Ais Chapter 3

AIS CHAPTER 3: ETHICS, FRAUD, INTERNAL CONTROL •

•

Ethical standards  are derived from societal mores and deep-root deep-rooted ed personal beliefs about issues of right and  wrong that are not universally agreed upon. pertai ains ns to the the prin princip ciple less of cond conduc uctt that that Ethics - pert indi indivi vidu duals als use use in maki making ng choi choice cess and and guid guidin ingg thei theirr behavior in situations that involve the concepts of right and  wrong. !sin"ss "thics in#ol#"s $indin% th" ans&"rs to t&o '!"stions: (1) How do managers decide what is right in conducting their business? (2) nce managers have recogni!ed what is right" how do they achieve it? #thical issues in business can be di#id"d into $o!r ar"as:

•

•

•

#$uity *ights

Honesty sty

e%ercise of corporate power

#%ecutive &a &alaries 'o 'omparable orth roduct ricing 'orporate +u +ue r rocess #m #mployee Health &creening #mployee rivacy &e%ual Harassment +iversity #$ual #mployment pportunity histle-,lowing #mployee an and a anagement 'onflicts of /nterest &ecurity of rgani!ation +ata and *ecords isleading 0dvertising uestionable ,usiness ractices in oreign 'ountries 0ccurate *eporting of &hareholder /nterests olitical 0ction 'ommittees orkplace &afety roduct &afety #nvironmental /ssues +ivestment of /nterests 'orporate olitical'ontributions +ownsi!ing and lant 'losures

,usiness organi!ations have conflicting responsibilities to their employees" shareholders" customers" and the public. Seeking a balance between these consequences is the (ana%"rs) "thical r"s*onsi+ilit

Ethical *rinci*l"s PROPORTIONALIT.  3he benefit from a decision must outweigh the risks /!stic". 3he benefits of the decision should be distributed fairly to those who share the risks. 3hose who do not benefit should not carry the burden of risk. 0ini(i1" ris2. #ven if 4udged acceptable by the principles" the decision should be implemented so as to minimi!e all of the risks and avoid any unnecessary risks.

•

CO0PUTER ETHICS - analysis of the nature and social impact impact of computer computer technolog technologyy and the corresponding corresponding formulation and 4ustification of policies for the ethical use of such technology 3hree levels of computer ethics 1) Po* co(*!t"r "thics is simply the e%posure to stories and reports found in the popular media regarding the good or bad ramifications of computer technology. 2) Para co(*!t"r "thics involves taking a real interest in computer ethics cases and ac$uiring some level of skill and knowledge in the field 5) Th"or"tic interes erestt to Th"or"tical al co(*!t"r co(*!t"r "thics, "thics, is of int multidisciplinary researchers who apply the theories of philosophy philosophy"" sociology sociology"" and psychology psychology to computer computer scie scienc ncee with ith the goal oal of bri bringin ngingg som some new understanding to the field. &evera &everall issues issues of concer concernn for studen students ts of accoun accountin tingg information systems 1) Pri#ac - eople desire to be in full control of what and how much information about themselves is available to others" and to whom it is available. 3his 3his rais raises es the issue issue of o&n"rshi* in the personal information industry 4 S"c!r S"c!rit it 5Ac 5Acc!r c!rac ac and and Con$i Con$id"n d"ntia tialit lit4 4 Computer Computer security  security  is an atte attemp mptt to avoi avoidd such such undesirable events as a loss of confidentiality or data integrity. 34 O&n" O&n"rs rshi hi* * o$ Pro Pro*" *"rt rt 64 E'!it '!it in in Acc"s cc"sss 74 En#i En#iro ron( n("n "nta tall Iss! Iss!"s "s 84 Arti Arti$i $ici cial al Int" Int"ll lli% i%"n "nc" c" 94 Un"( Un"(*l *lo o(" ("nt nt and and Dis*l Dis*lac ac"( "("n "ntt 4 0is! 0is!s" s" o$ Co(* Co(*!t !t"r "rss the most most sign signifific ican antt Sar+ Sar+an an"s "s-O -O;l ;l" " Act Act 5S 5SO< O<4, 4, is the secu securi ritities es law since since the the &ecur &ecurititie iess and and #%ch #%chan ange ge 'ommission (&#') 0cts of 1655 and 1657.

