Ethics, Fraud, and Internal Control
The benefit from a decision must outweigh the risks.
Ethical Issues in Business
 Business Ethics
 Computer Ethics
 Sarbanes-Oxley Act and Ethical Issues
Ethical standards are derived from societal mores and deep-
rooted personal beliefs about issues of right and wrong that are
not universally agreed upon.
We confuse ethical issues with legal issues
ETHICS
It pertains to the principles of conduct that individuals use in
making choices and guiding their behavior in situations that
involve the concepts of right and wrong.
BUSINESS ETHICS
Involves finding the answers to two questions:
(1) How do managers decide what is right in conducting their
business?
(2) Once managers have recognized what is right, how do they
achieve it?
Ethical issues in business can be divided into four areas:
 Equity
 Rights
 Honesty
 The Exercise of Corporate Power
Table 3-1 ETHICAL ISSUES IN BUSINESS
Making Ethical Decisions
Business organizations have conflicting responsibilities to
their employees, shareholders, customers, and the public.
Every major decision has consequences that potentially harm
or benefit these constituents.
PROPORTIONALITY
» Justice
The benefits of the decision should be distributed fairly to
those who share the risks. Those who do not benefit should not
carry the burden of risk.
» Minimize Risk
Even if judged acceptable by the principles, the decision
should be implemented so as to minimize all of the risks and
avoid any unnecessary risks.
COMPUTER ETHICS
The analysis of the nature and social impact of computer
technology and the corresponding formulation and
justification of policies for the ethical use of such technology
Three levels of computer ethics:
 Pop Computer Ethics
It is simply the exposure to stories and reports found in the
popular media regarding the good or bad ramifications of
computer technology.
 Para Computer Ethics
It involves taking a real interest in computer ethics cases and
acquiring some level of skill and knowledge in the field
 Theoretical Computer Ethics
It is the interest to multidisciplinary researchers who apply the
theories of philosophy, sociology, and psychology to computer
science with the goal of bringing some new understanding to
the field.
Privacy
People desire to be in full control of what and how much
information about themselves is available to others, and to
whom it is available.
Security (Accuracy and Confidentiality)
Security systems attempt to prevent fraud and other misuse of
computer systems, they act to protect and further the
legitimate interests of the system’s constituencies.
Ownership of Property
Copyright laws have been invoked in an attempt to protect
those who develop software from having it copied.
Equity in Access
Some barriers to access are intrinsic to the technology of Two levels of Fraud
information systems, but some are avoidable through careful
system design.  Employee fraud

Environmental Issues Also known as fraud by non-management employees is

Computers with high-speed printers allow for the production
of printed documents faster than ever before. It may be more
efficient or more comforting to have a hard copy in addition to
the electronic version. However, paper comes from trees, a
precious natural resource, and ends up in landfills if not
properly recycled.
Unemployment and Displacement
generally designed to directly convert cash or other assets to
the employee’s personal benefit.
 Management fraud
It is more insidious than employee fraud because it often
escapes detection until the organization has suffered
irreparable damage or loss.

Many jobs have been and are being changed as a result of the Management fraud typically contains three special
availability of computer technology characteristics:

People unable or unprepared to change are displaced. 1. The fraud is perpetrated at levels of management above
the one to which internal control structures generally
Misuse of Computers relate.

Computers can be misused in many ways. Copying proprietary
software, using a company’s computer for personal benefit,
and snooping through other people’s files are just a few
obvious examples.
SARBANES-OXLEY ACT AND ETHICAL ISSUES
The Act is named after its sponsors, Senator Paul Sarbanes, D-
Md., and Congressman Michael Oxley, R-Ohio. It's also called
Sarbox or SOX. It became law on July 30, 2002.
The Sarbanes-Oxley Act of 2002 is a federal law that
established sweeping auditing and financial regulations for
public companies. Lawmakers created the legislation to help
protect shareholders, employees and the public from
accounting errors and fraudulent financial practices.
2. The fraud frequently involves using the financial
statements to create an illusion that an entity is
healthier and more prosperous than, in fact, it is.
3. If the fraud involves misappropriation of assets, it
frequently is shrouded in a maze of complex business
transactions, often involving related third parties.
THE FRAUD TRIANGLE
The fraud triangle consists of three factors that contribute to
or are associated with management and employee fraud
1. situational pressure, which includes personal or job-
related stresses that could coerce an individual to act
dishonestly;

