Fraud, Ethics & Internal Controls

Chapter 3 cont’…
Week 4: Lecture # 2
Internal controls & Computer fraud
 System
System of
of Accounting
Accounting Internal
Internal Controls
Controls
Objectives of an internal control system are:
1. Safeguard assets (from fraud or errors).

2. Maintain accuracy and integrity of accounting

data.

3. Promote operational efficiency.

4. Ensure compliance with management directives.

 Characteristics of Internal Control System
Authorization Documentation Sound Practice

Physical Internal Auditing

Verification Programming

Training
Serialisation

Insurance

Responsibility
Review

Reliable Personnel Rotation of Duties

Mechanical & Electronic Separation of Duties Job Description

Devices
Components of Internal Control
 5 Components of Internal Control

• 5 interrelated components make up UC

Berkeley’s control process.

• The components work together to create a

comprehensive system capable of deterring
fraud, and preventing, detecting and
correcting problems based on an overall
assessment of risk and exposure.
 Components of Internal Control

1. Control environment

• ethical values, competence, leadership, philosophy,

operating style, authority and responsibility.
• forms the foundation for other control components and
provides discipline and structure to the organisation.
• Directives from board of directors.

2. Risk Assessment
• circumstances that may impede the ability of a department
or a project to achieve its objectives. Determine risk & plan.
 Components of Internal Control
3. Control Activities
• policies and procedures designed to ensure
that management directives are carried out.
E.g authorisation, segregation, security,
reconciliation, adequacy, checks…

4. Information and Communication

• Quality data must be transmitted to the right people at the
appropriate time. Identify, capture record and process relevant
transactions.

5. Monitoring
• assess the performance quality of the department to ensure it
continues to be effective.
 Good Internal Control System
• accurate & reliable accounting data.
• efficiency & effectiveness.
• prevent fraud, error, theft, damage and other
discrepancies.
• adhere to company policies and procedures.
• avoid bottlenecks (conflicts).
• smooth flow of operations.
• delegate responsibilities to staff.
• safeguard assets
• internally checks
• reliable and experienced personnel
 Principles of Control within an AIS

Accounting
Control

3 - Key
Areas for
Effective
AIS
Accessibility of
Efficiency
Information
 6 Effective Internal Control Procedures

Preventive Feedback
Controls Controls

Corrective Directive
Controls Controls

Compensating Detective
Controls Controls
 Limitations of Internal Control Systems

• Absolute assurance not possible

• Effectiveness influenced by size of entity’s
operations
• Good controls can break down due to
tiredness, indifference or carelessness
• Reliance on segregation of duties
• Difficulties in detecting computer fraud
 Symptoms of Fraud That Can Be Detected by Internal
Controls

• Missing documents
• Delayed bank deposits
• Numerous outstanding checks or bills
• Employees who do not take vacations
• A large drop in profits

• A major increase in business with one particular customer

• Customers complaining about double billing
• Repeated duplicate payments
• Employees with the same address or phone number as a vendor
 Internal Fraud Prevention and Detection

• IT has a key role to play in demonstrating effective corporate

governance and fraud prevention.

• Internal fraud prevention measures are based on the same

controls used to prevent external intrusions—perimeter
defense technologies, such as firewalls, e-mail scanners, and
biometric access.

• Fraud detection can be handled by intelligent analysis engines

using advanced data warehousing and analytics techniques.
 Policies
Policiesto
toAssist
Assistin
inthe
theAvoidance
Avoidanceof
ofFraud
Fraudand
andErrors
Errors

Actions to assist in prevention or detection of

fraud and errors:
1. Maintain and enforce a code of ethics.

2. Maintain a system of accounting internal

controls.

3. Maintain a system of information technology

controls.
 Maintain
Maintain aa Code
Code of
of Ethics
Ethics
Sarbanes–Oxley Act of 2002
Requirement - public companies adopt and
disclose a code of ethics.

Concepts usually found in code of ethics:

 Obeying applicable laws and regulations.
 Conduct that is honest, fair, and trustworthy.
 Avoiding all conflicts of interest.
 Creating and maintaining a safe work environment.
 Protecting the environment.
The
The Nature
Nature of
of Computer
Computer Fraud
Fraud

2 categories of crime:
– Violent
– Nonviolent

• Fraud is nonviolent crime because instead

of a gun or knife, fraudsters use deception,
confidence, and trickery.

• Occupational fraud refers to the

deliberate misuse of the assets of one’s
employer for personal gain.

5-16
 Computer Fraud/Crime

• Also known as cyber-crime

• Relates to unauthorized:
• use, access, modification, and destruction of
hardware, software, data, or network resources
• release of information
• copying of software (piracy)
• Using or conspiring to use computer or
network resources illegally to obtain
information.
 The
The Nature
Nature of
of Computer
Computer Fraud
Fraud
Internal Sources of Computer Fraud
1. Input manipulation-altering data that is input into the
computer.e.g changing payroll times.

2. Program manipulation
a. Salami technique – altering a program to slice a small
amount from several accounts.
b. Trojan horse programs – malacious software allowing
unauthorised backdoor into the system and stealing
confidential files. Used to manipulate computer system.
c. Trap door alterations – is a valid programming tool that is
missused to commit fraud (hidden entrance to enter into
computer programs).

3. Output manipulation-altering system cheques & reports.

 The
The Nature
Nature of
of Computer
Computer Fraud
Fraud
External Sources of Computer Fraud
In most cases conducted by someone outside the
company who has gained unauthorized access to the
computer.

Two Common Types:

1. Hacking.
 Denial of Service attack (DoS) – prevents
computer systems & networks from
functioning.
2. Spoofing-occurs when a person, through a
computer system, pretends to be someone else.
E.g. internet spoofing & email spoofing
 Hacking

• Definition:
• The obsessive use of computers, or the
unauthorized access and use of networked
computer systems.
 Cyber Theft

• Definition:
• Computer crime involving the theft of money.
 Espionage or Tresspassing

 The act of gaining access to the information an

organization is trying to protect by an unauthorized
individual.

 Industrial espionage occurs in areas where

researching information about the competition goes
beyond the legal limits.

 Governments practice industrial espionage against

companies in other countries.

 Shoulder surfing is looking at a computer monitor or

ATM screen over another person’s shoulder.
22
 Sabotage or Vandalism

 A popular type of online vandalism is

hacktivist or cyberactivist activities.

 Hacktivist or cyberactivist use technology

for high-tech civil disobedience to protest
operations, policies, or actions.

 Theft is the illegal taking of property that

belongs to another individual or
organization.

23
Computer fraud

 Cyber-war
 Cyber-theft
 Cyber-storm
 Cybercrimes
 Cyber-activist
 Cyber-terrorism
 Cyber-blackmail

 Hacker
 Crackers

24
 Information Extortion

 When an attacker or formerly trusted employee steal

information from a computer system and then
demands compensation for its return or an agreement
not to disclose it.

25
 Identity Theft

 Crime in which someone uses the personal

information of others, usually obtained from the
Internet, to create a false identity and then commits
fraud.
 Fastest growing white-collar crime.
 Biggest problem is restoring victim’s damaged credit
rating.

26
Chapter
3
End of Lecture!