S"ction 6=8>Cod" o$ Ethics $or S"nior Financial O$$ic"rs •

S"ction 6=8 o$ SO< re$uires public companies to disclose to the &#' whether they have adopted a code of ethics that applies to the organi!ation8s chief e%ecutive officer ('#)" ('#)" '" '" contro controller ller"" or person personss perfor performin mingg simila similarr functions. 0 publ public ic comp compan anyy may may disclos"  its code of ethics in several ways9 (1) included as an e%hibit to its annual report" (2) as a posting to its eb site" or (5) by agreeing to provide copies of the code upon re$uest. Whereas Section 406 applies specifically to executive and  financial officers of a company, company, a companys code of ethics should apply equally to all employees! "op managements attitude toward ethics sets the tone for  business practice, but it is also the responsibility of lower#

level managers and nonmanagers to uphold a firms ethical  standards!

•

3he &#' has ruled that compliance with &ection 7:; necessitates a written code of ethics that addresses the $ollo&in% "thical iss!"s ?4 CONFLICTS OF INTEREST 3he company8s code of ethics should outline procedures for dealing with actual or apparent conflicts of interest between personal and professional relationships. 2) FULL AND FAIR DISCLOSURES. 3he organi!ation should provide full" fair" accurate" o timely" and understandable disclosures in the documents" reports" and financial statements that it submits to the &#' and to the public. uture disclosures are candid" open" truthful" and o void of such deceptions. 5) LE@AL CO0PLIANCE. 'odes of ethics should re$uire employees to follow applicable governmental laws" rules" and regulations. 64 INTERNAL REPORTIN@ OF CODE IOLATIONS. 3he code of ethics must provide a mechanism to o permit prompt internal reporting of ethics violations. 3his provision is similar in nature to &ections 5:1 o and <:;" which were designed to encourage and protect whistle-blowers. =) ACCOUNTAILIT.  #mployees must see an employee hotline as credible" or they will not use it.

. 0at"rial $act.  0 fact must be a substantial factor in inducing someone to act. 3. Int"nt. 3here must be the intent to deceive or the knowledge that one8s statement is false. 6. /!sti$ia+l" r"lianc".  3he misrepresentation must have been a substantial factor on which the in4ured party relied. 7. In!r or loss. 3he deception must have caused in4ury or loss to the victim of the fraud. A!ditors "nco!nt"r $ra!d at t&o l"#"ls 1. employee fraud 2. anagement fraud. E(*lo"" $ra!d, or $ra!d + non(ana%"("nt "(*lo""s >enerally designed to directly convert cash or other assets to the employee8s personal benefit. 3ypically" the employee circumvents the company8s internal control system for personal gain •

E(*lo"" $ra!d !s!all in#ol#"s thr"" st"*s9 (1) &tealing something of value (an asset) (2) 'onverting the asset to a usable form (cash) (5) 'oncealing the crime to avoid detection. - 3he most difficult. •

o

Fra!d and Acco!ntants

o

Stat"("nt on A!ditin% Standards 5SAS4 No. BB, Consid"ration o$ Fra!d in a Financial Stat"("nt A!dit.

o

•

•

3he ob4ective of &0& 66 is to seamlessly blend the auditor8s consideration of fraud into all phases of the audit process. &0& 66 re$uires the auditor to perform new steps such as a brainstorming during audit planning to assess the potential risk of material misstatement of the financial statements from fraud schemes

Fra!d •

•

•

denotes a false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to 4ustifiably rely on the fact to his or her detriment. /t is an intentional deception" misappropriation of a company8s assets" or manipulation of its financial data to the advantage of the perpetrator. /n accounting literature" commonly known as white-collar crime" defalcation" embe!!lement" and irregularities.

Fra!d!l"nt act (!st (""t th" $ollo&in% $i#" conditions: ?. Fals" r"*r"s"ntation.  3here must be a false statement or a nondisclosure.

