Chapter 3—Ethics, Fraud, and Internal Control

TRUE/FALSE
1. The ethical principle of justice asserts that the benefits of the decision
should be distributed fairly to
those who share the risks.
ANS: T
2. The ethical principle of informed consent suggests that the decision should be
implemented so as to
minimize all of the risks and to avoid any unnecessary risks.
ANS: F
3. Employees should be made aware of the firm’s commitment to ethics.
ANS: T
4. Business ethics is the analysis of the nature and social impact of computer
technology, and the
corresponding formulation and justification of policies for the ethical use of such
technology.
ANS: F
5. Para computer ethics is the exposure to stories and reports found in the popular
media regarding the
good or bad ramifications of computer technology.
ANS: F
6. Source code is an example of intellectual property.
ANS: T
7. Copyright laws and computer industry standards have been developed jointly and
rarely conflict.
ANS: F
8. Business bankruptcy cases always involve fraudulent behavior.
ANS: F
9. Defalcation is another word for financial fraud.
ANS: T
10. The trend toward distributed data processing increases the exposure to fraud
from remote locations.
ANS: T
11. The external auditor is responsible for establishing and maintaining the
internal control system.
ANS: F
12. Segregation of duties is an example of an internal control procedure.
ANS: T
13. Controls in a computer-based information system are identical to controls in a
manual system.
ANS: F
14. Preventive controls are passive techniques designed to reduce fraud.
ANS: T
15. Ethical issues and legal issues are essentially the same.
ANS: F
16. Internal control systems are recommended but not required of firms subject to
the Foreign Corrupt
Practices Act.
ANS: F
17. Operations fraud is the misuse or theft of the firm’s computer resources.
ANS: T
18. The Foreign Corrupt Practices Act requires only that a firm keep good records.
ANS: F
19. A key modifying assumption in internal control is that the internal control
system is the responsibility
of management.
ANS: T
20. Database management fraud includes altering, updating, and deleting an
organization’s data.
ANS: F
21. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting
services to their audit
clients, they are not prohibited from performing such services for non-audit
clients or privately held
companies.
ANS: T
22. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the
external auditors.
ANS: T
23. Section 404 requires that corporate management (including the CEO) certify
their organization’s
internal controls on a quarterly and annual basis.
ANS: F
24. Section 302 requires the management of public companies to assess and formally
report on the
effectiveness of their organization’s internal controls.
ANS: F
25. The objective of SAS 99 is to seamlessly blend the auditor’s consideration of
fraud into all phases of
the audit process.
ANS: T
MULTIPLE CHOICE
1. Which ethical principle states that the benefit from a decision must outweigh
the risks, and that there is
no alternative decision that provides the same or greater benefit with less risk?
a. minimize risk
b. justice
c. informed consent
d. proportionality
ANS: D
2. Individuals who acquire some level of skill and knowledge in the field of
computer ethics are involved
in which level of computer ethics?
a. para computer ethics
b. pop computer ethics
c. theoretical computer ethics
d. practical computer ethics
ANS: A
3. All of the following are issues of computer security except
a. releasing incorrect data to authorized individuals
b. permitting computer operators unlimited access to the computer room
c. permitting access to data by unauthorized individuals
d. providing correct data to unauthorized individuals
ANS: B
4. Which characteristic is not associated with software as intellectual property?
a. uniqueness of the product
b. possibility of exact replication
c. automated monitoring to detect intruders
d. ease of dissemination
ANS: C
5. For an action to be called fraudulent, all of the following conditions are
required except
a. poor judgment
b. false representation
c. intent to deceive
d. injury or loss
ANS: A
6. One characteristic of employee fraud is that the fraud
a.
b.
c.
d.

is perpetrated at a level to which internal controls do not apply

involves misstating financial statements
involves the direct conversion of cash or other assets to the employee’s personal
benefit
involves misappropriating assets in a series of complex transactions involving
third parties

