MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

CHAPTER 3: FRAUD, ETHICS, AND INTERNAL CONTROL

Objectives:
1. An introduction to the need for a code of ethics and internal controls
2. The accounting-related fraud that can occur when ethics codes and
internal controls are weak or not correctly applied
3. The maintenance of accounting internal controls
4. The maintenance of information technology controls

ACCOUNTING-RELATED FRAUD
Fraud can be defined as the theft, concealment, and conversion to personal gain of another’s
money, physical assets, or information. Notice that this definition includes theft and concealment.
In most cases, a fraud includes altering accounting records to conceal the fact that a theft
occurred. For example, an employee who steals cash from his employer is likely to alter the cash
records to cover up the theft. An example of conversion would be selling a piece of inventory that
has been stolen. The definition of fraud also includes theft, not only of money and assets, but also
of information. Much of the information that a company maintains can be valuable to others. For
example, customer credit card numbers can be stolen. An understanding of the nature of fraud is
important, since one of the purposes of an accounting information system is to help prevent fraud.
In fraud, there is a distinction between misappropriation of assets and mis- statement of
financial records. Misappropriation of assets involves theft of any item of value. It is sometimes
referred to as a defalcation, or internal theft, and the most common examples are theft of cash
or inventory. Restaurants and retail stores are especially susceptible to misappropriation of assets
because their assets are readily accessible by employees. Misstatement of financial records
involves the falsification of accounting reports. This is often referred to as earnings
management, or fraudulent financial reporting.
In order for a fraud to be perpetrated, three conditions must exist. These three conditions,
known as the fraud triangle, are as follows:
Incentive to commit the fraud. Some kind of incentive or pressure typically leads fraudsters to
their deceptive acts. Financial pressures, market pressures, job-related failures, or addictive
behaviors may create the incentive to commit fraud.
Opportunity to commit the fraud. Circumstances may provide access to the assets or records that
are the objects of fraudulent activity. Only those per- sons having access can pull off the fraud.
Ineffective oversight is often a contributing factor.
Rationalization of the fraudulent action. Fraudsters typically justify their actions because of their
lack of moral character. They may intend to repay or make up for their dishonest actions in the
future, or they may believe that the company owes them as a result of unfair expectations or an
inadequate pay raise.

Understanding these conditions is helpful to accountants as they create effective systems that
prevent fraud and fraudulent financial reporting. Fraud prevention is an increasingly important role
for accounting and IT managers in business organizations, because instances of fraud and its
devastating effects appear to be on the rise.
 MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

Incentive
(Pressure)

Opportunity Rationalizatio
n(Attitude)

Can Internal Control Example of an Internal

Be Effective in Preventing Control That Can Be
Fraud Category Example or Detecting? Effective

Management fraud Misstating financial Usually not, because of n/a

statements
Employee fraud Inflating hours worked
on time card
Customer fraud Returning stolen
merchandise for cash
Vendor fraud Requesting duplicate
payment for one invoice
Categories of Accounting-
Related Fraud
management override
Yes Require supervisor to
verify and sign time card
Yes Provide refund only if
proper sales receipt exists
Yes Pay only those invoices
that have a matching purchase
order and receiving report,
and mark documents as
paid or cancelled

THE NATURE OF MANAGEMENT FRAUD

Management fraud, conducted by one or more top-level managers within the company, is usually
in the form of fraudulent financial reporting. Oftentimes, the chief executive officer (CEO) or chief
financial officer (CFO) conducts fraud by misstating the financial statements through elaborate
schemes or com- plex transactions. Managers misstate financial statements in order to receive
such indirect benefits as the following:
1. Increased stock price. Management usually owns stock in the company, and it benefits
from increased stock price.
2. Improved financial statements, which enhance the potential for a merger or initial
public offering (IPO), or prevent negative consequences due to non- compliance with
debt covenants or decreased bond ratings.
3. Enhanced chances of promotion, or avoidance of firing or demotion.
4. Increased incentive-based compensation such as salary, bonus, or stock options.
5. Delayed cash flow problems or bankruptcy.
 MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

THE NATURE OF EMPLOYEE FRAUD

Employee fraud is conducted by nonmanagement employees. This usually means that an
employee steals cash or assets for personal gain. While there are many different kinds of
employee fraud, some of the most common are as follows:

