Accounting Networking Computer Fraud and Review
The biggest advantage of the network Openness and sharing is precisely the most deadly weakness of the accounting network with high security requirements. Since the main key role in network accounting is the computer, auditors should thoroughly analyze computer fraud techniques based on their own experience in dealing with traditional fraud cases, and try to check and deal with computer crimes. Auditing means.
First, computer fraud analysis tampering input This is the simplest and most common method of computer fraud. The data was tampered with before or after the input. It usually appears as: fictitious business data, such as entering a fake deposit slip into the bank's system, increasing the number of deposits of the perpetrator; modifying the business data; deleting the business data, such as deleting an inventory data from the inventory system, eliminating the purchase business certificate. By making illegal changes to the data, accounting data is untrue, unreliable, inaccurate, or used to achieve some illegal purpose, such as transferring unit funds to a designated personal account.
Possible fraudsters include: people involved in business processing, data preparers, source data providers, people who can access the computer but do not participate in business processing.
Possible evidence includes: source files, business files, computer-readable files, disks, tapes, exception reports, incorrect results, and more.
Stealing or tampering with trade secrets, illegal transfer of electronic funds and data breaches, etc., stealing or tampering with trade secrets is an act of illegal users of the system using abnormal means to obtain important confidentiality of the enterprise. The illegal transfer of funds through the communication facilities of high-tech equipment and systems poses a great threat to the security protection of accounting data.
1. During the transmission of data, the transmission route of information is random due to the use of an open TCP/IP protocol. Therefore, physical eavesdropping, sensory eavesdropping, password test, information theft, and identity counterfeiting may occur.
2. In the process of data output, the fraudster can hide the sensitive data in the output report with no problem. The method is to increase the data block; control and observe the operation of the device components, such as tape reading and writing, printer column The sound produced by the structure of the print and jump lines is recorded on the tape to obtain binary information.
3. With the special configuration on the device, the wireless transmission acceptance function can be placed in the CPU chip, and the program for intelligence collection and controlled excitation destruction can be pre-positioned in the operating system, the database management system or the application program.
In addition to tampering with the output report as internal users, the possible fraudsters are mostly outsiders and more spies.
Tampering a program to change a program means making illegal changes to the program in order to achieve some kind of fraud. Common techniques include "trapdoors" and "trojan horses."
1, trapdoors from the CPU, operating system to the application, any link may be left by the developer "back door", that is, "trapdoor." The trapdoor is a secret entry to a module. This secret entry is not documented, so the user does not know the existence of the trapdoor. The trapdoor is programmed during program development to test this module or to change and enhance the functionality of the module. When the software was delivered, some programmers didn't remove it, so people with bad intentions could access it covertly.
2, secretly programmed in the system to enable unauthorized functions, this behavior is called Trojan horse. A typical Trojan horse steals someone else's account and password on the Internet. It sometimes falsifies the login site before the legitimate user logs in, prompts the user to enter the account number and password, and then saves the account and password to a file, showing the login error and exiting. Trojan horse program. The user thought that he had entered the wrong one. When he tried again, it was already a normal login, and the user would not doubt it. And the Trojan horse has gained valuable information to hide aside.
Most of the possible fraudsters are computer experts, including system administrators, network administrators, system operators, and network hackers.
Possible evidence includes: source files, database files.
Second, the review of computer fraud in the review of computer fraud in addition to the traditional audit methods, such as: analytical review, review and verification, inventory physical, query and correspondence, the most effective is based on the characteristics of the network accounting system Conduct a targeted review.
Tampering in the input review
1. Apply the traditional method to review the legality of the manual accounting vouchers and the original vouchers. First, the auditor should check some of the original documents, focus on using the review method to determine the authenticity of the business, determine whether the source of the original documents is legal, whether the data has been tampered with, whether the amount is fair or not. Secondly, using the verification method, the contents and data of the accounting voucher are checked against the contents and data of the original document to check whether the starting point of the computer processing is correct. Finally, the accounts are checked.
