Ethics, Fraud and Internal

Control
 Ethical Issues in Business

 On Equity
 Executive Salaries
 Comparable Worth
 Product Pricing
 On Rights
 Corporate Due Process  Diversity
 Employee Health Screening  Equal Employment
 Employee Privacy Opportunity
 Sexual Harassment  Whistle-Blowing
Ethical Issues in Business (cont’d)

 On Honesty
 Employee and Management Conflicts of Interest
 Security of Organization Data and Records
 Misleading Advertising
 Questionable Business Practices in Foreign Countries
 Accurate Reporting of Shareholder Interests
Ethical Issues in Business (cont’d)

 On Exercise of Corporate Power

 Political Action Committees
 Workplace Safety
 Product Safety
 Environmental Issues
 Divestment of Interests
 Corporate Political Contributions
 Downsizing and Plant Closures
 Computer Ethics

 The analysis of the nature and social impact of

computer technology and the corresponding
formulation and justification of policies for the ethical
use of such technology which includes concerns
about software as well as hardware and concerns
about networks connecting computers as well as
computers themselves.
 Levels of Computer Ethics

 Pop computer ethics

 Simply the awareness of the good or bad ramifications
of computer technology
 Para computer ethics
 Involves taking real interest in computer ethics cases
and acquiring skill and knowledge on the field
 Theoretical computer ethics
 Application of philosophical, sociological and
psychological theories to computer science with the
goal of bringing some new understanding to the field
Some Issues in Computer Ethics

 Privacy
 Security (Accuracy and Confidentiality)
 Ownership of Property
 Equity in Access
 Environmental Issues
 Artificial Intelligence
 Unemployment and Displacement
 Misuse of Computers
 Fraud

 -a false representation of a material fact made

by one party to another with the intent to
deceive and induce the other to justifiably rely
on the fact to his or her detriment
 Levels of Fraud

 Employee Fraud which usually involves three steps:

 Stealing something of value;
 Converting the asset to usable form; and
 Concealing the crime to avoid detection
 Management Fraud typically contains three characteristics:
 Perpetration at levels of management above the one to which
internal control structures generally relate
 Involves using the FS to create an illusion that an entity is more
healthy and prosperous than it actually is
 On misappropriation of assets, it is frequently shrouded in a maze
of complex business transactions, often involving third parties
 Factors Contributing to Fraud

 Situational Pressures
 Opportunities
 Personal Characteristics (Ethics)

 The more the situational pressures and opportunities,

the higher the possibilities of committing fraud,
whereas, the higher the ethics of the individual
involved, the lower the possibilities of committing
fraud
 Some questions which may be included as part
of the Red-flag Checklist to detect possible
fraudulent activity:
 Do key executives have unusually high personal debt?
 Do key executives appear to be living beyond their means?
 Do key executives engage in habitual gambling?
 Do key executives appear to abuse alcohol or drugs?
 Do any of the key executives appear to lack personal codes of
ethics?
 Are economic conditions unfavorable within the company’s
industry?
 Does the company use several different banks, none of which sees
the company’s entire financial picture?
 Do any key executives have close association with suppliers?
 Is the company experiencing a rapid turnover of key employees,
either through resignation or termination?
 Do one or two individuals dominate the company?
 FIG. 4 Occupational Fraud and Abuse Classification System (the Fraud Tree)6

Corruption Asset Misappropriation Financial Statement Fraud

Net Worth/ Net Worth/

Conflicts of Illegal Gratuities Economic Net Income Net Income
Interest Bribery Extortion Overstatements Understatements

