MODULE 3 – ETHICS, FRAUD AND INTERNAL
CONTROL
ETHICS
● Ethics pertain to the principles of conduct that
individuals use in making choices and guiding
their behavior in situations that involve the
concepts of right and wrong.
● Business ethics concern the issue of how
managers determine what is considered to be
right in their business conduct. Further, once
this correct business conduct is determined, the
issue becomes how it can be achieved.
DISTINGUISH BETWEEN ETHICAL ISSUES AND
LEGAL ISSUES
Some acts may not be against the law, but they may
be considered unethical. For example, it may not be
illegal to simultaneously accept two job offers verbally
while trying to decide between the two companies;
however, ethically, this type of behavior is considered
to be undesirable.
COMPANY IS ILLEGALLY DUMPING TOXIC
WASTE, SUPERVISOR IS INVOLVED. WHAT
ACTION TO TAKE
Normally, the resolution of an ethical problem on the
jobb: consultation between the subordinate and the
immediate supervisor.
● When the supervisor is part of the problem,
the matter should be taken to the next
higher-level person in the organization
structure.
FRAUD
● Fraud denotes a false representation of
material fact made with the intent to deceive and
induce another to rely it to their detriment. Act
must meet five conditions:
○ False representation: false statement or
a non-disclosure.
○ Material fact: fact must be substantial in
inducing someone to act.
○ Intent to deceive: must exist or
knowledge that one’s statement is false.
○ Justifiable reliance: misrepresentation
must have been relied on.
○ Injury or loss: must have been sustained
by the victim.
● Fraud in business has a more specialized
meaning:
○ Intentional deception (deceiving),
○ asset misappropriation (theft) or
○ financial data manipulation to the
advantage of the perpetrator.
○ White collar crime
20
- White-collar crime is generally
non-violent in nature and includes
public corruption, health care fraud,
mortgage fraud, securities fraud, and
money laundering, to name a few.
○ defalcation (misuse of funds),
○ embezzlement and
○ irregularities.
DISTINGUISH BETWEEN EMPLOYEE FRAUD AND
MANAGEMENT FRAUD
Employee fraud
● committed by: non-management employees,
● generally designed to: directly convert cash
and other assets for the employee’s personal
benefit.
● In cases of employee fraud, weak internal
controls are usually present.
Management frauds
● usually committed at a: level above the one to
which internal controls generally relate.
● These frauds are typically shrouded in a
nexus (series of connections) of transactions
and are difficult to disentangle.
CHARACTERISTICS OF MANAGEMENT FRAUD
Management fraud typically contains three special
characteristics:
1. The fraud is perpetrated at levels of management
ABOVE the one to which internal control
structures generally relate.
2. The fraud frequently involves using the financial
statements to create an ILLUSION that an entity
is more healthy and prosperous than it actually is.
3. If the fraud involves misappropriation of assets,
or if it frequently is shrouded in a maze of
complex business TRANSACTION often
involving related third parties
Fraud triangle factors that contribute to fraud:
○ Situational pressures that coerce an
individual to act dishonestly.
○ Opportunity through direct access to
assets.
○ Ethics which relate to one’s character and
moral compass.
● A recent study suggests FRAUD LOSSES equal
5% of REVENUE.
○ Actual cost difficult to quantify and do not
include indirect losses.
● Most frauds are committed by EMPLOYEES
than managers, the losses are much higher for
managers and owners.
● Collusion in the commission of a fraud is difficult
to prevent and detect.
FRAUD : UNDERLYING PROBLEM
● Lack of Auditor Independence: Audit firms also
engaged by their clients to perform
non-accounting activities.
● Lack of Director Independence: Many board of
directors are comprised of directors who are not
independent.
● Questionable Executive Compensation
Schemes: Stock options as compensation result
in strategies aimed at driving up stock prices at
the expense of the firm’s long-term health.
○ In extreme cases financial statement
misrepresentation has been used to
achieve stock prices needed to exercise
options.
● Inappropriate Accounting Practices: Common
characteristic to many financial statement fraud
schemes.
FRAUD
● SOX establishes a framework for oversight and
regulation of public companies. Principal
reforms pertain to:
○ Creation of the Public Company
Accounting Oversight Board (PCAOB) to
set standards, inspect firms, conduct
investigations and take regulator actions.
○ Fraud and criminal penalties: New
penalties for destroying or tampering with
documents, securities fraud, and taking
actions against whistleblowers.
TRAITS OF MANAGERS AND OTHER EMPLOYEES
THAT MIGHT HELP UNCOVER FRAUD
● Some of the larger public accounting firms have
developed checklists to help uncover fraudulent
activity during an audit. Questions for such a
checklist might include:
○ Do key executives have unusually high
personal DEBT?
○ Do key executives appear to be living
BEYOND their MEANS?
○ Do key executives engage in habitual
GAMBLING?
○ Do key executives appear to abuse
ALCOHOL or DRUG?
○ Do any of the key executives appear to
lack personal CODES of ETHICS?
○ Are ECONOMIC conditions unfavorable
within the company’s industry?
○ Does the company use several different
banks, none of which sees the company’s
entire financial picture?
○ Do any key executives have close
ASSOCIATION with SUPPLIER?
○ Is the company experiencing a rapid
turnover of key employees, either through
QUITTING or being FIRED?
○ Do one or two individuals DOMINATE the
company?
2 EXAMPLES OF EMPLOYEE FRAUD
Employee fraud or frauds by non-management
employees are generally designed to directly convert
cash or other assets to the employee’s personal
benefit.