ANS: C
7. Forces which may permit fraud to occur do not include
a. a gambling addiction
b. lack of segregation of duties
c. centralized decision making environment
d. questionable integrity of employees
ANS: C
8. Which of the following best describes lapping?
a. applying cash receipts to a different customer’s account in an attempt to
conceal previous
thefts of funds
b. inflating bank balances by transferring money among different bank accounts
c. expensing an asset that has been stolen
d. creating a false transaction
ANS: A
9. Operations fraud includes
a. altering program logic to cause the application to process data incorrectly
b. misusing the firm’s computer resources
c. destroying or corrupting a program’s logic using a computer virus
d. creating illegal programs that can access data files to alter, delete, or insert
values
ANS: B
10. Who is responsible for establishing and maintaining the internal control
system?
a. the internal auditor
b. the accountant
c. management
d. the external auditor
ANS: C
11. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A
12. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C
13. The most cost-effective type of internal control is
a. preventive control
b. accounting control
c. detective control
d. corrective control
ANS: A
14. Which of the following is a preventive control?
a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account
ANS: A
15. A well-designed purchase order is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A
16. A physical inventory count is an example of a
a. preventive control
b. detective control
c. corrective control
d. feedforward control
ANS: B
17. The bank reconciliation uncovered a transposition error in the books. This is
an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: B
18. In balancing the risks and benefits that are part of every ethical decision,
managers receive guidance
from each of the following except
a. justice
b. self interest
c. risk minimization
d. proportionality
ANS: B
19. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and the audit committee
ANS: C
20. Which of the following suggests a weakness in the internal control environment?
a. the firm has an up-to-date organizational chart
b. monthly reports comparing actual performance to budget are distributed to
managers
c. performance evaluations are prepared every three years
d. the audit committee meets quarterly with the external auditors
ANS: C
21. Which of the following indicates a strong internal control environment?
a. the internal audit group reports to the audit committee of the board of
directors
b. there is no segregation of duties between organization functions
c. there are questions about the integrity of management
d. adverse business conditions exist in the industry
ANS: A
22. According to SAS 78, an effective accounting system performs all of the
following except
a. identifies and records all valid financial transactions
b. records financial transactions in the appropriate accounting period
c. separates the duties of data entry and report generation
d. records all financial transactions promptly
ANS: C
23. Which of the following is the best reason to separate duties in a manual
system?
a. to avoid collusion between the programmer and the computer operator
b. to ensure that supervision is not required
c. to prevent the record keeper from authorizing transactions
d. to enable the firm to function more efficiently
ANS: C
24. Segregation of duties in the computer-based information system includes
a. separating the programmer from the computer operator
b. preventing management override
c. separating the inventory process from the billing process
d. performing independent verifications by the computer operator
ANS: A
25. Which of the following is not an internal control procedure?
a. authorization
b. management’s operating style
c. independent verification
d. accounting records
ANS: B
26. The decision to extend credit beyond the normal credit limit is an example of
a. independent verification
b. authorization
c. segregation of functions
d. supervision
ANS: B
27. When duties cannot be segregated, the most important internal control procedure
is
a. supervision
b. independent verification
c. access controls
d. accounting records
ANS: A
28. An accounting system that maintains an adequate audit trail is implementing
which internal control
procedure?
a. access controls
b. segregation of functions
c. independent verification
d. accounting records
ANS: D
29. Employee fraud involves three steps. Of the following, which is not involved?
a. concealing the crime to avoid detection
b. stealing something of value
c. misstating financial statements
d. converting the asset to a usable form
ANS: C
30. Which of the following is not an example of independent verification?
a. comparing fixed assets on hand to the accounting records
b. performing a bank reconciliation
c. comparing the accounts payable subsidiary ledger to the control account
d. permitting authorized users only to access the accounting system
ANS: D
31. The importance to the accounting profession of the Foreign Corrupt Practices
Act of 1977 is that
a. bribery will be eliminated
b. management will not override the company’s internal controls
c. firms are required to have an effective internal control system
d. firms will not be exposed to lawsuits
ANS: C
32. The board of directors consists entirely of personal friends of the chief
executive officer. This indicates
a weakness in
a. the accounting system
b. the control environment
c. control procedures
d. this is not a weakness
ANS: B
33. Computer fraud can take on many forms, including each of the following except
a. theft or illegal use of computer-readable information
b. theft, misuse, or misappropriation of computer equipment
c. theft, misuse, or misappropriation of assets by altering computer-readable
records and files
d. theft, misuse, or misappropriation of printer supplies
ANS: D
34. When certain customers made cash payments to reduce their accounts receivable,
the bookkeeper
embezzled the cash and wrote off the accounts as uncollectible. Which control
procedure would most
likely prevent this irregularity?
a. segregation of duties
b. accounting records
c. accounting system
d. access controls
ANS: A
35. The office manager forgot to record in the accounting records the daily bank
deposit. Which control
procedure would most likely prevent or detect this error?
a. segregation of duties
b. independent verification
c. accounting records
d. supervision
ANS: B
36. Business ethics involves
a. how managers decide on what is right in conducting business
b. how managers achieve what they decide is right for the business
c. both a and b
d. none of the above
ANS: C
37. All of the following are conditions for fraud except
a. false representation
b. injury or loss
c. intent
d. material reliance
ANS: D
38. The four principal types of fraud include all of the following except
a. bribery
b. gratuities
c. conflict of interest
d. economic extortion
ANS: B
39. The characteristics of useful information include
a. summarization, relevance, timeliness, accuracy, and completeness
b. relevance, summarization, accuracy, timelessness, and completeness
c. timeliness, relevance, summarization, accuracy, and conciseness
d. disaggregation, relevance, timeliness, accuracy, and completeness
ANS: A
40. Internal control system have limitations. These include
a.
b.
c.
d.

