Professional Documents
Culture Documents
Ais Quiz 2 Reviewer
Ais Quiz 2 Reviewer
20
● Most frauds are committed by EMPLOYEES ○ Fraud and criminal penalties: New
than managers, the losses are much higher for penalties for destroying or tampering with
managers and owners. documents, securities fraud, and taking
● Collusion in the commission of a fraud is difficult actions against whistleblowers.
to prevent and detect.
TRAITS OF MANAGERS AND OTHER EMPLOYEES
THAT MIGHT HELP UNCOVER FRAUD
● Some of the larger public accounting firms have
developed checklists to help uncover fraudulent
activity during an audit. Questions for such a
checklist might include:
○ Do key executives have unusually high
personal DEBT?
○ Do key executives appear to be living
BEYOND their MEANS?
○ Do key executives engage in habitual
FRAUD : UNDERLYING PROBLEM GAMBLING?
● Lack of Auditor Independence: Audit firms also ○ Do key executives appear to abuse
engaged by their clients to perform ALCOHOL or DRUG?
non-accounting activities. ○ Do any of the key executives appear to
● Lack of Director Independence: Many board of lack personal CODES of ETHICS?
directors are comprised of directors who are not
independent. ○ Are ECONOMIC conditions unfavorable
● Questionable Executive Compensation within the company’s industry?
Schemes: Stock options as compensation result
in strategies aimed at driving up stock prices at ○ Does the company use several different
the expense of the firm’s long-term health. banks, none of which sees the company’s
○ In extreme cases financial statement entire financial picture?
misrepresentation has been used to ○ Do any key executives have close
achieve stock prices needed to exercise ASSOCIATION with SUPPLIER?
options. ○ Is the company experiencing a rapid
● Inappropriate Accounting Practices: Common turnover of key employees, either through
characteristic to many financial statement fraud QUITTING or being FIRED?
schemes.
○ Do one or two individuals DOMINATE the
FRAUD company?
● SOX establishes a framework for oversight and
regulation of public companies. Principal 2 EXAMPLES OF EMPLOYEE FRAUD
reforms pertain to:
○ Creation of the Public Company Employee fraud or frauds by non-management
Accounting Oversight Board (PCAOB) to employees are generally designed to directly convert
set standards, inspect firms, conduct cash or other assets to the employee’s personal
investigations and take regulator actions. benefit.
○ Auditor independence: More separation Employee fraud usually involves three steps:
between a firm’s attestation and 1. stealing something of value (an asset),
non-auditing activities. 2. converting the asset to a usable form (cash), and
3. concealing the crime to avoid detection.
○ Corporate governance and
responsibility: Audit committee ● CHARGES TO EXPENSE ACCOUNTS. The
members must be independent and theft of 50,000 cash could be charged to a
committee must hire and oversee the miscellaneous operating expense account. The
external auditors. loss of the cash reduces the firm’s assets by
50,000. To offset this, equity is reduced by 50,000
○ Issuer and management disclosure: when the miscellaneous expense account is
Increased requirements. closed to retained earnings, thus keeping the
accounting equation in balance.
21
● LAPPING. The employee first steals and cashes FRAUD SCHEMES
a check for 5000 sent by Customer A. To ● Skimming involves stealing cash before it is
conceal the accounting imbalance caused by the recorded on an organization’s books.
loss of the asset, Customer A’s account is not ● Cash larceny involves stealing cash after it is
credited - (deemed not received). Later (the next recorded.
billing period), the employee uses a 5000 check ○ Lapping is a common technique.
received from Customer B and applies this to ● Billing schemes (vendor fraud) involves paying
Customer A’s account. Funds received in the false vendors by submitting invoices for fictitious
next period from Customer C are then applied to goods.
the account of Customer B, and so on. ○ A shell company fraud includes a false
vendor set-up and false purchase orders.
● Corruption involves a member of the ○ A pass through fraud involves both a
organization in collusion with an outsider. legitimate and false vendor purchase (at a
much higher price).
Four principal types: ○ A pay-and-return scheme involves double
○ Bribery involves an exchange of value to payment with the clerk intercepting the
influence an official in the performance of vendor reimbursement check.
his or her lawful duties. ● Check tampering involves altering legitimate
○ An illegal gratuity is an exchange of value checks.
because of an official act that has been ● Payroll fraud is the distribution of fraudulent
taken. Similar to a bribe, but after the paychecks.
fact. ● Expense reimbursement fraud involve false or
○ A conflict of interest occurs when an inflated expense reimbursements.
employee acts on behalf of a third party ● Thefts of cash are schemes that involve the
during the discharge of his or her duties. direct theft of cash on hand.
