ETHICS,

FRAUD &
INTERNAL
CONTROL

1
ICEBREAKER
“GETTING TO KNOW EACH
OTHER”

2
“NEVER HAVE
I EVER”
3
 1ST QUESTION

NEVER HAVE I EVER

BEEN DRUNK…
I I
HAVE HAVEN’T
4
 2ND QUESTION

NEVER HAVE I EVER

CHEATED ON AN
I
EXAM/QUIZ… I
HAVE HAVEN’T
5
 3RD QUESTION

NEVER HAVE I EVER PRETENDED

TO LAUGH AT A JOKE I
DIDN’T GET…
I I
HAVE HAVEN’T
6
 4TH QUESTION

NEVER HAVE I EVER GOOGLED MY

OWN NAME TO SEE WHAT COMES
UP…
I I
HAVE HAVEN’T
7
 5TH QUESTION

NEVER HAVE I EVER FORGED

SOMEONES SIGNATURE…
I I
HAVE HAVEN’T
8
 6TH QUESTION

NEVER HAVE I EVER

STALKED SOMEONE
ONLINE…
I I
HAVE HAVEN’T
9
 7TH QUESTION

NEVER HAVE I EVER

SKIPPED CLASS…
I I
HAVE HAVEN’T
10
 8TH QUESTION

NEVER HAVE I EVER

STOLE SOMETHING…
I I
HAVE HAVEN’T
11
 9TH QUESTION

NEVER HAVE I EVER TOOK A QUIZ

WITHOUT STUDYING THE NIGHT
PRIOR…
I I
HAVE HAVEN’T
12
 10TH QUESTION

NEVER HAVE I EVER LIED TO MY

PARENTS WHERE I AM GOING…

I I
HAVE HAVEN’T
13
 11TH QUESTION

NEVER HAVE I EVER DONE

SOMETHING I REGRET…
I I
HAVE HAVEN’T
14
ETHICAL ISSUES IN BUSINESS
• Business Ethics
• Computer Ethics
• Sarbanes-Oxley Act and Ethical
Issues
Ethical Issues in
Business
Ethical standards are derived from societal
mores and deep-rooted personal beliefs
about issues of right and wrong that are
not universally agreed upon.
we confuse ethical
issues with legal
issues.
UP!!!!
17
 ETHICS
It pertains to the principles of conduct
that individuals use in making choices
and guiding their behavior in
situations that involve the concepts of
right and wrong.

18
 BUSINESS
ETHICS
Involves finding the answers to two questions:
(1) How do managers decide what is right in
conducting their business?
(2) Once managers have recognized what is right,
how do they achieve it?

UP!!!!
19
 BUSINESS
ETHICS
Ethical issues in business can be divided into four
areas:
 Equity
 The Exercise
 Rights of Corporate
 Honesty Power
20
Table 3-1 ETHICAL ISSUES IN BUSINESS

21
 Making Ethical
Decisions
Business organizations have conflicting
responsibilities to their employees,
shareholders, customers, and
the public.
 Making Ethical
Decisions
Every major decision has consequences
that potentially harm or benefit these
constituents.
 PROPORTIONALITY

The benefit from a decision must

outweigh the risks.
UP!!!!
 PROPORTIONALITY
»Justice
The benefits of the decision should be distributed
fairly to those who share the risks. Those who do not
benefit should not carry the burden of risk.
 PROPORTIONALITY
»Minimize Risk
Even if judged acceptable by the principles, the
decision should be implemented so as
to minimize all of the risks and avoid any unnecessary
risks.
 COMPUTER
ETHICS
the analysis of the nature and social impact of
computer technology and the corresponding
formulation and justification
of policies for the ethical use of such technology

UP!!!!
27
 COMPUTER
ETHICS
Three levels of computer ethics:
✘ Pop
✘ Para
✘ Theoretical

28
 COMPUTER
ETHICS
✘ Pop Computer Ethics
simply the exposure to stories and reports found in the
popular media regarding the good or bad ramifications
of computer technology.

29
 COMPUTER
ETHICS
✘ Para Computer Ethics
involves taking a real interest in computer ethics cases
and acquiring some level of skill and knowledge in the
field

30
 COMPUTER
ETHICS
✘ Theoretical Computer Ethics
interest to multidisciplinary researchers who apply the
theories of philosophy, sociology, and psychology to
computer science with the goal of bringing some new
understanding to the field.

31
 A New Problem or Just a New
Twist on an Old Problem?

Privacy
“ People desire to be in full control of what
and how much information about
themselves is available to
others, and to whom it is available.
 Should the privacy of individuals be protected
through policies and systems?
 What information about oneself does the individual own?
 Should firms that are unrelated to individuals buy and sell
information about these individuals without their permission?

