AcctIS10E Ch03 CE

Chapter 3
Ethics, Fraud,
and Internal
Control
James A. Hall, Accounting Information Systems, 10th Edition. © 2019

Cengage. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Learning Objectives
• Understand the broad issues pertaining to business
ethics.
• Have a basic understanding of ethical issues related to
the use of information technology.
• Be able to distinguish between management fraud and
employee fraud.
• Be familiar with common types of fraud schemes.
• Be familiar with the key features of the COSO internal
control framework.
• Understand the objectives and application of both physical
and IT control activities.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2
Ethical Issues in Business
• Ethical standards are derived from societal mores and
deep-rooted personal beliefs about issues of right and
wrong that are not universally agreed upon.
• Often, we confuse ethical issues with legal issues.
BUSINESS ETHICS
• Ethics are the principles of conduct that individuals use in
making choices that guide their behavior in situations
involving the concepts of right and wrong.
• Business ethics pertains to the principles of conduct that
individuals use in making choices and guiding their
behavior in situations that involve the concepts of right
and wrong.
• Making Ethical Decisions
• Ethical responsibility is the responsibility of organization
managers to seek a balance between the risks and benefits to
their constituents that result from their decisions.
• PROPORTIONALITY
Ethical Issues in Business
COMPUTER ETHICS
• Computer ethics is the analysis of the nature and social
impact of computer technology and the corresponding
formulation and justification of policies for the ethical use
of such technology. This includes details about software
as well as hardware and concerns about networks
connecting computers as well as computers themselves.
• A new problem or just a new twist on an old problem?
• Privacy
• Privacy is full control of what and how much information about
an individual is available to others and to whom it is available.
• Ownership is the state or fact of exclusive rights and control
over property, which may be an object, land/real estate,
intellectual property, or some other kind of property.
COMPUTER ETHICS (continued)
• Security (Accuracy and Confidentiality)
• Computer security is an attempt to avoid such undesirable
events as a loss of confidentiality or data integrity.
• Ownership of Property
• Equity in Access
• Environmental Issues
• Artificial Intelligence
• Unemployment and Displacement
• Misuse of Computers
SARBANES-OXLEY ACT AND ETHICAL
ISSUES
• Sarbanes-Oxley Act (SOX) is the most significant federal
securities law, with provisions designed to deal with
specific problems relating to capital markets, corporate
governance, and the auditing profession.
• Section 406—Code of Ethics for Senior Financial Officers
• CONFLICTS OF INTEREST
• FULL AND FAIR DISCLOSURES
• LEGAL COMPLIANCE
• INTERNAL REPORTING OF CODE VIOLATIONS
• ACCOUNTABILITY
Fraud and Accountants
• The passage of SOX has had a tremendous impact on the
external auditor’s responsibilities for fraud detection
during a financial audit.
• The Statement on Auditing Standards (SAS) No.
99, Consideration of Fraud in a Financial Statement
Audit is the current authoritative document that defines
fraud as an intentional act that results in a material
misstatement in financial statements.
• The objective of SAS 99 is to seamlessly blend the
auditor’s consideration of fraud into all phases of the audit
process.
DEFINITIONS OF FRAUD
• Fraud is the false representation of a material fact made
by one party to another party, with the intent to deceive
and induce the other party to justifiably rely on the
material fact to his or her detriment.
• Employee fraud is the performance fraud by
nonmanagement employee generally designed to directly
convert cash or other assets to the employee’s personal
benefit.
• Management fraud is the performance fraud that often
uses deceptive practices to inflate earnings or to forestall
the recognition of either insolvency or a decline in
earnings.
THE FRAUD TRIANGLE
• The fraud triangle is a triad of factors associated with
management and employee fraud:
(1)situational pressure, which includes personal or job-
related stresses that could coerce an individual to act
dishonestly;
(2)opportunity, which involves direct access to assets
and/or access to information that controls assets; and
(3)ethics, which pertains to one’s character and degree of
moral opposition to acts of dishonesty.
Fraud Triangle
FINANCIAL LOSSES FROM FRAUD
• The actual cost of fraud is, however, difficult to quantify for
a number of reasons:
• Not all fraud is detected.
• Of that detected, not all is reported.
• In many fraud cases, incomplete information is gathered.
• Information is not properly distributed to management or law
enforcement authorities.
• Too often, business organizations decide to take no civil or
criminal action against the perpetrator(s) of fraud.
• In addition to the direct economic loss to the organization,
indirect costs—including reduced productivity, the cost of
legal action, increased unemployment, and business
disruption due to investigation of the fraud—need to be
considered.
Distribution of Losses
THE PERPETRATORS OF FRAUDS
• Fraud Losses by Position within the Organization
• Individuals in the highest positions within an organization are
beyond the internal control structure and have the greatest
access to company funds and assets.
• Fraud Losses and the Collusion Effect
• One reason for segregating occupational duties is to deny
potential perpetrators the opportunity they need to commit
fraud. When individuals in critical positions collude, they create
opportunities to control or gain access to assets that otherwise
would not exist.
• Fraud Losses by Gender
• Women are not fundamentally more honest than men, but men
occupy high corporate positions in greater numbers than
women. This affords men greater access to assets.
Losses from Fraud by Position
Losses from Fraud by Collusion
Losses from Fraud by Gender
THE PERPETRATORS OF FRAUDS
(continued)
• Fraud Losses by Age

