BUSINESS ETHICS, FRAUD AND FRAUD DETECTION

1. Ethics pertains to the principles of conduct that individuals use in making choices and guiding their
behavior in situations that involve the concepts of right and wrong.

2. Business ethics involves finding the answers to two questions: (1) How do managers decide what is
right in conducting their business? and (2) Once managers have recognized what is right, how do they
achieve it?

3. The four areas of ethical business issues are equity, rights, honesty, and the exercise of corporate power

4. The main issues to be addressed in a business code of ethics required by the Securities and Exchange
Commission are conflicts of interest, full and fair disclosures, legal compliance, internal reporting of code
violations, and accountability

5. The three ethical principles that may provide some guidance for ethical responsibility are
proportionality, justice, and minimization of risk

6. Computer ethics is “the analysis of the nature and social impact of computer technology and the
corresponding formulation and justification of policies for the ethical use
of such technology…. [This includes] concerns about software as well as hardware and
concerns about networks connecting computers as well as computers themselves.”

7. The three levels of computer ethics—pop, para, and theoretical:

 The lowest level of computer ethics—pop—merely reflects the exposure to stories and reports
regarding the ramifications of computer technology, such as computer viruses (bad
ramifications) and educational enhancements for handicapped individuals (good ramifications).
 The next level—para—requires a little more involvement in learning about computer ethics
cases and acquiring some skill and knowledge in ethics issues.
 The third level—theoretical—involves application of the theories of philosophy, sociology, and
psychology to computer science with the hope that new understanding in the field can be
achieved.

8. Computer ethical issues new problems, or just a new twist on old problems?
Computer ethical issues are considered to be new problems by those groups that feel that
intellectual property is not the same as real property. However, other groups feel that the same generic
principles should apply. No agreement between these two groups has been reached.

9. The computer ethical issues regarding privacy are:

 People desire to be in full control of what and how much information about themselves is
available to others, and to whom it is available. This is the issue of privacy.
 The creation and maintenance of huge, shared databases make it necessary to protect people
from the potential misuse of data. This raises the issue of ownership in the personal information
industry.
 Should the privacy of individuals be protected through policies and systems? What information
about oneself does the individual own? Should firms that are unrelated to individuals buy and
sell information about these individuals without their permission?

Page 1 of 6
10. The computer ethical issues regarding security are:
 Computer security is an attempt to avoid such undesirable events as a loss of confidentiality or
data integrity.
 Security systems attempt to prevent fraud and other misuse of computer systems; they act to
protect and further the legitimate interests of the system’s constituencies.
 The ethical issues involving security arise from the emergence of shared, computerized
databases that have the potential to cause irreparable harm to individuals by disseminating
inaccurate information to authorized users, such as through incorrect credit reporting. There is a
similar danger in disseminating accurate information to persons unauthorized to receive it.
 Increasing security can actually cause other problems. For example, security can be used both
to protect personal property and to undermine freedom of access to data, which may have an
injurious effect on some individuals.

11. The computer ethical issues regarding ownership of property are:

 Laws designed to preserve real property rights have been extended to cover what is referred to
as intellectual property, that is, software. The question here becomes what can an individual (or
organization) own? Ideas? Media? Source code? Object code?
 A related question is whether or not owners and users should be constrained in their use of or
access to software. This includes making copies or placing software on a network to permit
multiple access.
 Some believe that copyright laws can cause more harm than good. For example, the League for
Programming Freedom argues that copyrights for software fly in the face of the original intent
of the law. It feels that the best interests of computer users are served when industry standards
emerge; copyright laws work to disallow this.
 Part of the problem arises out of the uniqueness of software, its ease of dissemination, and the
possibility of exact replication. Does software fit with the current categories and conventions
regarding ownership?

12. The computer ethical issues regarding equity in access are:

 Some barriers to access (security systems) are intrinsic to the technology of information
systems, but some are avoidable through careful system design.
 Factors that can limit access to computing technology include: financial cost, cultural barriers,
and physical limitations (blindness, paralysis, and pregnancy).
 How can hardware and software be designed with consideration for differences in physical and
cognitive skills? What is the cost involved with providing equity in access? To what groups of
society should equity in access become a priority?

13. The computer ethical issues regarding the environment are:

 Increased computing and the low cost of fast-speed printers have caused many users to print
out more hard copies of documents than is really necessary.
 Because paper is not usually considered a high-cost item, most firms have not looked at this as
a cost/benefit issue; however, perhaps they should from an environmental viewpoint.
 Also, of growing importance is the issue that disposal of obsolete computer hardware creates
environmental risks and concerns.

