Professional Documents
Culture Documents
BSAC 117 Computer Audit SEATWORK 1 ETHICS FRAUD AND IC-STUDENT
BSAC 117 Computer Audit SEATWORK 1 ETHICS FRAUD AND IC-STUDENT
Reference: https://www.isaca.org/credentialing/code-of-professional-
ethics#:~:text=Perform%20their%20duties%20with%20objectivity,their
%20profession%20or%20the%20Association.
Reference: https://www.officialgazette.gov.ph/2012/09/12/republic-act-
no-10175/
Computer-related Offenses:
1. Computer-related Forgery
a) The input, alteration, or deletion of any computer
data without right resulting in inauthentic data with
the intent that it be considered or acted upon for
3
Content-related Offenses:
Other Offenses:
Reference: https://www.officialgazette.gov.ph/2012/09/12/republic-act-
no-10175/
Question #4. Under this Act, 1. Any person found guilty of any of the punishable acts
what are the penalties for enumerated in Sections 4(a) and 4(b) of this Act shall be
cybercrime offenses? punished with imprisonment of prision mayor or a fine of at
least Two hundred thousand pesos (PhP200,000.00) up to a
maximum amount commensurate to the damage incurred or
References: both.
2. Any person found guilty of the punishable act under Section
4(a)(5) shall be punished with imprisonment of prision mayor
or a fine of not more than Five hundred thousand pesos
(PhP500,000.00) or both.
3. If punishable acts in Section 4(a) are committed against critical
infrastructure, the penalty of reclusion temporal or a fine of at
least Five hundred thousand pesos (PhP500,000.00) up to
maximum amount commensurate to the damage incurred or
both, shall be imposed.
4. Any person found guilty of any of the punishable acts
enumerated in Section 4(c)(1) of this Act shall be punished
with imprisonment of prision mayor or a fine of at least Two
hundred thousand pesos (PhP200,000.00) but not exceeding
One million pesos (PhP1,000,000.00) or both.
5. Any person found guilty of any of the punishable acts
enumerated in Section 4(c)(2) of this Act shall be punished
with the penalties as enumerated in Republic Act No. 9775 or
the “Anti-Child Pornography Act of 2009”: Provided, That the
penalty to be imposed shall be one (1) degree higher than that
provided for in Republic Act No. 9775, if committed through a
computer system.
6. Any person found guilty of any of the punishable acts
enumerated in Section 4(c)(3) shall be punished with
imprisonment of arresto mayor or a fine of at least Fifty
thousand pesos (PhP50,000.00) but not exceeding Two
hundred fifty thousand pesos (PhP250,000.00) or both.
7. Any person found guilty of any of the punishable acts
enumerated in Section 5 shall be punished with imprisonment
one (1) degree lower than that of the prescribed penalty for the
offense or a fine of at least One hundred thousand pesos
(PhP100,000.00) but not exceeding Five hundred thousand
pesos (PhP500,000.00) or both.
Reference: https://www.officialgazette.gov.ph/2012/09/12/republic-act-
no-10175/
Reference: http://www.bsp.gov.ph/downloads/laws/RA8792.pdf
under this Act. Define or 1. 1.Hacking or cracking which refers to unauthorized access into
describe each briefly. or interference in a computer system/server or information and
communication system; or any access in order to corrupt, alter,
steal, or destroy using a computer or other similar information
References: and communication devices, without the knowledge and
consent of the owner of the computer or information and
communications system, including the introduction of computer
viruses and the like, resulting in the corruption, destruction,
alteration, theft or loss of electronic data messages or
electronic document
2. Piracy or the unauthorized copying, reproduction,
dissemination, distribution, importation, use, removal,
alteration, substitution, modification, storage, uploading,
downloading, communication, making available to the public,
or broadcasting of protected material, electronic signature or
copyrighted works including legally protected sound recordings
or phonograms or information material on protected works,
through the use of telecommunication networks, such as, but
not limited to, the internet, in a manner that infringes
intellectual property rights
3. Violations of the Consumer Act or Republic Act No. 7394 and
other relevant or pertinent laws through transactions covered
by or using electronic data messages or electronic documents,
shall be penalized with the same penalties as provided in
those laws and other violations of this act
Reference: http://www.bsp.gov.ph/downloads/laws/RA8792.pdf
Reference: http://www.bsp.gov.ph/downloads/laws/RA8792.pdf
Reference:
Reference: https://www.set.gov.ph/resources/rules-on-electronic-
evidence/#:~:text=%E2%80%93%20An%20electronic%20document
%20is%20admissible,manner%20prescribed%20by%20these
%20Rules.
