Chapter 3: System Documentation

Techniques

Learning Objectives:
 Prepare and use data flow diagrams to understand, evaluate, and
document information systems.
 Prepare and use flowcharts to understand, evaluate, and document
information systems.
 Prepare and use business process diagrams to understand, evaluate, and
document information systems.
Why Document Systems?

 Accountants must be able to read documentation and understand how a

system works (e.g. auditors need to assess risk)
 Sarbanes-Oxley Act (SOX) requires management to assess internal controls
and auditors to evaluate the assessment.
 Used for systems development and changes.
Data Flow Diagram (DFD)

 Focuses on the data flows for:

 Processes

 Sources and destination of the data

 Data stores

DFD are visually simple, can be used to represent the same

process at a high abstract or detailed level.
Basic Data Flow Diagram Elements
Basic Guidelines for creating a DFD

 Understand the system that you are trying to represent.

 A DFD is a simple representation meaning that you need to consider what is relevant
and what needs to be included.
 Start with a high level (context diagram) to show how data flows between outside
entities and inside the system. Use additional DFD’s at the detailed level to show how
data flows within the system.
 Identify and group all the basic elements of the DFD.
 Name the data elements with descriptive names, use action verbs for processes (e.g.
update, edit, prepare, validate, etc)
 Give each process a sequential number to help the reader navigate from the abstract
to the detailed levels.
 Edit/review/refine your DFD to make it easy to read and understand.
Flowcharts

 Describe an information system showing:

 Inputs and Outputs
 Information activities (processing data)
 Data storage
 Data flows
 Decision steps

Key strengths of flowcharts are that they can easily capture

control via decision points, show manual vs. automated
processes.
Flowchart Symbols
Types of Flowcharts

 Document: shows the flow of documents and data

for a process, useful in evaluating internal controls.
 System: depicts the data processing cycle for a
process
 Programs: illustrates the sequence of logic in the
system process
Guidelines for Drawing Flowcharts

 Understand the system that you are trying to represent.

 Identify business processes, documents, data flows, and data
processing procedures.
 Organize the flowchart so as it reads from top to bottom and left
to right.
 Name the data elements with descriptively.
 Edit/review/refine to make it easy to read and understand.
Business Process Diagrams

 Is a visual way to represent the activities in a business process.

 Intent is that all business users can easily understand the
process from a standard notation (BPMN: Business Process
Modeling Notation)
 Can show the organizational unit performing the activity
Business Process Diagram Basic Symbols
Payroll Business Process Diagram Example
Chapter 4. Computer Fraud and Abuse Techniques
Fraud

Fraud is gaining an unfair advantage over another person.

Legally, for an act to be fraudulent there must be:

1. A false statement, representation, or disclosure.
2. A material fact, which is something that induces a person to act.
3. An intent to deceive.
4. A justified reliance; that is, the person relies on the misrepresentation to take
an action.
5. An injury or loss suffered by a victim.
Fraud

The Association of Certified Fraud Examiners (ACFE) conducts comprehensive

fraud studies and releases its findings in a Report to the Nation on
Occupational Fraud and Abuse.

The ACFE estimates that:

 A typical organization loses 5% of its annual revenue to fraud, indicating
yearly global fraud loses over $3.7 trillion.
 Owner/executive frauds took much longer to detect and were more than
four times as costly as manager-perpetrated frauds and more that 11 times
costly as employee fraud.
Fraud

Corruption is dishonest conduct by those holding power and it often involves actions that
are illegitimate, immoral, or incompatible with ethical standards. There are many types of
corruption; examples include bribery and bid rigging.

Investment fraud is misrepresenting or leaving out facts in order to promote an

investment that promises fantastic profits with little or no risk. There are many types of
investment fraud; examples include Ponzi schemes and securities fraud.

Two types of frauds that are important to businesses are misappropriation of assets
(sometimes called employee fraud) and fraudulent financial reporting (sometimes called
management fraud). These two types of fraud are now discussed in greater depth.
Fraud

Misappropriation of assets is the theft of assets by employee.