○ Auditor independence: More separation Employee fraud usually involves three steps:
between a firm’s attestation and 1. stealing something of value (an asset),
non-auditing activities. 2. converting the asset to a usable form (cash), and
3. concealing the crime to avoid detection.
○ Corporate governance and
responsibility: Audit committee ● CHARGES TO EXPENSE ACCOUNTS. The
members must be independent and theft of 50,000 cash could be charged to a
committee must hire and oversee the miscellaneous operating expense account. The
external auditors. loss of the cash reduces the firm’s assets by
50,000. To offset this, equity is reduced by 50,000
○ Issuer and management disclosure: when the miscellaneous expense account is
Increased requirements. closed to retained earnings, thus keeping the
accounting equation in balance.

21
 ● LAPPING. The employee first steals and cashes
a check for 5000 sent by Customer A. To
conceal the accounting imbalance caused by the
loss of the asset, Customer A’s account is not
credited - (deemed not received). Later (the next
billing period), the employee uses a 5000 check
received from Customer B and applies this to
Customer A’s account. Funds received in the
next period from Customer C are then applied to
the account of Customer B, and so on.
● Corruption involves a member of the
organization in collusion with an outsider.
Four principal types:
○ Bribery involves an exchange of value to
influence an official in the performance of
his or her lawful duties.
○ An illegal gratuity is an exchange of value
because of an official act that has been
taken. Similar to a bribe, but after the
fact.
○ A conflict of interest occurs when an
employee acts on behalf of a third party
during the discharge of his or her duties.
○ Economic extortion is use or threat of
force to obtain value.
FRAUD SCHEMES OF BRIBERY, ILLEGAL
GRATUITIES AND ECONOMIC DISTORTION
● Bribery involves giving, offering, soliciting, or
receiving things of value to influence an official in
the performance of his or her lawful duties.
Officials may be employed by government (or
regulatory) agencies or by private organizations.
Bribery defrauds the entity (business
organization or government agency) of the right to
honest and loyal services from those
employed by it.
● An illegal gratuity is similar to a bribe, but it
occurs after the fact. It involves giving, receiving,
offering, or soliciting something of value because
of an official act that has already been taken.
● Economic extortion is the use (or threat) of
force (including economic sanctions) by an
individual or organization to obtain something of
value. The item of value could be a financial or
economic asset, information, or cooperation
● The most common fraud schemes involve
some type of asset misappropriation (almost
90%).
○ Cash, checking accounts inventory,
supplies, equipment and information are
the most vulnerable to abuse.
22
FRAUD SCHEMES
● Skimming involves stealing cash before it is
recorded on an organization’s books.
● Cash larceny involves stealing cash after it is
recorded.
○ Lapping is a common technique.
● Billing schemes (vendor fraud) involves paying
false vendors by submitting invoices for fictitious
goods.
○ A shell company fraud includes a false
vendor set-up and false purchase orders.
○ A pass through fraud involves both a
legitimate and false vendor purchase (at a
much higher price).
○ A pay-and-return scheme involves double
payment with the clerk intercepting the
vendor reimbursement check.
● Check tampering involves altering legitimate
checks.
● Payroll fraud is the distribution of fraudulent
paychecks.
● Expense reimbursement fraud involve false or
inflated expense reimbursements.
● Thefts of cash are schemes that involve the
direct theft of cash on hand.
● Non-cash misappropriations involve the theft
of noncash assets like inventory or information.
● Computer fraud is discussed in a later chapter.
SKIMMING AND CASH LARCENY
Skimming involves stealing cash from an organization
before it is recorded on the organization’s books and
records,
larceny where cash receipts are stolen from an
organization after they have been recorded in the
organization’s books and records.
SHELL COMPANY FRAUD AND PASS THROUGH
FRAUD
Shell company fraud first requires that the
perpetrator establish a false supplier on the books of
the victim company. The fraudster then manufactures
false purchase orders, receiving reports, and
invoices in the name of the vendor and submits them
to the accounting system, which creates the illusion
of a legitimate transaction.
Pass through fraud is similar to the shell company
fraud with the exception that a transaction actually
takes place. Again, the perpetrator creates a false
vendor and issues purchase orders to it for inventory
or supplies. The false vendor then purchases the
needed inventory from a legitimate vendor. The false
vendor charges the victim company a much higher
than market price for the items, but pays only the
market price
HOW IS FRAUDULENT STATEMENT FRAUD
DIFFERENT
Fraudulent statements are associated with
management fraud. While all fraud involves some form
of financial misstatement, to meet the definition under
this class of fraud scheme, the statement itself must
bring direct or indirect financial benefit to the
perpetrator. In other words, the statement is not
simply a vehicle for obscuring or covering a fraudulent
act. For example, misstating the cash account balance
to cover the theft of cash does not fall under this class
of fraud scheme. On the other hand, understating
liabilities to present a more favorable financial picture
of the organization to drive up stock prices does
qualify.
● The absence or weakness of a control is an
exposure:
○ May result in asset destruction or theft
and corruption or disruption of the
information system.
● Preventive controls are passive techniques
designed to REDUCE undesirable events by
forcing compliance with prescribed or desired
actions.
○ Preventing errors and fraud is more
cost-effective than detecting and
correcting them.
● Detective controls are designed to IDENTIFY
undesirable events that elude preventive
controls.
● Corrective controls are ACTIONS taken to
REVERSE the effects of errors detected.