0ana%"("nt $ra!d ore insidious than employee fraud because it often escapes detection until the organi!ation has suffered irreparable damage or loss. anagement fraud usually does not involve the direct theft of assets involves deceptive practices to inflate earnings or to forestall the recognition of either insolvency or a decline in earnings

Thr"" s*"cial charact"ristics: 1. 3he fraud is perpetrated at levels of management above the one to which internal control structures generally relate. 2. 3he fraud fre$uently involves using the financial statements to create an illusion that an entity is healthier and more prosperous than" in fact" it i s. 5. /f the fraud involves misappropriation of assets" it fre$uently is shrouded in a ma!e of comple% business transactions" often involving related third parties. THE FRAUD TRIAN@LE 3hree factors that contribute to or are associated with management and employee fraud . (1) Sit!ational Pr"ss!r"" which includes personal or 4ob-related stresses that could coerce an individual to act dishonestly (2) O**ort!nit" which involves direct access to assets and@or access to information that controls assets (54 Ethics" which pertains to one8s character and degree of moral opposition to acts of dishonesty. Th" act!al cost o$ $ra!d is, ho&"#"r, di$$ic!lt to '!anti$ $or a n!(+"r o$ r"asons:

(1) not all fraud is detected (2) of that detected" not all is reported (5) in many fraud cases" incomplete information is gathered (7) information is not properly distributed to management or law enforcement authorities (=) too often" business organi!ations decide to take no civil or criminal action against the perpetrator(s) of fraud.

THE PERPETRATORS OF FRAUDS raud Aosses by osition within the rgani!ation o raud Aosses and the 'ollusion #ffect o Coll!sion among employees in the commission of a fraud o is difficult to both prevent and detect. raud Aosses by >ender o raud Aosses by 0ge o raud Aosses by #ducation o O**ort!nit is the factor that actually facilitates the act (fraud). pportunity - access to assets and@or the information that controls assets

Corr!*tion Corr!*tion involves an e%ecutive" manager" or employee of the organi!ation in collusion with an outsider. our principal types of corruption9 1. ,ribery 2. /llegal gratuities 5. 'onflicts of interest 7. #conomic e%tortion 1.

2.

•

O**ort!nit $actor ";*lains (!ch o$ th" $inancial loss di$$"r"ntial in "ach o$ th" d"(o%ra*hic cat"%ori"s   Position. /ndividuals in the highest positions within an organi!ation are beyond the internal control structure and have the greatest access to company funds and assets. @"nd"r. omen are not fundamentally more honest than men" but men occupy high corporate positions in greater numbers than women. 3his affords men greater access to assets. A%". lder employees tend to occupy higher-ranking positions and therefore generally have greater access to company assets. Ed!cation. >enerally" those with more education occupy higher positions in their organi!ations and therefore have greater access to company funds and other assets. Coll!sion. hen individuals in critical positions collude" they create opportunities to control or gain access to assets that otherwise would not e%ist FRAUD SCHE0ES 3hree broad categories of fraud schemes are defined9 fraudulent statements 'orruption asset misappropriation • • •



Fra!d!l"nt stat"("nts are associated with management fraud 3he Bnderlying roblems9 1. Aack of 0uditor /ndependence 2. Aack of +irector /ndependence 5. uestionable #%ecutive 'ompensation &chemes 7. /nappropriate 0ccounting ractices.

5.

7.

RIER. ,ribery involves giving" offering" soliciting" or receiving things of value to influence an official in the performance of his or her lawful duties. ILLE@AL @RATUITIES.  0n illegal gratuity involves giving" receiving" offering" or soliciting something of value because of an official act that has been taken  3his is similar to a bribe" but the transaction occurs after the fact. CONFLICTS OF INTEREST occurs when an employee acts on behalf of a third party during the discharge of his or her duties or has self-interest in the activity being performed ECONO0IC E


 

 

Ch"c2 Ta(*"rin% involves forging or changing in some material way a check that the organi!ation has written to a legitimate payee Paroll $ra!d is the distribution of fraudulent paychecks to e%istent and@or none%istent employees. E;*"ns" r"i(+!rs"("nt $ra!ds are schemes in which an employee makes a claim for reimbursement of fictitious or inflated business e%penses. Th"$ts o$ cash are schemes that involve the direct theft of cash on hand in the organi!ation Non-cash $ra!d sch"("s involve the theft or misuse of the victim organi!ation8s non-cash assets. Co(*!t"r Fra!d

