AIS: Handout

University of Hargeisa
Faculty of Business Administration Senior Classes 4A & 4C Academic Year: 2011/2012

Chapter 3
Business Ethics

: Ethics, Fraud, and Internal Control

The Role of Management in Maintaining the Ethical Climate Organization Managers must create and maintain an appropriate ethical atmosphere; they must limit the opportunity and temptation for unethical behavior within the firm. The individual must be made aware of the firms commitment to ethics above short-term increases in profit and efficiency. Ethical Development Most individuals develop a code of ethics as a result of their family environment , formal education, and personal experiences. Behavioral stage theory suggests that we all go through several stages of moral evolution before settling on one level of ethical reasoning.

Behavioral Stage Theory of Moral Development

Lecturer: Abdisalam Ali Mahdi

AIS: Handout Business Ethics Every ethical decision has both risks and benefits. Example: implementing a new computer-based information system in an organization may cause some employees to lose their jobs, while those who remain enjoy the benefit of improved working conditions. Seeking a balance between these consequences is the managers ethical responsibility. The following ethical principles provide some guidance in the discharge of this responsibility: 1. Proportionality: The benefit from a decision must outweigh the risks. 2. Justice: The benefits of the decision should be distributed fairly to those who share risks. 3. Minimize Risks: the decision should be implemented so as to minimize all of the risks and avoid any unnecessary risks. Fraud- denotes a false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to justifiably rely on the fact on his or her detriment. Conditions: 1. False representation 2. Material fact 3. Intent 4. Justifiable Reliance 5. Injury or loss Fraud- in the business environment has a more specialized meaning. It is an intentional deception, misappropriation of a companys assets, or manipulation of its financial data to the advantage of the perpetrator. 1. Employee Fraud 2. Management Fraud. Why Fraud Occurs As fire needs Oxygen, Fuel and Spark What are the 3 prerequisites of fraud? 1. Situational Pressures: an employee is experiencing financial difficulties 2. Available Opportunities: poor internal controls 3. Personal Characteristics: personal morals of individual employees Committed by??? Non-management personnel Usually consists of: an employee taking cash or other assets for personal gain by circumventing a companys system of internal controls. It is perpetrated at levels of management above the one to which internal control structure relates. It frequently involves using the financial statements to create an illusion that an entity is more healthy and prosperous than it actually is. If it involves misappropriation of assets, it frequently is shrouded in a maze of complex business transactions.

Fraud and Accountant

Employee Fraud

Management Fraud

Lecturer: Abdisalam Ali Mahdi

AIS: Handout Fraud Schemes 3 categories of fraud schemes according to the Association of Certified Fraud Examiners: 1. Fraudulent statements 2. Corruption 3. Asset misappropriation A. Fraudulent Statements Misstating the financial statements to make the copy appear better than it is Usually occurs as management fraud May be tied to focus on short-term financial measures for success May also be related to management bonus packages being tied to financial statements B. Corruption Examples: Bribery, Illegal gratuities, Conflicts of interest, and Economic extortion C. Asset Misappropriation Most common type of fraud and often occurs as employee fraud. Examples: 1. Making charges to expense accounts to cover theft of asset (especially cash) 2. Lapping: using customers check from one account to cover theft from a different account 3. Transaction fraud: deleting, altering, or adding false transactions to steal assets Internal Control Objectives According to SAS No. 78 1. Safeguard assets of the firm 2. Ensure accuracy and reliability of accounting records and information 3. Promote efficiency of the firms operations 4. Measure compliance with managements prescribed policies and procedures Exposures of Weak Internal Controls [=Risk!] Destruction of the asset Theft of the asset Corruption of the information system Disruption of the information system Preventive, Detective, and Corrective Controls . See FIGURE 3-5 Auditing Standards Auditors are guided by GAAS (Generally Accepted Auditing Standards) 3 classes of standards o general qualification standards o field work standards o reporting standards For specific guidance, auditors use the AICPAs SASs (Statements on Auditing Standards) SAS No. 78 Describes the relationship between the firms o internal control structure, o auditors assessment of risk, and o the planning of audit procedures How do these three interrelate? The weaker the internal control structure, the higher the assessed level of risk; the higher the risk, the more auditor procedures applied in the audit. AIS is particularly concerned with the internal control structure. Lecturer: Abdisalam Ali Mahdi

AIS: Handout Five Internal Control Components: SAS No. 78 1. Control environment 2. Risk assessment 3. Information and communication 4. Monitoring 5. Control activities 1: The Control Environment integrity and ethics of management organizational structure role of the board of directors and the audit committee managements policies and philosophy delegation of responsibility and authority performance evaluation measures external influences--regulatory agencies policies and practices managing human resources 2: Risk Assessment identify, analyze, and manage risks relevant to financial reporting (e.g.): o changes in external environment o risky foreign markets o significant and rapid growth that strain internal controls o new product lines o restructuring, downsizing o changes in accounting policies 3: Information and Communication The AIS should produce high quality information which identifies and records all valid transactions provides timely information in appropriate detail to permit proper classification and financial reporting accurately measures the financial value of transactions, and accurately records transactions in the time period in which they occurred 4: Monitoring The process for assessing the quality of internal control design and operation [This is feedback in the general AIS model.] separate procedures--test of controls by internal auditors ongoing monitoring: o computer modules integrated into routine operations o management reports which highlight trends and exceptions from normal performance 5: Control Activities Policies and procedures to ensure that the appropriate actions are taken in response to identified risks o performance reviews--results vs. forecasts o information processing general controls applications controls o segregation of duties o physical controls Lecturer: Abdisalam Ali Mahdi

AIS: Handout Segregation of Duties In manual system, separation between: o authorizing and processing a transaction o custody and recordkeeping of the asset o subtasks In computerized system, segregation should exist between: o program coding o program processing o program maintenance

Physical Controls 1. Authorization used to ensure that employees are carrying out only authorized transactions Authorizations may be general (everyday procedures) or specific (non-routine transactions). 2. Supervision a compensation for lack of segregation; some may be built into computer systems 3. Accounting Records provide an audit trail 4. Access Controls help to safeguard assets by restricting physical access to them 5. Independent Verification reviewing batch totals or reconciling subsidiary accounts with control accounts

Internal Controls in CBISs

1. Transaction Authorization the rules are often embedded within computer programs EDI/JIT: automated re-ordering of inventory without human intervention 2. Segregation of Duties a computer program may perform many tasks that are deemed incompatible thus the crucial need to separate program development, program operations, and program maintenance 3. Supervision the ability to assess competent employees becomes more challenging due to the greater technical knowledge required 4. Accounting Records ledger accounts and sometimes source documents are kept magnetically, and no audit trail is readily apparent 5. Access Control data consolidation exposes the organization to computer fraud and excessive losses from disaster 6. Independent Verification many of these tasks are performed by the computer rather than manually, and the need for an independent check on tasks performed by the computer is not necessary (however, the programs themselves are checked).

Typesetter: AbdiQadir Buureed

Lecturer: Abdisalam Ali Mahdi