• Older employees tend to occupy higher-ranking positions and
therefore generally have greater access to company assets.
• Fraud Losses by Education
• Generally, those with more education occupy higher positions
in their organizations and therefore have greater access to
company funds and other assets.
• Conclusions to Be Drawn
Losses from Fraud by Age
Losses from Fraud by Education Level
FRAUD SCHEMES
• Fraudulent Statements
• Fraudulent statements are statements associated with
management fraud. In this class of fraud scheme, the financial
statement misrepresentation must itself bring direct or indirect
financial benefit to the perpetrator.
• THE UNDERLYING PROBLEMS
• SARBANES-OXLEY ACT AND FRAUD: Public Company
Accounting Oversight Board (PCAOB), which is the federal
organization empowered to set auditing, quality control, and
ethics standards; to inspect registered accounting firms; to
conduct investigations; and to take disciplinary actions.
FRAUD SCHEMES (continued)
• Corruption
• Corruption involves an executive, a manager, or an employee
of the organization in collusion with an outsider.
• Bribery involves giving, offering, soliciting, or receiving things
of value to influence an official in the performance of his or her
lawful duties.
• An illegal gratuity involves giving, receiving, offering, or
soliciting something of value because of an official act that has
been taken.
• A conflict of interest is an outline of procedures for dealing
with actual or apparent conflicts of interest between personal
and professional relationships.
• Corruption (continued)
• Economic extortion is the use (or threat) of force (including
economic sanctions) by an individual or organization to obtain
something of value. The item of value could be a financial or
economic asset, information, or cooperation to obtain a
favorable decision on some matter under review.
• Asset Misappropriation- in which assets are either directly
or indirectly diverted to the perpetrator’s benefit)
• Skimming
• Skimming involves stealing cash from an organization before
it is recorded on the organization’s books and records. Another
example is mail room fraud, in which an employee opening
the mail steals a customer’s check and destroys the associated
remittance advice.
Losses from Fraud by Scheme Type
Losses from Asset Misappropriation Schemes
• Cash Larceny
• Cash larceny is theft of cash receipts from an organization
after those receipts have been recorded in the organization’s
books and records.
• Lapping is the use of customer checks, received in payment of
their accounts, to conceal cash previously stolen by an
employee.
• Billing Schemes
• Billing schemes, also known as vendor fraud, are schemes
under which an employee causes the employer to issue a
payment to a false supplier or vendor by submitting invoices for
fictitious goods/services, inflated invoices, or invoices for
personal purchases.
• Billing Schemes (continued)
• A shell company is establishing a false vendor on the company’s
books, and then making false purchase orders, receiving reports,
and invoices in the name of the vendor and submitting them to the
accounting system, creating the illusion of a legitimate transaction.
The system ultimately issues a check to the false vendor.
• A pass-through fraud is similar to shell company fraud except
that a transaction actually takes place. The perpetrator creates a
false vendor and issues purchase orders to it for inventory or
supplies. The false vendor purchases the needed inventory from a
legitimate vendor, charges the victim company a much higher than
market price for the items, and pockets the difference.
• A pay-and-return is a scheme under which a clerk with check
writing authority pays a vendor twice for the same products
(inventory or supplies) received and then intercepts and cashes
the overpayment returned by the vendor.
• Check Tampering
• Check tampering involves forging, or changing in some
material way, a check that was written to a legitimate payee.
• Payroll Fraud
• Payroll fraud is the distribution of fraudulent paychecks to
existent and/or nonexistent employees.
• Expense Reimbursements
• Expense reimbursement fraud involves claiming
reimbursement of fictitious or inflated business expenses.
• Thefts of Cash
• Thefts of cash is the direct theft of cash on hand in the
organization.
• Noncash Misappropriations
• Noncash fraud is the theft or misuse of non-cash assets (e.g.,
inventory, confidential information).
• Computer Fraud
• Computer fraud involves theft, misuse, or misappropriation of
assets by altering computer-readable records and files, or by
altering the logic of computer software; the illegal use of
computer-readable information; or the intentional destruction of
computer software or hardware.
Internal Control Concepts and Techniques
• The internal control system is a set of policies a firm employs

