Professional Documents
Culture Documents
- (Kohlberg’s model was created specifically for - Many argue that computer ethics are no
the framework of child development and has different in nature than traditional issues
been widely criticized for promoting the (property rights, copyright, trade secrets, patent
inherent value system of its author. The laws). The following issues of concern involve
original Kohlberg model organized a child’s computer ethics and may generate class
values development from parental discussions:
punishment/rewards to organizational
belonging/success (local maximization) to Privacy: how much information about you is
greater social contracts/justice (forgoing one’s available to others? How much information
individual gains for the sake of societal gain). about yourself do you really own?
The representation in the Hall textbook is an Security (Accuracy and Confidentiality):
interpretation of the Kohlberg model. How can you avoid authorized/unauthorized
individuals accessing or changing your
computerized information? Where is the
balance between safe data and open shared The fraud occurs at levels that are above
resources? internal control mechanisms.
Ownership of Property: Can an individual The fraud occurs by managers who can
own ideas? Media? Source or object code? Do manipulate financial statements through either
copyright laws and patents restrict the progress expense allocations or revenue recognition.
of technology? The misappropriation of assets can be covered
Equity in Access: Does the economic status up with complex transactions, often involving third
of an individual restrict him/her from access to parties.
a career in information technology?
Environmental Issues: Do high-speed Factors That Contribute to Fraud
printers cause less responsibility for reducing
paper waste? Forces that interact to motivate an individual to commit
Artificial Intelligence: Who is responsible fraud can be categorized as situational pressures (high),
for the decisions that an expert system or a bot opportunity (high), and personal characteristics/ethics
might make on behalf of a business? (low).
Unemployment and Displacement: When a Auditors should look to many places to determine
business downsizes employees because a management’s motivations to commit fraud and should
computer now performs their jobs, is that look at the top management of the companies they
business responsible to retrain the displaced audit to find the answers to questions such as :
employees?
Misuse of Computers: How do you feel
Personal: Do any of the managers have a lot of
about copying software, MP3 music files,
debt? Are they living beyond their means? Are they
snooping through other people’s files, or using a
gambling? Do they abuse substances?
business’ computer for personal purposes?
Environment: Are economic conditions
unfavorable?
- Managers must establish and maintain a system Business: Does the company use several
of internal controls to ensure the integrity and different banks, none of which see the company’s
reliability of their data. entire financial picture? Are there close associations
with any supplier?
FRAUD AND ACCOUNTANTS
Fraud is a false representation of a material fact made Financial Losses From Fraud
by one party to another party with the intent to deceive
and to induce the other party to rely on the fact to his
or her detriment. Many times, alleged fraud is just poor The opportunity seems to be the overall most important
management decisions or adverse business conditions. factor associated with the fraud. Opportunity can be
defined as control over assets or access to assets.
Common law asserts that for an act to be considered Opportunity is characterized in this dataset with a
fraudulent, it must meet five requirements: higher management position, which is mostly filled by
older, more educated males at this time in history.
1. There must be a false representation,
statement or a nondisclosure. Fraud Schemes
2. There must be a material fact, a substantial The three broad categories of fraud schemes to be
factor in inducing someone to act. discussed in this class are fraudulent financial
3. There must be intent to deceive. statements, corruption, and asset misappropriation.
4. The misrepresentation must have resulted
in justifiable reliance causing someone to act.
5. The deception must have caused injury or
loss to the victim of the fraud. Fraudulent Financial Statements
Requires companies registered with the SEC to: Preventive controls are designed to reduce the
opportunities for the commission of errors or
Keep records that fairly and reasonably reflect fraud. They are passive controls, meaning that they
the transactions of the firm and its financial are integrated into the system in the hopes of
position, and preventing errors and fraud before they happen.
Maintain a system of internal control that They provide safeguards that are built into the
provides reasonable assurance that the system's routine procedures.
organization’s objectives are met. Detective controls are designed to detect errors
or fraud after they have occurred. These controls
Internal Control in Concept compare what has actually happened with what
was supposed to happen. If deviations occur, they
are identified.
Corrective controls are measures taken to
Internal control systems include all of the policies, correct errors, especially material ones, once they
practices, and procedures employed by the organization have been detected. Such measures should be
to achieve four broad objectives (according to AICPA’s taken with caution after the reasons for the errors
SAS#1, sec. 320): have been found. If an error is a minor one, it may
not be worth analyzing and correcting.
to safeguard assets of the firm,
to ensure the accuracy and reliability of Auditing and Auditing Standards
accounting records and information,
to promote the efficiency of the firm's
operations, and
to measure compliance with management's Auditors are guided in their professional responsibilities
prescribed policies and procedures. by GAAS (Generally Accepted Auditing Standards), in
addition to many other Statements on Auditing
Standards.
According to SAS No. 78, internal control consists of the Information and Communication
control environment, risk assessment, information and
communication activities, monitoring activities, and Managers are responsible for developing,
control activities. implementing, and maintaining a good system
of Information and Communication for all in the
Control Environment organization. The accounting information system
consists of the records and methods used to initiate,
The Control Environment is the foundation of internal identify, analyze, classify, and record the organization’s
control and sets the tone for the organization. transactions and account for the related assets and
Important elements of the control environment include: liabilities.