INTERNAL CONTROL CONCEPTS AND

TECHNIQUES
● The internal control system consists of
policies, practices and procedures to achieve
four broad objectives (SAME):
1. Safeguard assets of the firm.
2. Ensure Accuracy and reliability of ● Public company management responsibilities are
accounting records and information. codified in Sections 302 and 404 of SOX:
3. Promote Efficiency of the firm’s operations. ○ Section 302 requires management to
4. Measure compliance with management’s CERTIFY organization’s internal controls on
prescribed policies and procedures. a quarterly and annual basis.
○ Section 404 requires management to
Modifying Assumptions to the Internal Control ASSESS internal control effectiveness.
OBJECTIVES:
COMMITTEE OF SPONSORING ORGANIZATION OF
● Management Responsibility THE TREADWAY COMMISSION- COSO
○ The establishment and maintenance of a
system of internal control is the COSO internal control framework five components
responsibility of management. (CRIMC):
● Reasonable Assurance
○ Cost of achieving objectives should not 1. Control environment
outweigh the benefits. ● Foundation of internal control
● Methods of Data Processing ● sets the tone for the organization and
○ Control techniques vary with different influences control awareness.
types of technology. ● SAS 109 requires auditors to obtain sufficient
● Limitations (POCIMACHAN) knowledge to assess attitudes and
1. Possibility of error awareness of the management, board and
2. Circumvention, owners regarding internal controls.
3. Management override ● As a minimum, BOARD should ADOPT the
4. Changing conditions. provisions of SOX.

2. Risk Assessment
● Organizations must perform a risk
assessment to identify, analyze and manage
financial reporting risks.

