CHAPTER 3

Ethics, Fraud
and Internal
Control
Accounting Information Systems
BSA 2-1: Group 3
START!
ETHICAL ISSUES
IN BUSINESS
Ethical Standards
are derived from societal mores and deep-
rotted personal beliefs about issues of right
and wrong that are not universally agreed
upon.
A circumstance where ethical standards differ in society

Pro-life Pro-choice
Business Ethics

Ethics pertains to the principles of

conduct that individuals use in making
choices and guiding their behavior in
situations that involve the concepts of
right and wrong.
Business Ethics deals with 2 questions:

I II

How do managers decide Once managers have

what is right in conducting recognized what is right,
their business? how do they achieve it?
 How do managers decide what is right in
conducting their business?

JOSEPHSON INSTITUTE, a non-profit organization that develops and delivers services and
materials to increase ethical commitment introduced the 12 ETHICAL PRINCIPLES FOR
BUSINESS EXECUTIVES, which are the following:

1. Honesty 7. Respect for Others

2. Integrity 8. Law Abiding
3. Promise-keeping & Trustworthiness 9. Commitment to Excellence
4. Loyalty 10. Leadership
5. Fairness 11. Reputation & Morale
6. Concern for Others 12. Accountability
Groundwork for
Good decisions are both
making an Recognizing
ethical and effective
Discernment
effective decision important decisions and discipline

Taking choices Consider the

seriously stakeholders
Josephson Institute also released
these components of good
ethical choices.
Once managers have recognized what is right,
how do they achieve it?

Code of Ethics
According to Investopedia, a code of ethics is a guide of principles
designed to help professionals conduct business honestly and with
integrity.
Ethical issues are divided into 4 areas:

Equity

Rights

Honesty

Exercise of Corporate Power

Equity

Executive Salaries

Equity Comparable Worth

Product Pricing
Rights

Corporate Due Process

Employee Health Screening
Employee Privacy

Rights Sexual Harassment

Diversity
Equal Employment
Opportunity
Whistle-Blowing
Honesty

Employee and Management

Conflicts of Interest
Security of Organization Data
and Records
Honesty Misleading Advertising
Questionable Buss. Practices
in Foreign Countries
Accurate Reporting of
Shareholder Interests
 Exercise of Corporate
Power

Political Action Committees

Workplace Safety
Product Safety

Exercise of Corporate Power Environmental Issues

Divestment of Interests
Corporate Political
Contributions
Downsizing and Plant Closures
Making Ethical
Decisions
According to Suny Empire State
College, ethical responsibility is the
ability to recognize, interpret and act
upon multiple principles and values
according to the standards within a
given field and/or context.
Computer Ethics

It concerns the social impact of

computer technology (hardware,
software, and telecommunications).
3 Levels of
Computer Ethics

Theoretical

Para

Pop
 Pop Para Theoretical

Exposure to stories Real interest in Interest to

and reports found computer ethics multidisciplinary
in the popular and acquiring skill researches of
media and knowledge computer science
A New Problem or
Just a New Twist on
an Old Problem?
The following are issues concerning the
students of accounting information systems
(AIS):
 PRIVACY

People desire to be in
full control of what and
how much information
about themselves is
available to others, and
to whom it is available.
NEXT!
 SECURITY –
ACCURACY AND
CONFIDENTIALITY

Computer security is an
attempt to avoid such
undesirable events as a
loss of confidentiality or
data integrity.
NEXT!
In a Bloomberg news, Dutch company Wolters Kluwer NV,
which makes the software of many of the world’s small and
mid-sized accounting firms was cyber-attacked. It took
down their software.
 OWNERSHIP OF
PROPERTY

Laws designed to
preserve real property
rights have been
extended to cover
intellectual property.
NEXT!
 EQUITY IN
ACCESS

Factors such as
economic status, culture
and safety features are
barriers in utilizing
information systems.
NEXT!
 ENVIRONMENTAL
ISSUES

Wood papers are used in

printing.

NEXT!
 Cotton paper is
used as an
alternative to wood
paper for printing
documents.
 ARTIFICIAL
INTELLIGENCE

Systems are marketed

as decision makers or
replacements for
experts.