The integrity and ethical values of management The quality of information generated by an
The organizational structure of the company organization's accounting information system will
The role and participation level of the board of impact the reliability of the organization's financial
directors and of the audit committee statements. Auditors are required to obtain an
understanding of the classification of material
Is there an internal auditing department that reports to transactions, the processing of those transactions in the
the audit committee? accounting records, and the utilization of processed
data in the preparation of financial statements.
Management's philosophy or approach to
Effective accounting information systems will:
running the company
Delegation of responsibility and authority
Identify and record all valid financial
transactions.
Is there proper segregation of duties between
Provide timely information about transactions
authorization, custody, and accounting?
in sufficient detail to permit proper classification
and financial reporting.
Methods for evaluating performance
Accurately measure the financial value of
External influences, such as examinations by
transactions so their effects can be recorded in
outside parties
financial statements.
The organization's policies and practices for
Accurately record transactions in the time
managing its human resources
period in which they occurred.
SAS 78 requires the auditors to obtain sufficient
Auditors are required to obtain sufficient knowledge of
knowledge to assess the attitude and awareness of an
the information system to understand:
organization's management, the board of directors, and
owners to determine the importance of internal control
The classes of transactions that are material to
in their organization. Techniques they could utilize
the financial statements and how those
include background checks, reputation, integrity,
transactions are initiated.
external conditions, knowledge of the client’s industry,
The accounting records and accounts that are
and specific business.
used in the processing of material transactions.
Management should adopt the provisions of the The transaction processing steps involved from
Sarbanes-Oxley Act by: the initiation of a transaction to its inclusion in the
financial statements.
Separating the roles of CEO and chairman, The financial reporting process used to prepare
Setting ethical standards, financial statements, disclosures, and accounting
Establishing an Independent Audit Committee estimates.
Compensation Committees
Nominating Committees Monitoring
Access to Outside Professionals
Monitoring must be performed to determine that the
internal controls are functioning as intended.
Risk Assessment
Monitoring may be performed by internal auditors who
Management must assess the risks of their business
periodically test controls and report to management
and their environment. Such risk would be increased by,
any weaknesses that could be a cause for concern.
for example, rapid growth, new competitors, new
Monitoring can also be performed continuously through
product lines, organizational restructuring, entering
the implementation of computer modules designed
foreign markets, implementation of new technology, or
specifically to monitor the functioning of internal
controls. A good reporting system, reviewed by Auditors must understand system controls to know
management, is also an excellent monitoring their impact on the audit trails of the records.
information system. Access Controls safeguard assets by restricting
physical access. In computer-based systems, access
Control Activities controls should reduce the possibilities of computer
Control Activities are the policies and procedures used fraud and losses from disasters. Access controls
to ensure that appropriate actions are taken to deal should limit personnel access to central computers,
with the identified risks. There are two categories, restrict access to computer programs, provide
computer controls, and physical controls. security for the data processing center, provide
adequate backup for data files, and provide for
Computer Controls can be categorized into two groups: disaster recovery.
general controls and application controls. Independent Verification procedures identify
errors and misrepresentations and can be
General Controls pertain to pervasive, entity- performed by both managers and computers. For
wide concerns such as access and approval, such as example, managers can review financial and
human resources and project management. management reports, and computers can reconcile
Application Controls pertain to the details of batch totals or subsidiary accounts with control
specific systems, such as payroll. accounts. Management can assess an individual
application’s performance, processing system
Physical Controls typically relate to manual procedures. integrity, and data accuracy. Examples of
Traditionally, there are six categories of physical independent verification include reconciling batch
controls activities: totals at various points of processing, comparing
physical assets with accounting records, reconciling
Transaction Authorization: Employees should subsidiary ledgers with general ledger control
only be carrying out authorized transactions. accounts, and reviewing management reports.
Authorizations may be general or specific. General
authorization may be granted to employees to carry The Importance of Internal Controls
out routine, everyday procedures while specific
The five components of internal control are:
authorization may be needed for non-routine
environment, risk assessment, information and
transactions.
communication, monitoring, and control activities.
Segregation of Duties: The key segregations
Understanding internal control will guide the auditor in
should be between the authorizing and the
the planning of specific tests to determine the likelihood
processing of a transaction and between the
and the extent of financial statement
custody of an asset and its record-keeping. The
misrepresentation.
system must be designed so that it would take
more than one employee to successfully carry out a
fraudulent act. In a computerized system, however,
many duties that must be segregated in a manual
system may be combined because computers do
not make errors or commit fraud. Nevertheless, in
a computer-based system, segregation should exist
between the functions of program development,
program operations, and program maintenance.
Figure 3-6 illustrates the top 3 objectives for the
segregation of duties.
Supervision is referred to as a compensating
control because it comes into play when there is
not an adequate separation of duties and
employees must double up on tasks. This control is
especially important for computer-based systems as
often management must hire from a small supply of
technically competent individuals, these individuals
have access to much of the organization’s sensitive
data, and because management is unable to
observe employees who work with the system.
Accounting Records are the source documents,
journals, and ledgers of a business. These
documents provide the audit trail for all the
company's economic transactions. Audit trails are
also created in computer-based systems, but the
form and appearance of the accounting records are
different from those in a manual system (hashing
techniques, pointers, indexes, embedded keys).