to safeguard the firm’s assets, ensure accurate and reliable
accounting records and information, promote efficiency, and
measure compliance with established policies.
• Modifying Assumptions
• Management responsibility is the concept under which the
responsibility for the establishment and maintenance of a
system of internal control falls to management.
• Reasonable assurance is an assurance provided by the
internal control system that the four broad objectives of internal
control are met in a cost-effective manner.
• METHODS OF DATA PROCESSING
• LIMITATIONS
(continued)
• Control Weaknesses and Risks

• Control weaknesses increase the firm’s risk to financial loss
or injury from the threats.
• The Preventive-Detective-Corrective Internal Control
Model
• Preventive controls are passive techniques designed to
reduce the frequency of occurrence of undesirable events.
• Detective controls are devices, techniques, and procedures
designed to identify and expose undesirable events that elude
preventive controls.
Internal Control Shield
Preventive, Detective, and Corrective Controls
(continued)
• The Preventive-Detective-Corrective Internal Control

Model (continued)
• Corrective controls are actions taken to reverse the effects of
errors detected. Statement on Auditing Standards (SAS)
No. 109 is the current authoritative document for specifying
internal control objectives and techniques. It is based on the
COSO framework.
• Sarbanes-Oxley and Internal Control
• Committee of Sponsoring Organizations of the Treadway
Commission (COSO) is a joint initiative of five private sector
organizations and is dedicated to providing thought leadership
through the development of frameworks and guidance on
enterprise risk management, internal control, and fraud
deterrence.
COSO INTERNAL CONTROL FRAMEWORK
• The Control Environment

• The control environment is the foundation of internal control.
• Risk Assessment
• Risk assessment is the identification, analysis, and
management of risks relevant to financial reporting.
• Information and Communication
• Monitoring
• Monitoring is the process by which the quality of internal
control design and operation can be assessed.
(continued)
• Control Activities
• Control activities are the policies and procedures to ensure
that appropriate actions are taken to deal with the
organization’s risks.
• IT CONTROLS (relate specifically to the computer
environment): General controls are controls that pertain to
entity-wide concerns such as controls over the data center,
organization databases, systems development, and program
maintenance. Application controls are controls that ensure
the integrity of specific systems.
• PHYSICAL CONTROLS (relates to the human activities
employed in accounting systems)
• Transaction authorization is a procedure to ensure that
employees process only valid transactions within the scope of
their authority.
(continued)
• Control Activities (continued)