○ Economic extortion is use or threat of ● Non-cash misappropriations involve the theft
force to obtain value. of noncash assets like inventory or information.
● Computer fraud is discussed in a later chapter.
FRAUD SCHEMES OF BRIBERY, ILLEGAL
GRATUITIES AND ECONOMIC DISTORTION SKIMMING AND CASH LARCENY
● Bribery involves giving, offering, soliciting, or
receiving things of value to influence an official in Skimming involves stealing cash from an organization
the performance of his or her lawful duties. before it is recorded on the organization’s books and
Officials may be employed by government (or records,
regulatory) agencies or by private organizations.
Bribery defrauds the entity (business larceny where cash receipts are stolen from an
organization or government agency) of the right to organization after they have been recorded in the
honest and loyal services from those organization’s books and records.
employed by it.
SHELL COMPANY FRAUD AND PASS THROUGH
● An illegal gratuity is similar to a bribe, but it FRAUD
occurs after the fact. It involves giving, receiving,
offering, or soliciting something of value because Shell company fraud first requires that the
of an official act that has already been taken. perpetrator establish a false supplier on the books of
the victim company. The fraudster then manufactures
● Economic extortion is the use (or threat) of false purchase orders, receiving reports, and
force (including economic sanctions) by an invoices in the name of the vendor and submits them
individual or organization to obtain something of to the accounting system, which creates the illusion
value. The item of value could be a financial or of a legitimate transaction.
economic asset, information, or cooperation
Pass through fraud is similar to the shell company
● The most common fraud schemes involve fraud with the exception that a transaction actually
some type of asset misappropriation (almost takes place. Again, the perpetrator creates a false
90%). vendor and issues purchase orders to it for inventory
○ Cash, checking accounts inventory, or supplies. The false vendor then purchases the
supplies, equipment and information are needed inventory from a legitimate vendor. The false
the most vulnerable to abuse. vendor charges the victim company a much higher
22
than market price for the items, but pays only the ● The absence or weakness of a control is an
market price exposure:
○ May result in asset destruction or theft
HOW IS FRAUDULENT STATEMENT FRAUD and corruption or disruption of the
DIFFERENT information system.
● Preventive controls are passive techniques
Fraudulent statements are associated with designed to REDUCE undesirable events by
management fraud. While all fraud involves some form forcing compliance with prescribed or desired
of financial misstatement, to meet the definition under actions.
this class of fraud scheme, the statement itself must ○ Preventing errors and fraud is more
bring direct or indirect financial benefit to the cost-effective than detecting and
perpetrator. In other words, the statement is not correcting them.
simply a vehicle for obscuring or covering a fraudulent ● Detective controls are designed to IDENTIFY
act. For example, misstating the cash account balance undesirable events that elude preventive
to cover the theft of cash does not fall under this class controls.
of fraud scheme. On the other hand, understating ● Corrective controls are ACTIONS taken to
liabilities to present a more favorable financial picture REVERSE the effects of errors detected.
of the organization to drive up stock prices does
qualify.
2. Risk Assessment
● Organizations must perform a risk
assessment to identify, analyze and manage
financial reporting risks.
23
● The quality of information the AIS generates ○ Differ from supervision - individual not
impacts management’s ability to take actions directly involved in the transaction or
and make decisions. task being verified
● An effective system records all valid ○ While supervision - superior directly
transactions and provides timely and accurate responsible for the task
information. ○ Management can assess (1) Individual
performance, (2) System integrity and (3)
4. Monitoring Data correctness. Includes:
● the process by which the quality of internal ■ Reconciling batch totals during
control design and operations can be transaction processing.
assessed. ■ Comparing physical assets with
accounting records.
5. Control activities ■ Reconciling subsidiary accounts with
● are policies and procedures to ensure control accounts.
appropriate actions are taken to deal with ■ Reviewing management reports that
identified risks. summarize business activities.
● IT controls relate to the computer
environment: IT application controls are associated with
○ General control pertains to entity-wide IT applications.
concerns such as controls over data
center, organization databases, systems 1. Input control (edits) perform tests on transactions
development, and program maintenance to ensure they are free from errors.
○ Application controls ensure the integrity
of specific systems. ● Check digit is a control digit(s) that is
● Physical controls relate to human activities: added to the data code when originally
○ Transaction authorization is to ensure all assigned. Allows integrity to be established
material transactions processed are valid. during processing and helps prevent two
○ Segregation of duties controls are common errors:
designed to minimize incompatible ○ Transcription errors occur when (1)
functions including separating: extra digits are added to a code, (2) a
1. transaction authorization and digit is omitted from a code, or (3) a
processing and digit is recorded incorrectly.
