Documente Academic
Documente Profesional
Documente Cultură
Chapter 3 Privacy
Security—accuracy and confidentiality
Ethics, Fraud, and Ownership of property
Equity in access
Internal Control
Environmental issues
Artificial intelligence
Unemployment and displacement
ETHICAL ISSUES IN BUSINESS Misuse of computer
Business Ethics
Why should we be concerned about ethics in the FRAUD AND ACCOUNTANTS
business world?
Legal Definition of Fraud
Ethics are needed when conflicts arise—the False representation - false statement or
need to choose disclosure
In business, conflicts may arise between: Material fact - a fact must be substantial in
o employees inducing someone to act
o management Intent to deceive must exist
o stakeholders The misrepresentation must have resulted in
Litigation justifiable reliance upon information, which
caused someone to act
Business ethics involves finding the answers to two The misrepresentation must have caused injury
questions: or loss
How do managers decide on what is right in
Financial Losses from Fraud
conducting their business?
Once managers have recognized what is right, 2008 ACFE Study of Fraud
how do they achieve it? Loss due to fraud equal to 7% of revenues—
Computer ethics concerns the social impact of computer Lack of Director Independence: directors who
technology (hardware, software, and also serve on the boards of other companies,
telecommunications). have a business trading relationship, have a
financial relationship as stockholders or have Involves misappropriation of assets, it frequently
received personal loans, or have an operational is shrouded in a maze of complex business
relationship as employees transactions
Management Fraud
Perpetrated at levels of management above the
one to which internal control structure relates
Frequently involves using financial statements to
create an illusion that an entity is healthier and
more prosperous than it actually is
INTERNAL CONTROL CONCEPTS AND The Internal Controls Shield
TECHNIQUES
Internal Control Objectives According to AICPA
SAS
1. Safeguard assets of the firm
2. Ensure accuracy and reliability of accounting
records and information
3. Promote efficiency of the firm’s operations
4. Measure compliance with management’s
prescribed policies and procedures
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment 4: Monitoring
Integrity and ethics of management The process for assessing the quality of internal control
Organizational structure design and operation
Role of the board of directors and the audit
[This is feedback in the general AIS model.]
committee
Management’s policies and philosophy Separate procedures—test of controls by
Delegation of responsibility and authority internal auditors
Performance evaluation measures Ongoing monitoring:
External influences—regulatory agencies o computer modules integrated into
Policies and practices managing human routine operations
resources o management reports which highlight
trends and exceptions from normal
2: Risk Assessment
performance
Identify, analyze and manage risks relevant to
financial reporting: 5: Control Activities
o changes in external environment Policies and procedures to ensure that the
o risky foreign markets appropriate actions are taken in response to
o significant and rapid growth that strain identified risks
internal controls Fall into two distinct categories:
o new product lines o IT controls—relate specifically to the
o restructuring, downsizing computer environment
o changes in accounting policies o Physical controls—primarily pertain to
human activities
3: Information and Communication
The AIS should produce high quality information Two Types of IT Controls
which: General controls—pertain to the entitywide
o identifies and records all valid computer environment
transactions o Examples: controls over the data center,
o provides timely information in organization databases, systems
appropriate detail to permit proper development, and program
classification and financial reporting maintenance
o accurately measures the financial value Application controls—ensure the integrity of
of transactions specific systems
o accurately records transactions in the o Examples: controls over sales order
time period in which they occurred processing, accounts payable, and
Auditors must obtain sufficient knowledge of the payroll applications
IS to understand:
Physical Controls
o the classes of transactions that are
Six Types of Physical Controls
material
o how these transactions are initiated Transaction Authorization
[input] Segregation of Duties
o the associated accounting records and Supervision
accounts used in processing [input] Accounting Records
o the transaction processing steps Access Control
involved from the initiation of a Independent Verification
transaction to its inclusion in the
financial statements [process] Transaction Authorization
o the financial reporting process used to used to ensure that employees are carrying
compile financial statements, out only authorized transactions
disclosures, and estimates [output]
general (everyday procedures) or specific Access Control
(non-routine transactions) authorizations Data consolidation exposes the organization to
computer fraud and excessive losses from
Segregation of Duties
disaster.
In manual systems, separation between:
o authorizing and processing a transaction Independent Verification
o custody and recordkeeping of the asset When tasks are performed by the computer
o subtasks rather than manually, the need for an
In computerized systems, separation between: independent check is not necessary.
o program coding However, the programs themselves are checked.
o program processing
o program maintenance
Supervision
a compensation for lack of segregation; some
may be built into computer systems
Accounting Records
provide an audit trail
Access Controls
help to safeguard assets by restricting physical
access to them
Independent Verification
reviewing batch totals or reconciling subsidiary
accounts with control accounts
Segregation of Duties
A computer program may perform many tasks
that are deemed incompatible.
Thus the crucial need to separate program
development, program operations, and program
maintenance.
Supervision
The ability to assess competent employees
becomes more challenging due to the greater
technical knowledge required.
Accounting Records
ledger accounts and sometimes source
documents are kept magnetically
o no audit trail is readily apparent