Facebook: Social Networking or Social Engineering Tools?

Have you ever feel sort of breath if you don’t update your status on Facebook?

Like this example below:

Saturday 25 April 2009 7:00 am “Huan Ying  is just awake. Looking for sumthing to eat”

Saturday 25 April 2009 7:50 am “Huan Ying  is starving. OMG no food has been prepared yet.  Sumiyeem…!!!! Where’s my food?”

Saturday 25 April 2009 8:90 am “Huan Ying is full now.. Going to watch E! Channel. What’s the hot gossip on?”

Saturday 25 April 2009 10:00 am “Huan Ying is feeling great!! My friends Timbo, Nikky, and Ling ling r gonna come here =)”

Can you imagine that? People are just putting their life on Facebook. There’s a huge dependency on Facebook nowadays. At first, it feels like a celebrity, but then…. are you ready for bad news?

If you’re a girl and you do the same thing like Huan Ying did, then you should be aware. People (stalker, fans, ex, your ex’s new partner, ex’s new partner’s friend, criminal, etc) who have bad intention towards you, can get you easily via Facebook. 

Another thing is, newbie hacker can use your information on Facebook to get your password to your e-mail or other important access account easily through password-guessing attempt. You might gonna say “I’m sure my friends listed on Facebook won’t do that. They love me”. Yeah, sure. No matter how much they love you, but when the passion of getting your password is dominant, they can get your password easily.

Type of Fraud (Fraud Tree)

Before you want to know how-to-detect fraud, you have to start questioning yourself : what type of fraud you want to detect? Because there are numerous type of fraud. Bologna classifies fraud into three categories: corruption, asset misappropriation, and financial statement fraud. So what’s the most crucial in you?

Corruption types of fraud includes corruption, bribery, and getting commission/bonus into personal account from vendor resulted from purchasing activity.
For government corruption investigator like KPK in Indonesia, the most important thing for them is to detect the corruption fraud. Off course, not every corruption frauds in government bodies are detected and investigated by them (KPK), but only the material amount that will be detected (above 1 billion rupiahs/$100,000 USD according to Mr. Najib Wahito, government corruption investigator).

Asset misappropriation is usually done by small-theft. The amount usually immaterial. Most of time external auditors ignore this because of the materiality consideration. But auditors must look at it in aggregate amount. Sales person employee who steals money let’s say $20 per day (occurs on daily basis) could be material for a company with sales $2000/year. Usually this type of fraud caught by tipping, less are  caught by internal auditor.

Financial statement fraud is usually done by CFO, CEO, or C-level employees. They try to cook the book for various reasons: getting bonus for great financial performance, or avoiding tax in illegal way. This type of fraud is systematic, because each transaction journal entry is linked with other journal entry. One hole in transaction can cause another hole in other transaction that may attract auditor’s attention. Since it is high-level type of fraud, sometimes internal auditor themselves are not allowed to get access to examine it. The misstatement that resulted from financial statement fraud is usually big.

According to SAS 99, external auditor is responsible to plan and conduct audit to obtain reasonable assurance that the financial statement is free from material misstatement that caused by error or fraud. So, auditor has responsibility to detect fraud that may cause material misstatement. So if it’s not material, external auditor sometimes just ignore it.
But for the company, fraud, even though it is immaterial, it may cause loss to the company may degrade company’s reputation in the eyes of vendors, other third party, and its own employees.

The tone of the top is the most important thing to reduce fraud. Internal auditor cannot fight fraud alone if the the top level management focuses on sales operation and ignore internal control. Management, the C-level people, must build effective good corporate governance and internal control. And it requires hard work to wake them up, alert them of the importance of internal control.

Not All You Read is Right

Sometimes people buy the book by its author. If the author is well-experienced enough or fully-certified, then we might wanna buy the book. However, not everything that she/he writes are 100% correct. We must not accept whatever it is written on the book. We may criticize it, because that’s gonna be the start of new theory development, new knowledge that other people might not discover but you might have had.