Exploring Employees’ Computer Fraud Behaviors using the Fraud Triangle Theory

Background: Employee computer fraud is a costly and significant problem for firms. Using the fraud triangle theory, this study explores the extent to which an employee’s perception of opportunity, rationalization, and work pressure will contribute to their likelihood of committing computer fraud (i.e., intentional, malicious, or while motivated through a self-interest gain of information systems (IS) security policy non-compliance behaviors). Method: A model is proposed and empirically validated through survey data collected from various industries from 213 computer-using employees with financial responsibilities within their organizations in the U.S. Results: This study’s findings suggest when individual employees experience high levels of work pressure, they may be more likely to commit computer fraud. Organizations can guard against this behavior by monitoring their employees’ assigned workload and performance expectations to prevent these unwanted behaviors. This study demonstrates a need for future research to investigate further the motivations employees may have besides financial greed when committing different types of computer abuse behaviors. Conclusion: This study, based upon the fraud triangle theory, empirically reveals the importance of monitoring general work pressure to guard against employees committing computer fraud behaviors. Computer fraud behaviors should be considered a distinct type of information security violation behavior

Three Essays on Managing Information Security Using the Fraud Triangle

Managing information security has increasingly become more important as information security breaches, computer fraud, and other devastating events are increasingly more frequent and disrupting business processes. Information is one of the most important enterprise assets. Therefore, information is valuable and should be properly protected. Accounting employees are tasked with specific responsibilities of information risk management. Therefore, ineffectively managing accountants may result in countless problems for the company, not the least of which are reputational problems, loss of stock value, material financial reporting errors, and financial losses. In Essay 1, I examine the elements of the fraud triangle and the impact to specific information security policy violations of copying sensitive financial information. In Essay 2, I find the unexpected effects of implementing higher demands on accountants. In Essay 3, I explore a deeper dimension of the accountant’s internal justification when considering a violation in information security policies. This dissertation considers the challenges of managing the human aspect especially the role of accountants in information security. Security techniques and management tools have caught the attention from both academia and practitioners. This dissertation examines the fraud triangle as a theoretical framework for information security risk management among accountants. In the three essays’, I attempt to integrate security policy theory, management system theory, the fraud triangle, and moral disengagement theory to provide a deeper understanding of information security management. The findings carry implications for not only for future research on security violation behaviors, but also for continuation of broadening the theoretical foundation of the fraud triangle for further empirical research and application

The Role of Accounting and Professional Associations in IT Security Auditing: An AMCIS Panel Report

Information systems security is a critical area of inquiry and closely allied with IT audit skills from the accounting discipline. While accounting scholars are well informed about IT audits, information systems scholars interested in the security aspects of IT audits sometimes lack knowledge about the process through which scholars and professionals become security and audit experts in order to assess the quality of information-security implementations. IT audit knowledge enriches cybersecurity professors for both teaching and research. Individuals skilled in accounting, such as graduates from combined accounting/information systems departments in business schools, are naturally oriented to industry certification groups and their professional certifications, but mainstream IT academics are not. In this paper, we report on a panel discussion at AMCIS 2017 that focused on how researchers and educators who seek professional certifications offered by organizations such as the Information Systems Audit and Control Association (ISACA) can gain much richer knowledge of and insights into IT security assurance, which they can use for both teaching and research purposes. Such certifications provide valuable perspectives for the classroom and for research and are useful for IT professors interested in all aspects of security

The Role of Accounting and Professional Associations in IT Security Auditing

Information Systems Security is a critical area of inquiry and scholarship in our field, yet relatively little is known about the process by which scholars and professionals become certified as security experts for purposes of assessing the quality of information security implementations. The Information Systems Audit and Control Association (ISACA.org) is the professional association that serves as a bridge between the expertise area from which auditing skills are delivered and assessed and the areas in which information systems security is developed and delivered, effectively bridging the practices of accounting and IT Security. Individuals skilled in accounting, such as graduates from combined Accounting/Information Systems departments in business schools are naturally oriented to such industry groups and certifications, but the mainstream IT practice and literature is not. This panel will serve to brief IT Security researchers interested in the process of auditing on the values and procedures of the certification process with implications for understanding corporate IT Security performance as a function of auditing expertise represented at the highest levels of organizational decision making