Examples include the following:
 Albert Mirano, a manager at ABS-CBN responsible for processing bills, embezzled Php20
million over a five-year period. He forged a superior’s signature on invoices for services never
performed, submitted them to accounts payable, forged the endorsement on the check,
and deposited it in his account. Milano used the funds to buy an expensive home, five cars,
and a boat.
 A bank (BPI) vice president approved Php1 billion in a bad loans in exchange for
Php585,000.00 in kickbacks. The loan cost the bank $800 million and helped trigger its
collapsed.
 A manager at a Cebu newspaper went to work for a competitor after he was fired. The first
employer soon realized its reporters were being scooped. An investigation revealed the
manager still had an active account and password and regularly browsed its computer files
for information on exclusive stories.
Fraud

Fraudulent financial reporting as intentional or reckless conduct, whether by act or

emission, that results in materially misleading financial statements.

Management falsifies financial statements to deceive investors and creditors, increase a

company’s stock price, meet cash flow needs, or hide company losses and problems.

Four actions to reduce fraudulent financial reporting:

1. Establish an organizational environment that contributes to the integrity of financial
reporting process.
2. Identify and understand the factors that lead to fraudulent financial reporting.
3. Assess the risk of fraudulent financial reporting within the company.
4. Design and implement internal controls to provide reasonable assurance of
preventing fraudulent financial reporting.
Fraud Triangle
 Pressure

A person is a person’s incentive or

motivation for committing fraud.

Three types of pressure that lead to

misappropriations.
Financial pressure often motivate
misappropriation fraud by
employees. Examples of such
pressure include living beyond
one’s means, heavy financial
losses, or high personal debt.
 Opportunity

Opportunity is the condition or

situation that allows a person or
organization to commit and conceal
a dishonest act and convert it to
personal gain.

1. Commit the fraud. The theft of

assets is the most common type of
misappropriation.

Most instances of fraudulent financial

reporting involve overstatements of
assets or revenues, overstatements of
liabilities, or failures to disclose
information.
 Opportunity

2. Conceal the fraud. To prevent

detection when assets are stolen or
financial statements are overstated,
perpetrators must keep the accounting
equation in balance by inflating other
assets or decreasing liabilities or equity.

Concealment often takes more effort

and time and leaves behind more
evidence than the theft or
misrepresentation.

Taking cash requires only a few

seconds; altering records to hide the
theft is more challenging and time-
consuming.
 Opportunity
3. Convert the theft or
misrepresentation to personal gain.

In a misrepresentation, fraud
perpetrators who do not steal cash or
use the stolen assets personally must
convert them to a spendable form.

For example, employees who steal

inventory or equipment sell the items or
otherwise convert them to cash. In
cases of falsified financial statements,
perpetrators convert their actions to
personal gain through indirect benefits;
that is, to keep their jobs, their stock
rises, they receive pay raises and
promotions, or they gain more power
and influence.
Computer Fraud

Computer fraud is any fraud that requires computer technology to perpetrate

it.

Examples include:
 Unauthorized theft, use, access, modification, copying, or destruction of
software, hardware, or data.
 Theft of assets covered up by altering computer records.
 Obtaining information or tangible or tangible property illegally using
computers.
Computer Fraud

Computer fraud classification

Input fraud
The simplest and most common way to commit a computer fraud is to alter or falsify computer
input. It requires little skill; perpetrators need only understand how the system operates so they can
cover their tracks.

Processor fraud
Processor fraud unauthorized system use, including the theft or computer time and services.

Computer instruction fraud

Computer instruction fraud includes tampering with company software, copying software illegally,
using software in an unauthorized manner, and developing software to carry out an unauthorized
activity. This approach used to be uncommon because it required specialized programming
knowledge.
Computer fraud

Data fraud
Illegally using, copying, browsing, searching, or harming company data constitutes, data
fraud. The biggest cause of data breaches is employee negligence.

Output fraud
Unless properly safeguarded, displayed or printed output can be stolen, copied, or
misused. It was showed that some monitors emit television-like signals that, with the help of
some inexpensive electronic gear can be displayed on a television screen.
 Fraud perpetrators use computers to forge authentic-looking outputs, such as
paycheck.
 A fraud perpetrator can scan a company paycheck, use desktop publishing software
to erase the payee and amount, and print fictitious paycheck.