32
 A New Problem or Just a New
Twist on an Old Problem?

“
Security (Accuracy
and Confidentiality)
Security systems attempt to prevent fraud
and other misuse of computer systems, they
UP!!!! act to protect
and further the legitimate interests of the
system’s constituencies.
 Which is the more important goal? Automated monitoring
can be used to detect intruders or other misuse, yet it can also be used to spy on
legitimate users, thus diminishing their privacy. Where is the line to be drawn?
What is an appropriate use and level of security? Which is most important:
security, accuracy, or confidentiality?
33
 A New Problem or Just a New
Twist on an Old Problem?

“ Ownership of Property
Copyright laws have been invoked in an
attempt to protect those who develop
software from having it copied.

34
 A New Problem or Just a New
Twist on an Old Problem?

“ Equity in Access
Some barriers to access are intrinsic to
the technology of information systems,
but some are avoidable through careful
system design.

35
 A New Problem or Just a New
Twist on an Old Problem?

“ Environmental Issues
Computers with high-speed printers allow for the production
of printed documents faster than ever
before. It may be more efficient or more comforting to have
a hard copy in addition to the electronic version. However,
paper comes from trees, a precious natural resource, and
ends up in landfills if not properly recycled.

36
 A New Problem or Just a New
Twist on an Old Problem?

“
Unemployment and Displacement
Many jobs have been and are being changed
as a result of the availability of computer
UP!!!!
technology
People unable or unprepared to change are
displaced.
 Should employers be responsible for retraining workers
who are displaced as a result of the computerization of their
functions?
37
 A New Problem or Just a New
Twist on an Old Problem?

“
Misuse of Computers
Computers can be misused in many ways. Copying
proprietary software, using a company’s computer
for personal benefit, and snooping through other
UP!!!! people’s files are just a few obvious examples.

 What harm is done to the software developer when people make

unauthorized copies?
 A computer is not an item that deteriorates with use, so is there any harm to
the employer if it is used for an employee’s personal benefit?
 Is it okay to look through paper files that clearly belong to someone else?
 Is there any difference between paper files and computer files?

38
 SARBANES-OXLEY ACT AND
ETHICAL ISSUES

✘ The Act is named after its sponsors, Senator Paul

Sarbanes, D-Md., and Congressman Michael
Oxley, R-Ohio. It's also called Sarbox or SOX.
It became law on July 30, 2002.

39
 SARBANES-OXLEY ACT AND
ETHICAL ISSUES

✘ The Sarbanes-Oxley Act of 2002 is a federal law

that established sweeping auditing and financial
regulations for public companies. Lawmakers
created the legislation to help protect shareholders,
employees and the public from accounting errors
and fraudulent financial practices.

40
FRAUD AND ACCOUNTANTS
• Definitions of Fraud
• The Fraud Triangle
• Financial Losses from Fraud
• The Perpetrators of Frauds
 FRAUD
- false representation of a material fact made by
one party to another party with the intent to
deceive and induce the other party to justifiably
rely on the fact to his or her detriment.
 Fraudulent act must meet the
following five conditions:

✘ False representation
✘ Material fact
✘ Intent
✘ Justifiable reliance.
✘ Injury or loss.

43
In accounting literature, fraud is
also commonly known as white-
collar crime, defalcation,
embezzlement, and irregularities.

UP!!!!

44
 Fraudulent act must meet the
following five conditions:

✘ Give one of the five conditions…..

45
 Two levels of Fraud

✘ Employee fraud
✘ Management fraud

46
 Employee fraud

- or fraud by non-management
employees, is generally designed to
directly convert cash or other assets to
the employee’s personal benefit.

47
 Management fraud

- is more insidious than employee fraud

because it often escapes detection until
the organization has suffered irreparable
damage or loss.

48
 Management fraud typically
contains three special
characteristics:

✘ The fraud is perpetrated at levels of management above the one to

which internal control structures generally relate.
✘ 2. The fraud frequently involves using the financial statements to
create an illusion that an entity is healthier and more prosperous than,
in fact, it is.
✘ 3. If the fraud involves misappropriation of assets, it frequently is
shrouded in a maze of complex business transactions, often involving
related third parties.

