds.
• Inclination toward covering up inefficiencies or "plugging" figures.
• Pronounced criticism of others.
• Association with questionable characters.
• Annoyance with reasonable questions; replying to questions with
unreasonable answers.
Accounting Systems and Processes (M) Tutorial 7 Page 3
• Unusually large bank balance.
• Bragging about exploits.
• Carrying unusually large amounts of cash.
c. List two procedures you could follow to uncover John’s fraudulent
behavior.
1. Inspecting the documentation supporting the release of a check to a
vendor. There would be no receiving report. There might be a fake PO
(not clear from the problem if John documents the fake purchase or if it
is just oral).
2. Tracing all payments back to the supporting documentation. The
receiving department would have no record of the receipt of the goods.
The purchasing department would have no record of having ordered
the materials or of having such materials requested.
Question 3
When U.S. Leasing (USL) computers began acting sluggishly, computer operators
were relieved when a software troubleshooter from IBM called. When he offered to
correct the problem they were having, he was given a log-on ID and password. The
next morning, the computers were worse. A call to IBM confirmed USL’s suspicion:
Someone had impersonated an IBM repairman to gain unauthorized access to the
system and destroy the database. USL was also concerned that the intruder had
devised a program that would let him get back into the system even after all the
passwords were changed. What techniques might the impostor have employed to
breach USL’s internal security? What could USL do to avoid these types of incidents
in the future?
What techniques might the impostor have employed to breach USL’s
internal security?
The perpetrator may have been an external hacker or he may have been an
employee with knowledge of the system.
It seems likely that the perpetrator was responsible for the sluggishness, as he
called soon after it started. To cause the sluggishness, the perpetrator may have:
• Infected the system with a virus or worm.
• Hacked into the system and hijacked the system, or a large part of its
processing capability.
To break into the system, the perpetrator may have:
• Used pretexting, which is creating and using an invented scenario (the
pretext) to increase the likelihood that a victim will divulge information or
do something they would not normally do. In this case, the perpetrator
pretended to be an IBM software troubleshooter to get a log-on ID and
password.
• Used masquerading, which is pretending to be an authorized user to access a
system. This was possible in this case once the perpetrator obtained the log-
on ID and password. Once inside the system, the perpetrator has all the
privileges attached to the user ID and password given to him.
Accounting Systems and Processes (M) Tutorial 7 Page 4
• Infected it with a Trojan horse, logic or time bomb, or some other
malware.
What could USL do to avoid these types of incidents in the future?
• Determine how the perpetrator caused the sluggishness and implement the
controls need to prevent it from happening again.
• Conduct a complete security review to identify and rectify and security
weaknesses.
• Only reveal passwords and logon numbers to authorized users whose
identities have been confirmed. When someone calls and indicates they are
an IBM employee, verify their identity by calling IBM back on their
known and published service number. Even better would be to call and
talk to the IBM representative assigned to USL.
• Provide employee training aimed at helping them not fall victim to the
many forms of social engineering.
• After providing outsiders with temporary user IDs and passwords, block
their use as soon as the need for them is passed.
Other control considerations that could reduce the incidence of unauthorized
access include:
• Improved control of sensitive data.
• Alternate repair procedures.
• Increased monitoring of system activities.
Question 4
The controller of a small business received the following e-mail with an authentic-
looking e-mail address and logo:
From: Big Bank [antifraud@bigbank.com]
To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!
Due to the increased incidence of fraud and identity theft, we are asking
all bank customers to verify their account information on the following
Web page: www.antifraudbigbank.com
Please confirm your account information as soon as possible. Failure to
confirm your account information will require us to suspend your account
until confirmation is made.
A week later, the following e-mail was delivered to the controller:
From: Big Bank [antifraud@bigbank.com]
To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!
Dear Client of Big Bank,
Accounting Systems and Processes (M) Tutorial 7 Page 5
Technical services at Big Bank is currently updating our software.
Therefore, we kindly ask that you access the website shown below to
confirm your data. Otherwise, your access to the system may be blocked.
web.da-us.bigbank.com/signin/scripts/login2/user_setup.jsp
We are grateful for your cooperation.
a. What should Justin do about these e-mails?
This is an attempt to acquire confidential information so that it can be used
for illicit purposes such as identity theft. Since the email looks authentic
and appears authoritative, unsuspecting and naïve employees are likely to
follow the emails instructions.
Justin should:
• Notify all employees and management that the email is fraudulent and
that no information should be entered on the indicated website.
• Delete the email without responding to its sender.
• Launch an education program for all employees and management
about computer fraud practices that could target their business.
• Notify Big Bank regarding the email.
b. What should Big Bank do about these e-mails?
• Immediately alert all customers about the email and ask them to
forward any suspicious email to the bank security team. But this needs
to be done via the bank’s web site, not by an email message. Banks
need to consistently never use email in ways similar to this type of
attack.
• Establish a quick and convenient method that encourages customers
and employees to notify Big Bank of suspicious emails.
• The warnings received by customers and employees should be
investigated and remedial actions should be taken.
