NCJ Number
65098
Journal
CHARTERED ACCOUNTANT IN AUSTRALIA Volume: 48 Dated: (APRIL 1978) Pages: 34-40
Date Published
1978
Length
7 pages
Annotation
THIS PAPER DISCUSSES THE SCOPE AND NATURE OF COMPUTER CRIME, ANALYZES WEAKNESSES ASSOCIATED WITH COMPUTER ABUSE, AND SUGGESTS MEASURES FOR CRIME PREVENTION AND DETECTION.
Abstract
THE CONCENTRATION OF ACCOUNTING PROCEDURES AND DATA WITHIN THE COMPUTER DEPARTMENTS OF CORPORATIONS AND THE LACK OF ADEQUATE MANAGEMENT CONTROLS HAVE RESULTED IN AN INVITATION TO THE COMPUTER CRIMINAL. BY 1985, IT IS ESTIMATED THAT LOSSES DUE TO COMPUTER ABUSE WILL REACH AN ANNUAL TOTAL OF $160 MILLION. AN EXAMINATION OF CASE HISTORIES AND COMPUTER CRIME STATISTICS REVEALS THAT MANY OF THE DETECTED CASES MIGHT HAVE BEEN PREVENTED, HAD ADEQUATE INTERNAL CONTROLS BEEN OPERATING IN THE VICTIM CORPORATION. COMPUTER CRIME USUALLY REQUIRES FOUR KEY ELEMENTS: ACCESS TO COMPUTER PROGRAMS, ACCESS TO DATA FILES, ACCESS TO COMPUTER EQUIPMENT, AND ACCESS TO CORPORATE ASSETS. THERE APPEAR TO BE SIX BASIC AREAS WHERE CONTROL WEAKNESSES HAVE FACILITATED COMPUTER ABUSE: () THE LACK OF BASIC AND SUPERVISORY CONTROLS OVER COMPUTERIZED ACCOUNTING SYSTEMS EXERCISED BY SYSTEM USERS; (2) INADEQUATE CONTROLS OVER THE DEVELOPMENT AND MAINTENANCE OF COMPUTER PROGRAMS AND SYSTEMS; (3) LACK OF SECURITY OVER PROGRAMS; (4) INADEQUATE CONTROL OVER COMPUTER OPERATIONS; (5) INADEQUATE DATA FILE CONTROLS, AND (6) INADEQUATE CONTROLS OVER SYSTEMS SOFTWARE. COMPUTER CRIME PREVENTION AND DETECTION MEASURES REQUIRE INTERNAL CONTROLS IN TWO AREAS: APPLICATION AND THE DATA PROCESSING FUNCTIONS. IN ADDITION, AUDITORS MUST BE RESPONSIBLE FOR COMPLETE EXAMINATION OF THE APPLICATION CONTROLS AND THE EDP FUNCTIONS IN ORDER TO AID IN RAPID DETECTION OF COMPUTER ABUSE. CASE STUDIES AND A LIST OF 21 REFERENCES ARE INCLUDED.