3. Information and Communication

23
 ● The quality of information the AIS generates
impacts management’s ability to take actions
and make decisions.
● An effective system records all valid
transactions and provides timely and accurate
information.
4. Monitoring
● the process by which the quality of internal
control design and operations can be
assessed.
5. Control activities
● are policies and procedures to ensure
appropriate actions are taken to deal with
identified risks.
● IT controls relate to the computer
environment:
○ General control pertains to entity-wide IT
concerns such as controls over data
center, organization databases, systems
development, and program maintenance
○ Application controls ensure the integrity
of specific systems.
● Physical controls relate to human activities:
○ Transaction authorization is to ensure all
material transactions processed are valid.
○ Segregation of duties controls are
designed to minimize incompatible
functions including separating:
1. transaction authorization and
processing and
2. asset custody and record-keeping.
3. Successful fraud must require
collusion
○ Supervision is a control activity involving
the critical oversight of employees. It is a
compensating control in organizations too
small for sufficient segregation of duties
○ Accounting records consist of source
documents, journals and ledgers which
capture economic essence and provide an
audit trail.
○ Access controls ensure that only
authorized personnel have access to firm
assets.
○ Independent verification procedures are
checks to identify errors and
misrepresentations.
24
○ Differ from supervision - individual not
directly involved in the transaction or
task being verified
○ While supervision - superior directly
responsible for the task
○ Management can assess (1) Individual
performance, (2) System integrity and (3)
Data correctness. Includes:
■ Reconciling batch totals during
transaction processing.
■ Comparing physical assets with
accounting records.
■ Reconciling subsidiary accounts with
control accounts.
■ Reviewing management reports that
summarize business activities.
IT application controls are associated with
applications.
1. Input control (edits) perform tests on transactions
to ensure they are free from errors.
● Check digit is a control digit(s) that is
added to the data code when originally
assigned. Allows integrity to be established
during processing and helps prevent two
common errors:
○ Transcription errors occur when (1)
extra digits are added to a code, (2) a
digit is omitted from a code, or (3) a
digit is recorded incorrectly.
○ Transposition errors occur when
digits are reversed.
● Missing data check identifies blank or
INCOMPLETE input fields.
● Numeric-alphabetic check identifies data in
the wrong FORM.
● Limit checks identify fields that exceed
authorized LIMITS.
● Range checks verify that all AMOUNTS fall
within an acceptable range.
● Reasonableness checks verify that amounts
that have based limit and range checks are
reasonable.
● Validity checks compare actual fields against
acceptable values.
2. Processing controls are programmed procedures
to ensure an application’s logic is functioning
properly.
● Batch controls manage the flow of high
volume transactions and reconcile system
output with original input.
● Run-to-run controls monitor batch from one
process to another.
 ○ A hash total is the summation of a
nonfinancial field to keep track of
records.

● Audit trail controls ensure every transaction can

be traced through each stage to processing
from source to financial statements.
○ Every transaction the system processes,
including automatic ones, should be
recorded on a transaction log.

3. Master file backup controls may be viewed as

either a general control or an application control.
● GFS (grandfather-father-son) backup is
used with systems that use SEQUENTIAL
MASTER files.

Backup Process in Batch system using Direct

access files
● The destructive update approach leaves no
backup copy and requires a special
recovery program if data is destroyed or
corrupted.

Backup of Master Files in a Real-time System

● Real-time systems pose a more difficult
problem because transactions are being
processed continuously.
● Real-time systems therefore schedule
backups at specified daily intervals.

4. Output controls are procedures to ensure output

is not lost, misdirected or corrupted and that privacy
is not violated.
○ Can cause disruption, financial loss and
litigation.

● Controlling HARD-COPY OUTPUT:

25
 ○ Spooling is directing an application’s
output to a magnetic disk file rather than
to the printer directly because output data
in output devices can become backlogged
(bottleneck).
○ Output data can become backlogged
(spooling) requiring an intermediate output
file in the printing process.
■ Proper access and backup
procedures must be in place to
protect these files.
○ Print programs controls should be
designed to prevent unauthorized copies
and employee browsing of sensitive
data.
○ Sensitive computer waste should be
SHREDDED for protection.
○ Report distribution must be
CONTROLLED.
○ End-user should examine reports for
correctness, report errors and maintain
report security.
IF A COMPANY HAS STRONG INTERNAL
CONTROL, STOCKHOLDERS CAN EXPECT
ELIMINATION OF FRAUD: COMMENT
Strong internal control structure provides a very
good shield against FRAUD.
● shields are not 100 percent bulletproof,
especially when employees collude and/or top
management is involved.
● A strong internal control structure coupled
with good employee morals and ethics is
the best deterrence against fraud.
HOW HAS SARBANES-OXLEY ACT HAD A
SIGNIFICANT IMPACT ON CORPORATE
GOVERNANCE
Sarbanes-Oxley Act requires all audit committee
members
● to be independent
● hire and oversee the external auditors.
● This provision is consistent with many
investors who consider the board composition
to be a critical investment factor.
26
● For example, a Thomson Financial survey
revealed that most institutional investors want
corporate boards to be composed of at least
75 percent independent directors.
CONCEPT OF EXPOSURE AND WHY FIRMS
TOLERATE SOME EXPOSURE
Exposure is the absence or weakness of an internal
control.
● cost-benefit analysis may indicate that the
additional benefits of an internal control
procedure may NOT EXCEED the costs.
Thus, the firm may decide to tolerate some
control risk.
IF DETECTIVE CONTROLS SIGNAL FLAGS, WHY
SHOULDN’T THESE TYPES OF ERRORS
AUTOMATICALLY MAKE A CORRECTION
For any detected error, more than one feasible
corrective solution may exist, and the best course of
action may not always be obvious. Thus, linking an
automatic response to a detective control may
worsen a problem by applying an incorrect corrective
action.
NON-ACCOUNTING SERVICES THAT EXTERNAL
AUDITORS ARE NO LONGER PERMITTED TO
RENDER TO AUDIT CLIENTS
The act addresses auditor independence by creating
more SEPARATION between a firm’s attestation
(auditing) and non-auditing activities. This is
intended to specify categories of services that a
PUBLIC ACCOUNTING firm CANNOT perform for
its client.
● BOOKKEEPING or other services related to
the accounting records or financial statements;
● financial information SYSTEMS DESIGN and
implementation;
● APPRAISAL or valuation services, fairness
opinions, or contribution-in-kind reports;
● ACTUARIAL services;
● INTERNAL AUDIT outsourcing services;
● MANAGEMENT functions or human
resources;
● BROKER or dealer, investment advisor, or
investment banking services;
● legal services and expert services
UNRELATED to the audit; and
● any other service that PCAOB determines is
IMPERMISSIBLE.