Purchasing Invoice Timing Timing

Schemes Kickbacks Differences Differences

Sales Fictitious Understated

Bid Rigging Revenues Revenues
Schemes

Concealed Overstated
Liabilities and Liabilities and
Expenses Expenses

Improper Improper
Asset Asset
Valuations Valuations

Improper Improper
Disclosures Disclosures

Cash Inventory and All

Other Assets

Theft of Cash Theft of Cash Fraudulent Misuse Larceny

on Hand Receipts Disbursements

Asset
Requisitions
Billing Payroll Expense Check and Register and Transfers
Skimming Cash Larceny Reimbursement Payment
Schemes Schemes Disbursements
Schemes Tampering
False Sales
and Shipping
Shell Ghost Mischaracterized
Refunds Employee Forged Maker False Voids
Sales Receivables Company Expenses
and Other Purchasing
and Receiving
Non- Overstated
Accomplice Falsified Forged
Write-Off Expenses Endorsement False Refunds
Unrecorded Vendor Wages
Schemes Unconcealed
Larceny
Personal Commission Fictitious
Lapping Purchases Schemes Altered Payee
Understated Expenses
Schemes

Multiple Authorized
Unconcealed Reimbursements Maker

6
The definitions for many of the categories of fraud schemes in the Fraud Tree are found in the Glossary of Terminology on pg. 78. In previous reports, the category
check and payment tampering was referred to simply as check tampering. However, to better reflect the increasing shift toward electronic payment methods, we
have changed the category title.

Report to the NationsFraud

How Occupational Committed Report
HowIsOccupational to Committed
Fraud Is the Nations 11
 GLOSSARY OF
TERMINOLOGY
Asset misappropriation: A scheme in which an employee
steals or misuses the employing organization’s resourc-
es (e.g., theft of company cash, false billing schemes, or
inflated expense reports)
Billing scheme: A fraudulent disbursement scheme in which
a person causes his or her employer to issue a payment by
submitting invoices for fictitious goods or services, inflated
invoices, or invoices for personal purchases (e.g., employee
creates a shell company and bills employer for services not
actually rendered; employee purchases personal items and
submits an invoice to employer for payment)
Cash larceny: A scheme in which an incoming payment is
stolen from an organization after it has been recorded on
the organization’s books and records (e.g., employee steals
cash and checks from daily receipts before they can be
deposited in the bank)
Cash-on-hand misappropriations: A scheme in which the
perpetrator misappropriates cash kept on hand at the victim
organization’s premises (e.g., employee steals cash from a
company vault)
Check or payment tampering scheme8: A fraudulent
disbursement scheme in which a person steals his or her
employer’s funds by intercepting, forging, or altering a
check or electronic payment drawn on one of the organiza-
tion’s bank accounts (e.g., employee steals blank company
checks and makes them out to himself or herself or an
accomplice; employee re-routes an outgoing electronic
payment to a vendor to be deposited into his or her own
bank account)
Corruption: A scheme in which an employee misuses his or
her influence in a business transaction in a way that violates
his or her duty to the employer in order to gain a direct or
indirect benefit (e.g., schemes involving bribery or conflicts
of interest)
Employee support programs: Programs that provide
support and assistance to employees dealing with personal
issues or challenges, such as counseling services for drug,
family, or financial problems
Expense reimbursements scheme: A fraudulent disburse-
ment scheme in which an employee makes a claim for reim-
bursement of fictitious or inflated business expenses (e.g.,
employee files fraudulent expense report, claiming personal
travel, nonexistent meals)
78 Glossary of Terminology Report to the Nations
Financial statement fraud: A scheme in which an employee
intentionally causes a misstatement or omission of material
information in the organization’s financial reports (e.g., re-
cording fictitious revenues, understating reported expens-
es, or artificially inflating reported assets)
Hotline: A mechanism to report fraud or other violations,
whether managed internally or by an external party
Management review: The process of management review-
ing organizational controls, processes, accounts, or transac-
tions for adherence to company policies and expectations
Noncash misappropriations: Any scheme in which an
employee steals or misuses noncash assets of the victim
organization (e.g., employee steals inventory from a ware-
house or storeroom; employee steals or misuses confiden-
tial customer information)
Occupational fraud: The use of one’s occupation for
personal enrichment through the deliberate misuse or
misapplication of the employing organization’s resources or
assets
Payroll scheme: A fraudulent disbursement scheme in
which an employee causes his or her employer to issue
a payment by making false claims for compensation (e.g.,
employee claims overtime for hours not worked; employee
adds ghost employees to the payroll)
Primary perpetrator: The person who worked for the victim
organization and who was reasonably confirmed as the
primary culprit in the case
Register disbursements scheme: A fraudulent disburse-
ment scheme in which an employee makes false entries on
a cash register to conceal the fraudulent removal of cash
(e.g., employee fraudulently voids a sale on his or her cash
register and steals the cash)
Skimming: A scheme in which an incoming payment is
stolen from an organization before it is recorded on the
organization’s books and records (e.g., employee accepts
payment from a customer but does not record the sale and
instead pockets the money)
8
In previous reports, this category was referred to simply as check tam-
pering. However, to better reflect the increasing shift toward electronic
payment methods, we have changed the category title to check and
payment tampering.
 Computer Fraud
includes the following:

