Professional Documents
Culture Documents
Objectives:
1. An introduction to the need for a code of ethics and internal controls
2. The accounting-related fraud that can occur when ethics codes and
internal controls are weak or not correctly applied
3. The maintenance of accounting internal controls
4. The maintenance of information technology controls
ACCOUNTING-RELATED FRAUD
Fraud can be defined as the theft, concealment, and conversion to personal gain of another’s
money, physical assets, or information. Notice that this definition includes theft and concealment.
In most cases, a fraud includes altering accounting records to conceal the fact that a theft
occurred. For example, an employee who steals cash from his employer is likely to alter the cash
records to cover up the theft. An example of conversion would be selling a piece of inventory that
has been stolen. The definition of fraud also includes theft, not only of money and assets, but also
of information. Much of the information that a company maintains can be valuable to others. For
example, customer credit card numbers can be stolen. An understanding of the nature of fraud is
important, since one of the purposes of an accounting information system is to help prevent fraud.
In fraud, there is a distinction between misappropriation of assets and mis- statement of
financial records. Misappropriation of assets involves theft of any item of value. It is sometimes
referred to as a defalcation, or internal theft, and the most common examples are theft of cash
or inventory. Restaurants and retail stores are especially susceptible to misappropriation of assets
because their assets are readily accessible by employees. Misstatement of financial records
involves the falsification of accounting reports. This is often referred to as earnings
management, or fraudulent financial reporting.
In order for a fraud to be perpetrated, three conditions must exist. These three conditions,
known as the fraud triangle, are as follows:
Incentive to commit the fraud. Some kind of incentive or pressure typically leads fraudsters to
their deceptive acts. Financial pressures, market pressures, job-related failures, or addictive
behaviors may create the incentive to commit fraud.
Opportunity to commit the fraud. Circumstances may provide access to the assets or records that
are the objects of fraudulent activity. Only those per- sons having access can pull off the fraud.
Ineffective oversight is often a contributing factor.
Rationalization of the fraudulent action. Fraudsters typically justify their actions because of their
lack of moral character. They may intend to repay or make up for their dishonest actions in the
future, or they may believe that the company owes them as a result of unfair expectations or an
inadequate pay raise.
Understanding these conditions is helpful to accountants as they create effective systems that
prevent fraud and fraudulent financial reporting. Fraud prevention is an increasingly important role
for accounting and IT managers in business organizations, because instances of fraud and its
devastating effects appear to be on the rise.
MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING
Incentive
(Pressure)
Opportunity Rationalizatio
n(Attitude)
Cash receipts theft is the most common type of employee fraud. It is often pulled off through a
technique known as skimming, where the organization’s cash is stolen before it is entered into
the accounting records. This type of theft is the most difficult to discover, since there is no internal
record of the cash. For example, consider the case of a ticket agent in a movie theater who
accepts cash from customers and permits those customers to enter the theater without a ticket.
The cash collected could be pocketed by the agent, and there would be no record of the
transaction.
Fraudsters also steal the company’s cash after it has been recorded in the accounting
records. This practice is known as larceny. Consider an example of an employee responsible
for making the bank deposit who steals the cash after it has been recorded in the accounts
receivable records. This type of fraud is uncommon because the fraudster is likely to be caught,
since the accounting reports provide evidence of the existence of the cash. Larceny is typically
detected when the reconciliation of cash counts (to the accounts receivable or payable records)
is performed or when the bank reconciliation is prepared.
In some cases, fraud may involve collusion. Collusion occurs when two or more people
work together to commit a fraud. Collusion can occur between two or more employees, employees
and customers, or employees and vendors. Collusion between employees within a company is
the most difficult to prevent or detect because it compromises the effectiveness of internal
controls. This is true because collusion can make it much easier to conduct and conceal a fraud
or theft even when segregation of duties is in place. For example, if a warehouse employee were
to steal inventory and an accounting clerk were to cover it up by altering the inventory records,
the fraud would be difficult to detect.
Input manipulation usually involves altering data that is input into the computer. For example,
altering payroll time cards to be entered into a computerized pay- roll system is a type of input
manipulation. Other examples of input manipulation would be creating false or fictitious data
inputs, entering data without source documents, or altering payee addresses of vendors or
employees.
Program manipulation occurs when a program is altered in some fashion to commit a
fraud. Examples of program manipulation include the salami technique, Trojan horse programs,
and trap door alterations.
A fraudster uses the salami technique to alter a program to slice a small amount from
MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING
several accounts and then credit those small amounts to the perpetrator’s benefit. For example,
a program that calculates interest earned can be altered to round down to the lower ten-cent
amount; that small excess of interest earned can be deposited to the perpetrator’s account.
Although it would take many transactions of this type to be of much benefit, the nature of interest
calculation is such that it occurs frequently on many accounts; therefore, the amount of the fraud
benefit could build quickly.
A Trojan horse program is a small, unauthorized program within a larger, legitimate
program, used to manipulate the computer system to conduct a fraud. For example, the rogue
program might cause a certain customer’s account to be written off each time a batch of sales or
customer payments are processed.
A trap door alteration is a valid programming tool that is misused to commit fraud. As
programmers write software applications, they may allow for unusual or unique ways to enter the
program to test small portions, or modules, of the system. These entranceways can be thought
of as hidden entrances, or trap doors. Before the program is placed into regular service, the trap
doors should be removed, but a programmer may leave a trap door in place in order to misuse it
to commit fraud.
Computer systems generate many different kinds of output, including checks and reports.
If a person alters the system’s checks or reports to commit fraud, this is known as output
manipulation. This kind of fraud is often successful simply because humans tend to trust the
output of a computer and do not question its validity or accuracy as much as they might if the
output were manually produced.
discover errors, fraud, or unauthorized events. Examples of detective controls include matching
physical counts to inventory records, reconciling bank statements to company records, and
matching an invoice to its purchase order prior to payment. When these types of activities are
conducted, it becomes possible to detect problems that may exist. Finally, corrective controls
are those steps undertaken to correct an error or problem uncovered via detective controls. For
example, if an error is detected in an employee’s time card, there must be an established set of
steps to follow to assure that it is corrected. These steps would be corrective controls.
https://www.youtube.com/watch?v=TZggvpensfk
https://www.youtube.com/watch?v=-otHohty-Lk
https://www.youtube.com/watch?v=XzOjBFppJHs