possibility of honest error

circumvention
management override
stability of systems

ANS: D
41. Management can expect various benefits to follow from implementing a system of
strong internal
control. Which of the following benefits is least likely to occur?
a. reduced cost of an external audit.
b. prevents employee collusion to commit fraud.
c. availability of reliable data for decision-making purposes.
d. some assurance of compliance with the Foreign Corrupt Practices Act of 1977.
e. some assurance that important documents and records are protected.
ANS: B
42. Which of the following situations is not a segregation of duties violation?
a. The treasurer has the authority to sign checks but gives the signature block to
the assistant
treasurer to run the check-signing machine.
b. The warehouse clerk, who has the custodial responsibility over inventory in the
warehouse,
selects the vendor and authorizes purchases when inventories are low.
c. The sales manager has the responsibility to approve credit and the authority to
write off
accounts.
d. The department time clerk is given the undistributed payroll checks to mail to
absent
employees.
e. The accounting clerk who shares the record keeping responsibility for the
accounts
receivable subsidiary ledger performs the monthly reconciliation of the subsidiary
ledger
and the control account.
ANS: B
43. Which of the following is not an issue to be addressed in a business code of
ethics required by the
SEC?
a. Conflicts of interest
b. Full and Fair Disclosures
c. Legal Compliance
d. Internal Reporting of Code Violations
e. All of the above are issues to be addressed
ANS: E
SHORT ANSWER
1. What are the main issues to be addressed in a business code of ethics required
by the SEC?
ANS:
Conflicts of interest, Full and Fair Disclosures, Legal Compliance, Internal
Reporting of Code
Violations, Accountability
2. List the four broad objectives of the internal control system.
ANS:
safeguard assets,
ensure the accuracy and reliability of accounting records,
promote organizational efficiency,
comply with management’s policies and procedures
3. Explain the purpose of the PCAOB
ANS:
The PCAOB is empowered to set auditing, quality control, and ethics standards; to
inspect registered
accounting firms; to conduct investigations; and to take disciplinary actions.
4. What are the five internal control components described in the SAS 78 / COSO
framework
ANS:
the control environment, risk assessment, information and communication,
monitoring, and control
activities
5. What are management responsibilities under section 302 and 404?
ANS:
Section 302 requires that corporate management (including the CEO) certify their
organization’s
internal controls on a quarterly and annual basis. Section 404 requires the
management of public
companies to assess and formally report on the effectiveness of their
organization’s internal controls.
6. Identify to indicate whether each procedure is a preventive or detective
control.
a.

authorizing a credit sale

Preventive

Detective

b.

preparing a bank reconciliation

Preventive

Detective

c.

locking the warehouse

Preventive

Detective

d.

preparing a trial balance

Preventive

Detective

e.

counting inventory
Preventive

Detective

ANS:
A. preventive; B. detective; C. preventive; D. detective; E. detective
Use the internal control procedures listed below to complete the statements.
segregation of duties
general authorization
access controls
supervision

