ACCOUNTING INFORMATION SYSTEM CHAPTER 3
ETHICAL ISSUES IN BUSINESS an object, land/real estate, intellectual property,
• Ethical standards are derived from societal mores
and deep-rooted personal beliefs about issues of
right and wrong that are not universally agreed
upon.
• Often, we confuse ethical issues with legal issues.
BUSINESS ETHICS
• Ethics are the principles of conduct that individuals
use in making choices that guide their behavior in
situations involving the concepts of right and wrong.
• Business ethics pertains to the principles of
conduct that individuals use in making choices and
guiding their behavior in situations that involve the
concepts of right and wrong.
• Making Ethical Decisions
• Ethical responsibility is the responsibility of
organization managers to seek a balance
between the risks and benefits to their
constituents that result from their decisions.
• PROPORTIONALITY
ETHICAL ISSUES IN BUSINESS
COMPUTER ETHICS
• Computer ethics is the analysis of the nature and
social impact of computer technology and the
corresponding formulation and justification of
policies for the ethical use of such technology. This
includes details about software as well as hardware
and concerns about networks connecting
computers as well as computers themselves.
• A new problem or just a new twist on an old
problem?
• Privacy
• Privacy is full control of what and how much
information about an individual is available to
others and to whom it is available.
• Ownership is the state or fact of exclusive
rights and control over property, which may be
or some other kind of property.
• Security (Accuracy and Confidentiality)
• Computer security is an attempt to avoid such
undesirable events as a loss of confidentiality
or data integrity.
• Ownership of Property
• Equity in Access
• Environmental Issues
• Artificial Intelligence
• Unemployment and Displacement
• Misuse of Computers
SARBANES-OXLEY ACT AND ETHICAL ISSUES
• Sarbanes-Oxley Act (SOX) is the most significant
federal securities law, with provisions designed to
deal with specific problems relating to capital
markets, corporate governance, and the auditing
profession.
• Section 406—Code of Ethics for Senior Financial
Officers
• CONFLICTS OF INTEREST
• FULL AND FAIR DISCLOSURES
• LEGAL COMPLIANCE
• INTERNAL REPORTING OF CODE
VIOLATIONS
• ACCOUNTABILITY
FRAUD AND ACCOUNTANTS
• The passage of SOX has had a tremendous impact
on the external auditor’s responsibilities for fraud
detection during a financial audit.
• The Statement on Auditing Standards (SAS) No.
99 is the current authoritative document that
defines fraud as an intentional act that results in a
material misstatement in financial statements.
• The objective of SAS 99 is to seamlessly blend the
auditor’s consideration of fraud into all phases of
the audit process.
DEFINITIONS OF FRAUD
• Fraud is the false representation of a material fact
made by one party to another party, with the intent
to deceive and induce the other party to justifiably
rely on the material fact to his or her detriment.
• Employee fraud is the performance fraud by
nonmanagement employee generally designed to
directly convert cash or other assets to the
employee’s personal benefit.
• Management fraud is the performance fraud that
often uses deceptive practices to inflate earnings or
to forestall the recognition of either insolvency or a
decline in earnings.
THE FRAUD TRIANGLE
• The fraud triangle is a triad of factors associated
with management and employee fraud: situational
pressure (includes personal or job-related stresses
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
that could coerce an individual to act dishonestly);
opportunity (involves direct access to assets and/
or access to information that controls assets); and
ethics (pertains to one’s character and degree of
moral opposition to acts of dishonesty).
• Fraud Losses and the Collusion Effect
• One reason for segregating occupational
duties is to deny potential perpetrators the
opportunity they need to commit fraud. When
individuals in critical positions collude, they
create opportunities to control or gain access to
assets that otherwise would not exist.
• Fraud Losses by Gender
• Women are not fundamentally more honest
than men, but men occupy high corporate
positions in greater numbers than women. This
affords men greater access to assets.

LOSSES FROM FRAUD BY POSITION

FINANCIAL LOSSES FROM FRAUD

• The actual cost of fraud is, however, difficult to

quantify for a number of reasons:
• Not all fraud is detected.
• Of that detected, not all is reported.
• In many fraud cases, incomplete information is
gathered. THE PREPETRATORS OF FRAUDS
• Information is not properly distributed to
• Fraud Losses by Age
management or law enforcement authorities.
• Older employees tend to occupy higher-
• Too often, business organizations decide to
ranking positions and therefore generally have
take no civil or criminal action against the
greater access to company assets.
perpetrator(s) of fraud.
• Fraud Losses by Education
• In addition to the direct economic loss to the
• Generally, those with more education occupy
organization, indirect costs—including reduced
higher positions in their organizations and
productivity, the cost of legal action, increased
therefore have greater access to company
unemployment, and business disruption due to
funds and other assets.
investigation of the fraud—need to be considered.
• Conclusions to Be Drawn
DISTRIBUTION OF LOSSES
LOSSES FROM FRAUD BY AGE

