Professional Documents
Culture Documents
SARBANES-OXLEY ACT and ETHICAL ISSUES Fraud Triangle- consists of three factors that contribute
to or are associated with management and employee
o Named after Senator Paul Sarbanes, D-Md., and fraud:
Congressman Michael Oxley, R-Ohio.
o Also called SarbOx or SOX 1. Situational pressure- includes personal or job-
o Became law on July 30, 2002 related stresses that could coerce an individual
o Federal law that established sweeping auditing to act dishonestly
and financial regulations for public companies. 2. Opportunity- involves direct access to assets
o It helps protect shareholders, employees and and/or access to information that controls
assets
the public from accounting errors and
3. Ethics- pertains to one’s character and degree
fraudulent financial practices
of moral opposition to acts of dishonesty
Fraud and Accountants
5 Conditions of Fraud:
o False representation
o Material Fact
o Intent
o Justifiable reliance
o Injury/loss
LEVELS OF FRAUD:
The Underlying Problems
4 principal types:
1. Control environment
o Integrity and ethics of
management
o Organizational structure
o Role of the board of directors
and the audit committee
o Management’s policies and
philosophy
o Delegation of responsibility and
authority
o Performance evaluation
measures
o External influences- regulatory
agencies
o Policies and practices managing
human resources
2. Risk assessment
o Identify, analyze and manage
The Preventive-Detective-Corrective Internal Control risks relevant to financial
Model reporting:
o Changes in external
o Preventive controls
environment
o It forces compliance with prescribed or
o Risky foreign markets
desired actions and thus screen out
o Significant and rapid
aberrant (departing from an accepted
growth that strain
standard) events
internal controls
o Detective Controls
o New product lines
o These are devices, techniques, and
o Restructuring,
procedures designed to identify and
downsizing
expose undesirable events that elude
o Changes in accounting
preventive controls
o Corrective Controls policies
3. Information and communication
a. The AIS should produce high a. Examples: controls over sales order
quality information which processing, accounts payable, and
i. Identifies and records all payroll applications
valid transactions
Six Types of Physical Controls
ii. Provides timely
information in 1. Transaction Authorization
appropriate detail to o Used to ensure that employees are carrying out
permit proper only authorized transactions
classification and o General (everyday procedures) or specific (non-
financial reporting routine transactions) authorizations
iii. Accurately measures the o The rules are often embedded within computer
financial transactions programs.
iv. Accurately records o EDI/JIT: Automated re-ordering of
transactions in the time inventory without human intervention
period in which they (Basis: Instructional material 2)
occurred 2. Segregation of Duties
4. Monitoring- the process for assessing A computer program may perform many
the quality of internal control design tasks that are deemed incompatible. Thus
and operation the crucial need to separate program
a. Ongoing monitoring: development, program operations, and
i. Computer modules program development
integrated into routine o In manual systems, separation between
operations o Authorizing and processing a
ii. Management reports transaction
which highlight trends o Custody and record-keeping of the
and exception from
asset
normal performance
o Subtask
5. Control Activities- policies and
3. Supervision
procedures to ensure that the
o The ability to asses competent
appropriate actions are taken in
employees becomes more challenging
response to identified risks
due to the greater technical knowledge
a. Fall into 2 distinct categories:
required
i. IT Controls- relate
o A compensation for lack of segregation;
specifically to the
some may be built into computer
computer environment
systems
ii. Physical controls-
o An underlying assumption of
primarily pertain to
supervision control is that the firm
human activities
employs competent and trustworthy
TWO TYPES OF IT CONTROLS: personnel. The competent and
trustworthy employee assumption
1. General Control- pertain to the entity-wide
promotes supervisory efficiency
computer environment
4. Accounting records
a. Examples: controls over data center,
o The accounting records of an
organization databases, systems
organization consist of source
development, and program
documents, journals, and ledgers. These
maintenance
records capture the economic essence
2. Application controls- ensure the integrity of
of transactions and provide and audit
specific systems
trail of economic events
o Audit trail
5. Access Controls
o Data consolidation exposes the
organization to computer fraud and
excessive losses from disaster
o Help to safeguard assets by restricting
physical access to them
6. Independent Verification
o When tasks are performed by the
computer rather than manually, the
need for an independent check is not
necessary. However the program
themselves are checked.
o Reviewing batch totals or reconciling
subsidiary accounts with control
accounts
o Through independent verification
procedures, management can access:
i. The performance of individuals
ii. The integrity of the transaction
processing system
iii. The correctness of data
contained in accounting records