Reviewer:
distributed fairly to those who share risks. This
Ethics Fraud and Internal Control
Ethical Issues in Business:
 Business Ethics
 Computer Ethics
 Sarbanes-Oxley Act and Ethical Issues
Ethical Issues in Business
Ethical Standards- are derived from societal mores and
deep-rooted personal beliefs about issues of right and
wrong that are not universally agreed upon
Ethics- pertains to the principles of conduct that
individuals use in situations that involve the concepts of
right and wrong
Business Ethics- it involves in finding the answers to two
questions
1. How do managers decide what is right in
conducting their business?
2. Once managers have recognized what is right,
how do they achieve it?
Ethical Issues in business can be divided into four areas:
 Equity
 Rights
 Honesty
Table 3-1 ETHICAL ISSUES IN BUSINESS
Making Ethical Decision
o business organization have conflicting
responsibilities to their employees, shareholder,
customers, and the public.
o Every major decision has consequences that
potentially harm or benefit these constituents
Proportionality- the benefit from a decision must
outweigh the risks
 Justice- the benefits of the decision should be
who do not benefit should not carry the burden
of risk
 Minimize risk- even if judged acceptable by the
principles, the decision should be implemented
so as to minimize all the risks and avoid any
unnecessary risks.
Computer Ethics- the analysis of the nature and
social impact of computer technology and the
corresponding formulation and justification of
policies for ethical use of such technology.
Computer Ethics:
Three level of computer ethics
 Pop- simply the exposure to stories
and reports found in the popular
media regarding the good and bad
ramifications of computer
technology
 Para- involves taking a real interest
in computer ethics cases and
acquiring some level of skill and
knowledge in the field
 Theoretical -interest to multi-
disciplinary researchers who apply
the theories of philosophy,
sociology, and psychology to
computer science with the goal of
bringing some new understanding
to the field
Privacy- people desire to be in full control of what and
how much information about themselves is available
Security (Accuracy and Confidentiality)- security
systems attempt to prevent fraud and other misuse of
computer systems, they act to protect and further the
legitimate interests of the system’s constituencies
Ownership of Property- copyright laws have been
invoked in an attempt to protect those who develop
software from having it copied
Equity in Access- some barriers to access are intrinsic to
the technology of information systems, but some are
avoidable through careful system design
Environmental Issues:
Computers with high-speed printers allow for the
production of printed documents faster than ever
before.
-it may be more efficient and more comforting to have a
hardcopy in addition to the electronic version. However,
paper comes from trees, precious natural resources,
and ends up in land fills if not properly recycled.
Unemployment and Displacement- many jobs have
been and are being changed as a result of the
availability of computer technology. People unable or
unprepared to change are displaced
Misuse of Computers- examples are
 Copying of proprietary software
 Using company for personal benefit
 Snooping through people’s files
Employee fraud- fraud by non-management employees.
Generally designed to directly convert cash or other
assets to the employee’s personal benefit
Management Fraud- is more insidious. It often escapes
detection until the organization has suffered irreparable
damage or loss
THREE SPECIAL CHARACTERISTICS OF FRAUD
1. The fraud is perpetrated at levels of
management above the one to which internal
control structures generally relate
2. The fraud frequently involves using the financial
statements to create an illusion that an entity is
healthier and more prosperous than it is.
3. Involves misappropriation of assets, it
frequently is shrouded in a maze of complex
business transactions, often involving third
parties

SARBANES-OXLEY ACT and ETHICAL ISSUES
o Named after Senator Paul Sarbanes, D-Md., and
Congressman Michael Oxley, R-Ohio.
o Also called SarbOx or SOX
o Became law on July 30, 2002
o Federal law that established sweeping auditing
and financial regulations for public companies.
o It helps protect shareholders, employees and
the public from accounting errors and
fraudulent financial practices
Fraud and Accountants
Fraud Triangle- consists of three factors that contribute
to or are associated with management and employee
fraud:
1. Situational pressure- includes personal or job-
related stresses that could coerce an individual
to act dishonestly
2. Opportunity- involves direct access to assets
and/or access to information that controls
assets
3. Ethics- pertains to one’s character and degree
of moral opposition to acts of dishonesty