2. Apply sampling auditing technology, check some of the internal accounting vouchers and manual accounting vouchers, and check the authenticity of the input vouchers. According to the vouchers input by the object under review, the results of the processing are compared with the output of the computer processing system by manual operation to check whether they are consistent.
3. Test data integrity. The auditor simulates the data input of the computer data processing system of a group of audited units, so that the system can complete the processing process according to the functional requirements of the data processing system under the personal operation or control of the auditor, and obtain the data and the prior data. The calculated results are compared to verify that the original data is completely consistent with the existing data.
4. Analyze the output report to check for abnormal conditions or alterations. For example, the books, statements, operation logs, and computer records related to the audit should be printed for future reference.
5. Data security review. Check that the data has been subjected to various verifications before and after the input. Including: division of responsibility: whether the network electronic data processing department and the user department are separated from each other. If a person is responsible for business transactions and has access to electronic data processing, the company has the dual risks of fraud and negligence; the network electronic data processing department Whether there is a division of responsibilities within the internal division of the electronic data processing department, the purpose is to ensure that the incompatible duties are held by different people, and to ensure that one can check the work of others. The handling personnel are responsible for the production, inspection, signature work, or the dual responsibility system.
6. Calculate the total amount and establish the input batch control accounting. In this method, the auditor first selects data based on the control points, establishes the total number of batches, then inputs the data and checks the output against the total number of batches. With this method, the data is divided into groups, and the total number of totals obtained is the total number of controls. The data can be normal or abnormal. For abnormal data, you can check the program's correction of input errors and the process of verification to confirm the reliability of the input verification measures.
7. Review the operating permissions. Check for illegal violations or leaks. Includes: Authentication. Verify that the identity of the visitor is consistent with the identity of the author. Control of access control permissions. Secret level - top secret, confidential, secret, internal, sensitive. Division of labor - system developers, system administrators, operators, users.
8, check the log on the machine. The log file of the operating system contains detailed user information and system call data information. In network accounting, since users can log in randomly from different clients, it is often necessary to exchange information between hosts, and it is very difficult to analyze and judge the remaining records. Doing this job requires the right professional sensitivity and professional judgment.
Review of theft or falsification of trade secrets, illegal transfer of electronic funds and data breaches
1. Check for eavesdropping or radio transmitters near the computer hardware. Specifically, it includes: whether there is a contact between the bug and the communication line, whether the inductive passive eavesdropping is performed by using a cassette recorder, a microphone, an AM/FM small recorder, or a Modem.
2. Check the usage record of the computer system to see if the data file has been accessed or accessed at any time. Is it normal? There are usually IBM's SMF method and CCA Software's TopSecret program tool. Its main functions are: record the user name, the storage capacity occupied by the CPU of each program segment, the name of the machine used, the end status of the job, etc.; the data file usage record function, such as the data file name and user name used. , data file changes, etc.; capacity record function, record the amount of data in each data file.
3. Check whether the printed materials are processed in time, and whether there are still data remaining on the disks and tapes that are not used temporarily.
4. Check if an illegal user has logged into the system. This can be used to find clues through system access records or log logs. For example, the system record records an operator's access time usually from 8:00 to 17:00, but suddenly there is a 23-point access record, which can suspect that an illegal user is logged into the system.
5. Investigate and confirm the personal interaction of the suspected object in order to find clues.
Tampering program review
1. Program code check method. Check all or suspicious parts of the source program to analyze whether there are illegal source programs to determine whether the programmer left a "trapdoor" and pay attention to whether the program's design logic and processing functions are appropriate. The specific steps of this method are as follows: The auditor should write the necessary control measures for the test program based on his own experience. Analyze the source code and check for necessary controls. Test the subroutine called by the source program, because some programmers will hide the subprograms in the source program, and these subprograms are often used as non-compliant accounting services.
2. Program comparison method. Compare the target code or source code of the actual applied software with the audited corresponding backup software to determine if there are unauthorized program changes. In the implementation, some system tools can be used.