. Int"rnal Control Conc"*ts and T"chni'!"s Int"rnal control sst"( comprises policies" practices" and procedures employed by the organi!ation to achieve four broad ob4ectives9 1) 3o safeguard assets of the firm. 2) 3o ensure the accuracy and reliability of accounting records and information. 5) 3o promote efficiency in the firm8s operations. 7) 3o measure compliance with management8s prescribed policies and procedures /nherent in these control ob4ectives are four (odi$in% ass!(*tions that guide designers and auditors of internal controls9  0ANA@E0ENT RESPONSIILIT. 3his concept holds that the establishment and maintenance of a system of internal control is a management responsibility.  REASONALE ASSURANCE. four broad ob4ectives of internal control are met in a cost-effective manner.  0ETHODS OF DATA PROCESSIN@. /nternal controls should achieve the four broad ob4ectives regardless of the data processing method used! LI0ITATIONS.  possibility of error  circumvention  management override  changing conditions •

3he absence or weakness of a control is called an ";*os!r". 0 weakness in internal control may e%pose the firm to one or more of the following types of risks9 1. +estruction of assets (both physical assets and information). 2. 3heft of assets. 5. 'orruption of information or the information system. 7. +isruption of the information system.

Th" Pr"#"nti#"D"t"cti#"Corr"cti#" Int"rnal Control 0od"l 5PDC Control 0od"l4  Pr"#"nti#" controls are passive techni$ues designed to reduce the fre$uency of occurrence of undesirable events.  D"t"cti#" controls form the second line of defense. 3hese are devices" techni$ues" and procedures designed to



identify and e%pose undesirable events that elude preventive controls. Corr"cti#" controls are actions taken to reverse the effects of errors detected in the previous step.

Sar+an"s-O;l" and Int"rnal Control S"ction 6=6 re$uires the management of public companies to assess the effectiveness of their organi!ation8s internal controls &0& C<@'& /D3#*D0A 'D3*A *0#*E ive components9 1. control environment  the foundation for the other four control components  sets the tone for the organi!ation 2. risk assessment  to identify" analy!e" and manage risks relevant to financial reporting. 5. information and communication  consists of the records and methods used to initiate" identify" analy!e" classify" and record the organi!ation8s transactions and to account for the related assets and liabilities. 7. onitoring  the process by which the $uality of internal control design and operation can be assessed. =. control activities  policies and procedures used to ensure that appropriate actions are taken to deal with the organi!ation8s identified risks  two distinct categories9 1. information technology (/3) controls 2. hysical controls.

IT CONTROLS relate specifically to the computer environment. 3wo broad groups9 1. %"n"ral controls - pertain to entity-wide concerns such as controls over the data center" organi!ation databases" systems development" and program maintenance 2. A**lication controls. - ensure the integrity of specific systems such as sales order processing" accounts payable" and payroll applications. PHSICAL CONTROLS. 3his class of controls relates primarily to the human activities employed in accounting systems. Si; cat"%ori"s o$ *hsical control acti#iti"s9 1) Transaction A!thori1ation is to ensure that all material transactions processed by the information system are valid and in accordance with management8s ob4ectives. 2) S"%r"%ation o$ d!ti"s ne of the most important control activities is the segregation of employee duties to minimi!e incompatible functions 5) S!*"r#ision. management must compensate for the absence of segregation controls with close s!*"r#ision 7) Acco!ntin% r"cords consist of source documents"  4ournals" and ledgers. 3hese records capture the economic essence of transactions and provide an audit trail of economic events.

74

Ind"*"nd"nt "ri$ication. "ri$ication *roc"d!r"s are independent checks of the accounting system to identify errors and misrepresentations.

3hrough independent verification procedures" management can assess (1) the performance of individuals (2) the integrity of the transaction processing system" and (5) the correctness of data contained in accounting records.