• Notify and cooperate with law enforcement agencies so the perpetrator
can be apprehended.
• Notify the ISP from which the email originated, demanding that the
perpetrator’s account be discontinued.
c. Identify the computer fraud and abuse technique illustrated.
This computer fraud and abuse technique is called phishing. Its purpose is
to get the information need to commit identity theft. The perpetrator
probably also used brand spoofing of Big Bank’s web site.
DURING TUTORIAL 7
• Contribute to the class discussion of the above questions.
Please remember that you’ll enhance your learning by ACTIVELY
PARTICIPATING in the discussions.
Accounting Systems and Processes (M) Tutorial 7 Page 6
ACCOUNTING SYSTEMS and PROCESSES (M)
TUTORIAL 7 – Answers Guide
BEFORE TUTORIAL 7
1 Read the material indicated below and attempt answers to the questions that
follow.
Material to read:
MyUni>
Data Analytics – Microsoft Power BI Material>
Topic 6 – Analyze sales data from Excel and OData feed.pdf
Key aims of Topic 6 are to strengthen understanding of importing from
heterogeneous data feeds (e.g., MS Excel and OData); preparing the data;
creating custom calculated columns; setting new field data type; importing
transformed queries; managing relationships between datasets; creating
visualisation and interacting with report visuals.
Students are expected to learn basic hands-on skills to carry out these tasks.
Students are expected to attempt tasks in this document before the tute and
raise questions about issues encountered during the tute.
2 Prepare the answers to the following questions from Computer Fraud and
Abuse Techniques (Romney & Steinbart Chapters 8 and 9):
Question 1
Discuss the following statement by Roswell Steffen, a convicted embezzler: “For
every foolproof system, there is a method for beating it.” Do you believe a
completely secure computer system is possible? Explain. If internal controls are less
than 100% effective, why should they be employed at all?
The old saying "where there is a will, there is a way" applies to committing
fraud and to breaking into a computer system. It is possible to institute
sufficient controls in a system so that it is very difficult to perpetrate the fraud or
break into the computer system, but most experts would agree that it just isn't
possible to design a system that is 100% secure from every threat. There is
bound to be someone who will think of a way of breaking into the system that
designers did not anticipate and did not control against.
If there were a way to make a foolproof system, it would be highly likely that it
would be too cost prohibitive to employ.
Though internal controls can't eliminate all system threats, controls can:
• Reduce threats caused by employee negligence or error. Such threats are
often more financially devastating than intentional acts.
• Significantly reduce the opportunities, and therefore the likelihood, that
someone can break into the system or commit a fraud.
Accounting Systems and Processes (M) Tutorial 7 Page 2
Question 2
A client heard through its hot line that John, the purchases journal clerk, periodically
enters fictitious acquisitions. After John creates a fictitious purchase, he notifies
Alice, the accounts payable ledger clerk, so she can enter them in her ledger. When
the payables are processed, the payment is mailed to the nonexistent supplier’s
address, a post office box rented by John. John deposits the check in an account he
opened in the nonexistent supplier’s name. Adapted from the CIA Examination.
a. Define fraud, fraud deterrence, fraud detection, and fraud
investigation.
Fraud is gaining an unfair advantage over another person. Legally, for an
act to be fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on the misrepresentation
to take an action
5. An injury or loss suffered by the victim
Fraud can be perpetrated for the benefit of or to the detriment of the
organization and by persons outside as well as inside the organization.
Fraud deterrence is the actions taken to discourage the perpetration of
fraud.
Fraud detection is using any and all means, including fraud symptoms
(also called red flags of fraud) to determine whether fraud is taking place
Fraud investigation is performing the procedures needed to determine the
nature and amount of a fraud that has occurred.
b. List four personal (as opposed to organizational) fraud symptoms, or
red flags, that indicate the possibility of fraud. Do not confine your
answer to this example.
• High personal debts or significant financial or investment losses.
• Expensive lifestyle; living beyond your means.
• Extensive gambling, alcohol, or drug problems.
• Significant personal or family problems.
• Rewriting records, under the guise of neatness.
• Refusing to leave custody of records during the day.
• Extensive overtime.
• Skipping vacations.
• Questionable background and references.
• Feeling that pay is not commensurate with responsibilities.
• Strong desire to beat the system.
• Regular borrowing from fellow employees.
• Personal checks returned for insufficient funds.
• Collectors and creditors appearing at the place of business.
• Placing unauthorized IOUs in petty cash funds.
• Inclination toward covering up inefficiencies or "plugging" figures.
• Pronounced criticism of others.
• Association with questionable characters.
• Annoyance with reasonable questions; replying to questions with
unreasonable answers.
Accounting Systems and Processes (M) Tutorial 7 Page 3
• Unusually large bank balance.
• Bragging about exploits.
• Carrying unusually large amounts of cash.
c. List two procedures you could follow to uncover John’s fraudulent
behavior.
1. Inspecting the documentation supporting the release of a check to a
vendor. There would be no receiving report. There might be a fake PO
(not clear from the problem if John documents the fake purchase or if it
is just oral).