FIRM WITH FEWER EMPLOYEES THAN THERE
ARE INCOMPATIBLE TASK SHOULD RELY ON
GENERAL THAN SPECIFIC AUTHORITY.
Small firms with FEWER EMPLOYEES than there are
incompatible tasks should rely more heavily on
specific authorizations. More approvals of decisions
by management and increased supervision should be
imposed in order to somewhat compensate for the
LACK OF SEPARATION OF DUTIES.
INTERNAL AUDITING FUNCTION REPORTS
DIRECTLY TO THE CONTROLLER: COMMENT ON
THE EFFECTIVENESS OF THIS ORGANIZATIONAL
STRUCTURE
Having the internal auditing function report to the
CONTROLLER is unacceptable.
● If the controller is aware of or involved in a
fraud or defalcation, then he/she may give
false or inaccurate information to the auditors.
● the auditors may lose their jobs if they do not
keep certain matters quiet also exists.
● Further, the fraud may be occurring at a level
higher than the controller, and the controller
may fear losing his/her job if the matter is
pursued.
● The BEST ROUTE is to have the internal
auditing function report directly to the
BOARD OF DIRECTORS.
COMMENT ON THE EXPOSURE, IF ANY CAUSED
BY COMBINING THE TASKS OF PAYCHECK
PREPARATION AND DISTRIBUTION TO
EMPLOYEES
If a payroll employee were to prepare a paycheck for
a nonexistent employee (perhaps under an
alias, or in the name of a relative),
● This employee also has the task of
distributing the checks, then no one would
be the wiser.
if the checks go directly to another person, who then
distributes the paychecks, then the extra check
should be discovered.
EXPOSURE AND RISK
Exposures are weaknesses in the internal control
system.
● For example, assigning the same clerk
responsibility for receiving and booking cash
and also updating accounts receivable is an
exposure.
● Risks relate to the potential consequences of
exposures. The risk associated with this
exposure is that the clerk will perpetrate a
FRAUD such as lapping.
WHY ARE COMPUTER ETHICS ISSUES OF
PRIVACY, SECURITY AND PROPERTY
OWNERSHIP OF INTEREST TO ACCOUNTANTS
Privacy is the degree of restricted access to
personal data. The creation and maintenance of
huge, shared databases makes it necessary to
protect individuals (and organizations) from the
potential misuse of such data. This raises the issue
of ownership in the personal information industry. Why
can client firms that are unrelated to individuals buy
and sell information about those individuals without
their permission? Should privacy be protected through
policies and systems of internal controls within the
firms that hold the data? If so, the auditors of the firms
may need to develop standards for assessing such
controls in their client’s systems.
Computer security is an attempt to avoid
undesirable events such as illegal access to
systems that result in loss of confidentiality or data
integrity. However, security can be used both to protect
personal property and to undermine freedom of
legitimate access to data. Automated monitoring can
be used both to detect intruders and to spy on
legitimate users, thus diminishing their privacy.
Auditors are in position to determine where this line is
to be drawn and to assess the effectiveness and
appropriateness of security measures in place.
Laws designed to preserve real property ownership
rights have been extended to cover what is referred to
as intellectual property, such as computer software.
The question here becomes, what can an individual (or
organization) own? Ideas? Media? Source code?
Object code? Copyright laws have been invoked in
an attempt to protect those who develop software
from having it copied.
● However, many believe the copyright laws can
cause more harm than good. For example,
should the “look and feel” of a software
package be granted copyright protection?
The League for Programming Freedom argues that the
best interest of computer users is served when
industry standards emerge; copyright laws work to
disallow this. Issues relating to ownership and
valuation of digital property are currently under review
by the accounting profession. Legal resolution may
have potentially profound implications for both
accounting firms and their clients. For example, since
patent searches are expensive and unreliable,
programmers (and their organizations) may be sued
27
for inadvertently using a computer process on which
someone else holds the patent. Such an environment
increases business risk and associated audit risk.
COLLUSION BETWEEN EMPLOYEES AND
MANAGEMENT IN THE COMMISSION OF FRAUD IS
DIFFICULT TO BOTH PREVENT AND DETECT
Collusion among employees in the commission of a
fraud is difficult to both prevent and detect. This is
particularly true when the collusion is between
managers and their subordinate employees.
Management plays a key role in the internal control
