CHAPTER 3: Ethics, Fraud, and Internal Control

business ethics Pertains to the principles of conduct that individuals use in making choices and guiding their
behavior in situations that involve the concepts of right and wrong.

ethics Principles of conduct that individuals use in making choices that guide their behavior in
situations involving the concepts of right and wrong.

ethical Responsibility of organization managers to seek a balance between the risks and benefits to
responsibility their constituents that result from their decisions.

computer ethics Analysis of the nature and social impact of computer technology and the corresponding
formulation and justification of policies for the ethical use of such technology. Includes
details about software as well as hardware and concerns about networks connecting
computers as well as computers themselves.

ownership State or fact of exclusive rights and control over property, which may be an object, land/real
estate, intellectual property, or some other kind of property.

privacy Full control of what and how much information about an individual is available to others and
to whom it is available.

Statement on Authoritative document that defines fraud as an intentional act that results in a material
Auditing Standards misstatement in financial statements.
(SAS) no. 99,
consideration of
fraud in a financial
statement audit

Sarbanes-Oxley act Most significant federal securities law, with provisions designed to deal with specific
(SOX) problems relating to capital markets, corporate governance, and the auditing profession.

security Attempt to avoid such undesirable events as a loss of confidentiality or data integrity.

fraud False representation of a material fact made by one party to another party, with the intent to
deceive and induce the other party to justifiably rely on the material fact to his or her
detriment.

management fraud Performance fraud that often uses deceptive practices to inflate earnings or to forestall the
recognition of either insolvency or a decline in earnings.

employee fraud Performance fraud by non-management employee generally designed to directly convert cash
or other assets to the employee’s personal benefit.

fraud triangle Triad of factors associated with management and employee fraud: situational pressure
(includes personal or job-related stresses that could coerce an individual to act dishonestly);
opportunity (involves direct access to assets and/or access to information that controls
assets); and ethics (pertains to one’s character and degree of moral opposition to acts of
dishonesty).

fraudulent Statements associated with management fraud. Under this type of fraud scheme, financial
statements statement misrepresentation itself brings director indirect benefit to the perpetrator.

Public Company Federal organization empowered to set auditing, quality control, and ethics standards; to
Accounting inspect registered accounting firms; to conduct investigations; and to take disciplinary
Oversight Board actions.
(PCAOB)

corruption Involves an executive, a manager, or an employee of the organization in collusion with an

outsider. The ACFE study identifies four principal types of corruption: bribery, illegal
gratuities, conflicts of interest, and economic extortion. Corruption accounts for about 10
percent of occupational fraud cases.

illegal gratuity Giving, receiving, offering, or soliciting something of value because of an official act that
has been taken.

bribery Giving, offering, soliciting, or receiving things of value to influence an official in the
performance of his or her lawful duties.

skimming Stealing cash from an organization before it is recorded on the organization’s books and
records.

conflict of interest Outline of procedures for dealing with actual or apparent conflicts of interest between
personal and professional relationships.

economic extortion Use (or threat) of force (including economic sanctions) by an individual or organization to
obtain something of value. The item of value could be a financial or economic asset,
information, or cooperation to obtain a favorable decision on some matter under review.

billing schemes Schemes under which an employee causes the employer to issue a payment to a false supplier
or vendor by submitting invoices for fictitious goods/services, inflated invoices, or invoices
for personal purchases. See shell company, passthrough fraud, and pay-and-return.

lapping Use of customer checks, received in payment of their accounts, to conceal cash previously
stolen by an employee.

mail room fraud Fraud committed when an employee opening the mail steals a customer’s check and destroys
the associated remittance advice.

cash larceny Theft of cash receipts from an organization after those receipts have been recorded in the
organization’s books and records.

shell company Establishment of a false vendor on the company’s books, then manufacturing false purchase
orders, receiving reports, and invoices in the name of the vendor and submitting them to the
accounting system, creating the illusion of a legitimate transaction. The system ultimately
issues a check to the false vendor.

vendor fraud See billing schemes.