NEXT!
Examples of Artificial
Intelligence:

It provides automated bookkeeping support to

businesses by using a powerful combination of skilled
accountants alongside machine learning and artificial
intelligence (AI).
Examples of Artificial
Intelligence:

It is a suite of open source business apps that cover all

of a company’s needs.
UNEMPLOYMENT
AND
DISPLACEMENT

The fear that the

modern technology will
replace humans as
workers arise.
NEXT!
 MISUSE OF
COMPUTERS

Computers can be used

in many wicked ways
especially nowadays.
 Ramon Barquin’s 10 Commandments of
Computer Ethics

1. Thou shalt not use a computer to harm other people.

2. Thou shalt not interfere with other people’s computer work.
3. Thou shalt not snoop around in other people’s computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you
have not paid.
7. Thou shalt not use other people’s computer resources without
authorization or proper compensation.
8. Thou shalt not appropriate other people’s intellectual output.
9. Thou shalt think about the social consequences of the program
you are writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure
consideration and respect for your fellow humans
Well-known ethical
issues concerning
accounting
Sarbanes-
Oxley Act
The Sarbanes-Oxley Act of 2002 is
a federal law that established
sweeping auditing and financial
regulations for public companies.
Lawmakers created the legislation
to help protect shareholders,
employees and the public from
accounting errors and fraudulent
financial practices, esp. Sec. 406.
 Conflicts of
interest

Personal and
professional
relationships should not
coincide.
 Full and fair
disclosures
Organizations should
provide full, fair,
accurate, timely and
understandable
disclosures to the SEC
and to the public.
 Legal compliance

Companies and its

employees must follow
applicable governmental
laws, rules and
regulations.
Internal reporting
of code violations

There must be a
mechanism to permit
prompt internal
reporting of ethics
violations.
 Accountability

Appropriate action must

be taken when the
violations occur.
 FRAUD AND
ACCOUNTANTS
 Fraud
A false representation of a material fact made
by one party to another party with the intent
to deceive and induce the other party to
justifiably rely on the fact to his or her
detriment.
Five conditions to be met for an
act to be fraudulent:

False Material Intent

representation fact
a false statement or a substantial factor the intent to deceive
a nondisclosure in inducing or the knowledge that
someone to act one’s statement is
false.
Justifiable
Injury or loss
reliance
a substantial factor deception must
on which the injured have caused injury
party relied or loss to the victim
of the fraud
Examples of
Fraud in
Businesses
Intentional
deception
Misappropriation
of a company’s
assets
 Manipulation
of its financial
data to the
advantage
of the
perpetrator
Two Levels of Fraud

Employee Management
Fraud Fraud
Steps of Employee Fraud:

converting the
asset to a usable
form (cash)

stealing concealing the

something of crime to avoid
value (an asset) detection.
 Three special characteristics of
management fraud:

● The fraud is perpetrated at levels of

management above the one to which
internal control structures generally relate.
● The fraud frequently involves using the
financial statements to create an illusion that
an entity is healthier and more prosperous
than, in fact, it is.
● If the fraud involves misappropriation of
assets, it frequently is shrouded in a maze of
complex business transactions, often
involving related third parties.
The Fraud
Triangle
 Employee Fraud or Fraud
by non-management
employeesPRESSURE
OPPORTUNITY
● Directly converting of cash or other assets
to the employee’s personal benefit.
● Employees’ evasion of company’s internal
ETHICS
control system for personal gain.
 Situational
Pressure

includes personal or
job-related stresses
that could coerce an
individual to act
dishonestly
 Opportunity

involves direct access

to assets and/or access
to information that
controls assets.
 Ethics

pertains to one’s
character and degree
of moral opposition to
acts of dishonesty.
A red-flag checklist by auditors in providing
insights into fraud triangle factors:

Do key executives have Do key executives appear to

unusually high personal
debt?
Do key executives appear
to be living beyond their
means?
Do key executives engage
in habitual gambling?
abuse alcohol or drugs?
Do any of the key executives
appear to lack personal
codes of ethics?
Are economic conditions
unfavorable within the
company’s industry?
A red-flag checklist by auditors in providing
insights into fraud triangle factors:

Does the company use Is the company experiencing

several different banks, a rapid turnover of key
none of which sees the employees, either through
company’s entire financial resignation or termination?
picture?

