Sei sulla pagina 1di 40

ETHICS, FRAUD,

and
INTERNAL CONTROL
ETHICS
principles of conduct that individuals use in making choices
and guiding their behavior in situations that involve the
concepts of right and wrong
ETHICS: Business Ethics

Business ethics involves finding the answers to two questions:


How do managers decide on what is right in conducting their business?
Once managers have recognized what is right, how do they achieve it?
ETHICS: Business Ethics
ETHICS: Business Ethics

The following ethical principles provide some guidance in the discharge of this
responsibility:

PROPORTIONALITY
Justice
Minimize Risk
ETHICS: Computer Ethics

concerns the social impact of computer


technology (hardware, software, and
telecommunications)
ETHICS: Computer Ethics
LEVELS OF COMPUTER ETHICS
1.) Pop The exposure to stories and reports found in the popular media regarding
Computer Ethics the good or bad ramifications of computer technology

2.) Para Involves taking a real interest in computer ethics cases and acquiring some
Computer Ethics level of skill and knowledge in the field

3.) Theoretical Interest to multidisciplinary researchers who apply the theories to


Computer Ethics computer science with the goal of bringing some new understanding to the
field
ETHICS: Computer Ethics
Privacy
What are Security

the main Ownership of property


Equity in access
computer Environmental issues

ethics Artificial intelligence


Unemployment and displacement
issues? Misuse of computer
FRAUD
A false representation of a material fact made by one party to
another party with the intent to deceive and induce the other
party to justifiably rely on the fact to his or her detriment
FRAUD: Five Conditions
FRAUD: Employee Fraud vs.
Management Fraud
EMPLOYEE FRAUD
Generally designed to directly convert cash or other assets to the
employees personal benefit

MANAGEMENT FRAUD
More insidious than employee fraud
Does not involve the direct theft of assets
FRAUD: Factors that Contribute
to Fraud
SITUATIONAL PRESSURES

OPPORTUNITIES

PERSONAL CHARACTERISTICS
FRAUD: Factors that Contribute
to Fraud
FRAUD: Perpetrators of Fraud

Gender.
more men than women occupy positions of authority in business organizations,
which provide them greater access to assets.

Position.
Those in the highest positions have the greatest access to company funds and
assets.

Age.
Older employees tend to occupy higher-ranking positions and therefore
generally have greater access to company assets.

Education.
those with more education occupy higher positions in their organizations and
therefore have greater access to company funds and other assets.

Collusion.
When individuals in critical positions collude, they create opportunities to control
or gain access to assets that otherwise would not exist.
FRAUD: Fraud Schemes

FRAUDELENT STATEMENT

CORRUPTION

ASSET MISAPPROPRIATION
FRAUD SCHEMES: Fraudulent
Statements
Misstating the financial statements to make the copy appear better than it is

Usually occurs as management fraud

May be tied to focus on short-term financial measures for success

May also be related to management bonus packages being tied to financial statements
FRAUD SCHEMES: Fraudulent
Statements
LACK of AUDITOR INDEPENDENCE

LACK od DIRECTOR INDEPENDENCE

QUESTIONABLE EXECUTIVE COMPENSATION SCHEMES

INAPPROPRIATE ACCOUNTING PRACTICES


FRAUD SCHEMES: Corruption

involves an executive, manager, or employee of the organization in


collusion with an outsider
FRAUD SCHEMES: Corruption

ILLEGAL CONFLICTS ECONOMIC


BRIBERY GRATUITIES of INTEREST EXTORTION
FRAUD SCHEMES: Asset
Misappropriation

Assets can be misappropriated either directly or indirectly for the


perpetrators benefit.
FRAUD SCHEMES: Asset
Misappropriation
KEY STAGES of an INFORMATION
SYSTEM

INFORMATION
GENERATION
DATA Characteristics of a
MANAGEMENT useful information:
DATA 1.) Relevance
PROCESSING 2.) Timeliness
DATA 2 Classes: 3.) Accuracy
COLLECTION 1.) Program Fraud 4.) Completeness
2.) Operations Fraud 5.) Summarization
KEY STAGES of an INFORMATION
SYSTEM
INTERNAL
CONTROL
comprises policies, practices, and procedures employed by
the organization
INTERNAL CONTROL:
Objectives

1. Safeguard assets of the firm


2. Ensure accuracy and reliability of accounting records and information
3. Promote efficiency of the firms operations
4. Measure compliance with managements prescribed policies and
procedures
INTERNAL CONTROL:
Modifying Assumptions
INTERNAL CONTROL:
Modifying Assumptions
LIMITATIONS:
Possibility of honest errors
Circumvention via collusion
Management override
Changing conditions--especially in companies with high
growth
INTERNAL CONTROL SHIELD
PREVENTIVE-DETECTIVE-CORRECTIVE
INTERNAL CONTROL MODEL
PREVENTIVE-DETECTIVE-
CORRECTIVE INTERNAL CONTROL
MODEL

Preventive Controls Detective Controls Corrective Controls

Passive techniques Designed to Actions taken to


designed to reduce identify and reverse the effects
the frequency of expose undesirable of errors detected
occurrence of events that elude in the previous
undesirable events preventive controls step
SAS 78/COSO INTERNAL
CONTROL FRAMEWORK

Describes the relationship between the firms


internal control structure,
auditors assessment of risk, and
the planning of audit procedures
SAS 78/COSO INTERNAL
CONTROL FRAMEWORK

INTERNAL
CONTROL
CONTROL
INTERNAL
AUDIT
RISK PROCEDUR
ES
SAS 78/COSO INTERNAL
CONTROL FRAMEWORK

3.
1. Control 2. Risk Informatio
4. 5. Control
environme assessmen n and
Monitoring activities
nt t communic
ation
INTERNAL CONTROL COMPONENTS:
Control Environment
Integrity and ethics of management

Organizational structure

Role of the board of directors and the audit committee

Managements policies and philosophy

Delegation of responsibility and authority

Performance evaluation measures

External influencesregulatory agencies


INTERNAL CONTROL COMPONENTS:
Risk Assessment
INTERNAL CONTROL COMPONENTS:
Information and Communication
INTERNAL CONTROL COMPONENTS:
Monitoring
The process for assessing the quality of internal control design and
operation
[This is feedback in the general AIS model.]
Separate procedurestest of controls by internal auditors
Ongoing monitoring:
computer modules integrated into routine operations
management reports which highlight trends and exceptions from normal
performance
INTERNAL CONTROL COMPONENTS:
Control Activities
Policies and procedures to ensure that the appropriate actions are
taken in response to identified risks

Fall into two distinct categories:

IT controlsrelate specifically to the computer environment

Physical controlsprimarily pertain to human activities


INTERNAL CONTROL COMPONENTS:
Control Activities

General
Controls
IT Controls
Application
CONTROL Controls
ACTIVITIES Transaction Access
Supervision
Physical Authorization Control
Controls Segregation Accounting Independent
of Duties Records Verification