14. The computer ethical issues regarding artificial intelligence are:

 One issue is the responsibility for the completeness and accuracy of a knowledge base, as well
as its maintenance to reflect changes.
 Further, where does the knowledge come from? This issue becomes of particular importance

Page 2 of 6
 when expert systems replace the tasks of middle managers, many of whom may have been used
during the knowledge acquisition phase.
 Thus, an important issue is who owns the coded expertise. Also, what are the legal
ramifications if an expert system makes an error or if a decision made by an expert system is
not followed?

15. The computer ethical issues regarding unemployment and displacement:

 The nature of most jobs is changing as a result of computer technology. In many cases, certain
occupations are becoming rare.
 The issue is whether employers should assume the responsibility of retraining employees.

16. The computer ethical issues regarding misuse of computers:

 The computer ethical issues regarding misuse of computers are the copying of proprietary
software, using a company’s computer for personal benefit, and snooping through other
people’s files.
 Should employees be allowed to do personal work on the company computer after work hours?
Does this additional use impinge on the rights of the software company? If the employee does
not have the means to buy hardware and/or software for him or herself, then an ethical issue
arises regarding potential lost profits to the industries selling these products.

17. The three fraud-motivating forces (fraud triangle):

Response:
a. situational pressure
b. opportunities
c. ethics (personal characteristics)

18. Examples of personal traits of employees that might help uncover fraudulent activity;
 with high personal debt, living beyond their means,
 engaging in habitual gambling,
 appearing to abuse alcohol or drugs,
 appearing to lack personal codes of ethics, and
 appearing to be unstable.

19. Employee fraud is an act committed by non-management employees.

 It is generally designed to directly convert cash or other assets to the employee’s personal benefit.
 Employee fraud usually involves three steps:
o (1) stealing something of value (an asset),
o (2) converting the asset to a usable form (cash), and
o (3) concealing the crime to avoid detection.

20. Management fraud is committed by managers who are not subject to the same controls as
employees.
 This fraud more insidious than employee fraud because it often escapes detection until the
organization has suffered irreparable damage or loss.
 Management fraud typically contains three special characteristics:
o The fraud is perpetrated at levels of management above the one to which internal control
structures generally relate.
o The fraud frequently involves using the financial statements to create an illusion that an
entity is healthier and more prosperous than, in fact, it is.

Page 3 of 6
 o If the fraud involves misappropriation of assets, it frequently is shrouded in a maze of
complex business transactions, often involving related third parties.

21. How can external auditors attempt to uncover motivations for committing fraud?
Response:
 Research by forensic experts and academics has shown that the auditor’s evaluation
of fraud is enhanced when the fraud triangle factors are considered. Obviously, matters
of ethics and personal stress do not lend themselves to easy observation and analysis. To provide
insight into these factors, auditors often use a red-flag checklist consisting of the following types of
questions:
• Do key executives have unusually high personal debt?
• Do key executives appear to be living beyond their means?
• Do key executives engage in habitual gambling?
• Do key executives appear to abuse alcohol or drugs?
• Do any of the key executives appear to lack personal codes of ethics?
• Are economic conditions unfavorable within the company’s industry?
• Does the company use several different banks, none of which sees the company’s entire
financial picture?
• Do any key executives have close associations with suppliers?
• Is the company experiencing a rapid turnover of key employees, either through resignation or
termination?
• Do one or two individuals dominate the company?

22. Lapping involves a cash receipts clerk stealing customer payments that are in the form of checks, by
cashing the check him/ herself. Many employees view this as borrowing, since they plan to repay it
some day.

23. Collusion involves two or more employees working together to perpetrate a fraudulent act that
internal controls would have otherwise prevented. For example, the inventory control clerk and the
warehouse clerk could collude to steal inventory and then adjust the inventory records to cover-up the
act.

24. Bribery involves giving, offering, soliciting, or receiving things of value to influence an official in the
performance of his or her lawful duties. Officials may be employed by government (or regulatory)
agencies or by private organizations. Bribery defrauds the entity (business organization or
government agency) of the right to honest and loyal services from those employed by it.

25. Economic extortion is the use (or threat) of force (including economic sanctions) by an individual or
organization to obtain something of value. The item of value could be a financial or economic asset,
information, or cooperation to obtain a favorable decision on some matter under review.

26. A conflict of interest occurs when an employee acts on behalf of a third party during the discharge of
his or her duties or has self-interest in the activity being performed. When the employee’s conflict of
interest is unknown to the employer and results in financial loss, then fraud has occurred.

27. Computer fraud refers to using hardware and software to divert or acquire the assets of the firm. Its
activities include:
 Theft, misuse, or misappropriation of assets by altering computer-readable records and files,
 Theft, misuse, or misappropriation of assets by altering the logic of computer software,
 The theft of illegal use of computer-readable information,

Page 4 of 6
  The theft, corruption, illegal copying, or intentional destruction of computer software,
 The theft, misuse, or misappropriation of computer hardware.

