Documente Academic
Documente Profesional
Documente Cultură
and Internal
Control
• Understand the broad
issues pertaining to
business ethics
• Have a basic
understanding of ethical
issues related to the use
of information technology
• Be able to distinguish
between management
fraud and employee fraud
COMPUTER ETHICS 4
• Pop computer ethics
• Para computer ethics
• Theoretical computer ethics
PRIVACY 6
• Accuracy of relevant data given to authorized
users
• Distribution of confidential data to unauthorized
users
• Extent of protection to be given to personal data
(e.g. extraction of personal data for legal
• purposes)
SECURITY (ACCURANCY
AND CONFIDENTIALITY) 7
• Intellectual Property
and its many forms
• Different ways people
use and access
property
• Copyright laws
8
• Availability of computer technology
to individuals or organizations
• Cultural differences e.g. language
• Differences in physical and cognitive
ability
• Cost-benefit analysis
EQUITY IN ACCESS 9
• Environment concerns are one
aspect of Corporate Social
Responsibility
• Policies regarding excessive
printing
• Proper disposal and recycling
ENVIRONMENTAL ISSUES 10
• Expert systems
• Knowledge base
integrity
• Decision-making
responsibility
ARTIFICIAL INTELLIGENCE 11
• Technology as replacement for human
labor
• Retention of employees replaced by
computer technology
UNEMPLOYMENT AND
DISPLACEMENT 12
• Copying proprietary software
• Use of company computer for
personal benefit
• Looking through someone else’s
files without permission
MISUSE OF COMPUTERS 13
• Law passed by the American Congress to
deal with specific problems relating to
• Capital markets, corporate governance,
and the auditing profession. Largely due to
ethical misconducts; and
• Fraudulent acts by executives of Enron,
WorldCom, and others.
SARBANES-OXLEY ACT 14
Section 406 – Code of
Ethics for Senior
Financial Officers 15
• Required public companies to
disclose to the SEC whether they
have adopted a code of ethics
• Applies to the organization’s chief
executive officer (CEO), CFO,
controllers or persons
• Performing similar functions
16
•CONFLICT OF
INTEREST
17
•FULL AND FAIR
DISCLOSURE
18
•LEGAL
COMPLIANCE
19
•INTERNAL
REPORTING
CODE
VIOLATIONS
20
•ACCOUNTABILITY
21
• Fraud denotes a false
representation of a material fact
made by one party to another
party with the intent to deceive the
other party to justifiably rely on
the fact to his/her detriment
FIVE CONDITIONS 23
IT IS AN INTENTIONAL DECEPTION,
MISAPPROPRIATION OF A COMPANY’S
ASSETS OR MANIPULATION OF A
COMPANY’S FINANCIAL DATA TO THE
ADVANTAGE OF THE PERPRETRATOR.
24
• White collar crime
• Defalcation
• Embezzlement
• Irregularities
ACCOUNTING LITERATURE 25
LEVELS OF FRAUD
(Encountered by
auditors)
26
THREE STEPS INVOLVE:
EMPLOYEE FRAUD 27
THREE DEFINING CHARACTERISTICS:
MANAGEMENT FRAUD 28
SITUATIONAL PRESSURE
OPPORTUNITY
ETHICS
FRAUD TRIANGLE 29
PRESSURE OPPORTUNITY
ETHICS
30
PRESSURE OPPORTUNITY
ETHICS
31
REASONS WHY ACTUAL COST OF FRAUD
IS DIFFICULT TO QUANTIFY
Not all fraud is detected
Not all are reported (IF DETECTED)
Incomplete information is gathered
Information is not properly distributed to
management or law enforcement authorities
Business organizations decide to take no civil or
criminal actions against the perpetrator/s of fraud
Distribution of losses 34
POSITION PERCENT OF FRAUD LOSS ($)
OWNER/EXECUTIVE 18.9 703,000
MANAGER 36.8 173,000
EMPLOYEE 40.9 65,000
OTHER 3.4 104,000
Gender
• Women are not fundamentally more honest than men, but
men occupy high corporate positions in greater numbers than
women
Conclusions to be drawn 37
Age
• Older employees tend to occupy higher ranking
positions
Education
• Those with more educational background occupy
higher-ranking positions
Collusion
38
It is an illegal
enterprise (such as
extortion or fraud or
drug peddling or
prostitution) carried on
for profit.