THE PREPETRATORS OF FRAUDS

• Fraud Losses by Position within the Organization
• Individuals in the highest positions within an
organization are beyond the internal control
structure and have the greatest access to
company funds and assets.
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
FRAUD SCHEMES
• Fraudulent Statements
• Fraudulent statements are statements
associated with management fraud. In this
class of fraud scheme, the financial statement
misrepresentation must itself bring direct or
indirect financial benefit to the perpetrator.
• THE UNDERLYING PROBLEMS
• SARBANES-OXLEY ACT AND FRAUD:
Public Company Accounting Oversight
Board (PCAOB), which is the federal
organization empowered to set auditing, quality
control, and ethics standards; to inspect
registered accounting firms; to conduct
investigations; and to take disciplinary actions.
• Corruption
• Corruption involves an executive, a manager,
or an employee of the organization in collusion
with an outsider.
• Bribery involves giving, offering, soliciting, or
receiving things of value to influence an official
in the performance of his or her lawful duties.
• An illegal gratuity involves giving, receiving,
offering, or soliciting something of value
because of an official act that has been taken.
• A conflict of interest is an outline of
procedures for dealing with actual or apparent
conflicts of interest between personal and
professional relationships.
• Economic extortion is the use (or threat) of
force (including economic sanctions) by an
individual or organization to obtain something
of value. The item of value could be a financial
or economic asset, information, or cooperation
to obtain a favorable decision on some matter
under review.
• Asset Misappropriation
• Skimming
• Skimming involves stealing cash from an
organization before it is recorded on the
organization’s books and records. Another
example is mail room fraud, in which an
employee opening the mail steals a customer’s
check and destroys the associated remittance
advice.
LOSSES FROM FRAUD BY SHEME TYPE
FRAUD SCHEMES
• Cash Larceny
• Cash larceny is theft of cash receipts from an
organization after those receipts have been
recorded in the organization’s books and
records.
• Lapping is the use of customer checks,
received in payment of their accounts, to
conceal cash previously stolen by an
employee.
• Billing Schemes
• Billing schemes, also known as vendor
fraud, are schemes under which an employee
causes the employer to issue a payment to a
false supplier or vendor by submitting invoices
for fictitious goods/services, inflated invoices,
or invoices for personal purchases.
• A shell company is establishing a false vendor
on the company’s books, and then making false
purchase orders, receiving reports, and
invoices in the name of the vendor and
submitting them to the accounting system,
creating the illusion of a legitimate transaction.
The system ultimately issues a check to the
false vendor.
• A pass-through fraud is similar to shell
company fraud except that a transaction
actually takes place. The perpetrator creates a
false vendor and issues purchase orders to it
for inventory or supplies. The false vendor
purchases the needed inventory from a
legitimate vendor, charges the victim company
a much higher than market price for the items,
and pockets the difference.
• A pay-and-return is a scheme under which a
clerk with check writing authority pays a vendor
twice for the same products (inventory or
supplies) received and then intercepts and
cashes the overpayment returned by the
vendor.
• Check Tampering
• Check tampering involves forging, or
changing in some material way, a check that
was written to a legitimate payee.
• Payroll Fraud
• Payroll fraud is the distribution of fraudulent
paychecks to existent and/or nonexistent
employees.
• Expense Reimbursements
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
• Expense reimbursement fraud involves
claiming reimbursement of fictitious or inflated INTERNAL CONTROL SHIELD
business expenses.
• Thefts of Cash
• Thefts of cash is the direct theft of cash on
hand in the organization.
• Noncash Misappropriations
• Noncash fraud is the theft or misuse of non-
cash assets (e.g., inventory, confidential
information).
• Computer Fraud
• Computer fraud involves theft, misuse, or
misappropriation of assets by altering
computer-readable records and files, or by
altering the logic of computer software; the
illegal use of computer-readable information; or
the intentional destruction of computer
software or hardware.