Do one or two individuals

Do any key executives have dominate the company?
close associations with
suppliers?
 Financial
Losses From
Fraud
2008 ACFE Study
Position within the Organization

40% 37%
Nonmanagerial Managers
Employees

23%
Executives or
Owners
 Position

Individuals in the highest

positions within an
organization are beyond the
internal control structure and
have the greatest access to
company funds and assets.
Collusion

36% 64%
Two or more One
 Collusion

When individuals in critical

positions collude, they create
opportunities to control or
gain access to assets that
otherwise would not exist.
Gender

59% 41%
Male Female
 Gender

Women are not

fundamentally more honest
than men, but men occupy
high corporate positions in
greater numbers than
women. This affords men
greater access to assets.
Age

25,000 435,000
Less than 26 More than 60
 Age

Older employees tend to

occupy higher-ranking
positions and therefore
generally have greater
access to company
assets.
Educational Level

100,000 210,000
High School College

550,000
Postgraduate
 Education

Those with more

education occupy higher
positions in their
organizations and
therefore have greater
access to company funds
and other assets.
How To Manage
Fraud In Your
Company?
Employee Due Diligence
Mandatory Job Vacation
Setting Up of Internal Audit
or Fraud Department
Build the Culture of
Honesty and Integrity
Whistle-blowing Policies
 Fraud
Schemes
 Fraudulent
• Statements Statements
associated with
management fraud
• Financial Statement
misinterpretation
FRAUDULENT STATEMENTS

Underlying Problems
FRAUDULENT
STATEMENTS
Sarbanes-Oxley Act and
Fraud
UNDERLYING
PROBLEMS
 Lack of Auditor
Independence

Audit firms also

engaged by their clients
to perform
nonaccounting
activities.
 Lack of Director
Independence

Many board of
directors are comprised
of directors who are not
independent.
Questionable Executive
Compensation Schemes:

Stock options as
compensation result in
strategies aimed at driving up
stock prices at the expense
of the firm’s long-term health.
 Inappropriate
Accounting Practices

Common
characteristic to many
financial statement fraud
schemes
 Corruption
Corruption involves
an executive, a
manager, or an
employee of the
organization in
collusion with an
outsider.
CORRUPTION

Bribery

Illegal Gratuities
CORRUPTION
Conflicts of Interest

Economic Extortion
 Bribery involves giving,
offering, soliciting, or
receiving things of value
to influence an official in
the performance of his
or her lawful duties.
 An illegal gratuity
involves giving, receiving,
offering, or soliciting
something of value
because of an official act
that has been taken.
Similar to a bribe, but
after the fact.
 A conflict of interest is
an outline of procedures
for dealing with actual or
apparent conflicts of
interest between
personal and
professional
relationships.
 Economic extortion is
the use (or threat) of
force (including
economic sanctions) by
an individual or
organization to obtain
something of value.
 Asset
most common fraud
Misappropriation
schemes involve some
type of asset
misappropriation
(almost 90% according
to ACFE study).
ASSET MISAPPROPRIATION

Skimming Payroll Fraud

Expense
Cash Larceny
ASSET Reimbursement
MISAPPROPRIATION
Billing Schemes Thefts of Cash

Check
Computer Fraud
Tampering
 Skimming involves
skimming cash from an
organization before it is
recorded on the
organization’s books and
records.
 Cash larceny is theft of
cash receipts from an
organization after those
receipts have been
recorded in the
organization’s books and
records.
Billing schemes, or vendor
fraud - an employee causes
the employer to issue a
payment to a false supplier
or vendor by submitting
invoices for fictitious
goods/services, inflated
invoices, or invoices for
personal purchases.
Check tampering involves
forging, or changing in some
material way, a check that
was written to a legitimate
payee.
Payroll fraud is the
distribution of fraudulent
paychecks to existent and/or
nonexistent employees.
Expense reimbursement
fraud involves claiming
reimbursement of fictitious
or inflated business
expenses.
Roderick Paulate, a former Quezon City official
was charged over his alleged ghost employees.
Thefts of cash is the direct
theft of cash on hand in the
organization.
Noncash fraud is the theft or
misuse of noncash assets
(e.g., inventory, confidential
information).
Computer fraud involves
theft, misuse, or
misappropriation of assets
by altering computer
readable records and files;
the illegal use of computer-
readable information; or the
intentional destruction of
computer software or
hardware.
 INTERNAL
CONTROL
CONCEPTS AND
TECHNIQUES
 Internal Control System