FRAUD SCHEME 39
THREE CATEGORIES
40
• Associated with management fraud
• Frauds involves some form of financial
misstatement
• Financial misrepresentation must bring
itself direct/ indirect financial benefit to the
perpetrator
FRAUDELENT STATMENTS 41
Lack of Auditor Independence
• Engaged by their clients to perform
nonaccounting activities
Underlying problems 42
Questionable Executive Compensation Schemes
• Executives have abused stock-based compensation
43
• The act establishes a framework to
modernize and reform the oversight and
regulation of public company auditiong
46
2 relating provisions of Corporate Governance and
responsibility:
1. Public companies are prohibited from making loans to
executives officers and directors
2. Requires attorneys to report evidence of a material
violation securities laws or breaches of fiduciary duty
CORRUPTION 48
• it involves giving,
offering, soliciting, or
receiving things of value
to influence an official
Bribery 49
• it involves giving,
receiving, offering, or
soliciting something
of value because of an
official act that has
been taken. This is
similar to a bribe, but
the transaction occurs
after the fact.
Illegal Gratuities 50
• it occurs when an
employee acts on
behalf of a third party
during the discharge
of his or her duties or
has self-interest in the
activity being
performed.
Conflict of Interest 51
• It is the use (or
threat) of force
(including economic
sanctions) by an
individual or
organization to
obtain something of
value.
Economic Extortion 52
• Skimming - involves stealing cash from an organization before
it is recorded on the organization’s books and records.
• Cash larceny - involves schemes in which cash receipts are
stolen from an organization after they have been recorded in the
organization’s books and records. For example, lapping.
• Billing schemes - also known as vendor fraud, are perpetrated
by employees who causes their employer to issue a payment to
a false supplier or vendor by submitting invoices for fictitious
goods or services.
• Check tampering - involves forging or changing in some
material way a check that the organization has written to a
legitimate payee.
54
• The internal control system comprises policies, practices,
and procedures employed by the organization to achieve
four broad objectives:
Management Responsibility
• Holds the maintenance and establishment of a system
control
Reasonable Assurance
• Cost-effective
60
Limitations
• The possibility of error,
• Circumvention,
• Management override
Exposure
• The absence or weakness of a control is called an
exposure
61
Risks
1. Destruction of assets (both physical assets and
information).
2. Theft of assets.
3. Corruption of information or the information
system.
4. Disruption of the information system
62
The Preventive–
Detective–Corrective
Internal Control Model 63
64
PREVENTIVE CONTROLS
• Prevention is the first line of defense in the control
structure. Preventive controls are passive techniques
designed to reduce the frequency of occurrence of
undesirable events. Preventive controls force compliance
with prescribed or desired actions and thus screen out
aberrant events
DETECTIVE CONTROLS
• Detective controls form the second line of defense. These
are devices, techniques, and procedures designed to
identify and expose undesirable events that elude
preventive controls.
65
• Sarbanes-Oxley legislation requires
management of public companies to
implement an adequate system of internal
controls over their financial reporting
process.
Important Elements 68
• SAS 78/COSO requires that auditors obtain sufficient
knowledge to assess the attitude and awareness of the
organization’s management, board of directors, and owners
regarding internal control. The following paragraphs provide
examples of techniques that may be used to obtain an
understanding of the control environment
69
3. Auditors should understand a client’s business and industry
and should be aware of conditions peculiar to the industry that
may affect the audit.
Risk Assessment 71
The accounting information system consists of the records and
methods used to initiate, identify, analyze, classify, and record the
organization’s transactions and to account for the related assets
and liabilities.
Monitoring 73
• Control activities are the policies and procedures
used to ensure that appropriate actions are taken
to deal with the organization’s identified risks.
Control Activities 74
IT CONTROLS
• IT controls relate specifically to the computer environment.
They fall into two broad groups: general controls and
application controls.
• General controls pertain to entity-wide concerns such as
controls over the data center, organization databases, systems
development, and program maintenance
• Application controls ensure the integrity of specific systems
such as sales order processing, accounts payable, and payroll
applications.
PHYSICAL CONTROLS
• This class of controls relates primarily to the human activities
employed in accounting systems.
75
Six categories of physical
control activities
76
TRANSACTION AUTHORIZATION.
• The purpose of transaction authorization is to ensure that
all material transactions processed by the information
system are valid and in accordance with management’s
objectives. Authorizations may be general or specific
SEGREGATION OF DUTIES
• One of the most important control activities is the
segregation of employee duties to minimize incompatible
functions. Segregation of duties can take many forms,
depending on the specific duties to be controlled.
77
78
SUPERVISION
• In a small organizations or in functional areas that lack
sufficient personnel, management must compensate for the
absence of segregation controls with close supervision.
ACCOUNTING RECORDS
• The accounting records of an organization consist of source
documents, journals, and ledger.
ACCESS CONTROL
• The purpose of access controls is to ensure that only
authorized personnel have access to the firm’s assets.
Unauthorized access exposes assets to misappropriation,
damage, and theft.
79
• Verification procedures are independent checks of the
accounting system to identify errors and misrepresentations.
Verification differs from supervision because it takes place
after the fact, by an individual who is not directly involved
with the transaction or task being verified. Supervision takes
place while the activity is being performed, by a supervisor
with direct responsibility for the task
INDEPENDENT VERIFICATION 80