28. It is easiest to commit computer fraud at the data-collection or data-entry stage of the general
accounting model. Frauds of this type require little or no computer skills. At this point, the
perpetrator only needs to understand how the system works to enter data that it will process.

29. Billing schemes, also known as vendor fraud, are perpetrated by employees who cause their employer
to issue a payment to a false supplier or vendor. This is accomplished by submitting invoices for
fictitious goods or services, inflated invoices, or invoices for personal purchases.

30. Cash larceny involves schemes in which cash receipts are stolen from an organization after they have
been recorded in the organization’s books and records.

31. Skimming involves stealing cash from an organization before it is recorded on the organization’s
books and records.

32. Ethical issues and legal issues. Some acts may not be against the law, but may be considered
unethical. For example, it may not be illegal to simultaneously accept two job offers verbally while
trying to decide between the two companies. However, ethically, this type of behavior is considered
to be undesirable.

33. A strong internal control structure provides a very good shield against fraud. However, these shields
are not 100 percent bulletproof, especially when employees collude and/or top management is
involved. A strong internal control structure coupled with good employee morals and ethics is the
best deterrence against fraud.

34. The top management of publicly traded companies is oftentimes reluctant to admit publicly that it has
been the victim of computer crime because of fear of public opinion regarding the internal control
structure. Also, many organizations may not be fully aware of the extent of their damages due to
computer fraud.

35. The Sarbanes-Oxley Act requires all audit committee members to be independent and requires the
audit committee to hire and oversee the external auditors. This provision is consistent with many
investors who consider the board composition to be a critical investment factor.

36. The Sarbanes-Oxley Act prohibits auditors from providing non-audit services to their audit clients,
they are not prohibited from performing such services for non-audit clients or privately held
companies. The act addresses auditor independence by creating more separation between a firm’s
attestation and non-auditing activities. This is intended to specify categories of services that a public
accounting firm cannot perform for its client. These include the following functions:
 bookkeeping or other services related to the accounting records or financial statements;
 financial information systems design and implementation;
 appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
 actuarial services;
 internal audit outsourcing services;
 management functions or human resources;
 broker or dealer, investment advisor, or investment banking services; and
 legal services and expert services unrelated to the audit

Page 5 of 6
37. Small firms with fewer employees than there are incompatible tasks should rely more heavily on
specific authorizations. More approvals of decision by management and increased supervision should
be imposed in order to somewhat compensate for the lack of separation of duties.

38. An organization’s internal audit department is usually considered an effective control mechanism for
evaluating the organization’s internal control structure.
 Having the internal auditing function report to the controller is unacceptable. If the controller
is aware of or involved in a fraud or defalcation, then he/she may give false or inaccurate
information to the auditors. The possibility that the auditors may lose their jobs if they do not
keep certain matters quiet also exists. Further, the fraud may be occurring at a level higher
than the controller, and the controller may fear losing his/her job if the matter is pursued.
 The best route is to have the internal auditing function report directly to the board of
directors.

39. Fraud denotes a false representation of a material fact made by one party to another party with the
intent to deceive and induce the other party to justifiably rely on the fact to his or her detriment.
According to common law, a fraudulent act must meet the following five conditions:
 False representation: There must be a false statement or a nondisclosure.
 Material fact: A fact must be a substantial factor in inducing someone to act.
 Intent: There must be the intent to deceive or the knowledge that one’s statement is false.
 Justifiable reliance: The misrepresentation must have been a substantial factor on which the
injured party relied.
 Injury or loss: The deception must have caused injury or loss to the victim of the fraud

40. Exposure and risk.

 Exposures are weaknesses in the internal control system. For example, assigning the same
clerk responsibility for receiving and booking cash and also updating accounts receivable is
an exposure.
 Risks relate to the potential consequences of exposures. The risk associated with this
exposure is that the clerk will perpetrate a fraud such as lapping.

41. . Forms of computer fraud:

a. Payment fraud includes the following techniques:
 Creating illegal programs that can access data files to alter, delete, or insert values into
accounting records,
 Destroying or corrupting a program’s logic using a computer virus, or
 Altering program logic to cause the application to process data incorrectly.

b. Operations fraud is the misuse or theft of the firm’s computer resources. This often involves
using the computer to conduct personal business.
c. Database management fraud includes altering, deleting, corrupting, destroying, or stealing an
organization’s data.
d. Scavenging involves searching through the trash of the computer center for discarded output.
e. Eavesdropping involves listening to output transmissions over telecommunication lines.

Page 6 of 6