49
 THE FRAUD TRIANGLE

The fraud triangle consists of three factors

that contribute to or are associated with
management and employee fraud

50
 THE FRAUD TRIANGLE
UP!!!!

✘ (1) situational pressure, which includes personal or job-

related stresses that could coerce an individual to act
dishonestly;
✘ (2) opportunity, which involves direct access to assets and/or
access to information that controls assets, and;
✘ (3) ethics, which pertains to one’s character and degree of
moral opposition to acts of dishonesty

51
The --------- consists of three factors that
contribute to or are associated with
management and employee fraud

52
PERPETRATORS OF FRAUDS

54
55
56
FRAUD AND ACCOUNTANTS
• Fraud Schemes
 THE FRAUD SCHEMES

Three broad categories of fraud schemes

✘ fraudulent statements
✘ Corruption
✘ asset misappropriation

58
 Fraudulent Statements

✘this class of fraud scheme, the statement

itself must bring direct or indirect financial
benefit to the perpetrator

59
 Fraudulent Statements

✘ For example, misstating the cash account balance to cover

the theft of cash is not financial statement fraud.
✘ On the other hand, understating liabilities to present a more
favourable financial picture of the organization to drive up
stock prices does fall under this classification.

60
 UP!!!

these numbers fail to reflect the human

suffering that parallels them in the real
world
61
“
Three broad categories of
fraud schemes
✘ fraudulent statements
✘ asset misappropriation
✘ AND…?
62
“
✘ this class of fraud scheme, the
statement itself must bring
---------------- benefit to the
perpetrator

63
THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
✘ Lack of Director Independence
✘ Questionable Executive Compensation Schemes
✘ Inappropriate Accounting Practices

64
THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
- Auditing firms that are also engaged by their clients
to perform non-accounting activities

- For example, Enron’s auditors—Arthur Andersen—

were also their internal auditors and their
management consultants.
65
THE UNDERLYING PROBLEMS
✘ Lack of Director Independence
directors who have a personal relationship
- by serving on the boards of other directors’ companies
- have a business trading relationship as key customers or suppliers
of the company
- have a financial relationship as primary stockholders or have
received personal loans from the company
- have an operational relationship as employees of the company

66
THE UNDERLYING PROBLEMS
✘ Questionable Executive Compensation Schemes

- fewer stock options should be offered than currently

is the practice

67
 UP!!!

THE UNDERLYING PROBLEMS

✘ Inappropriate Accounting Practices

- use of special-purpose entities to hide liabilities

through off-balance-sheet accounting

68
THE UNDERLYING PROBLEMS
✘ ----------------
- Auditing firms that are also engaged by their clients
to perform non-accounting activities

- For example, Enron’s auditors—Arthur Andersen—

were also their internal auditors and their
management consultants.
69
 THE FRAUD SCHEMES

Three broad categories of fraud schemes

✘ fraudulent statements
---------------------------------------------------------------
✘ Corruption
-

✘ asset misappropriation

70
 Corruption

✘ involves an executive, manager, or employee of the

organization in collusion with an outsider
✘ 4 principal types:
■ Bribery
■ illegal gratuities
■ conflicts of interest
■ economic extortion

71
 BRIBERY

✘ involves giving, offering, soliciting, or receiving things of

value to influence an official in the performance of his or
her lawful duties

72
 ILLEGAL GRATUITIES

✘ involves giving, receiving, offering, or soliciting something

of value because of an official act that has been taken

73
 CONFLICTS OF INTEREST

✘ occurs when an employee acts on behalf of a third party

during the discharge of his or her duties or has self-interest
in the activity being performed

74
 ECONOMIC EXTORTION

✘ is the use (or threat) of force (including economic

sanctions) by an individual or organization to obtain
something of value

UP!!!

75
GIVE ONE OF THE
PRINCIPLE TYPES
OF CORRUPTION
 THE FRAUD SCHEMES

Three broad categories of fraud schemes

✘ fraudulent statements
---------------------------------------------------------------
-
✘ Corruption
------------------------------

✘ asset misappropriation

77
78
 ASSET MISAPPROPRIATION

✘ assets are either directly or indirectly diverted to the

perpetrator’s benefit

79
 SKIMMING

✘ involves stealing cash from an organization before it is

recorded on the organization’s books and records

80
 CASH LARCENCY

✘ involves schemes in which cash receipts are stolen from an

organization after they have been recorded in the
organization’s books and records

81
 BILLING SCHEMES

✘ also known as vendor fraud, are perpetrated by employees who causes

their employer to issue a payment to a false supplier or vendor by
submitting invoices for fictitious goods or services, inflated invoices,
or invoices for personal purchases.
■ SHELL COMPANY
■ PASS THROUGH FRAUD
■ PAY-AND-RETURN

82
 CHECK TAMPERING

✘ involves forging or changing in some material way a check

that the organization has written to a legitimate payee

83
 PAYROLL FRAUD

✘ the distribution of fraudulent paychecks to existent and/or

non-existent employees

84
 EXPENSE REIMBURSEMENTS

✘ are schemes in which an employee makes a claim for

reimbursement of fictitious or inflated business expenses.
For example, a company salesperson files false expense
reports, claiming meals, lodging, and travel that never
occurred.