specific authorization
accounting records
independent verification

7. A clerk reorders 250 items when the inventory falls below 25 items. This is an
example of
__________________________.
ANS:
general authorization
8. The internal audit department recalculates payroll for several employees each
pay period. This is an
example of __________________________.
ANS:
independent verification
9. Locking petty cash in a safe is an example of __________________________.
ANS:
access controls
10. Approving a price reduction because goods are damaged is an example of
__________________________.
ANS:
specific authorization
11. Using cameras to monitor the activities of cashiers is an example of
__________________________.
ANS:
supervision
12. Not permitting the computer programmer to enter the computer room is an example
of
_______________________________.
ANS:
segregation of duties
13. Sequentially numbering all sales invoices is an example of
__________________________.
ANS:
accounting records
14. What are the five conditions necessary for an act to be considered fraudulent?
ANS:
false representation, material fact, intent, justifiable reliance, and injury or
loss
15. What is the objective of SAS 99?
ANS:
The objective of SAS 99 is to seamlessly blend the auditor’s consideration of fraud
into all phases of
the audit process.
16. Distinguish between exposure and risk.
ANS:
Exposure is the absence or weakness of a control which increases the firm’s risk of
financial loss or
injury. Risk is the probability of incurring such a loss or injury.
17. Explain the characteristics of management fraud.
ANS:
Management fraud typically occurs at levels above where the internal control system
is effective.
Financial statements are frequently modified to make the firm appear more healthy
than it actually is.
If any misappropriation of assets occurs, it is usually well hidden.
18. The text discusses many questions about personal traits of employees which
might help uncover
fraudulent activity. What are three?
ANS:
executives: with high personal debt, living beyond their means, engaged in habitual
gambling, appear
to abuse alcohol or drugs, appear to lack personal codes of ethics, appear to be
unstable
19. Give two examples of employee fraud and explain how the theft might occur.
ANS:
Charges to expense accounts: Cash could be stolen and charged to a miscellaneous
expense account.
Once the account is closed, detection would be more difficult.
Lapping: This involves converting cash receipts to personal use. If a customer’s
check is taken, his/her
balance will not reflect a payment and will be detected when a statement is sent.
In order to conceal
this fraud, a later payment is used to cover the stolen check. This is in effect a
small scale Ponzi
scheme.
20. What are the six broad classes of physical control activities defined by SAS
78?
ANS:
Transaction authorization, segregation of duties, supervision, access controls,
accounting records,
independent verification
ESSAY
1. The text describes six internal control activities. List four of them and
provide a specific example of
each one.
ANS:
Control Activity
Authorization

Example
general (purchase of inventory when level drops) or specific
(credit approval beyond normal limit)

Segregation of functions

separate authorization from processing separate custody of

assets from record keeping

Supervision

required when separation of duties is not possible, such as

opening the mail (cash receipts)

