Computer Crime 101: What Every Accountant Should Know
Computer crime in America is not a new phenomenon. It has existed in some form since the advent of computers in the 1950s. However, an alarming development is the extent of reported computer crime linked to extremely large monetary losses. In a 1984 American Bar Association survey, 72 respondents reported losses to computer crime totaling in excess of $145 million. A study conducted in 1986 for the Insurance Counsel Journal placed the estimated annual losses to computer crime between $100 million and $300 million.
In the state of Texas, computer crime is defined by Chapter 33 of the Texas Penal Code, enacted as of September 1, 1985 by the 69th Legislature. Prior to this time, cases of "computer crime" were prosecuted under other criminal statutes such as embezzlement, larceny and fraud. The original statue was amended in 1989 and again in 1993, resulting in the current statute consisting of four sections -- Definitions, Breach of Computer Security, Defenses, and Assistance by Attorney General.
Why do accountants need to know about computer crime? SAS No. 54, Illegal Acts by Clients, requires that external auditors inquire of management regarding "the client's policies relative to the prevention of illegal acts." While SAS No. 54 recognizes that audits conducted in accordance with GAAS are not specifically designed to detect illegal acts and that determination of the legality of an action is beyond the scope of an auditor's expertise, knowledge of typical computer crimes and the computer crime laws can help an auditor recognize potential illegal acts. Internal auditors are required by the Standards for the Professional Practice of Internal Auditing to possess an appreciation of fundamental concepts including computerized information systems. "An appreciation means the ability to recognize the existence of problems or potential problems and to determine the further research to be undertaken or the assistance to be obtained" (§ 250.01.4).
Computer technology is growing at an increasing rate. If companies want to remain competitive, they must remain abreast and take advantage of technological developments. However, management must recognize that a change in technology impacts an organization from many different sides. Widespread access to information has its costs and benefits. Minimizing the costs and maximizing the benefits must come through continual education not only in technology, but also in its impact on an organization's control system. Auditors can be leaders in this education process because of their expertise in control issues.
Return to Charles E. Davis' vita
Return to Charles E. Davis' Home Page
Send E-mail to Charles_Davis@baylor.edu.