2. opportunity, which involves direct access to assets and/or

access to information that controls assets, and;
FRAUD AND ACCOUNTANTS
3. ethics, which pertains to one’s character and degree of
FRAUD moral opposition to acts of dishonesty

It is the false representation of a material fact made by one

party to another party with the intent to deceive and induce the
other party to justifiably rely on the fact to his or her
detriment.

Fraudulent act must meet the following five conditions:

 False representation
 Material fact
 Intent
 Justifiable reliance.
 Injury or loss.

In accounting literature, fraud is also commonly known as

white-collar crime, defalcation, embezzlement, and
irregularities.
PERPETRATORS OF FRAUDS
THE FRAUD SCHEMES
Three broad categories of fraud schemes
 fraudulent statements
 Corruption
 asset misappropriation
Fraudulent Statements
This class of fraud scheme, the statement itself must bring
direct or indirect financial benefit to the perpetrator
For example, misstating the cash account balance to cover the
theft of cash is not financial statement fraud.
On the other hand, understating liabilities to present a more
favorable financial picture of the organization to drive up
stock prices does fall under this classification.
These numbers fail to reflect the human suffering that parallels
them in the real world
THE UNDERLYING PROBLEMS
 Lack of Auditor Independence
Auditing firms that are also engaged by their clients to
perform non-accounting activities
 Lack of Director Independence
Directors who have a personal relationship
- by serving on the boards of other directors’ companies
- have a business trading relationship as key customers or
suppliers of the company
- have a financial relationship as primary stockholders or
have received personal loans from the company
- have an operational relationship as employees of the
company
 Questionable Executive Compensation Schemes
Fewer stock options should be offered than currently is the
practice
 Inappropriate Accounting Practices
The use of special-purpose entities to hide liabilities through
off-balance-sheet accounting
Corruption
 involves an executive, manager, or employee of the
organization in collusion with an outsider
 4 principal types:
- Bribery - involves giving, offering, soliciting, or
receiving things of value to influence an official
in the performance of his or her lawful duties
- illegal gratuities - involves giving, receiving,
offering, or soliciting something of value
because of an official act that has been taken
- conflicts of interest - occurs when an employee
acts on behalf of a third party during the
discharge of his or her duties or has self-interest
in the activity being performed
- economic extortion - is the use (or threat) of
force (including economic sanctions) by an
individual or organization to obtain something of
value
Asset Misappropriation
 These are schemes involve the theft or misuse of the victim
organization’s non-cash assets. One example of this is a
warehouse clerk who steals inventory from a warehouse or
storeroom.

 Computer Fraud

Because computers lie at the heart of modern accounting

information systems, the topic of computer fraud is of
importance to auditors
The assets are either directly or indirectly diverted to the
perpetrator’s benefit Internal Control Concepts and Techniques

 To safeguard assets of the firm.

 Skimming
It involves stealing cash from an organization before it is
recorded on the organization’s books and records
 To ensure the accuracy and reliability of accounting
records and information.
 To promote efficiency in the firm’s operations.
 To measure compliance with management’s prescribed
policies and procedures

 Cash Larceny Modifying Assumptions

It involves schemes in which cash receipts are stolen from an  Management Responsibility
organization after they have been recorded in the  Reasonable Assurance.
organization’s books and records  Methods of Data Processing.
 Limitations
 Billing Schemes

