Professional Documents
Culture Documents
FRAUD &
INTERNAL
CONTROL
1
ICEBREAKER
“GETTING TO KNOW EACH
OTHER”
2
“NEVER HAVE
I EVER”
3
1ST QUESTION
I I
HAVE HAVEN’T
13
11TH QUESTION
18
BUSINESS
ETHICS
Involves finding the answers to two questions:
(1) How do managers decide what is right in
conducting their business?
(2) Once managers have recognized what is right,
how do they achieve it?
UP!!!!
19
BUSINESS
ETHICS
Ethical issues in business can be divided into four
areas:
Equity
The Exercise
Rights of Corporate
Honesty Power
20
Table 3-1 ETHICAL ISSUES IN BUSINESS
21
Making Ethical
Decisions
Business organizations have conflicting
responsibilities to their employees,
shareholders, customers, and
the public.
Making Ethical
Decisions
Every major decision has consequences
that potentially harm or benefit these
constituents.
PROPORTIONALITY
UP!!!!
27
COMPUTER
ETHICS
Three levels of computer ethics:
✘ Pop
✘ Para
✘ Theoretical
28
COMPUTER
ETHICS
✘ Pop Computer Ethics
simply the exposure to stories and reports found in the
popular media regarding the good or bad ramifications
of computer technology.
29
COMPUTER
ETHICS
✘ Para Computer Ethics
involves taking a real interest in computer ethics cases
and acquiring some level of skill and knowledge in the
field
30
COMPUTER
ETHICS
✘ Theoretical Computer Ethics
interest to multidisciplinary researchers who apply the
theories of philosophy, sociology, and psychology to
computer science with the goal of bringing some new
understanding to the field.
31
A New Problem or Just a New
Twist on an Old Problem?
Privacy
“ People desire to be in full control of what
and how much information about
themselves is available to
others, and to whom it is available.
Should the privacy of individuals be protected
through policies and systems?
What information about oneself does the individual own?
Should firms that are unrelated to individuals buy and sell
information about these individuals without their permission?
32
A New Problem or Just a New
Twist on an Old Problem?
“
Security (Accuracy
and Confidentiality)
Security systems attempt to prevent fraud
and other misuse of computer systems, they
UP!!!! act to protect
and further the legitimate interests of the
system’s constituencies.
Which is the more important goal? Automated monitoring
can be used to detect intruders or other misuse, yet it can also be used to spy on
legitimate users, thus diminishing their privacy. Where is the line to be drawn?
What is an appropriate use and level of security? Which is most important:
security, accuracy, or confidentiality?
33
A New Problem or Just a New
Twist on an Old Problem?
“ Ownership of Property
Copyright laws have been invoked in an
attempt to protect those who develop
software from having it copied.
34
A New Problem or Just a New
Twist on an Old Problem?
“ Equity in Access
Some barriers to access are intrinsic to
the technology of information systems,
but some are avoidable through careful
system design.
35
A New Problem or Just a New
Twist on an Old Problem?
“ Environmental Issues
Computers with high-speed printers allow for the production
of printed documents faster than ever
before. It may be more efficient or more comforting to have
a hard copy in addition to the electronic version. However,
paper comes from trees, a precious natural resource, and
ends up in landfills if not properly recycled.
36
A New Problem or Just a New
Twist on an Old Problem?
“
Unemployment and Displacement
Many jobs have been and are being changed
as a result of the availability of computer
UP!!!!
technology
People unable or unprepared to change are
displaced.
Should employers be responsible for retraining workers
who are displaced as a result of the computerization of their
functions?
37
A New Problem or Just a New
Twist on an Old Problem?
“
Misuse of Computers
Computers can be misused in many ways. Copying
proprietary software, using a company’s computer
for personal benefit, and snooping through other
UP!!!! people’s files are just a few obvious examples.
38
SARBANES-OXLEY ACT AND
ETHICAL ISSUES
39
SARBANES-OXLEY ACT AND
ETHICAL ISSUES
40
FRAUD AND ACCOUNTANTS
• Definitions of Fraud
• The Fraud Triangle
• Financial Losses from Fraud
• The Perpetrators of Frauds
FRAUD
- false representation of a material fact made by
one party to another party with the intent to
deceive and induce the other party to justifiably
rely on the fact to his or her detriment.
Fraudulent act must meet the
following five conditions:
✘ False representation
✘ Material fact
✘ Intent
✘ Justifiable reliance.
✘ Injury or loss.
43
In accounting literature, fraud is
also commonly known as white-
collar crime, defalcation,
embezzlement, and irregularities.
UP!!!!
44
Fraudulent act must meet the
following five conditions:
45
Two levels of Fraud
✘ Employee fraud
✘ Management fraud
46
Employee fraud
- or fraud by non-management
employees, is generally designed to
directly convert cash or other assets to
the employee’s personal benefit.