1. Inventory theft. Inventory can be stolen or misdirected. This could be merchandise,

raw materials, supplies, or finished goods inventory.
2. Cash receipts theft. This occurs when an employee steals cash from the company. An
example would be the theft of checks collected from customers.
3. Accounts payable fraud. Here, the employee may submit a false invoice, create a
fictitious vendor, or collect kickbacks from a vendor. A kickback is a cash payment
that the vendor gives the employee in exchange for the sale; it is like a business bribe.
4. Payroll fraud. This occurs when an employee submits a false or inflated time card.
5. Expense account fraud. This occurs when an employee submits false travel or
entertainment expenses, or charges an expense ledger account to cover the theft of
cash.

Cash receipts theft is the most common type of employee fraud. It is often pulled off through a
technique known as skimming, where the organization’s cash is stolen before it is entered into
the accounting records. This type of theft is the most difficult to discover, since there is no internal
record of the cash. For example, consider the case of a ticket agent in a movie theater who
accepts cash from customers and permits those customers to enter the theater without a ticket.
The cash collected could be pocketed by the agent, and there would be no record of the
transaction.
Fraudsters also steal the company’s cash after it has been recorded in the accounting
records. This practice is known as larceny. Consider an example of an employee responsible
for making the bank deposit who steals the cash after it has been recorded in the accounts
receivable records. This type of fraud is uncommon because the fraudster is likely to be caught,
since the accounting reports provide evidence of the existence of the cash. Larceny is typically
detected when the reconciliation of cash counts (to the accounts receivable or payable records)
is performed or when the bank reconciliation is prepared.
In some cases, fraud may involve collusion. Collusion occurs when two or more people
work together to commit a fraud. Collusion can occur between two or more employees, employees
and customers, or employees and vendors. Collusion between employees within a company is
the most difficult to prevent or detect because it compromises the effectiveness of internal
controls. This is true because collusion can make it much easier to conduct and conceal a fraud
or theft even when segregation of duties is in place. For example, if a warehouse employee were
to steal inventory and an accounting clerk were to cover it up by altering the inventory records,
the fraud would be difficult to detect.

THE NATURE OF CUSTOMER FRAUD

Customer fraud occurs when a customer improperly obtains cash or property from a company,
or avoids a liability through deception. Although customer fraud may affect any company, it is an
especially common problem for retail firms and companies that sell goods through Internet-based
commerce. Examples of customer fraud include credit card fraud, check fraud, and refund fraud.
Credit card fraud and check fraud involve the customer’s use of stolen or fraudulent credit cards
and checks. Refund fraud occurs when a customer tries to return stolen goods to collect a cash
refund.
 MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

THE NATURE OF VENDOR FRAUD

Vendor fraud occurs when vendors obtain payments to which they are not entitled. Unethical
vendors may intentionally submit duplicate or incorrect invoices, send shipments in which the
quantities are short, or send lower-quality goods than ordered. Vendor fraud may also be
perpetrated through collusion. For example, an employee of a company could make an
agreement with a vendor to continue the vendor relationship in the future if the employee receives
a kickback.
More and more companies are conducting vendor audits as a way to protect themselves
against unscrupulous vendors. Vendor audits involve the examination of vendor records in
support of amounts charged to the company. Since many vendor contracts involve reimbursement
for labor hours and other expenses incurred, the company can review supporting documentation
for these expenses incurred by its vendor. This could reveal whether or not the vendor is honest
in reporting expenses, and may be the basis for continuing or terminating the business
relationship.

THE NATURE OF COMPUTER FRAUD

In addition to the frauds described in previous sections, organizations must also attempt to
prevent or detect fraudulent activities involving the computer. Again, there are so many different
kinds of computer fraud that it is not feasible to describe all the possibilities in this chapter. In
some cases, the computer is used as a tool to more quickly and efficiently conduct a fraud that
could be con- ducted without a computer. For example, an individual could perpetrate industrial
espionage, the theft of proprietary company information, by digging through the trash of the
intended target company. However, it would probably be more efficient for a hacker to gain access
to the information through the tar- get company’s computer system. In other cases, the fraud
conducted is unique to computers. For example, a computer is required to accomplish software
piracy, the unlawful copying of software programs.
Another characteristic of computer fraud is that it can be conducted by employees within
the organization or unauthorized users outside the organization. We categorize these two sources
of computer fraud into internal computer fraud and external computer fraud.