Accounting records

maintain an adequate audit trail

Access controls

maintain physical security

Independent verification

bank reconciliation, physical inventory count

2. Contrast management fraud with employee fraud.
ANS:
Employee fraud is usually designed to directly convert cash or other assets to the
employee’s personal
benefit.
Management fraud involves less of a direct benefit to the perpetrator. Management
fraud may involve
an attempt to misstate financial performance in order to gain additional
compensation or to earn a
promotion. Management fraud may also involve an attempt to misstate financial
performance in order
to increase the price of the company’s stock or to reduce the cost of debt.
3. Discuss the importance of the Foreign Corrupt Practices Act of 1977 to the
accounting profession.
ANS:
The Foreign Corrupt Practices Act of 1977 (FCPA) is a law that requires all
companies registered with
the Securities and Exchange Commission to:
keep records that fairly and reasonably reflect the transactions of the firm and
its financial position
maintain a system of internal control that provides reasonable assurance that the
organization’s
objectives are met
As a result of the Foreign Corrupt Practices Act of 1977, management devotes
substantial time to
developing and maintaining the internal control structure because failure to do so
violates the FCPA
and could lead to heavy fines and imprisonment.
Accountants are key participants in establishing and maintaining the internal
control structure.
Therefore, it is accountants who are instrumental in ensuring that the firm is in
compliance with the
Foreign Corrupt Practices Act of 1977.
4. Why are the computer ethics issues of privacy, security, and property ownership
of interest to
accountants?
ANS:
Privacy is a concern because the nature of computer data files makes it possible
for unauthorized
individuals to obtain information without it being recognized as “missing” from its
original location.
Security is a concern because its absence makes control from a privacy viewpoint
questionable. In
addition lack of security may permit unauthorized changes to data, therefore
distorting information
that is reported.
Property ownership raises issues of legitimacy of organizational software,
valuation of assets, and
questions of lost revenues.
5. According to common law, there are five conditions that must be present for an
act to be deemed
fraudulent. Name and explain each.
ANS:
In order for an act to be deemed fraudulent under common law, it must possess the
following
characteristics:
false representation, meaning some misrepresentation or omission must have
occurred,
material facts, meaning that the facts must influence someone’s actions,
intent, meaning there must have been the intention to deceive others,
justifiable reliance, meaning it did affect someone’s decision, and
injury or loss must have occurred.
6. Management fraud is regarded as more serious than employee fraud. Three special
characteristics have
been discussed for management fraud. What are they? Explain.
ANS:
It usually occurs at levels above the normal internal control system.
There is typically an intent to present a better picture of the business than is
valid, often to deceive
creditors and/or shareholders.
If assets are misappropriated, the route is quite devious involving a maze of
business transactions.
7. Four principal types of corruption are discussed. Name all four and explain at
least two.
ANS:
Corruption involves an executive, manager, or employee of a business working in
collusion with an
outsider. The four principal types of corruption are: bribery, illegal gratuities,
conflicts of interest, and
economic extortion.
Bribery involves giving, offering, soliciting, or receiving things of value to
influence an official in the
performance of his or her lawful duties.
An illegal gratuity involves giving. receiving, offering, or soliciting something
of value because of an
official act that has been taken.
A conflict of interest occurs when an employee acts on behalf of a third party
during the discharge of
his or her duties or has self-interest in the activity being performed.
Economic extortion is the use (or threat) of force (including economic sanctions)
by an individual or
organization to obtain something of value.
8. Misappropriation of assets can involve various schemes: charges to expense
accounts, lapping, and
transaction fraud. Explain each and give an example.
ANS:
Charges to expense accounts involve fictitious charges to such accounts as
miscellaneous expense to
offset theft of an asset. Because the expense account is closed to revenue at the
end of the period, the
period in which it could be detected is short.
Lapping is a technique whereby an early theft is covered up by a later one, i.e.,
with the moves
“lapping” over each other. The simplest example involves taking a customer’s
payment. A later
payment is then credited to the first customer’s account, not the second. And on it
goes. This requires
some control over billing to avoid tipping off the last customer.
Transaction fraud involves deleting, altering, or adding false transactions to
divert assets to the
perpetrator. For example, if an employee leaves the business and the supervisor
fails to notify payroll
and continues to clock the employee in and out, a fraudulent paycheck would be
produced. If, in
addition, the supervisor distributes the paycheck, it can be kept, and cashed.
9. Computer fraud is easiest at the data collection stage. Why?
ANS:
Computer fraud is easiest at the data collection stage because much of what occurs
after the data
collection or input stage is not visible to human eyes. Once entered, the system
will presume that the
input is legitimate and will process it as all others.
10. Explain why collusion between employees and management in the commission of a
fraud is difficult to
both prevent and detect.
ANS:
Collusion among employees in the commission of a fraud is difficult to both prevent
and detect. This is
particularly true when the collusion is between managers and their subordinate
employees.
Management plays a key role in the internal control structure of an organization.
They are relied upon
to prevent and detect fraud among their subordinates. When they participate in
fraud with the
employees over whom they are supposed to provide oversight, the organization’s
control structure is
weakened, or completely circumvented, and the company becomes more vulnerable to
losses.
11. Since all fraud involves some form of financial misstatement, how is Fraudulent
Statement fraud
different?
ANS:
Fraudulent statements are associated with management fraud. While all fraud
involves some form of
financial misstatement, to meet the definition under this class of fraud scheme,
the statement itself
must bring direct or indirect financial benefit to the perpetrator. In other words,
the statement is not
simply a vehicle for obscuring or covering a fraudulent act. For example,
misstating the cash account
balance to cover the theft of cash does not fall under this class of fraud scheme.
On the other hand,
understating liabilities to present a more favorable financial picture of the
