An Accounting Information System (AIS) is a combination of the study of the norms of accounting and the design, execution, and supervision of information systems. AISs use new technological tools together with traditional accounting systems to give users the financial information required to run their firms. An AIS consists of three components: input, process and output. Input devices frequently used in AIS include PCs on which the AIS software is installed, scanning machines for standardized data entry, and electronic communication equipment for sending and receiving electronic data and e-commerce (Wells, 312). Elementary processing is realized using computer systems of varying processing abilities, depending on the magnitude of work. Output devices used in AIS include computer monitors, printers, and electronic communication equipment for sending and receiving electronic data and e-commerce.
Why Fraud Occurs
Many instances of data fraud are perpetrated by disgruntled employees, or by employees who seek to sell the information or facilitate insider trading. An employee may also see an opportunity such as promotion or incentive. Perpetrators find some sort of excuse that makes fraud seem normal. Fraud also occurs due to some form of pressure, whether it is financial or attaining company goals (Albrecht et al, 125).
Accounting Information Systems Fraud
Just like any information technology platform, an AIS is vulnerable to various forms of fraud. An AIS fraud is a deliberate and wrong/incorrect entry of any financial transaction that alters the company’s financial records. AIS frauds originate from various sources, and have different intentions, if ignored, they can destroy the usefulness and reliability of financial information, causing stakeholders to make poor decisions. AIS fraud begins during data collection, at this point, it is imperative that security controls are placed to guarantee that transactions and financial data are valid. Unauthorized access to an AIS and intercepting electronic messages are examples of activities that can gravely affect the validity of the data collection process.
Input Fraud
Fraud in AISs can also occur during the input stage. Input fraud is the plainest and the most common form of AIS fraud as it only involves an alteration of the system’s input. Input fraud requires basic computer skills and the fraudster only needs to comprehend how the system functions. This form of fraud can take various forms, these include:
- Disbursement fraud- the fraudster causes the firm to pay excess money for goods or pays for goods that were not ordered.
- Inventory fraud- the fraudster inputs information into the system with an aim of stealing inventory.
- Payroll fraud.
- Cash receipt fraud.
- Fictitious refund fraud- an employee inputs data indicating an undeserved refund.
Processor Fraud
Processor fraud involves using a company’s AIS system to transact personal business or other unauthorized system uses. This may comprise theft of computer time and services. Examples of processing fraud include browsing the web using a company computer or to transact private business.
Computer Instructions Fraud
This form of fraud involves interfering with the software that processes the firm’s data. A person may design illegal programs, alter or delete files, damage or corrupt the system’s logic by using a virus or malware, or change a program’s algorithm to process data in an erroneous manner. Computer instructions fraud also includes making illicit copies of the firm’s software and using it in an illegitimate manner. This form of fraud requires intricate computer programming knowledge.
Data Fraud
Data fraud involves modifying a firm’s data files or reproducing, using, or accessing the company’s databases and stealing information. Fraud in databases includes unauthorized access that enables a fraudster to alter, delete, corrupt, or steal the firm’s data. If a company does not maintain secure backups or other reliable data recovery systems, database fraud may cause a huge negative impact on the organization’s future.
Output Fraud
Output fraud involves pilfering or misusing the AIS system’s output. If the firm doe not institutes adequate security measures, screen output can be transmitted effortlessly to a remote location using cheap electronic equipment. Output can also be seen or duplicated by unauthorized persons, this can be risky if the output information consists of sensitive material. A person may also use a computer and other peripheral devices to generate fake outputs such as invoices and receipts (Kranacher et al, 210).
Output fraud also includes theft, misdirection, or manipulation of the output device in a manner that could dent the competitiveness, usefulness and applicability of the data to the organization.
Types of Computer Attacks
Perpetrators have devised several methods for committing AIS fraud as shown below:
- Data Diddling- altering data after it is entered into the system;
- Denial of Service Attacks- overloading an internet service by sending numerous requests, causing the closure of the server;
- Hacking- illegal access of company data stored in a computer hard drive or server;
- Malware- use of software that is aimed at harming a computer system or network. Malware also enables the creator or user to take partial control of a computer.
- Spyware- a form of malware that is installed on a computer and collects information about a computer user without his information;
- Phishing- this is the practice of using fake or counterfeit emails or websites masquerading as a genuine entity with the aim of stealing usernames, passwords or credit card information from a person or organization.
Another non-technical form of fraud, known as social engineering, has been employed by persons to commit fraud in businesses. This is an act of psychological control in which a perpetrator convinces a person, such as an employee, to reveal some vital or confidential information.
Works Cited
Albrecht, Steve, Albrecht, Conan, and Albrecht Chad. Fraud Examination, 3rd Ed. Ohio: South Western Cengage Learning, 2009.
Kranacher, Mary-Jo, Riley, Richard, and Wells, Joseph T. Forensic Accounting and Fraud Examination. New Jersey: John Wiley and Sons, Inc., 2010.
Wells, Joseph T. Principles of Fraud Examination. New Jersey: John Wiley and Sons, Inc., 2010.