INTERNAL SOURCES OF COMPUTER FRAUD

When an employee of an organization attempts to conduct fraud through the misuse of a
computer-based system, it is called internal computer fraud. Internal computer fraud concerns
each of the following activities:
1. Input manipulation
2. Program manipulation
3. Output manipulation

Input manipulation usually involves altering data that is input into the computer. For example,
altering payroll time cards to be entered into a computerized pay- roll system is a type of input
manipulation. Other examples of input manipulation would be creating false or fictitious data
inputs, entering data without source documents, or altering payee addresses of vendors or
employees.
Program manipulation occurs when a program is altered in some fashion to commit a
fraud. Examples of program manipulation include the salami technique, Trojan horse programs,
and trap door alterations.
A fraudster uses the salami technique to alter a program to slice a small amount from
 MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

several accounts and then credit those small amounts to the perpetrator’s benefit. For example,
a program that calculates interest earned can be altered to round down to the lower ten-cent
amount; that small excess of interest earned can be deposited to the perpetrator’s account.
Although it would take many transactions of this type to be of much benefit, the nature of interest
calculation is such that it occurs frequently on many accounts; therefore, the amount of the fraud
benefit could build quickly.
A Trojan horse program is a small, unauthorized program within a larger, legitimate
program, used to manipulate the computer system to conduct a fraud. For example, the rogue
program might cause a certain customer’s account to be written off each time a batch of sales or
customer payments are processed.
A trap door alteration is a valid programming tool that is misused to commit fraud. As
programmers write software applications, they may allow for unusual or unique ways to enter the
program to test small portions, or modules, of the system. These entranceways can be thought
of as hidden entrances, or trap doors. Before the program is placed into regular service, the trap
doors should be removed, but a programmer may leave a trap door in place in order to misuse it
to commit fraud.
Computer systems generate many different kinds of output, including checks and reports.
If a person alters the system’s checks or reports to commit fraud, this is known as output
manipulation. This kind of fraud is often successful simply because humans tend to trust the
output of a computer and do not question its validity or accuracy as much as they might if the
output were manually produced.

POLICIES TO ASSIST IN THE AVOIDANCE OF FRAUD AND ERRORS

Following are three critical actions that an organization can undertake to assist in the prevention
or detection of fraud and errors:
1. Maintain and enforce a code of ethics
2. Maintain a system of accounting internal controls
3. Maintain a system of information technology controls

MAINTENANCE OF ACCOUNTING INTERNAL CONTROLS

Much of the early part of this chapter focused on the nature and sources of fraud. Understanding
fraud makes it easier to recognize the need for policies and procedures that protect an
organization. Internal control systems provide this framework for fighting fraud. However,
attempting to prevent or detect fraud is only one of the reasons that an organization maintains a
system of internal controls.
The objectives of an internal control system are as follows:
1. Safeguard assets (from fraud or errors).
2. Maintain the accuracy and integrity of the accounting data.
3. Promote operational efficiency.
4. Ensure compliance with management directives.

To achieve these objectives, management must establish an overall internal control

system. This control system includes three types of controls. Preventive controls are designed
to avoid errors, fraud, or events not authorized by management. Preventive controls intend to stop
undesirable acts before they occur. For example, keeping cash locked in a safe is intended to
prevent theft. Since it is not always possible to prevent all undesirable events, detective controls
must be included in an internal control system. Detective controls help employees to uncover or
 MODULE ACCOUNTING INFORMATION SYSTEMS WITH CLOUD COMPUTING

discover errors, fraud, or unauthorized events. Examples of detective controls include matching
physical counts to inventory records, reconciling bank statements to company records, and
matching an invoice to its purchase order prior to payment. When these types of activities are
conducted, it becomes possible to detect problems that may exist. Finally, corrective controls
are those steps undertaken to correct an error or problem uncovered via detective controls. For
example, if an error is detected in an employee’s time card, there must be an established set of
steps to follow to assure that it is corrected. These steps would be corrective controls.

For more knowledge, please follow the link provided;

https://www.youtube.com/watch?v=TZggvpensfk
https://www.youtube.com/watch?v=-otHohty-Lk
https://www.youtube.com/watch?v=XzOjBFppJHs