structure of an organization. They are relied upon to
prevent and detect fraud among their subordinates.
When they participate in fraud with the employees
over whom they are supposed to provide
oversight, the organization’s control structure is
weakened, or completely circumvented, and the
company becomes more vulnerable to losses.
PROBLEMS ASSOCIATED WITH AUDITORS LACK
OF INDEPENDENCE
Auditing firms who are also engaged by their clients
to perform non-accounting activities such as
actuarial services, internal audit outsourcing services,
and consulting lack independence. They are
essentially auditing their own work.
● RISK: as auditors they WILL NOT BRING to
management’s attention detected problems
that may adversely affect their consulting
fees.
● For example, Enron’s auditors, Arthur
Andersen, were also its internal auditors and
its management consultants.
THE PROBLEMS ASSOCIATED WITH LACK OF
DIRECTORS INDEPENDENCE
Many boards of directors are composed of
individuals who are not independent. Examples of lack
of independence are directors who have a personal
relationship by serving on other companies’
boards of directors; have a business trading
relationship as key customers or suppliers of the
company; have a financial relationship as primary
stockholders or have received personal loans from the
company; and have an operational relationship as
employees of the company. With a lack of director
independence, in addition to an increased risk of
fraud, there also exists a decreased ability for
objective decision making.
PROBLEMS ASSOCIATED WITH QUESTIONABLE
COMPENSATION SCHEMES
28
A survey by Thompson Financial revealed the strong
belief that executives have abused stock-based
compensation.
● fewer stock options should be offered than
currently is the practice.
● Excessive use of short-term stock options
to compensate directors and executives may
result in short-term thinking and strategies
aimed at driving up stock prices at the
expense of the firm’s long-term health.
● In extreme cases, financial statement
misrepresentation has been the vehicle to
achieve the stock price needed to exercise
the option.
PROBLEMS ASSOCIATED WITH INAPPROPRIATE
ACCOUNTING PRACTICES
The use of inappropriate accounting techniques is
a characteristic common to many financial
statement FRAUD SCHEMES.
Enron made elaborate use of Special Purpose
Entities (SPE) to hide liabilities through off
balance-sheet accounting.
WorldCom management transferred transmission line
costs from current expense accounts to capital
accounts. This allowed them to defer some operating
expenses and report higher earnings. Also, they
reduced the book value of hard assets of MCI by $3.4
billion and increased goodwill by the same amount.
Had the assets been left at book value, they would
have been charged against earnings over four years.
Goodwill, on the other hand, was amortized over
much longer period.
IN THIS AGE OF HIGH TECHNOLOGY AND
COMPUTER BASED INFORMATION SYSTEMS,
WHY ARE ACCOUNTANTS CONCERNED ABOUT
PHYSICAL CONTROLS
This class of controls relates primarily to the human
activities employed in accounting systems. These
activities may be purely manual, such as the physical
custody of assets, or they may involve the use of
computers to record transactions or update accounts.
Physical controls do not relate to the computer logic
that actually performs these accounting tasks. This is
the subject matter of Chapter 16. Rather, they relate
to the human activities that initiate such computer
logic. In other words, physical controls do not
suggest an environment in which clerks update
paper accounts with pen and ink. Virtually all
systems, regardless of their sophistication, employ
human activities that need to be controlled.
MODULE 4 – THE REVENUE CYCLE
The Conceptual System: Sales Order Procedures
● Receive order.
○ Begins with receipt of customer order which
is transcribed into a formal sales order which
is placed in the customer order file for future
reference. May take days or weeks.
● Check credit.
○ Before processing orders, creditworthiness
must be established.
● Pick goods.
○ The stock release or picking ticket provides ● Update inventory records.
authorization to warehouse personnel to ○ The inventory control function updates
release goods which are sent to shipping inventory subsidiary ledger accounts from
along with the verified stock release. the stock release document information.
○ Warehouse employees adjust stock records ● Update accounts receivable records.
to reflect inventory reduction and prepare ○ Customer records in the accounts
back-order records if insufficient goods. receivable (AR) subsidiary ledger updated
from the sales order ledger copy.
● Post to general ledger.
○ General ledger function uses journal
vouchers to update control accounts.