2. asset custody and record-keeping. ○ Transposition errors occur when
3. Successful fraud must require digits are reversed.
collusion ● Missing data check identifies blank or
○ Supervision is a control activity involving INCOMPLETE input fields.
the critical oversight of employees. It is a ● Numeric-alphabetic check identifies data in
compensating control in organizations too the wrong FORM.
small for sufficient segregation of duties ● Limit checks identify fields that exceed
authorized LIMITS.
● Range checks verify that all AMOUNTS fall
within an acceptable range.
● Reasonableness checks verify that amounts
that have based limit and range checks are
reasonable.
● Validity checks compare actual fields against
acceptable values.
○ Accounting records consist of source
documents, journals and ledgers which 2. Processing controls are programmed procedures
capture economic essence and provide an to ensure an application’s logic is functioning
audit trail. properly.
○ Access controls ensure that only
authorized personnel have access to firm ● Batch controls manage the flow of high
assets. volume transactions and reconcile system
○ Independent verification procedures are output with original input.
checks to identify errors and ● Run-to-run controls monitor batch from one
misrepresentations. process to another.
24
○ A hash total is the summation of a
nonfinancial field to keep track of
records.
26
● Risks relate to the potential consequences of
exposures. The risk associated with this
exposure is that the clerk will perpetrate a
FIRM WITH FEWER EMPLOYEES THAN THERE FRAUD such as lapping.
ARE INCOMPATIBLE TASK SHOULD RELY ON
GENERAL THAN SPECIFIC AUTHORITY. WHY ARE COMPUTER ETHICS ISSUES OF
PRIVACY, SECURITY AND PROPERTY
Small firms with FEWER EMPLOYEES than there are OWNERSHIP OF INTEREST TO ACCOUNTANTS
incompatible tasks should rely more heavily on
specific authorizations. More approvals of decisions Privacy is the degree of restricted access to
by management and increased supervision should be personal data. The creation and maintenance of
imposed in order to somewhat compensate for the huge, shared databases makes it necessary to
LACK OF SEPARATION OF DUTIES. protect individuals (and organizations) from the
potential misuse of such data. This raises the issue
INTERNAL AUDITING FUNCTION REPORTS of ownership in the personal information industry. Why
DIRECTLY TO THE CONTROLLER: COMMENT ON can client firms that are unrelated to individuals buy
THE EFFECTIVENESS OF THIS ORGANIZATIONAL and sell information about those individuals without
STRUCTURE their permission? Should privacy be protected through
policies and systems of internal controls within the
Having the internal auditing function report to the firms that hold the data? If so, the auditors of the firms
CONTROLLER is unacceptable. may need to develop standards for assessing such
● If the controller is aware of or involved in a controls in their client’s systems.
fraud or defalcation, then he/she may give
false or inaccurate information to the auditors. Computer security is an attempt to avoid
● the auditors may lose their jobs if they do not undesirable events such as illegal access to
keep certain matters quiet also exists. systems that result in loss of confidentiality or data
● Further, the fraud may be occurring at a level integrity. However, security can be used both to protect
higher than the controller, and the controller personal property and to undermine freedom of
may fear losing his/her job if the matter is legitimate access to data. Automated monitoring can
pursued. be used both to detect intruders and to spy on
● The BEST ROUTE is to have the internal legitimate users, thus diminishing their privacy.
auditing function report directly to the Auditors are in position to determine where this line is
BOARD OF DIRECTORS. to be drawn and to assess the effectiveness and
appropriateness of security measures in place.
COMMENT ON THE EXPOSURE, IF ANY CAUSED
BY COMBINING THE TASKS OF PAYCHECK Laws designed to preserve real property ownership
PREPARATION AND DISTRIBUTION TO rights have been extended to cover what is referred to
EMPLOYEES as intellectual property, such as computer software.
