Professional Documents
Culture Documents
We confuse ethical issues with legal issues Even if judged acceptable by the principles, the decision
should be implemented so as to minimize all of the risks and
ETHICS avoid any unnecessary risks.
It pertains to the principles of conduct that individuals use in
making choices and guiding their behavior in situations that COMPUTER ETHICS
involve the concepts of right and wrong.
The analysis of the nature and social impact of computer
BUSINESS ETHICS technology and the corresponding formulation and
justification of policies for the ethical use of such technology
Involves finding the answers to two questions:
Three levels of computer ethics:
(1) How do managers decide what is right in conducting their
business? Pop Computer Ethics
(2) Once managers have recognized what is right, how do they It is simply the exposure to stories and reports found in the
achieve it? popular media regarding the good or bad ramifications of
computer technology.
Ethical issues in business can be divided into four areas:
Para Computer Ethics
Equity
Rights It involves taking a real interest in computer ethics cases and
Honesty acquiring some level of skill and knowledge in the field
The Exercise of Corporate Power
Theoretical Computer Ethics
Table 3-1 ETHICAL ISSUES IN BUSINESS
It is the interest to multidisciplinary researchers who apply the
theories of philosophy, sociology, and psychology to computer
science with the goal of bringing some new understanding to
the field.
Privacy
Business organizations have conflicting responsibilities to Copyright laws have been invoked in an attempt to protect
their employees, shareholders, customers, and the public. those who develop software from having it copied.
Every major decision has consequences that potentially harm Equity in Access
or benefit these constituents.
Some barriers to access are intrinsic to the technology of Two levels of Fraud
information systems, but some are avoidable through careful
system design. Employee fraud
Many jobs have been and are being changed as a result of the Management fraud typically contains three special
availability of computer technology characteristics:
People unable or unprepared to change are displaced. 1. The fraud is perpetrated at levels of management above
the one to which internal control structures generally
Misuse of Computers relate.
Computers can be misused in many ways. Copying proprietary 2. The fraud frequently involves using the financial
software, using a company’s computer for personal benefit, statements to create an illusion that an entity is
and snooping through other people’s files are just a few healthier and more prosperous than, in fact, it is.
obvious examples.
3. If the fraud involves misappropriation of assets, it
SARBANES-OXLEY ACT AND ETHICAL ISSUES frequently is shrouded in a maze of complex business
transactions, often involving related third parties.
The Act is named after its sponsors, Senator Paul Sarbanes, D-
Md., and Congressman Michael Oxley, R-Ohio. It's also called THE FRAUD TRIANGLE
Sarbox or SOX. It became law on July 30, 2002.
The fraud triangle consists of three factors that contribute to
The Sarbanes-Oxley Act of 2002 is a federal law that or are associated with management and employee fraud
established sweeping auditing and financial regulations for
public companies. Lawmakers created the legislation to help
protect shareholders, employees and the public from
accounting errors and fraudulent financial practices. 1. situational pressure, which includes personal or job-
related stresses that could coerce an individual to act
dishonestly;
False representation
Material fact
Intent
Justifiable reliance.
Injury or loss.
Corruption
Computer Fraud
It involves schemes in which cash receipts are stolen from an Management Responsibility
organization after they have been recorded in the Reasonable Assurance.
organization’s books and records Methods of Data Processing.
Limitations
Billing Schemes
o SHELL COMPANY
o PASS THROUGH FRAUD
o PAY-AND-RETURN
Check Tampering
Payroll Fraud
Expense Reimbursements
These are schemes that involve the direct theft of cash on hand Preventive Controls
in the organization
It forces compliance with prescribed or desired actions and
Non-cash Misappropriation thus screen out aberrant events.
Detective Controls
These are devices, techniques, and procedures designed to - computer modules integrated into routine
identify and expose undesirable events that elude preventive operations
controls. - management reports which highlight trends and
exceptions from normal performance
Corrective Controls
5. Control activities
These are actions taken to reverse the effects of errors Policies and procedures to ensure that the appropriate
detected in the previous step. actions are taken in response to identified risks
Fall into two distinct categories:
SAS 78 / COSO
- IT controls—relate specifically to the computer
Describes the relationship between the firms’ environment
- Physical controls—primarily pertain to human
internal control structure, activities
auditor’s assessment of risk, and
Two Types of IT Controls
the planning of audit procedures
1. General controls—pertain to the entity-wide computer
“The weaker the internal control structure, the higher the environment
assessed level of risk; the higher the risk, the more auditor - Examples: controls over the data center,
procedures applied in the audit”. organization databases, systems development,
and program maintenance
Five Internal Control Components: SAS 78 / COSO 2. Application controls—ensure the integrity of specific
systems
1. Control environment - Examples: controls over sales order processing,
Integrity and ethics of management accounts payable, and payroll applications
Organizational structure
Role of the board of directors and the audit committee Six Types of Physical Controls
Management’s policies and philosophy
Delegation of responsibility and authority 1. Transaction Authorization
Performance evaluation measures
used to ensure that employees are carrying out only
External influences—regulatory agencies
authorized transactions
Policies and practices managing human resources
general (everyday procedures) or specific (non-routine
transactions) authorizations
2. Risk assessment
2. Segregation of Duties
Identify, analyze and manage risks relevant to financial
reporting:
In manual systems, separation between:
- changes in external environment
- authorizing and processing a transaction
- risky foreign markets
- custody and recordkeeping of the asset
- significant and rapid growth that strain internal
- subtasks
controls
- new product lines
3. Supervision
- restructuring, downsizing
A compensation for lack of segregation; some may be
- changes in accounting policies
built into computer systems
3. Information and communication An underlying assumption of supervision control is that
the firm employs competent and trustworthy personnel.
The AIS should produce high quality information which:
The competent and trustworthy employee assumption
- identifies and records all valid transactions
promotes supervisory efficiency.
- provides timely information in appropriate detail
to permit proper classification and financial
4. Accounting Records
reporting
- accurately measures the financial value of The accounting records of an organization consist of
transactions source documents, journals, and ledgers. These records
- accurately records transactions in the time capture the economic essence of transactions and provide
period in which they occurred an audit trail of economic events.
Audit Trail
4. Monitoring.
The process for assessing the quality of internal control 5. Access Control
design and operation help to safeguard assets by restricting physical access to
- Ongoing monitoring: them
6. Independent Verification
reviewing batch totals or reconciling subsidiary accounts
with control accounts
Through independent verification procedures,
management can assess (1) the performance of
individuals, (2) the integrity of the transaction processing
system, and (3) the correctness of data contained in
accounting records.