It is also known as vendor fraud, are perpetrated by employees

who causes their employer to issue a payment to a false
supplier or vendor by submitting invoices for fictitious goods
or services, inflated invoices, or invoices for personal
purchases.

o SHELL COMPANY
o PASS THROUGH FRAUD
o PAY-AND-RETURN

 Check Tampering

It involves forging or changing in some material way a check

that the organization has written to a legitimate payee

 Payroll Fraud

The distribution of fraudulent paychecks to existent and/or

non-existent employees

 Expense Reimbursements

These are schemes in which an employee makes a claim for

reimbursement of fictitious or inflated business expenses. For
example, a company salesperson files false expense reports,
claiming meals, lodging, and travel that never occurred.

 Thefts of Cash The Preventive-Detective–Corrective Internal Control Model

These are schemes that involve the direct theft of cash on hand  Preventive Controls
in the organization
It forces compliance with prescribed or desired actions and
 Non-cash Misappropriation thus screen out aberrant events.

 Detective Controls
These are devices, techniques, and procedures designed to - computer modules integrated into routine
identify and expose undesirable events that elude preventive operations
controls. - management reports which highlight trends and
exceptions from normal performance
 Corrective Controls
5. Control activities
These are actions taken to reverse the effects of errors  Policies and procedures to ensure that the appropriate
detected in the previous step. actions are taken in response to identified risks
 Fall into two distinct categories:
SAS 78 / COSO
- IT controls—relate specifically to the computer
Describes the relationship between the firms’ environment
- Physical controls—primarily pertain to human
 internal control structure, activities
 auditor’s assessment of risk, and
Two Types of IT Controls
 the planning of audit procedures
1. General controls—pertain to the entity-wide computer
“The weaker the internal control structure, the higher the environment
assessed level of risk; the higher the risk, the more auditor - Examples: controls over the data center,
procedures applied in the audit”. organization databases, systems development,
and program maintenance
Five Internal Control Components: SAS 78 / COSO 2. Application controls—ensure the integrity of specific
systems
1. Control environment - Examples: controls over sales order processing,
 Integrity and ethics of management accounts payable, and payroll applications
 Organizational structure
 Role of the board of directors and the audit committee Six Types of Physical Controls
 Management’s policies and philosophy
 Delegation of responsibility and authority 1. Transaction Authorization
 Performance evaluation measures
 used to ensure that employees are carrying out only
 External influences—regulatory agencies
authorized transactions
 Policies and practices managing human resources
 general (everyday procedures) or specific (non-routine
transactions) authorizations
2. Risk assessment
2. Segregation of Duties
 Identify, analyze and manage risks relevant to financial
reporting:
 In manual systems, separation between:
- changes in external environment
- authorizing and processing a transaction
- risky foreign markets
- custody and recordkeeping of the asset
- significant and rapid growth that strain internal
- subtasks
controls
- new product lines
3. Supervision
- restructuring, downsizing
 A compensation for lack of segregation; some may be
- changes in accounting policies
built into computer systems
3. Information and communication  An underlying assumption of supervision control is that
the firm employs competent and trustworthy personnel.
 The AIS should produce high quality information which:
The competent and trustworthy employee assumption
- identifies and records all valid transactions
promotes supervisory efficiency.
- provides timely information in appropriate detail
to permit proper classification and financial
4. Accounting Records
reporting
- accurately measures the financial value of  The accounting records of an organization consist of
transactions source documents, journals, and ledgers. These records
- accurately records transactions in the time capture the economic essence of transactions and provide
period in which they occurred an audit trail of economic events.
 Audit Trail
4. Monitoring.
 The process for assessing the quality of internal control 5. Access Control
design and operation  help to safeguard assets by restricting physical access to
- Ongoing monitoring: them
6. Independent Verification
 reviewing batch totals or reconciling subsidiary accounts
with control accounts
 Through independent verification procedures,
management can assess (1) the performance of
individuals, (2) the integrity of the transaction processing
system, and (3) the correctness of data contained in
accounting records.