The question here becomes, what can an individual (or
If a payroll employee were to prepare a paycheck for organization) own? Ideas? Media? Source code?
a nonexistent employee (perhaps under an Object code? Copyright laws have been invoked in
alias, or in the name of a relative), an attempt to protect those who develop software
● This employee also has the task of from having it copied.
distributing the checks, then no one would ● However, many believe the copyright laws can
be the wiser. cause more harm than good. For example,
should the “look and feel” of a software
if the checks go directly to another person, who then package be granted copyright protection?
distributes the paychecks, then the extra check
should be discovered. The League for Programming Freedom argues that the
best interest of computer users is served when
EXPOSURE AND RISK industry standards emerge; copyright laws work to
disallow this. Issues relating to ownership and
Exposures are weaknesses in the internal control valuation of digital property are currently under review
system. by the accounting profession. Legal resolution may
● For example, assigning the same clerk have potentially profound implications for both
responsibility for receiving and booking cash accounting firms and their clients. For example, since
and also updating accounts receivable is an patent searches are expensive and unreliable,
exposure. programmers (and their organizations) may be sued
27
for inadvertently using a computer process on which A survey by Thompson Financial revealed the strong
someone else holds the patent. Such an environment belief that executives have abused stock-based
increases business risk and associated audit risk. compensation.
● fewer stock options should be offered than
COLLUSION BETWEEN EMPLOYEES AND currently is the practice.
MANAGEMENT IN THE COMMISSION OF FRAUD IS ● Excessive use of short-term stock options
DIFFICULT TO BOTH PREVENT AND DETECT to compensate directors and executives may
result in short-term thinking and strategies
Collusion among employees in the commission of a aimed at driving up stock prices at the
fraud is difficult to both prevent and detect. This is expense of the firm’s long-term health.
particularly true when the collusion is between ● In extreme cases, financial statement
managers and their subordinate employees. misrepresentation has been the vehicle to
Management plays a key role in the internal control achieve the stock price needed to exercise
structure of an organization. They are relied upon to the option.
prevent and detect fraud among their subordinates.
When they participate in fraud with the employees PROBLEMS ASSOCIATED WITH INAPPROPRIATE
over whom they are supposed to provide ACCOUNTING PRACTICES
oversight, the organization’s control structure is
weakened, or completely circumvented, and the The use of inappropriate accounting techniques is
company becomes more vulnerable to losses. a characteristic common to many financial
statement FRAUD SCHEMES.
PROBLEMS ASSOCIATED WITH AUDITORS LACK
OF INDEPENDENCE Enron made elaborate use of Special Purpose
Entities (SPE) to hide liabilities through off
Auditing firms who are also engaged by their clients balance-sheet accounting.
to perform non-accounting activities such as WorldCom management transferred transmission line
actuarial services, internal audit outsourcing services, costs from current expense accounts to capital
and consulting lack independence. They are accounts. This allowed them to defer some operating
essentially auditing their own work. expenses and report higher earnings. Also, they
● RISK: as auditors they WILL NOT BRING to reduced the book value of hard assets of MCI by $3.4
management’s attention detected problems billion and increased goodwill by the same amount.
that may adversely affect their consulting Had the assets been left at book value, they would
fees. have been charged against earnings over four years.
● For example, Enron’s auditors, Arthur Goodwill, on the other hand, was amortized over
Andersen, were also its internal auditors and much longer period.
its management consultants.
IN THIS AGE OF HIGH TECHNOLOGY AND
THE PROBLEMS ASSOCIATED WITH LACK OF COMPUTER BASED INFORMATION SYSTEMS,
DIRECTORS INDEPENDENCE WHY ARE ACCOUNTANTS CONCERNED ABOUT
PHYSICAL CONTROLS
Many boards of directors are composed of
individuals who are not independent. Examples of lack This class of controls relates primarily to the human
of independence are directors who have a personal activities employed in accounting systems. These
relationship by serving on other companies’ activities may be purely manual, such as the physical
boards of directors; have a business trading custody of assets, or they may involve the use of
relationship as key customers or suppliers of the computers to record transactions or update accounts.
company; have a financial relationship as primary Physical controls do not relate to the computer logic
stockholders or have received personal loans from the that actually performs these accounting tasks. This is
company; and have an operational relationship as the subject matter of Chapter 16. Rather, they relate
employees of the company. With a lack of director to the human activities that initiate such computer
independence, in addition to an increased risk of logic. In other words, physical controls do not
fraud, there also exists a decreased ability for suggest an environment in which clerks update
objective decision making. paper accounts with pen and ink. Virtually all
systems, regardless of their sophistication, employ
PROBLEMS ASSOCIATED WITH QUESTIONABLE human activities that need to be controlled.
COMPENSATION SCHEMES
MODULE 4 – THE REVENUE CYCLE
28
The Conceptual System: Sales Order Procedures
● Receive order.
○ Begins with receipt of customer order which
is transcribed into a formal sales order which
is placed in the customer order file for future
reference. May take days or weeks.
● Check credit.
○ Before processing orders, creditworthiness
must be established.
● Pick goods.