● Ship goods.
○ Shipping department uses the packing slip
and shipping notice to reconcile goods
received from the warehouse.
○ Goods are packaged, bill of lading is
prepared, goods are given to the carrier, and
shipment is recorded in the shipping log.
● Bill customer.
○ Done after shipment by sending a completed
sales invoice.
○ Billing record-keeping includes recording the
sale in the sales journal.
○ The sales journal is a special journal used
for recording completed sales transactions.
Entries are summarized in a sales journal
voucher used to update the GL control
account.

29
 ○ Employees not involved in the cash receipts
process reconcile receipts by comparing (1) a
copy of the prelist, (2) deposit slips and
(3) related journal vouchers.

● Prepare a return slip.

○ Customer records in the accounts
receivable (AR) subsidiary ledger updated
from the sales order ledger copy.
● Prepare a credit memo.
○ If the clerk has authorization, send it directly
to the billing function.
● Approve credit memo.
○ Credit manager evaluates and returns the
approved credit memo to the sales
department.
● Update sales journal. Physical Systems
● Physical accounting information systems
● Update inventory and AR records. combine technology and human activity.
○ Smaller businesses tend to rely less on
● Update general ledger technology, whereas larger companies tend
to employ advanced technologies.
○ Nature of the mix employed in a system
impacts the internal controls needed to
control the system.
● Computers in basic technology revenue systems
are independent.
○ Information between departments is
communicated via hard-copy documents.
○ Maintaining physical files of source
documents is critical to the audit trail.

● Open mail and prepare a remittance list.

○ Remittance advice is a turnaround document.
● Record and deposit checks.
○ After reconciling, employee records check in
the cash receipts journal and prepare a
bank deposit slip.
● Update accounts receivable records.

● Update general ledger.

