CHAPTER 3

ETHICS, FRAUD & INTERNAL

CONTROL
 INTERNAL CONTROLS
Integrated Framework (2013, the Committee of
Sponsoring Organizations of the Treadway
Commission (COSO))

“A process, effected by an entity’s board of

directors, management and other personnel,
designed to provide reasonable assurance
regarding achievement of objectives relating to
operations, reporting and compliance.”
 ELEMENTS
NECESSARILY INVOLVE DESIGNED TO PROVIDE
IS A PROCESS PEOPLE THROUGHOUT REASONABLE ASSURANCE.
THE ORGANIZATION.
• Improvement
• Require discussion • Reasonable – being
• Control problems within the bounds
during design,
• Judgment and of common sense
implementation
Experience in • Not designed for
and evaluation.
designing and absolute assurance
implementing • Subject to on anything
• Periodically Cost/benefit • Can be
reviewed to ensure constraint circumvented
effectiveness through collusion or
collaboration
PURPOSES OF INTERNAL CONTROL
• Safeguarding assets
• Ensuring financial statement reliability
• Promoting operational efficiency
• Encouraging compliance with
management’s directives
 Five components of COSO 
❑ Control environment-
establishing the “tone
at the top”
❑ Monitoring- creating a ❑ Risk assessment- clarifying
process for keeping the an organization’s risk
plan update and relevant exposures

❑ Information and ❑ Control activities-

communication- ensuring developing specific
stakeholders know about controls to address the
the internal control plan risk exposures
 Brown’s Taxonomy of Risk
Financial Risk (Monetary Activities)
❑ Market Risk- changes in company’s
stock prices, investment values, and
interest rates.
❑ Credit Risk- customer’s unwillingness
or inability to pay amounts to the org.
❑ Liquidity Risk- possibility that a
company will not have sufficient cash
and near cash assets to meet short
terms obligations
Operational Risk (concern to people,
assets, and technologiesused to create
value for customers)
❑ Systems Risk- Malware, data theft, and
server crashes
❑ Human Error Risk- peoples’ mistakes.
Ex; teller cashes check without
authorized signature
Strategic Risk- (entities decision making
process at the senior mgt. and Board of
Directors Level)
❑ Legal and Regulatory Risk- chance that
parties might break laws that result in
financial, legal, or operational
sanctions.
❑ Business Strategy Risk- poor decision
making related to companies’ basis for
competing in its markets.
Hazard Risk
❑ Director’s and Officers’ liability risk-
accused of mismanagement by
shareholders, government agencies,
employees or other stakeholders bare
this risk in a direct way.
 INTERNAL CONTROL EXAMPLES
1. Adequate documentation - Can help you critiques internal controls
and determine if they are functioning effectively.
2. Background checks – essential for employees in sensitive positions,
such as those who deals with large amounts of money
3. Backup of computer files – ensures that no more than one day’s
work is lost in an event of a systems failure
4. Backup of power supplies – can give the user time to save any open
files, ensuring they are not lost
5. Bank reconciliation – account for timing differences between the
account holder’s records and the bank’s records of a cash account
 INTERNAL CONTROL EXAMPLES
6. Batch control totals - users can calculate various control totals to promote data
integrity. Example you could add up the invoice numbers for a group of sales
invoices.
7. Data encryption - translates data into another form, or code, so that only people
with access to a secret key (formally called a decryption key) or password can read
it.
8. Document matching - whether electronic or paper based, document matching
helps ensure that vendor invoices are only paid when merchandise has been
properly ordered and invoiced.
9. Echo checks - That process allows you to edit the data for any errors or other
changes.
10. Firewalls - They can prevent unauthorized intrusions into an accounting
information system and warn users when such intrusions are detected.
 INTERNAL CONTROL EXAMPLES
11. Insurance and Bonding - can help organizations correct any financial
losses they experience probably bonded. Companies often bond key
employees to address human error and other forms of risk.
12. Internal audits - can reveal indications of fraud, waste, and inefficiency,
thus strengthening internal control.
13. Limit checks - An accounting information system can incorporate various
kinds of limit checks.
14. Lockbox systems - help promote strong internal control over cash. Rather
than remitting payment directly to an organization, customers send their
payment to a lockbox.
15. Physical Security - Simple actions such locking doors and securing
computers and related equipment can go a long way in safeguard assets.
16. Preformatted data entry screens- greatly improves data entry efficiency.
 INTERNAL CONTROL EXAMPLES
17. Prenumbered documents - Checks, purchase orders, sales invoices,
and other documents should be prenumbered strong internal
control
18. Restrictive endorsement and daily deposits of checks received -
give the bank more specific instructions that limit the uses of the
endorsed check: the most common is “for deposit only”, often
with an account number included.
19. Segregation of duties - means to the extent possible, three
different people should take on one responsibility with respect to
a specific asset: authorization for use, physical custody, and
recordkeeping.
20. User training - all internal control processes in the world are
virtually worthless if people don’t know how to apply them.
Employees should receive periodic training/reminders about
appropriate internal control procedures.
ETHICS
and
FRAUD
ETHICAL ISSUES IN BUSINESS