The internal control system comprises policies, practices,

and procedures employed by the organization to achieve
four broad objectives:
• To safeguard assets of the firm.
• To ensure the accuracy and reliability of accounting
records and information.
• To promote efficiency in the firm’s operations.
• To measure compliance with management’s prescribed
policies and procedures.
Modifying Assumptions

1. Management Responsibility – The establishment and

maintenance of a system of internal control.
2. Reasonable Assurance – The internal control system should
provide reasonable assurance that the four broad objectives of
internal control are met in a cost-effective manner.
3. Methods of Data Processing – Internal controls should achieve
the four broad objectives regardless of the data processing
method used.
4. Limitations – Every system of internal control has limitations on
its effectiveness. These include (1) the possibility of error, (2)
circumvention, (3) management override, and (4) changing
conditions.
Exposure and Risk
The absence or weakness of a
control is called an exposure. A
weakness in internal control may
expose the firm to one or more of
the following types of risks:
1. Destruction of assets (both
physical assets and
information).
2. Theft of assets.
3. Corruption of information or the
information system.
4. Disruption of the information
system.
The PDC Model

Preventive Controls – Prevention is the first line

of defense in the control structure. Preventive
controls are passive techniques designed to
reduce the frequency of occurrence of
undesirable events.
The PDC Model

Detective Controls – Detective controls form the

second line of defense. These are devices,
techniques, and procedures designed to identify
and expose undesirable events that elude
preventive controls.
The PDC Model

Corrective Controls – Corrective controls are

actions taken to reverse the effects of errors
detected in the previous step. Corrective controls
actually fix the problem.
 Sarbanes-Oxley and Interal Control

Sarbanes-Oxley legislation requires management of public

companies to implement an adequate system of internal
controls over their financial reporting process.
Section 302 requires that corporate management
(including the CEO) certify their organization’s internal
controls on a quarterly and annual basis.
Section 404 requires the management of public companies
to assess the effectiveness of their organization’s internal
controls.
 SAS 78/COSO
Internal Control
Framework
 The control environment is
the foundation for the other
four control components.
The control environment Control
sets the tone for the
organization and influences Environment
the control awareness of its
management and
employees.
Organizations must perform
a risk assessment to identify,
analyze, and manage risks
relevant to financial Risk Assessment
reporting.
 The quality of information
the accounting information
system generates impacts
management’s ability to take
actions and make decisions Information &
in connection with the
organization’s operations Communication
and to prepare reliable
financial statements.
Monitoring is the process by
which the quality of internal
control design and
operation can be assessed.
This may be accomplished Monitoring
by separate procedures or
by on-going activities.
Control activities are the
policies and procedures
used to ensure that
appropriate actions are
taken to deal with the Control Activities
organization’s identified
risks.
IT Controls

IT Controls – IT controls relate specifically to the

computer environment.
• General controls pertain to entity-
wide concerns such as controls
over the data center, organization
databases, systems development,
and program maintenance.
• Application controls ensure the
integrity of specific systems such
as sales order processing,
accounts payable, and payroll
applications.
Physical Controls

Physical Controls – This class of controls relates

primarily to the human activities employed in
accounting systems.
Transaction Authorization –
The purpose of transaction
authorization is to ensure that
all material transactions
processed by the information
system are valid and in
accordance with
management’s objectives.
Segregation of Duties – In
business, it is the separation
by sharing of more than one
individual in one single task is
an internal control intended to
prevent fraud and error.
Supervision – The activity of
managing a department,
project, etc. and of making
sure that things are done
correctly and according to the
rules
Accounting Records – The
accounting records of an
organization consist of source
documents, journals, and
ledgers. These records
capture the economic
essence of transactions and
provide an audit trail of
economic events.
Access Control – The
purpose of access controls is
to ensure that only authorized
personnel have access to the
firm’s assets. Unauthorized
access exposes assets to
misappropriation, damage,
and theft
Independent Verification –
Verification procedures are
independent checks of the
accounting system to identify
errors and misrepresentations.
Verification takes place after
the fact, by an individual who
is not directly involved with
the transaction or task being
verified.