● Reconcile cash receipts and deposits. 1. Basic Sales Order Processing

● Begins with a customer placing an order.
30
 ○ Sales department captures details on a sales
order form.
● Credit department verifies credit and approves
orders.
● Warehouse sends inventory to shipping and
records inventory reduction.
● Shipping reconciles order, prepares bill of lading,
ships items, records transaction and sends stock
release to billing.
● Billing department bills customers and updates
sales journals.
● AR and inventory clerks update subsidiary
ledgers.
○ Journal vouchers and summaries are
periodically sent to GL for reconciliation and
posting.
2. Basic Cash Receipts Processes
● Checks and remittance advice received in the
mail room.
○ Clerk reconciles items, endorses checks,
prepares remittance list and sends checks
and list copy to cash receipts department.
○ Remittance advice and list copy sent to AR.
● Cash receipts clerk records checks in the cash
receipts journal, prepares deposit slips and sends
checks to the bank.
○ Periodically a journal voucher is sent to the
GL department.
● AR updates customer balances and sends
summary to GL.
● GL clerk reconciles amounts and posts to control
accounts.
● Controller clerk performs periodic bank
reconciliations.
3. Advanced Technology
● Advanced technologies allow integration of
accounting with other business systems
through a common information system.
○ Objective is to improve performance and
reduce costs.
○ Can significantly alter and simplify the
revenue cycle.
○ Remittance advice and list copy sent to AR.
● With an integrated sales order processing system
many functions are performed automatically to
the center computer system.
○ These labor intensive activities increase
operating costs and contribute to human
error.
○ Technology reduces costs and errors,
increasing efficiency.
4. Integrated Cash Receipts
● Checks and remittance advice received in the
mail room.
○ Clerk reconciles items, endorses checks,
prepares remittance list and sends checks,
remittance advice and list to cash receipts.
● Cash receipts clerk reconciles checks and
creates a record in the cash receipts journal for
each remittance advice, and prepares deposit
slips.
○ Members of the security group deposit
checks in the bank.
● System automatically closes sales invoice, posts
to GL, and prepares and distributes various
management reports.
● Controller clerk periodically reconciles remittance
lists, deposit slips, cash receipts journal and GL
cash account.
31
 ■ Cash receipts clerk should not have
access to GL cash.
■ Personnel with physical custody of
inventory should not update records
○ IT controls include multilevel security.
● Unauthorized access to accounting records
and reports.
○ Motives include attempts to create fraud, data
theft and malicious acts.
○ Physical controls include access controls and
segregation of duties such that the
5. Risks and Internal Controls
perpetration of a fraud requires collusion.
● Primary risks associated with revenue cycle
○ IT controls include passwords and multilevel
transactions:
security.
● Undetected data input errors:
○ IT controls include data checks and check
6. Multilevel Security
digit edits to help prevent errors.
● Employs programmed techniques that permit
● Selling to un-creditworthy customers:
simultaneous access to a central system by many
○ Physical controls include proper transaction
users with different access privileges.
authorization, including a segregation of
○ Users are prevented from obtaining
duties between transaction authorization and
information for which they lack authorization.
transaction processing.
● Two common multilevel security methods:
○ IT controls include automatic credit checking.
○ Access control list (ACL) method assigns
● Shipping incorrect items or quantities:
privileges directly to individuals which is
○ Physical controls include independent
burdensome in large organizations.
verification.
○ Role-based access control (RBAC) creates
○ IT controls include scanner technology and
standard tasks called roles that are assigned
automated ordering.
specific privileges.
● Inaccurately recording transactions in
■ Once a role is created, individuals are
journals and accounts.
assigned to it.
○ Physical controls include transaction
■ Easy to add or delete roles as job
authorization, accounting records,
responsibilities change.
prenumbered documents, special journals,
subsidiary ledgers, general ledger control
accounts, files and independent verification:
■ Shipping department reconciles goods
being shipped against packing slip to
ensure the customer is receiving correct
items and quantity.
■ Billing function reconciles original sales
order with shipping notice to ensure bills
are correct and sales are recorded
properly.
■ GL function reconciles journal vouchers
7. Point-of-Sale (POS) Systems
and summary reports prepared
● POS systems used extensively in retail
independently in different functional
establishments.
areas before posting to control accounts.
○ Customers pick items from shelves and take
○ IT controls include automated postings and
them to a cashier.
file backups.
● Clerk scans the Universal product code (UPC) of
● Misappropriation of cash receipts and
items.
inventory.
○ Price and description retrieved from inventory
○ Physical controls include transaction
file.
authorization, supervision (especially in the
○ Inventory levels are updated and reordered
mail room), access controls and segregation
as needed.
of duties:
● System automatically calculates taxes, discounts
■ Cash receipts function should be
and total.
separate from the AR function.
○ Non-cash payments are approved via online
connection.
32
● At shift end, money and receipts reconciled to the
internal cash register tape with cash over and
shorts accounts for.
● Cash receipts clerk prepares deposit slip for total
daily cash receipts and batch program posts entry
to the GL.

8. POS Control Issues

● Authorization:
○ Clerk should match the customer's signature
with the credit card.
● Supervision:
○ Surveillance cameras and floor security help
prevent shoplifting and employee theft.
● Access Control:
○ Separate cash drawers, locked showcases
and magnetic tags attached to merchandise
help control theft.
● Accounting records:
○ Only supervisors should access internal cash
register tapes.
● Independent verification:
○ Cash drawers should be reconciled to internal
register tapes.

9. Reengineering
● Electronic data interchange (EDI) expedites
transactions.
○ Customer’s computer automatically orders
inventory as needed.
○ Seller processes orders with little or no
human involvement.
○ Binding terms specified in a trading partner
agreement.
○ Control problems include ensuring only valid
transactions are processed and that
accounting records are not compromised.
● Doing business on the Internet involves both
business-to-business (B2B) and
business-to-consumer (B2C) transactions.
○ Opens the door to thousands of business
partners without formal trading agreements.
○ Risks include threats from computer hackers,
viruses and transaction fraud.

33