2. Tracing all payments back to the supporting documentation. The
receiving department would have no record of the receipt of the goods.
The purchasing department would have no record of having ordered
the materials or of having such materials requested.
Question 3
When U.S. Leasing (USL) computers began acting sluggishly, computer operators
were relieved when a software troubleshooter from IBM called. When he offered to
correct the problem they were having, he was given a log-on ID and password. The
next morning, the computers were worse. A call to IBM confirmed USL’s suspicion:
Someone had impersonated an IBM repairman to gain unauthorized access to the
system and destroy the database. USL was also concerned that the intruder had
devised a program that would let him get back into the system even after all the
passwords were changed. What techniques might the impostor have employed to
breach USL’s internal security? What could USL do to avoid these types of incidents
in the future?
What techniques might the impostor have employed to breach USL’s
internal security?
The perpetrator may have been an external hacker or he may have been an
employee with knowledge of the system.
It seems likely that the perpetrator was responsible for the sluggishness, as he
called soon after it started. To cause the sluggishness, the perpetrator may have:
• Infected the system with a virus or worm.
• Hacked into the system and hijacked the system, or a large part of its
processing capability.
To break into the system, the perpetrator may have:
• Used pretexting, which is creating and using an invented scenario (the
pretext) to increase the likelihood that a victim will divulge information or
do something they would not normally do. In this case, the perpetrator
pretended to be an IBM software troubleshooter to get a log-on ID and
password.
• Used masquerading, which is pretending to be an authorized user to access a
system. This was possible in this case once the perpetrator obtained the log-
on ID and password. Once inside the system, the perpetrator has all the
privileges attached to the user ID and password given to him.
Accounting Systems and Processes (M) Tutorial 7 Page 4
• Infected it with a Trojan horse, logic or time bomb, or some other
malware.
What could USL do to avoid these types of incidents in the future?
• Determine how the perpetrator caused the sluggishness and implement the
controls need to prevent it from happening again.
• Conduct a complete security review to identify and rectify and security
weaknesses.
• Only reveal passwords and logon numbers to authorized users whose
identities have been confirmed. When someone calls and indicates they are
an IBM employee, verify their identity by calling IBM back on their
known and published service number. Even better would be to call and
talk to the IBM representative assigned to USL.
• Provide employee training aimed at helping them not fall victim to the
many forms of social engineering.
• After providing outsiders with temporary user IDs and passwords, block
their use as soon as the need for them is passed.
Other control considerations that could reduce the incidence of unauthorized
access include:
• Improved control of sensitive data.
• Alternate repair procedures.
• Increased monitoring of system activities.
Question 4
The controller of a small business received the following e-mail with an authentic-
looking e-mail address and logo:
From: Big Bank [antifraud@bigbank.com]
To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!
Due to the increased incidence of fraud and identity theft, we are asking
all bank customers to verify their account information on the following
Web page: www.antifraudbigbank.com
Please confirm your account information as soon as possible. Failure to
confirm your account information will require us to suspend your account
until confirmation is made.
A week later, the following e-mail was delivered to the controller:
From: Big Bank [antifraud@bigbank.com]
To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!
Dear Client of Big Bank,
Accounting Systems and Processes (M) Tutorial 7 Page 5
Technical services at Big Bank is currently updating our software.
Therefore, we kindly ask that you access the website shown below to
confirm your data. Otherwise, your access to the system may be blocked.
web.da-us.bigbank.com/signin/scripts/login2/user_setup.jsp
We are grateful for your cooperation.
a. What should Justin do about these e-mails?
This is an attempt to acquire confidential information so that it can be used
for illicit purposes such as identity theft. Since the email looks authentic
and appears authoritative, unsuspecting and naïve employees are likely to
follow the emails instructions.
Justin should:
• Notify all employees and management that the email is fraudulent and
that no information should be entered on the indicated website.
• Delete the email without responding to its sender.
• Launch an education program for all employees and management
about computer fraud practices that could target their business.
• Notify Big Bank regarding the email.
b. What should Big Bank do about these e-mails?
• Immediately alert all customers about the email and ask them to
forward any suspicious email to the bank security team. But this needs
to be done via the bank’s web site, not by an email message. Banks
need to consistently never use email in ways similar to this type of
attack.
• Establish a quick and convenient method that encourages customers
and employees to notify Big Bank of suspicious emails.
• The warnings received by customers and employees should be
investigated and remedial actions should be taken.
• Notify and cooperate with law enforcement agencies so the perpetrator
can be apprehended.
• Notify the ISP from which the email originated, demanding that the
perpetrator’s account be discontinued.
c. Identify the computer fraud and abuse technique illustrated.
This computer fraud and abuse technique is called phishing. Its purpose is
to get the information need to commit identity theft. The perpetrator
probably also used brand spoofing of Big Bank’s web site.
DURING TUTORIAL 7
• Contribute to the class discussion of the above questions.
Please remember that you’ll enhance your learning by ACTIVELY
PARTICIPATING in the discussions.
Accounting Systems and Processes (M) Tutorial 7 Page 6
