Real Frauds Found in Not-for-Profits by Lynda Dennis

Author:Lynda Dennis [Lynda Dennis]
Language: eng
Format: epub
Publisher: Wiley
Published: 2020-07-15T00:00:00+00:00

Exercises

How would you resolve the issues presented in this case?

Would you consider these situations fraudulent or indicative of abuse?

Why do you think the predecessor auditor might not have questioned the overtime hours?

Chapter 5

Case 5: Cyber Fraud

Learning objective

Identify various types of cyber frauds and their associated risks.

Before we start

Cyberfraud is becoming more prevalent and more costly every year and is garnering more interest in preventing it and protecting individuals and organizations from it. This is especially important for small-and medium-sized organizations because they typically have fewer controls in place than larger organizations, making them an easy target for a data breach.

According to a survey of cyber claims filed by CPA firms in 2017, 30% of all claims were due to hacking and 31% were due to human error. Social engineering and ransomware accounted for 20% and 10%, respectively, of the claims.1

Hackers will continue to test systems for vulnerabilities regardless of the controls an organization might put in place. Additionally, the methods hackers use change rapidly, making cyber controls in place today ineffective tomorrow. However, by implementing adequate data security measures, governmental and not-for-profit organizations may reduce the risk of a data breach or reduce the impact of a successful data breach.

Successfully avoiding a cyber threat requires an understanding of the mindset of cybercriminals and their motivation. Synthesizing cyber risks through the fraud triangle may not apply in the cybercrime environment, making it necessary to look beyond typical fraud prevention methods. What motivates a hacker can be vastly different than from what motivates the traditional fraudster. Former employees may hold a grudge and then be motivated to hack their former employer’s system. Other hackers might launch an attack on an organization because they are ideologically opposed to the organization’s strategy, mission, or success.

A number of methods by which cybercriminals successfully hack an organization’s system are discussed here. Understanding the nature of the data governmental and not-for-profit organizations store is the first step in establishing best practices to protecting this data. Many governments, for example, store credit card and financial institution information. Not-for-profits providing health and human services may store personal financial information as well as health and education related data.

Historically, governmental and not-for-profit organizations invest human, capital, and financial resources in front line services and mission-oriented activities rather than internal control systems. Similarly, they often make minimal or inadequate investments in technology and devote little or no resources to cybersecurity. As such, hackers find governmental and not-for-profit organizations easy targets for a cyberattack. There are, however, some controls all governmental and not-for-profit organizations, regardless of size, can implement to reduce their vulnerability to a cyberattack. These include the following:

Train users on security practices by regularly educating employees about new attacks and risks

Create and test system backups ensuring backups are consistent with the recovery time defined in the organization’s disaster recovery plan

Prioritize anti-virus and security patches on all systems in a timely manner

Implement network segmentation controls that consider which individuals/functions need access to which systems and data

Review existing insurance policies for adequacy of

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.