Fraud- false representation of a material fact made by

one party to another party with the intent to deceive
and induce the other party to justifiably rely on the fact
to his/her detriment

o Aka. White-collar crime, defalcation,

embezzlement, and irregularities

5 Conditions of Fraud:

o False representation
o Material Fact
o Intent
o Justifiable reliance
o Injury/loss

LEVELS OF FRAUD:
 The Underlying Problems

o Lack of auditor independence

o Auditing firms that are also engaged by
their clients to perform non-accounting
activities
o Ex. Enron’s auditors-Arthur Andersen-
were also their internal auditors and
their management consultants

o Lack of Director Independence

o Directors who have a personal
relationship
 By serving on the boards of
other director’s companies
 Have a business trading
relationship as key customers
or suppliers of the company
 Have a financial relationship as
primary stockholders or have
received personal loans from
the company
 Have an operational
relationship as employees of
the company
o Questionable Executive Compensation
Schemes
o Fewer stock options should be offered
than currently is the practice
o Inappropriate Accounting Practices
o Use of special-purpose entities to hide
Fraud Schemes: liabilities through off-balance-sheet
1. Fraudulent Statements- this type of fraud accounting
scheme, the statement itself must bring direct 2. Corruption- involves an executive, manager, or
or indirect financial benefit to the perpetrator employee of the organization in collusion with
o For example- misstating the cash account an outsider
balance to cover the theft of cash is NOT - Collusion meaning:
financial statement fraud. On the other hand, secret or illegal
understating liabilities to present a more cooperation or
favorable financial picture of the organization to conspiracy, especially in
drive up stock prices DOES FALL to this order to cheat or
classification. deceive others.

4 principal types:

o Bribery- involves giving, offering, soliciting, or

receiving things of value to influence an official
in the performance of his or her lawful duties
o Illegal gratuities – involves giving, receiving,
offering, or soliciting something of value
because of an official act that has been taken
o Conflicts of interest – occurs when an
employee acts on behalf of a third party during
discharge of his or her duties or has self-interest
in the activity being performed
o Economic extortion- is the use (or threat) of
force (including economic sanctions) by an
individual or organization to obtain something
of value
3. Asset Misappropriation- assets are either
directly or indirectly diverted to the
perpetrator’s benefit
Examples:
o Skimming- involves stealing of cash
from the organization before it is
recorded on the organization’s books
and records
o Cash larceny- involves schemes in
which cash receipts are stolen from an
organization after they have been
recorded in the organization’s books
and records.
o Billing schemes- a.k.a vendor fraud, are
perpetrated by employees who causes
their employer to issue a false supplier
or vendor by submitting invoices for
fictitious goods and services, inflated
invoices, or invoices for personal
purchases
o SHELL COMPANY
o PASS THROUGH FRAUD
o PAY-AND-RETURN
o Check tampering -Involves forging or
changing in some material way a check
that the organization has written to a
legitimate payee
o Payroll- the distribution of fraudulent
paychecks to existent and or non-
existent employees
o Expense Reimbursements- are schemes
in which an employee makes a claim for
reimbursement of fictitious or inflated
business expenses.
o For example, a company sales
person files false expenses
reports, claiming meals,
lodging, and travel that never
occurred
o Theft of cash- are schemes that involve
the direct theft of cash on hand in the
organization
o Non-cash misappropriations- schemes
that involve the theft of misuse of the
victim organization’s non-cash assets.
o One example of this is a
warehouse clerk who steals
inventory from a ware-house or
storeroom
Computer Fraud- computers lie in the heart of modern
accounting information systems, and the topic of
computer fraud is of importance to auditors
Internal Control Concepts and Techniques
a. To safeguard assets of the firm
b. To ensure the accuracy and reliability of
accounting records and information
c. To promote the efficiency in the firm’s
operations
d. To measure compliance with
management’s prescribed policies and
procedures
Modifying Assumptions
o Management responsibility-the establishment
and maintenance of a system of internal control
is the responsibility of the management.
o Reasonable assurance- the cost of achieving
the objective of internal controls should not
outweigh its benefits
o Methods of data processing- The techniques of
achieving the objectives will vary with different
types of technology
o Limitations- the techniques of achieving the
objectives will vary with the different types of
technology
LIMITATIONS OF INTERNAL CONTROLS
  Possibility of honest errors
 Circumvention via collusion
 Management override
 Changing condition—especially in companies
with high growth
Exposures of Weak Internal Controls (Risk)
 Destruction of asset
 Theft of an asset
 Corruption of information
 Disruption of the information System
o These are actions taken to reverse the
effects of errors detected in the
previous step
SAS 78/ COSO
Describes the relationship between the firm’s…
o Internal control structure
o Auditor’s assessment of risk
o The planning of audit procedures
“The weaker the internal control structure, the higher
the assessed level of risk; the higher the risk, the more
auditor procedures applied in the audit”

