Matakuliah : F0184/Audit atas Kecurangan
Tahun
: 2007
Computer Fraud
Pertemuan XVIII
Learning Outcomes
• Mahasiswa diharapkan dapat mengidentifikasi metodemetode kecurangan berbasis komputer
• Mahasiswa diharapkan mampu mengetahui
pengendalian yang diperlukan untuk mengatasi
kecurangan berbasis komputer
3
Bina Nusantara
Outline Materi
•
•
•
•
•
Computer fraud category
Computer Fraud Theory
Nature of Computer Fraud
Type of Computer Fraud
Internal Control for Computer Fraud
4
Bina Nusantara
Potential Issues
• Most prevention efforts focus on building more
accounting, access, or physical security controls
• It is vital to recognize that there are limits to
technological and procedural controls
• Some factors in the business environment are likely to
encourage computer crime and other discourage it
Bina Nusantara
Discourage Factors for Internet Crime
Internal
Controls
Access Controls
Firewalls
Bina Nusantara
Internal Controls
• Separation and rotation of duties
• Periodic audit
• Absolute insistence that control policies and procedures
be documented in writing
• Dual signatures authorities, monetary authorization limit,
expired date for signatures, and check amount limit
• Offline controls and limits
• Feedback mechanism
Bina Nusantara
Access Controls
• Authentication and identification controls
• Compartmentalization
• Encryption
Bina Nusantara
Measures to Detect Attempt
• A system of logging and follow up exceptions should be
designed and implemented to log unusual activities
• Logging and following up on variances should be able to
indicate a problem may have occurred or is occurring
• General logging should be in place
• Awareness of employee attitudes and satisfaction levels
should be developed and maintained
• Sensitivity should be developed and maintained to
reports that particular individuals are having problems
• Newly developed intrusion detection systems should be
used
Bina Nusantara
IT Controls based on COSO
General Control
Application Control
Bina Nusantara
General Controls
Data Center Operations
System software controls
Access security
Application system development and
maintenance
Bina Nusantara
Major Criteria for Effective IT System
Availability
Integrity
Compliance
Bina Nusantara
Sub Criteria for Effective IT System
Effectiveness
Confidentiality
Bina Nusantara
Efficiency