3. Test data method. It is a method of simulating certain business data and inputting the test data into the system to check the correctness of the system's processing of the same kind of data in the actual business and the ability to discriminate the erroneous data through the processing of the system. It is mainly a test of the effectiveness of various common details processing, such as plausibility check, overflow check, negative check, check check record order. The auditor shall determine the control measures that must be included in the system according to the purpose of the test, apply the simulated data or the real data to test the system under review, and check whether the processing result is correct.
4. Program tracking method. The auditing program or the auditing software package is used to perform a comprehensive or a range of tracking processing on the system processing process, and the obtained results are compared with the system processing results to determine whether the system is safe and reliable. This method can be used to easily find the code segments that are potentially exploited by criminals.
5. Conduct an audit investigation of the possible beneficiaries of the criminal act and examine the personal income of the unidentified person.
【references】
[1] Jin Guanghua et al. Network Audit [M]. Shanghai: Lixin Accounting Press, 2000.
[2] Wang Jingsi. The latest accounting computerization manual [M]. Beijing: China Federation of Industry and Commerce, 2000.
[3] Shang Jie, Wang Yongku. The security concept of network finance [J]. China Accounting Computerization, 2002,.
[4] Wang Hailin. On the security risks and prevention strategies of accounting networked systems [J]. China Accounting Computerization, 2000,.
First, computer fraud analysis tampering input This is the simplest and most common method of computer fraud. The data was tampered with before or after the input. It usually appears as: fictitious business data, such as entering a fake deposit slip into the bank's system, increasing the number of deposits of the perpetrator; modifying the business data; deleting the business data, such as deleting an inventory data from the inventory system, eliminating the purchase business certificate. By making illegal changes to the data, accounting data is untrue, unreliable, inaccurate, or used to achieve some illegal purpose, such as transferring unit funds to a designated personal account.
Possible fraudsters include: people involved in business processing, data preparers, source data providers, people who can access the computer but do not participate in business processing.
Possible evidence includes: source files, business files, computer-readable files, disks, tapes, exception reports, incorrect results, and more.
Stealing or tampering with trade secrets, illegal transfer of electronic funds and data breaches, etc., stealing or tampering with trade secrets is an act of illegal users of the system using abnormal means to obtain important confidentiality of the enterprise. The illegal transfer of funds through the communication facilities of high-tech equipment and systems poses a great threat to the security protection of accounting data.
1. During the transmission of data, the transmission route of information is random due to the use of an open TCP/IP protocol. Therefore, physical eavesdropping, sensory eavesdropping, password test, information theft, and identity counterfeiting may occur.
2. In the process of data output, the fraudster can hide the sensitive data in the output report with no problem. The method is to increase the data block; control and observe the operation of the device components, such as tape reading and writing, printer column The sound produced by the structure of the print and jump lines is recorded on the tape to obtain binary information.
3. With the special configuration on the device, the wireless transmission acceptance function can be placed in the CPU chip, and the program for intelligence collection and controlled excitation destruction can be pre-positioned in the operating system, the database management system or the application program.
In addition to tampering with the output report as internal users, the possible fraudsters are mostly outsiders and more spies.
Tampering a program to change a program means making illegal changes to the program in order to achieve some kind of fraud. Common techniques include "trapdoors" and "trojan horses."
1, trapdoors from the CPU, operating system to the application, any link may be left by the developer "back door", that is, "trapdoor." The trapdoor is a secret entry to a module. This secret entry is not documented, so the user does not know the existence of the trapdoor. The trapdoor is programmed during program development to test this module or to change and enhance the functionality of the module. When the software was delivered, some programmers didn't remove it, so people with bad intentions could access it covertly.
2, secretly programmed in the system to enable unauthorized functions, this behavior is called Trojan horse. A typical Trojan horse steals someone else's account and password on the Internet. It sometimes falsifies the login site before the legitimate user logs in, prompts the user to enter the account number and password, and then saves the account and password to a file, showing the login error and exiting. Trojan horse program. The user thought that he had entered the wrong one. When he tried again, it was already a normal login, and the user would not doubt it. And the Trojan horse has gained valuable information to hide aside.