5 INTERNAL CONTROL COMPONENTS SAS 78/COSO

1. Control environment
o Integrity and ethics of
management
o Organizational structure
o Role of the board of directors
and the audit committee
o Management’s policies and
philosophy
o Delegation of responsibility and
authority
o Performance evaluation
measures
o External influences- regulatory
agencies
o Policies and practices managing
human resources
2. Risk assessment
o Identify, analyze and manage
The Preventive-Detective-Corrective Internal Control risks relevant to financial
Model reporting:
o Changes in external
o Preventive controls
environment
o It forces compliance with prescribed or
o Risky foreign markets
desired actions and thus screen out
o Significant and rapid
aberrant (departing from an accepted
growth that strain
standard) events
internal controls
o Detective Controls
o New product lines
o These are devices, techniques, and
o Restructuring,
procedures designed to identify and
downsizing
expose undesirable events that elude
o Changes in accounting
preventive controls
o Corrective Controls policies
3. Information and communication
 a. The AIS should produce high
quality information which
i. Identifies and records all
valid transactions
Six Types of Physical Controls
ii. Provides timely
information in
appropriate detail to
permit proper
classification and
financial reporting
iii. Accurately measures the
financial transactions
iv. Accurately records
transactions in the time
period in which they
occurred
4. Monitoring- the process for assessing
the quality of internal control design
and operation
a. Ongoing monitoring:
i. Computer modules
integrated into routine
operations
ii. Management reports
which highlight trends
and exception from
normal performance
5. Control Activities- policies and
procedures to ensure that the
appropriate actions are taken in
response to identified risks
a. Fall into 2 distinct categories:
i. IT Controls- relate
specifically to the
computer environment
ii. Physical controls-
primarily pertain to
human activities
TWO TYPES OF IT CONTROLS:
1. General Control- pertain to the entity-wide
computer environment
a. Examples: controls over data center,
organization databases, systems
development, and program
maintenance
2. Application controls- ensure the integrity of
specific systems
a. Examples: controls over sales order
processing, accounts payable, and
payroll applications
1. Transaction Authorization
o Used to ensure that employees are carrying out
only authorized transactions
o General (everyday procedures) or specific (non-
routine transactions) authorizations
o The rules are often embedded within computer
programs.
o EDI/JIT: Automated re-ordering of
inventory without human intervention
(Basis: Instructional material 2)
2. Segregation of Duties
 A computer program may perform many
tasks that are deemed incompatible. Thus
the crucial need to separate program
development, program operations, and
program development
o In manual systems, separation between
o Authorizing and processing a
transaction
o Custody and record-keeping of the
asset
o Subtask
3. Supervision
o The ability to asses competent
employees becomes more challenging
due to the greater technical knowledge
required
o A compensation for lack of segregation;
some may be built into computer
systems
o An underlying assumption of
supervision control is that the firm
employs competent and trustworthy
personnel. The competent and
trustworthy employee assumption
promotes supervisory efficiency
4. Accounting records
o The accounting records of an
organization consist of source
documents, journals, and ledgers. These
records capture the economic essence
of transactions and provide and audit
trail of economic events
o Audit trail
5. Access Controls
o Data consolidation exposes the
organization to computer fraud and
excessive losses from disaster
o Help to safeguard assets by restricting
physical access to them
6. Independent Verification
o When tasks are performed by the
computer rather than manually, the
need for an independent check is not
necessary. However the program
themselves are checked.
o Reviewing batch totals or reconciling
subsidiary accounts with control
accounts
o Through independent verification
procedures, management can access:
i. The performance of individuals
ii. The integrity of the transaction
processing system
iii. The correctness of data
contained in accounting records