 The theft, misuse or misappropriation of assets by altering

computer-readable records and files
 The theft, misuse or misappropriation of assets by altering
the logic of the software
 The theft or illegal use of computer-readable information
 The theft, corruption, illegal copying or intentional
destruction of computer software
 The theft, misuse or misappropriation of computer
hardware
Computer Fraud in the Stages of
the Accounting Information
System
 Data Collection

 Data entered into the system are falsified

 Fraud can be committed from remote locations:
 Masquerading
 Gaining access pretending to be an authorized user
 Piggybacking
 Latching on to a user who is logging in to the system
 Hacking (may involve the techniques above)
 Hackers usually are motivated by the challenge of breaking
into a system rather than financial gain
 Data Processing

 Program Fraud which includes:

 Creating programs that modify values in the records
 Destroying or corrupting a computer’s logic using a virus
 Altering program logic to cause incorrect processing
 Operations Fraud
 Simply using the firm’s computer resources for personal
gain (e.g. using your employer’s system to prepare
financial statements and tax returns for private clients)
 Salami Technique

 Interest calculations done by a system employed by

the bank distributes fractions of a cent to random
clients at a time so as not to cause unbalanced
records.
 However, a program called the salami fraud modifies
the rounding logic that it causes those fractions of a
cent to be credited to the account of the perpetrator.
 Database Management

 This included altering, deleting, corrupting,

destroying or stealing an organization’s data.
 Some might steal information to sell to competitors,
others may just be disgruntled employees trying to
get back at the company.
 Logic Bomb is a program that at a specified time,
when certain conditions are met, it erases all the data
files that the program accesses.
 Information Generation

 Fraud is directed at stealing, misdirecting or misuse of

computer output using some techniques such as:
 Scavenging
 Involves searching through the trash either in the system
or the physical trash bin
 Eavesdropping
 Intercepting messages being sent over unprotected
communication lines
 Can be prevented through data encryption
 Internal Control
Concepts and Techniques
 Internal Control System (ICS)

 This comprises policies, practices and procedures

employed by the organization to achieve four broad
objectives:
 To safeguard the assets of the firm
 To ensure the accuracy and reliability of accounting
records and information
 To promote efficiency in the firm’s operations
 To measure compliance with management’s prescribed
policies ad procedures
 Modifying Assumptions

 Inherent in the control objectives are four modifying

assumptions that guide designers and auditors of
internal control:
 Management Responsibility of the ICS
 Reasonable Assurance – there are no perfect controls
 Methods of Data Processing – controls to be applied will
depend on technology used
 Limitations such as the possibility of error, circumvention,
management override and changing conditions
 Exposures and Risks

 Exposure is the absence or weakness of a control

which may subject the firm to unauthorized access,
fraud, errors and mischievous acts resulting into one
or more of the following risks:
 Destruction of assets
 Theft of assets
 Corruption of information or the information system
 Disruption of the information system
 The Preventive-Detective-Corrective
Internal Control Model

 Preventive Controls
 Passive techniques designed to reduce the frequency of
occurrence of undesirable events
 Detective Controls
 Devices, techniques and procedures designed to identify and
expose undesirable events that elude preventive controls
 Corrective Controls
 Actions taken to reverse the effects of errors detected in the
previous step