Most of the possible fraudsters are computer experts, including system administrators, network administrators, system operators, and network hackers.
Possible evidence includes: source files, database files.
Second, the review of computer fraud in the review of computer fraud in addition to the traditional audit methods, such as: analytical review, review and verification, inventory physical, query and correspondence, the most effective is based on the characteristics of the network accounting system Conduct a targeted review.
Tampering in the input review
1. Apply the traditional method to review the legality of the manual accounting vouchers and the original vouchers. First, the auditor should check some of the original documents, focus on using the review method to determine the authenticity of the business, determine whether the source of the original documents is legal, whether the data has been tampered with, whether the amount is fair or not. Secondly, using the verification method, the contents and data of the accounting voucher are checked against the contents and data of the original document to check whether the starting point of the computer processing is correct. Finally, the accounts are checked.
2. Apply sampling auditing technology, check some of the internal accounting vouchers and manual accounting vouchers, and check the authenticity of the input vouchers. According to the vouchers input by the object under review, the results of the processing are compared with the output of the computer processing system by manual operation to check whether they are consistent.
3. Test data integrity. The auditor simulates the data input of the computer data processing system of a group of audited units, so that the system can complete the processing process according to the functional requirements of the data processing system under the personal operation or control of the auditor, and obtain the data and the prior data. The calculated results are compared to verify that the original data is completely consistent with the existing data.
4. Analyze the output report to check for abnormal conditions or alterations. For example, the books, statements, operation logs, and computer records related to the audit should be printed for future reference.
5. Data security review. Check that the data has been subjected to various verifications before and after the input. Including: division of responsibility: whether the network electronic data processing department and the user department are separated from each other. If a person is responsible for business transactions and has access to electronic data processing, the company has the dual risks of fraud and negligence; the network electronic data processing department Whether there is a division of responsibilities within the internal division of the electronic data processing department, the purpose is to ensure that the incompatible duties are held by different people, and to ensure that one can check the work of others. The handling personnel are responsible for the production, inspection, signature work, or the dual responsibility system.
6. Calculate the total amount and establish the input batch control accounting. In this method, the auditor first selects data based on the control points, establishes the total number of batches, then inputs the data and checks the output against the total number of batches. With this method, the data is divided into groups, and the total number of totals obtained is the total number of controls. The data can be normal or abnormal. For abnormal data, you can check the program's correction of input errors and the process of verification to confirm the reliability of the input verification measures.
7. Review the operating permissions. Check for illegal violations or leaks. Includes: Authentication. Verify that the identity of the visitor is consistent with the identity of the author. Control of access control permissions. Secret level - top secret, confidential, secret, internal, sensitive. Division of labor - system developers, system administrators, operators, users.
8, check the log on the machine. The log file of the operating system contains detailed user information and system call data information. In network accounting, since users can log in randomly from different clients, it is often necessary to exchange information between hosts, and it is very difficult to analyze and judge the remaining records. Doing this job requires the right professional sensitivity and professional judgment.
Review of theft or falsification of trade secrets, illegal transfer of electronic funds and data breaches
1. Check for eavesdropping or radio transmitters near the computer hardware. Specifically, it includes: whether there is a contact between the bug and the communication line, whether the inductive passive eavesdropping is performed by using a cassette recorder, a microphone, an AM/FM small recorder, or a Modem.
2. Check the usage record of the computer system to see if the data file has been accessed or accessed at any time. Is it normal? There are usually IBM's SMF method and CCA Software's TopSecret program tool. Its main functions are: record the user name, the storage capacity occupied by the CPU of each program segment, the name of the machine used, the end status of the job, etc.; the data file usage record function, such as the data file name and user name used. , data file changes, etc.; capacity record function, record the amount of data in each data file.