○ The stock release or picking ticket provides ● Update inventory records.
authorization to warehouse personnel to ○ The inventory control function updates
release goods which are sent to shipping inventory subsidiary ledger accounts from
along with the verified stock release. the stock release document information.
○ Warehouse employees adjust stock records ● Update accounts receivable records.
to reflect inventory reduction and prepare ○ Customer records in the accounts
back-order records if insufficient goods. receivable (AR) subsidiary ledger updated
from the sales order ledger copy.
● Post to general ledger.
○ General ledger function uses journal
vouchers to update control accounts.
● Ship goods.
○ Shipping department uses the packing slip
and shipping notice to reconcile goods
received from the warehouse.
○ Goods are packaged, bill of lading is
prepared, goods are given to the carrier, and
shipment is recorded in the shipping log.
● Bill customer.
○ Done after shipment by sending a completed
sales invoice.
○ Billing record-keeping includes recording the
sale in the sales journal.
○ The sales journal is a special journal used
for recording completed sales transactions.
Entries are summarized in a sales journal
voucher used to update the GL control
account.
29
○ Employees not involved in the cash receipts
process reconcile receipts by comparing (1) a
copy of the prelist, (2) deposit slips and
(3) related journal vouchers.
31
■ Cash receipts clerk should not have
access to GL cash.
■ Personnel with physical custody of
inventory should not update records
○ IT controls include multilevel security.
● Unauthorized access to accounting records
and reports.
○ Motives include attempts to create fraud, data
theft and malicious acts.
○ Physical controls include access controls and
segregation of duties such that the
5. Risks and Internal Controls
perpetration of a fraud requires collusion.
● Primary risks associated with revenue cycle
○ IT controls include passwords and multilevel
transactions:
security.
● Undetected data input errors:
○ IT controls include data checks and check
6. Multilevel Security
digit edits to help prevent errors.
● Employs programmed techniques that permit
● Selling to un-creditworthy customers:
simultaneous access to a central system by many
○ Physical controls include proper transaction
users with different access privileges.
authorization, including a segregation of
○ Users are prevented from obtaining
duties between transaction authorization and
information for which they lack authorization.
transaction processing.
● Two common multilevel security methods:
○ IT controls include automatic credit checking.
○ Access control list (ACL) method assigns
● Shipping incorrect items or quantities:
privileges directly to individuals which is
○ Physical controls include independent
burdensome in large organizations.
verification.
○ Role-based access control (RBAC) creates
○ IT controls include scanner technology and
standard tasks called roles that are assigned
automated ordering.
specific privileges.
● Inaccurately recording transactions in
■ Once a role is created, individuals are
journals and accounts.
assigned to it.
○ Physical controls include transaction
■ Easy to add or delete roles as job
authorization, accounting records,
responsibilities change.
prenumbered documents, special journals,
subsidiary ledgers, general ledger control
accounts, files and independent verification:
■ Shipping department reconciles goods
being shipped against packing slip to
ensure the customer is receiving correct
items and quantity.
■ Billing function reconciles original sales
order with shipping notice to ensure bills
are correct and sales are recorded
properly.
■ GL function reconciles journal vouchers
7. Point-of-Sale (POS) Systems
and summary reports prepared
● POS systems used extensively in retail
independently in different functional
establishments.
areas before posting to control accounts.
○ Customers pick items from shelves and take
○ IT controls include automated postings and
them to a cashier.
file backups.
● Clerk scans the Universal product code (UPC) of
● Misappropriation of cash receipts and
items.
inventory.
○ Price and description retrieved from inventory
○ Physical controls include transaction
file.
authorization, supervision (especially in the
○ Inventory levels are updated and reordered
mail room), access controls and segregation
as needed.
of duties:
● System automatically calculates taxes, discounts
■ Cash receipts function should be
and total.
separate from the AR function.
○ Non-cash payments are approved via online
connection.
32
● At shift end, money and receipts reconciled to the
internal cash register tape with cash over and
shorts accounts for.
● Cash receipts clerk prepares deposit slip for total
daily cash receipts and batch program posts entry
to the GL.
9. Reengineering
● Electronic data interchange (EDI) expedites
transactions.
○ Customer’s computer automatically orders
inventory as needed.
○ Seller processes orders with little or no
human involvement.
○ Binding terms specified in a trading partner
agreement.
○ Control problems include ensuring only valid
transactions are processed and that
accounting records are not compromised.
● Doing business on the Internet involves both
business-to-business (B2B) and
business-to-consumer (B2C) transactions.
○ Opens the door to thousands of business
partners without formal trading agreements.
○ Risks include threats from computer hackers,
viruses and transaction fraud.
33