Sarbanes Oxley (SOX) Act The Sarbanes-Oxley Act of 2002 came in response to financial
of 2002 enacted? (Hint: You scandals in the early 2000s involving publicly traded
may give a brief historical companies such as Enron Corporation, Tyco International plc,
background of this Law.) and WorldCom. The high-profile frauds shook investor
confidence in the trustworthiness of corporate financial
statements and led many to demand an overhaul of decades-
References: old regulatory standards.
Reference:https://www.investopedia.com/terms/s/sarbanesoxleyact.as
p#:~:text=The%20Sarbanes%2DOxley%20(SOX)%20Act%20of
%202002%20came%20in,imposed%20more%20stringent
%20recordkeeping%20requirements.
Reference:
https://pcaobus.org/About/History/Documents/PDFs/Sarbanes_Oxl
ey_Act_of_2002.pdf
b. Internal Controls consulting with the companies they are auditing. They can still
act as tax consultants. But the lead audit partners must rotate
c. Fraud off the account after five years.
d. Corporate Governance 2. Private companies must also adopt SOX-type internal control
structures. Otherwise, they face increased difficulties. They will
e. Information System Audit have trouble raising capital. They will also face higher
(IS)/ and IS Auditors insurance premiums and greater civil liability. These would
create a loss of status among potential customers, investors,
1. Independence of IS
and donors.
Auditors
3. The Sarbanes-Oxley Act was passed by Congress to curb
2. Audit Considerations for widespread fraudulence in corporate financial reports,
Irregularities scandals that rocked the early 2000s. The Act now holds
CEOs responsible for their company’s financial statements.
3. Skills and Competence of Whistleblowing employees are given protection. More stringent
IS Auditors auditing standards are followed. These are just a few of the
SOX stipulations.
4. Use of Risk Assessment in
4. The Sarbanes-Oxley Act of 2002 cracks down on corporate
Audit Planning
fraud. It created the Public Company Accounting Oversight
5. Audit documentation Board to oversee the accounting industry. It banned company
loans to executives and gave job protection to whistleblowers.
6. Use of CAATS The Act strengthens the independence and financial literacy of
corporate boards. It holds CEOs personally responsible for
errors in accounting audits.
References: 5. Information System Audit
a) Independence of IS Auditors - it shall be unlawful
for a registered public accounting firm (and any
associated person of that firm, to the extent
determined appropriate by the Commission) that
performs for any issuer any audit required by this
title or the rules of the Commission
b) Audit Considerations for Irregularities- In
supervising nonregistered public accounting firms
and their associated persons, appropriate State
regulatory authorities should make an independent
determination of the proper standards applicable,
particularly taking into consideration the size and
nature of the business of the accounting firms they
supervise and the size and nature of the business
of the clients of those firms. The standards applied
by the Board under this Act should not be
presumed to be applicable for purposes of this
section for small and medium sized nonregistered
public accounting firms.
c) Skills and Competence of IS Auditors - Financial
and accounting backgrounds are still needed, of
course. But the new skills currently in high demand
will “diversify” the team’s offerings, according to
Chambers. At the same time, he says, internal-
audit teams should not be well rounded “just for
the sake of it.” Instead, the teams’ makeup and
priorities should depend on each company’s
assessments of its risks.
d) Use of Risk Assessment in Audit Planning -In
contrast, Sarbanes-Oxley’s demand on proper and
effective internal controls over financial reporting
narrowed the focus of internal-audit teams. That
change, of course, made sense since the
profession is a risk-based function: internal
auditors are expected to focus on prioritizing the
risks to their business, and controls were a high-
risk area during the past decade.
e) Audit Documentation – Auditors inspect and
review selected audit and review engagements of
the firm (which may include audit engagements
that are the subject of ongoing litigation or other
controversy between the firm and 1 or more third
parties), performed at various offices and by
various associated persons of the firm, as selected
by the Board and evaluate the sufficiency of the
10
Reference:
https://pcaobus.org/About/History/Documents/PDFs/Sarbanes_Oxley_
Act_of_2002.pdf