Employment Is Associated with the Health-Related Quality of Life of Morbidly Obese Persons

Published version of an article in the journal: Obesity Surgery. The original publication is available at Springerlink. http://dx.doi.org/10.1007/s11695-010-0289-6. Open AccessBackground  We aimed to investigate whether employment status was associated with health-related quality of life (HRQoL) in a population of morbidly obese subjects. Methods  A total of 143 treatment-seeking morbidly obese patients completed the Medical Outcome Study 36-Item Short-Form Health Survey (SF-36) and the Obesity and Weight-Loss Quality of Life (OWLQOL) questionnaires. The former (SF-36) is a generic measure of physical and mental health status and the latter (OWLQOL) an obesity-specific measure of emotional status. Multiple linear regression analyses included various measures of the HRQoL as dependent variables and employment status, education, marital status, gender, age, body mass index (BMI), type 2 diabetes, hypertension, obstructive sleep apnea, and treatment choice as independent variables. Results  The patients (74% women, 56% employed) had a mean (SD, range) age of 44 (11, 19–66) years and a mean BMI of 44.3 (5.4) kg/m2. The employed patients reported significantly higher HRQoL scores within all eight subscales of SF-36, while the OWLQOL scores were comparable between the two groups. Multiple linear regression confirmed that employment was a strong independent predictor of HRQoL according to the SF-36. Based on part correlation coefficients, employment explained 16% of the variation in the physical and 9% in the mental component summaries of SF-36, while gender explained 22% of the variation in the OWLQOL scores. Conclusion  Employment is associated with the physical and mental HRQoL of morbidly obese subjects, but is not associated with the emotional aspects of quality of life

Epithelial to Mesenchymal Transition of a Primary Prostate Cell Line with Switches of Cell Adhesion Modules but without Malignant Transformation

Background: Epithelial to mesenchymal transition (EMT) has been connected with cancer progression in vivo and the generation of more aggressive cancer cell lines in vitro. EMT has been induced in prostate cancer cell lines, but has previously not been shown in primary prostate cells. The role of EMT in malignant transformation has not been clarified. Methodology/Principal Findings: In a transformation experiment when selecting for cells with loss of contact inhibition, the immortalized prostate primary epithelial cell line, EP156T, was observed to undergo EMT accompanied by loss of contact inhibition after about 12 weeks in continuous culture. The changed new cells were named EPT1. EMT of EPT1 was characterized by striking morphological changes and increased invasion and migration compared with the original EP156T cells. Gene expression profiling showed extensively decreased epithelial markers and increased mesenchymal markers in EPT1 cells, as well as pronounced switches of gene expression modules involved in cell adhesion and attachment. Transformation assays showed that EPT1 cells were sensitive to serum or growth factor withdrawal. Most importantly, EPT1 cells were not able to grow in an anchorage-independent way in soft agar, which is considered a critical feature of malignant transformation. Conclusions/Significance: This work for the first time established an EMT model from primary prostate cells. The results show that EMT can be activated as a coordinated gene expression program in association with early steps of transformation. The model allows a clearer identification of the molecular mechanisms of EMT and its potential role in malignant transformation

Assessing Fraud Risks in IT Security

Fraud examination has played an important role in the business environment. We examine the Fraud Diamond (FD) framework and apply it to the risk management of computer fraud. This FD framework implies but does not formalize interrelationships between four fraud risk categories called “Incentive, Capability, Opportunity, and Rationalization.†Prior research has shown that most frauds are perpetrated by people in positions of trust in the accounting, and Information Technology (IT) functions. We use accounting literature of fraud assessment and apply it to computer fraud within companies. This research seeks expand on human-centered information systems security. With the growing digitalization of accounting records, audit procedures, and important human resources information, we are interested in finding how to keep these electronic assets safe. We recognize the need for organizations to understand an employee’s propensity to commit fraud to properly safe-guard digital assets, put proper protocols in place, and improve current organization policies