pass-through fraud Similar to shell company except that a transaction actually takes place. The perpetrator
creates a false vendor and issues purchases orders to it for inventory or supplies. The false
vendor purchases the needed inventory from a legitimate vendor, charges the victim
 company a much higher than market price for the items, and pockets the difference. See shell
company.

check tampering Forging, or changing in some material way, a check that was written to a legitimate payee.

pay-and-return Scheme under which a clerk with check writing authority pays a vendor twice for the same
products (inventory or supplies) received, then intercepts and cashes the overpayment
returned by the vendor.

payroll fraud Distribution of fraudulent paychecks to existent and/or nonexistent employees.

expense Claiming reimbursement of fictitious or inflated business expenses.

reimbursement
frauds

computer fraud Theft, misuse, or misappropriation of assets by altering computer-readable records and files,
or by altering the logic of computer software; the illegal use of computer-readable
information; or the intentional destruction of computer software or hardware.

thefts of cash Direct theft of cash on hand in the organization.

noncash fraud These schemes involve the theft or misuse of the victim organization’s noncash assets.

reasonable Assurance provided by the internal control system that the four broad objectives of internal
assurance control are met in a cost-effective manner.

management Concept under which the responsibility for the establishment and maintenance of a system of
responsibility internal control falls to management.

internal control Policies a firm employs to safeguard the firm’s assets, ensure accurate and reliable
system accounting records and information, promote efficiency, and measure compliance with
established policies.

preventive controls Passive techniques designed to reduce the frequency of occurrence of undesirable events.

detective controls Devices, techniques, and procedures designed to identify and expose undesirable events that
elude preventive controls.

corrective controls Actions taken to reverse the effects of errors detected.

control weaknesses It increases the firm’s risk to financial loss or injury from the threats.

Committee of A joint initiative of the five private sector organizations listed on the left and is dedicated to
Sponsoring providing thought leadership through the development of frameworks and guidance on
Organizations of enterprise risk management, internal control and fraud deterrence.
the Treadway
Commission
(COSO)

control The foundation of internal control.

environment
Statement on The current authoritative document for specifying internal control objectives and techniques.
Auditing Standards It is based on the COSO framework.
(SAS) No. 109

risk assessment Identification, analysis, and management of risks relevant to financial reporting.

control activities Policies and procedures to ensure that appropriate actions are taken to deal with the
organization’s risks.

monitoring Process by which the quality of internal control design and operation can be assessed.

application controls Controls that ensure the integrity of specific systems.

transaction Procedure to ensure that employees process only valid transactions within the scope of their
authorization authority.

general controls Controls that pertain to entity-wide concerns such as controls over the data center,
organization databases, systems development, and program maintenance.

segregation of Separation of employee duties to minimize incompatible functions.

duties

verification Independent checks of the accounting system to identify errors and misrepresentations.
procedures

supervision Control activity involving the critical oversight of employees.

access controls Controls that ensure that only authorized personnel have access to the firm’s assets.

output controls A combination of programmed routines and other procedures to ensure that system output is
not lost, misdirected, or corrupted and that privacy is not violated.

processing controls Programmed procedures to ensure that an application’s logic is functioning properly.

input controls Programmed procedures, often called edits, that perform tests on transaction data to ensure
that they are free from errors.

check digit Method for detecting data coding errors in which a control digit is added to the code when it
is originally designed to allow the integrity of the code to be established during subsequent
processing.

transcription Type of errors that can corrupt a data code and cause processing errors.
errors

transposition Error that occurs when digits are transposed.

errors

batch controls Effective method of managing high volumes of transaction data through a system.

run-to-run controls Controls that use batch figures to monitor the batch as it moves from one programmed
 procedure to another.

hash total Control technique that uses nonfinancial data to keep track of the records in a batch.

audit trail controls Ensures that every transaction can be traced through each stage of processing from its
economic source to its presentation in financial statements.

exposures Absence or weakness of a control.

Grandfather- A back-up technique employed by systems that use sequential master files (whether tape or
Father-Son (GFS) disk). It is an integral part of the master file update process.

spooling Direction of an application’s output to a magnetic disk file rather than to the printer directly.