1. Equity Executive salaries

Comparable worth
Product pricing

2. Rights Corporate due process

Employee health screening
Employee privacy
Sexual harassment
Diversity
Equal employment opportunity
Whistle-blowing
ETHICAL ISSUES IN BUSINESS

3. Honesty Employee & management conflict of interest

Security of organization data & records
Misleading advertising
Questionable business practices in foreign
countries
Accurate reporting on shareholders’ interest
ETHICAL ISSUES IN BUSINESS

4. Exercise of corporate Political action committees

power Workplace safety
Product safety
Environmental issues
Divestment of interest
Corporate political contributions
Downsizing and plant closures
ETHICAL ISSUES IN BUSINESS

4. Exercise of corporate Political action committees

power Workplace safety
Product safety
Environmental issues
Divestment of interest
Corporate political contributions
Downsizing and plant closures
BUSINESS ETHICS
- pertains to the principles of conduct that individuals use in
making choices and guiding their behavior in situations that
involve the concept of right and wrong.

Ethical Principles that Provide Guidance in Making Ethical Decisions

1. Proportionality - The benefit from a decision must outweigh the
risks. There must be no alternative decision that provides the
same or greater benefit with less risk.

2. Justice - The benefits of the decision should be distributed fairly

to those who share the risks. Those who do not benefit should
not carry the burden of risk.

3. Minimize risk - Even if judged acceptable by the principle. the

decision should be implemented so as to minimize all the risks
and and avoid any unnecessary risks.
ISSUES OF CONCERN IN THE STUDY OF AIS

1. Privacy
- people desire to be in full control of what and how much
information about themselves is available to others and to whom
it is available.

2. Security (Accuracy and Confidentiality)

- computer security is an attempt to avoid such undesirable
events asa loss of confidentiality or data integrity

3. Ownership of property
- software - an intellectual property. What can an
individual/organization own; ideas? media? source code? object
code?
ISSUES OF CONCERN IN THE STUDY OF AIS

4. Equity in access
Factors that can limit access to computing technology:
a. economic status of an individual/affluence of an organization
b. culture - documentation is prepared in ONLY one language or is
poorly translated
c. Safety features or the lack thereof - pregnant women
d. Differences in physical or cognitive skills - “how can hardware
and software be designed to consider these difference?”

5. Environmental issues
Paper comes from trees, a natural resource, which if not properly
recycled will end up in landfills. limit printing? require recycling?
How?
ISSUES OF CONCERN IN THE STUDY OF AIS

6. Artificial Intelligence
- who is responsible for the completeness and appropriateness of
the knowledge base? who is responsible for the decisions made
by an expert system that causes harm when implemented? Who
owns the expertise once it is coded into a knowledge base?
7. Unemployment and displacement
Should employers be responsible for retraining workers who are
displaced as a result of the computerization of their functions?

8. Misuse of computers
- copying proprietary software
- using company computers for personal benefits
- snooping through other people’s files
FRAUD
- denotes a false representation of a material fact made by one party to
another party with the intent to deceive and induce the other party to
justifiably rely on the fact to his/her detriment.

5 conditions for an act to be considered fraudulent

a. False representation - there must be a false statement or a
nondisclosure
b. Material fact - the fact must be a substantial factor in inducing
someone to act
c. Intent - there must be the intent to deceive or the knowledge that one’
statement is false
d. Justifiable reliance - the misrepresentation must have been a
substantial factor on which the injured party relied
e. Injury or loss - the deception must have caused injury or loss to the
victim of the fraud
Fraud, in business, is an intentional deception, misappropriation of a
company’s assets, or manipulation of a company’s financial data to the
advantage of the perpetrator.

Other names:
white-collar crime
defalcation
embezzlement
irregularities

Employee fraud - fraud by non-management employees, designed to directly

convert cash or other assets to the employees personal benefit. 3
steps:
1. stealing something of value (asset)
2. converting the asset to a usable form (cash)
3. concealing the crime to avoid detection
Management fraud
- often escapes detection until the company has suffered irreparable
damage or loss
- 3 characteristics:
1. the fraud is perpetrated at levels of management above the one to
which internal control structures generally relate
2. the fraud frequently involves using the financial statements to create
an illusion that an entity is healthier and more prosperous than, in fact, it
is
3, if the fraud involves misappropriation of assets, it frequently is
shrouded in a maze of complex business transactions, often involving
related third parties.
The Fraud Triangle - 3 factors that contribute to fraud
Situational NO Situational
Pressure Opportunity FRAUD Pressure Opportunity

Ethics FRAUD Ethics