Computer Crime and Abuse

The use of automated systems has led to increasing problems of computer-related crime. A well-publicized example of such a crime was one in which the company used a computer to record insurance policies on nonexistent people and then sold the policies to other companies. Other examples of computer crimes involved use of the computer for theft of equipment for resale, embezzlement by a supervisory bank teller, use of fraudulent computer input records to claim health benefits, fraudulent use of computer-coded coupons for loan repayment, fraudulent use of bank deposit forms, and manipulation by programmers. An estimated average of $200 million annually is reported in detected losses from computer crimes; 85 percent of such crimes are not reported. In a 1976 report, GAO concluded that management controls were inadequate to cope with computer-related crimes in Federal programs. The most common weaknesses identified were in separation of duties and in physical control over facilities. Recommendations to deal with the problem included an organizational plan segregating duties to minimize opportunities for misuse of resources, an adequate system of authorization and record procedures, an established system of practices for each department function, an effective system of internal review, and analysis of crimes to pinpoint control weaknesses. Input should be controlled through the use of prevention or detection controls. Auditors can aid in systems design and development to strengthen controls.