organization to drive up
stock prices does qualify.
12. Explain the problems associated with lack of auditor independence.
ANS:
Auditing firms who are also engaged by their clients to perform non-accounting
activities such as
actuarial services, internal audit outsourcing services, and consulting lack
independence. They are
essentially auditing their own work. This risk is that as auditors they will not
bring to management’s
attention detected problems that may adversely affect their consulting fees. For
example, Enron’s
auditors – Arthur Andersen – were also their internal auditor’s and their
management consultants.
13. Explain the problems associated with lack of director independence
ANS:
Many boards of directors are comprised of individuals who are not independent.
Examples of lack of
independence are directors who: have a personal relationship by serving on the
boards of other
directors companies; have a business trading relationship as key customers or
suppliers of the
company; have a financial relationship as primary stockholders or have received
personal loans from
the company; have an operational relationship as employees of the company.
14. Explain the problems associated with Questionable Executive Compensation
Schemes
ANS:
A survey by Thompson Financial revealed the strong belief that executives have
abused stock-based
compensation. The consensus is that fewer stock options should be offered than
currently is the
practice. Excessive use of short-term stock options to compensate directors and
executives may result
in short term thinking and strategies aimed at driving up stock prices at the
expense of the firm’s longterm health. In extreme cases, financial statement
misrepresentation has been the vehicle to achieve the
stock price needed to exercise the option.
15. Explain the problems associated with inappropriate accounting practices.
ANS:
The use of inappropriate accounting techniques is a characteristic common to many
financial statement
fraud schemes. Enron made elaborate use of Special Purpose Entities (SPE) to hide
liabilities through
off balance sheet accounting. WorldCom management transferred transmission line
costs from current
expense accounts to capital accounts. This allowed them to defer some operating
expenses and report
higher earnings. Also, they reduced the book value of hard assets of MCI by $3.4
billion and increased
goodwill by the same amount. Had the assets been left at book value, they would
have been charged
against earnings over four years. Goodwill, on the other hand, was amortized over
much longer period.
16. Explain the purpose of the PCAOB.
ANS:
The Sarbanes-Oxley Act creates a Public Company Accounting Oversight Board (PCAOB).
The
PCAOB is empowered to set auditing, quality control, and ethics standards, to
inspect registered
accounting firms, to conduct investigations, and to take disciplinary actions.
17. Why is an Independent Audit Committee important to a company?
ANS:
The Sarbanes-Oxley Act requires all audit committee members to be independent and
requires the
audit committee to hire and oversee the external auditors. This provision is
consistent with many
investors who consider the board composition to be a critical investment factor.
For example,
Thompson Financial survey revealed that most institutional investors want corporate
boards to be
comprised of at least 75% of independent directors
18. What are the key points of the “Issuer and Management Disclosure” of the
Sarbanes-Oxley Act?
ANS:
1. Public companies must report all off balance-sheet transactions.
2. Annual reports filed with the SEC must include a statement by management
asserting that it is
responsible for creating and maintaining adequate internal controls and asserting
to the
effectiveness of those controls.
3. Officers must certify that the company’s accounts ‘fairly present’ the firms
financial condition and
results of operations. Knowingly filing a false certification is a criminal
offence.
19. In this age of high technology and computer based information systems, why are
accountants
concerned about physical (human) controls?
ANS:
This class of controls relates primarily to the human activities employed in
accounting systems. These
activities may be purely manual, such as the physical custody of assets, or they
may involve the use of
computers to record transactions or update accounts. Physical controls do not
relate to the computer
logic that actually performs these accounting tasks. This is the subject matter of
chapter 16. Rather,
they relate to the human activities that initiate such computer logic. In other
words, physical controls
do not suggest an environment in which clerks update paper accounts with pen and
ink. Virtually all
systems, regardless of their sophistication, employ human activities that need to
be controlled.
20. How has the Sarbanes-Oxley Act had a significant impact on corporate
governance?
ANS:
The Sarbanes-Oxley Act requires all audit committee members to be independent and
requires the
audit committee to hire and oversee the external auditors. This provision is
consistent with many
investors who consider the board composition to be a critical investment factor.
For example, a
Thomson Financial survey revealed that most institutional investors want corporate
boards to be
comprised of at least 75 percent independent directors.
21. Discuss the non accounting services that external auditors are no longer
permitted to render to audit
clients under SOX legislation.
ANS:
The Act addresses auditor independence by creating more separation between a firm’s
attestation and
non-auditing activities. This is intended to specify categories of services that a
public accounting firm
cannot perform for its client. These include the following nine functions:
 Bookkeeping or other services related to the accounting records or financial
statements;
 Financial information systems design and implementation;
 Appraisal or valuation services, fairness opinions, or contribution-in-kind
reports;
 Actuarial services;
 Internal audit outsourcing services;
 Management functions or human resources;
 Broker or dealer, investment adviser, or investment banking services;
 Legal services and expert services unrelated to the audit; and
 Any other service that the PCAOB determines is impermissible.
While the Sarbanes-Oxley Act prohibits auditors from providing the above services
to their audit
clients, they are not prohibited from performing such services for non-audit
clients or privately held
companies.
22. What are the key points of the “Issuer and Management Disclosure” of the
Sarbanes-Oxley Act?
ANS:
The Sarbanes-Oxley Act imposes new corporate disclosure requirements including:
Public companies must report all off-balance-sheet transactions.
Annual reports filed with the SEC must include a statement by management asserting
that it is
responsible for creating and maintaining adequate internal controls and asserting
to the effectiveness of
those controls.
Officers must certify that the company’s accounts “fairly present” the firm’s
financial condition and results of operations. Knowingly filing a false
certification is a criminal
offence.