INTERNAL CONTROL CONCEPTS AND

TECHNIQUES
• The internal control system is a set of policies a
firm employs to safeguard the firm’s assets, ensure
accurate and reliable accounting records and
information, promote efficiency, and measure
compliance with established policies.
• Modifying Assumptions
• Management responsibility is the concept
under which the responsibility for the
establishment and maintenance of a system of PREVENTIVE, DETECTIVE, AND CORRECTIVE
internal control falls to management. CONTROLS
• Reasonable assurance is an assurance
provided by the internal control system that the
four broad objectives of internal control are met
in a cost-effective manner.
• METHODS OF DATA PROCESSING
• LIMITATIONS
• Control Weaknesses and Risks
• Control weaknesses increase the firm’s risk to
financial loss or injury from the threats.
• The Preventive-Detective-Corrective Internal
Control Model
• Preventive controls are passive techniques
designed to reduce the frequency of
occurrence of undesirable events.
• Detective controls are devices, techniques,
and procedures designed to identify and
expose undesirable events that elude
preventive controls.
INTERNAL CONTROL CONCEPTS AND
TECHNIQUES

• The Preventive-Detective-Corrective Internal

Control Model (continued)
• Corrective controls are actions taken to
reverse the effects of errors detected.
Statement on Auditing Standards (SAS) No.
109 is the current authoritative document for
specifying internal control objectives and
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
techniques. It is based on the COSO SEGREGATION OF DUTIES OBJECTIVES
framework.
• Sarbanes-Oxley and Internal Control
• Committee of Sponsoring Organizations of
the Treadway Commission (COSO) is a joint
initiative of five private sector organizations and
is dedicated to providing thought leadership
through the development of frameworks and
guidance on enterprise risk management,
internal control, and fraud deterrence.

COSO INTERNAL CONTROL FRAMEWORK

• The Control Environment
• The control environment is the foundation of
internal control.
• Risk Assessment
• Risk assessment is the identification,
analysis, and management of risks relevant to
financial reporting.
• Information and Communication
• Monitoring
• Monitoring is the process by which the quality
of internal control design and operation can be
assessed.
• Control Activities
• Control activities are the policies and
procedures to ensure that appropriate actions
are taken to deal with the organization’s risks.
• IT CONTROLS: General controls are controls
that pertain to entity-wide concerns such as
controls over the data center, organization
databases, systems development, and
program maintenance. Application controls
are controls that ensure the integrity of specific
systems.
• PHYSICAL CONTROLS
• Transaction authorization is a procedure to
ensure that employees process only valid
transactions within the scope of their authority.
• Segregation of duties is the separation of
employee duties to minimize incompatible
functions.
• Supervision is a control activity involving the
critical oversight of employees.
• The accounting records of an organization
consist of documents, journals, or ledgers used
in transaction cycles.
• Access controls are controls that ensure that
only authorized personnel have access to the
firm’s assets.
• Verification procedures are independent
checks of the accounting system to identify
errors and misrepresentations.
IT APPLICATION CONTROLS
• Input Controls
• Input controls are programmed procedures,
often called edits, that perform tests on
transaction data to ensure that they are free
from errors.
• CHECK DIGIT: Transcription errors are the
type of errors that can corrupt a data code and
cause processing errors. Transposition
errors are errors that occur when digits are
transposed. A check digit is a method for
detecting data coding errors in which a control
digit is added to the code when it is originally
designed to allow the integrity of the code to be
established during subsequent processing.
• MISSING DATA CHECK
• NUMERIC-ALPHABETIC CHECK
• LIMIT CHECK
• RANGE CHECK
• REASONABLENESS CHECK
• VALIDITY CHECK
• Processing Controls
• Batch controls is an effective method of
managing high volumes of transaction data
through a system.
• Run-to-run controls are controls that use
batch figures to monitor the batch as it moves
from one programmed procedure to another.
• Hash total is a control technique that uses
nonfinancial data to keep track of the records in
a batch.
BATCH CONTROL RECORDS
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
RUN-TO-RUN CONTROLS GRANDFATHER-FATHER- SON APPROACH

BACKUP PROCESS IN BATCH SYSTEM USING

DIRECT ACCESS FILES

• Each record in a direct access file is assigned a

IT APPLICATION CONTROLS unique disk location or address that is determined
by its primary key value.
• Audit Trail Controls • The destructive update approach leaves no backup
• Audit trail controls ensures that every copy of the original master file.
transaction can be traced through each stage
of processing from its economic source to its DESTRUCTIVE UPDATE APPROACH
presentation in financial statements.
• TRANSACTION LOGS
• LOG OF AUTOMATIC TRANSACTIONS
• Master File Backup Controls

BACKUP PROCEDURES FOR BACTH SYSTEMS

GFS BACKUP TECHNIQUE USING DIRECT ACCESS FILES

• The grandfather-father-son (GFS) is a back-up

technique employed by systems that use
sequential master files (whether tape or disk). It is
an integral part of the master file update process.
• The systems designer determines the number of
backup master files needed for each application.
Two factors influence this decision: (1) the financial
significance of the system and (2) the degree of file
activity.
 ACCOUNTING INFORMATION SYSTEM CHAPTER 3
BACKUP OF MASTER FILES IN A REAL-TIME
SYSTEM

• Real-time systems pose a more difficult problem

because transactions are being processed
continuously.

• Backup procedures are therefore scheduled at

prespecified intervals throughout the day (e.g.,
every 15 minutes).