47
Management fraud
48
Management fraud typically
contains three special
characteristics:
49
THE FRAUD TRIANGLE
50
THE FRAUD TRIANGLE
UP!!!!
51
The --------- consists of three factors that
contribute to or are associated with
management and employee fraud
52
PERPETRATORS OF FRAUDS
54
55
56
FRAUD AND ACCOUNTANTS
• Fraud Schemes
THE FRAUD SCHEMES
58
Fraudulent Statements
59
Fraudulent Statements
60
UP!!!
63
THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
✘ Lack of Director Independence
✘ Questionable Executive Compensation Schemes
✘ Inappropriate Accounting Practices
64
THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
- Auditing firms that are also engaged by their clients
to perform non-accounting activities
66
THE UNDERLYING PROBLEMS
✘ Questionable Executive Compensation Schemes
67
UP!!!
68
THE UNDERLYING PROBLEMS
✘ ----------------
- Auditing firms that are also engaged by their clients
to perform non-accounting activities
✘ asset misappropriation
70
Corruption
71
BRIBERY
72
ILLEGAL GRATUITIES
73
CONFLICTS OF INTEREST
74
ECONOMIC EXTORTION
UP!!!
75
GIVE ONE OF THE
PRINCIPLE TYPES
OF CORRUPTION
THE FRAUD SCHEMES
✘ asset misappropriation
77
78
ASSET MISAPPROPRIATION
79
SKIMMING
80
CASH LARCENCY
81
BILLING SCHEMES
82
CHECK TAMPERING
83
PAYROLL FRAUD
84
EXPENSE REIMBURSEMENTS
85
THEFTS OF CASH
86
NON-CASH MISAPPROPRIATION
87
COMPUTER FRAUD
88
Internal Control Concepts and
Techniques
Internal Control Concepts and Techniques
“The weaker the internal control structure, the higher the assessed level of
risk; the higher the risk, the more auditor procedures applied in the audit”.
Five Internal Control Components: SAS 78 / COSO
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment
✘ Integrity and ethics of management
✘ Organizational structure
✘ Role of the board of directors and the audit committee
✘ Management’s policies and philosophy
✘ Delegation of responsibility and authority
✘ Performance evaluation measures
✘ External influences—regulatory agencies
✘ Policies and practices managing human resources
2: Risk Assessment
✘ Identify, analyze and manage risks relevant to financial
reporting:
✗ changes in external environment
✗ risky foreign markets
✗ significant and rapid growth that strain internal controls
✗ new product lines
✗ restructuring, downsizing
✗ changes in accounting policies
3: Information and Communication
✘ The AIS should produce high quality information which:
✗ identifies and records all valid transactions
✗ provides timely information in appropriate detail to permit proper
classification and financial reporting
✗ accurately measures the financial value of transactions
✗ accurately records transactions in the time period in which they
occurred
4: Monitoring
The process for assessing the quality of internal control
design and operation
✘ Ongoing monitoring:
✗ computer modules integrated into routine
operations
✗ management reports which highlight trends and
exceptions from normal performance
5: Control Activities
✘ Policies and procedures to ensure that the appropriate
actions are taken in response to identified risks
✘ Fall into two distinct categories:
✗ IT controls—relate specifically to the computer environment
✗ Physical controls—primarily pertain to human activities
Two Types of IT Controls
✘ General controls—pertain to the entity-wide computer
environment
✗ Examples: controls over the data center, organization databases,
systems development, and program maintenance
✘ Application controls—ensure the integrity of specific systems
✗ Examples: controls over sales order processing, accounts payable, and
payroll applications
Six Types of Physical Controls
✘ Transaction Authorization
✘ Segregation of Duties
✘ Supervision
✘ Accounting Records
✘ Access Control
✘ Independent Verification
Physical Controls
Transaction Authorization
✘ used to ensure that employees are carrying out only
authorized transactions
✘ general (everyday procedures) or specific (non-routine
transactions) authorizations
Physical Controls
Segregation of Duties
✘ In manual systems, separation between:
✗ authorizing and processing a transaction
✗ custody and recordkeeping of the asset
✗ subtasks
Physical Controls
Supervision
✘ A compensation for lack of segregation; some may be
built into computer systems
✘ An underlying assumption of supervision control is that
the firm employs competent and trustworthy personnel.
The competent and trustworthy employee assumption
promotes supervisory efficiency.
Physical Controls
Accounting Records
Independent Verification
✘ reviewing batch totals or reconciling subsidiary accounts with control
accounts
✘ Through independent verification procedures, management can assess (1) the
performance of individuals, (2) the integrity of the transaction processing
system, and (3) the correctness of data contained in accounting records.
Nested Control Objectives for
Control Transactions
Objective 1
Authorization Processing
Custody Recording