3. Check whether the printed materials are processed in time, and whether there are still data remaining on the disks and tapes that are not used temporarily.
4. Check if an illegal user has logged into the system. This can be used to find clues through system access records or log logs. For example, the system record records an operator's access time usually from 8:00 to 17:00, but suddenly there is a 23-point access record, which can suspect that an illegal user is logged into the system.
5. Investigate and confirm the personal interaction of the suspected object in order to find clues.
Tampering program review
1. Program code check method. Check all or suspicious parts of the source program to analyze whether there are illegal source programs to determine whether the programmer left a "trapdoor" and pay attention to whether the program's design logic and processing functions are appropriate. The specific steps of this method are as follows: The auditor should write the necessary control measures for the test program based on his own experience. Analyze the source code and check for necessary controls. Test the subroutine called by the source program, because some programmers will hide the subprograms in the source program, and these subprograms are often used as non-compliant accounting services.
2. Program comparison method. Compare the target code or source code of the actual applied software with the audited corresponding backup software to determine if there are unauthorized program changes. In the implementation, some system tools can be used.
3. Test data method. It is a method of simulating certain business data and inputting the test data into the system to check the correctness of the system's processing of the same kind of data in the actual business and the ability to discriminate the erroneous data through the processing of the system. It is mainly a test of the effectiveness of various common details processing, such as plausibility check, overflow check, negative check, check check record order. The auditor shall determine the control measures that must be included in the system according to the purpose of the test, apply the simulated data or the real data to test the system under review, and check whether the processing result is correct.
4. Program tracking method. The auditing program or the auditing software package is used to perform a comprehensive or a range of tracking processing on the system processing process, and the obtained results are compared with the system processing results to determine whether the system is safe and reliable. This method can be used to easily find the code segments that are potentially exploited by criminals.
5. Conduct an audit investigation of the possible beneficiaries of the criminal act and examine the personal income of the unidentified person.
【references】
[1] Jin Guanghua et al. Network Audit [M]. Shanghai: Lixin Accounting Press, 2000.
[2] Wang Jingsi. The latest accounting computerization manual [M]. Beijing: China Federation of Industry and Commerce, 2000.
[3] Shang Jie, Wang Yongku. The security concept of network finance [J]. China Accounting Computerization, 2002,.
[4] Wang Hailin. On the security risks and prevention strategies of accounting networked systems [J]. China Accounting Computerization, 2000,.
recommended article
- Graduate Social Practice Report
- Problems and Countermeasures of Villager Autonomy in China
- Primary school winter holiday practice report
- Practice report: I feel that the village committee of Zhoujia Village is real
- Winter holiday aviation machinery limited liability company social reality
- Social Practice Report 2019
- A clear sky - summer social practice
- Dustproof and anti-virus helmet
- Winter holiday social practice papers (selling flowers)
- How to write a social practice report
- Huayan Town Social Practice (record)
- About Yuhu Street Residence, Yuhu District, Xiangtan City, Hunan Province
popular articles
- a good saying that loves labor
- Deaf people jingle 2019
- College entrance examination inspirational quotes
- 2014 is very touching words
- Strong words
- Summer practice report about public medical insurance
- Taizai’s famous sayings
- 2012 volunteer's practice report
- Bing Xin’s famous words
- College Students' and Children's Social Welfare Institute Social Practice Report
- Summer "three rural areas" social practice experience
- Rural social practice report
- Qq space mood phrase
- Tao Xingzhi's famous sayings
- Summer social practice planning book
- Teacher's famous saying
- Survey report on the status quo of human resources management in Chinese enterprises
- Anhui Summer Holiday Social Practice Report
- Describe the fast time sentence 2019
- University of Electronic Science and Technology of China 2001 Summer Social Practice
- Du Yuexi's famous sayings
- English famous words
- I want to say something to the teacher.
- Thanks to the friend's words 2019
- Korean swear words
- Classical life motto
- Injured sentence
- Social practice
- Sad love sentence 2019
- The latest high school inspirational maxim