85
 THEFTS OF CASH

✘ are schemes that involve the direct theft of cash on hand in

the organization

86
 NON-CASH MISAPPROPRIATION

✘ schemes involve the theft or misuse of the victim

organization’s non-cash assets. One example of this is a
warehouse clerk who steals inventory from a warehouse or
storeroom.

87
 COMPUTER FRAUD

✘ Because computers lie at the heart of modern accounting

information systems, the topic of computer fraud is of
importance to auditors.

88
Internal Control Concepts and
Techniques
 Internal Control Concepts and Techniques

✘ 1. To safeguard assets of the firm.

✘ 2. To ensure the accuracy and reliability of accounting
records and information.
✘ 3. To promote efficiency in the firm’s operations.
✘ 4. To measure compliance with management’s
prescribed policies and procedures
 Modifying Assumptions
✘Management Responsibility
✘Reasonable Assurance.
✘Methods of Data Processing.
✘Limitations
 The Preventive-Detective–Corrective
Internal Control Model
✘ Preventive Controls
It forces compliance with prescribed or desired actions and thus screen out
aberrant events.
 Detective Controls
These are devices, techniques, and procedures designed to identify and expose undesirable
events that elude preventive controls.
 Corrective Controls
These are actions taken to reverse the effects of errors detected in the previous
step.
 SAS 78 / COSO
Describes the relationship between the firm’s…
 internal control structure,
 auditor’s assessment of risk, and
 the planning of audit procedures

“The weaker the internal control structure, the higher the assessed level of
risk; the higher the risk, the more auditor procedures applied in the audit”.
Five Internal Control Components: SAS 78 / COSO

1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment
✘ Integrity and ethics of management
✘ Organizational structure
✘ Role of the board of directors and the audit committee
✘ Management’s policies and philosophy
✘ Delegation of responsibility and authority
✘ Performance evaluation measures
✘ External influences—regulatory agencies
✘ Policies and practices managing human resources
2: Risk Assessment
✘ Identify, analyze and manage risks relevant to financial
reporting:
✗ changes in external environment
✗ risky foreign markets
✗ significant and rapid growth that strain internal controls
✗ new product lines
✗ restructuring, downsizing
✗ changes in accounting policies
3: Information and Communication
✘ The AIS should produce high quality information which:
✗ identifies and records all valid transactions
✗ provides timely information in appropriate detail to permit proper
classification and financial reporting
✗ accurately measures the financial value of transactions
✗ accurately records transactions in the time period in which they
occurred
4: Monitoring
The process for assessing the quality of internal control
design and operation
✘ Ongoing monitoring:
✗ computer modules integrated into routine
operations
✗ management reports which highlight trends and
exceptions from normal performance
5: Control Activities
✘ Policies and procedures to ensure that the appropriate
actions are taken in response to identified risks
✘ Fall into two distinct categories:
✗ IT controls—relate specifically to the computer environment
✗ Physical controls—primarily pertain to human activities
 Two Types of IT Controls
✘ General controls—pertain to the entity-wide computer
environment
✗ Examples: controls over the data center, organization databases,
systems development, and program maintenance
✘ Application controls—ensure the integrity of specific systems
✗ Examples: controls over sales order processing, accounts payable, and
payroll applications
 Six Types of Physical Controls
✘ Transaction Authorization
✘ Segregation of Duties
✘ Supervision
✘ Accounting Records
✘ Access Control
✘ Independent Verification
Physical Controls
Transaction Authorization
✘ used to ensure that employees are carrying out only
authorized transactions
✘ general (everyday procedures) or specific (non-routine
transactions) authorizations
Physical Controls
Segregation of Duties
✘ In manual systems, separation between:
✗ authorizing and processing a transaction
✗ custody and recordkeeping of the asset
✗ subtasks
Physical Controls
Supervision
✘ A compensation for lack of segregation; some may be
built into computer systems
✘ An underlying assumption of supervision control is that
the firm employs competent and trustworthy personnel.
The competent and trustworthy employee assumption
promotes supervisory efficiency.
Physical Controls
Accounting Records

✘ The accounting records of an organization consist of

source documents, journals, and ledgers. These records
capture the economic essence of transactions and provide
an audit trail of economic events.
✘ Audit Trail
Physical Controls
Access Controls
✘ help to safeguard assets by restricting physical access to them

Independent Verification
✘ reviewing batch totals or reconciling subsidiary accounts with control
accounts
✘ Through independent verification procedures, management can assess (1) the
performance of individuals, (2) the integrity of the transaction processing
system, and (3) the correctness of data contained in accounting records.
 Nested Control Objectives for
Control Transactions
Objective 1
Authorization Processing

Control Authorization Custody Recording

Objective 2

Custody Recording

Authorization Task 1 Task 2 Task 1 Task 2

Control
Objective 3