• Segregation of duties is the separation of employee duties to
minimize incompatible functions.
• Supervision is a control activity involving the critical oversight
of employees.
• The accounting records of an organization consist of
documents, journals, or ledgers used in transaction cycles.
• Access controls are controls that ensure that only authorized
personnel have access to the firm’s assets.
• Verification procedures are independent checks of the
accounting system to identify errors and misrepresentations.
Segregation of Duties Objectives
IT APPLICATION CONTROLS
• Input Controls
• Input controls are programmed procedures, often called edits,
that perform tests on transaction data to ensure that they are
free from errors.
• CHECK DIGIT: Transcription errors are the type of errors that
can corrupt a data code and cause processing errors.
Transposition errors are errors that occur when digits are
transposed. A check digit is a method for detecting data
coding errors in which a control digit is added to the code when
it is originally designed to allow the integrity of the code to be
established during subsequent processing.
• MISSING DATA CHECK
• NUMERIC-ALPHABETIC CHECK
• LIMIT CHECK
• RANGE CHECK
IT APPLICATION CONTROLS (continued)
• Input Controls (continued)
• REASONABLENESS CHECK
• VALIDITY CHECK
• Processing Controls
• Batch controls is an effective method of managing high
volumes of transaction data through a system.
• Run-to-run controls are controls that use batch figures to
monitor the batch as it moves from one programmed
procedure to another.
• Hash total is a control technique that uses nonfinancial data to
keep track of the records in a batch.
Batch Control Record
Run-to-Run Controls
IT APPLICATION CONTROLS (continued)
• Audit Trail Controls
• Audit trail controls ensures that every transaction can be
traced through each stage of processing from its economic
source to its presentation in financial statements.
• TRANSACTION LOGS
• LOG OF AUTOMATIC TRANSACTIONS
• Master File Backup Controls
Transaction Log to Preserve the Audit Trail
GFS BACKUP TECHNIQUE
• The grandfather-father-son (GFS) is a back-up
technique employed by systems that use sequential
master files (whether tape or disk). It is an integral part of
the master file update process.
• The systems designer determines the number of backup
master files needed for each application. Two factors
influence this decision: (1) the financial significance of the
system and (2) the degree of file activity.
Grandfather-Father-Son Approach
BACKUP PROCESS IN BATCH SYSTEM
USING DIRECT ACCESS FILES
• Each record in a direct access file is assigned a unique
disk location or address that is determined by its primary
key value.
• The destructive update approach leaves no backup copy
of the original master file.
Destructive Update Approach
Backup Procedures for Batch Systems Using
Direct Access Files
BACKUP OF MASTER FILES IN A REAL-
TIME SYSTEM
• Real-time systems pose a more difficult problem because
transactions are being processed continuously.
• Backup procedures are therefore scheduled at
prespecified intervals throughout the day (e.g., every 15
minutes).
Backup Procedures for Real-Time Processing
System
OUTPUT CONTROLS
• Controlling Hard-Copy Output
• OUTPUT SPOOLING: Spooling is directing an application’s
output to a magnetic disk file rather than to the printer directly.
• PRINT PROGRAMS
• WASTE
• REPORT DISTRIBUTION
• END-USER CONTROLS
• Controlling Digital Output
Stages in the Output Process

AcctIS10E Ch03 CE

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AcctIS10E Ch03 CE

Uploaded by

Copyright:

Available Formats

Chapter 3

James A. Hall, Accounting Information Systems, 10th Edition. © 2019

• Fraud Losses by Age

• The internal control system is a set of policies a firm employs

• Control Weaknesses and Risks

• The Preventive-Detective-Corrective Internal Control

• The Control Environment

• Control Activities (continued)

You might also like