INTRODUCTION TO ACCOUNTING INFORMATION

1
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

Module 003

Ethics, Fraud and Overview of Internal Controls

LEARNING OBJECTIVES (LO)

After completing this module, the student is expected to:

1. Understand the ethical issues in business

2. Understand the areas of concern of Sarbanes Oxley Act
3. Define fraud
4. Determine the fraud triangle
5. Distinguish different types of fraud
6. Understand the objectives of internal control
7. Understand the COSO Internal Framework

Course Module
LO 1
Ethical Issues in Business

Ethics pertains to the principles of conduct that individuals use in making choices and guiding
their behavior in situations that involve the concepts of right and wrong.

It involves finding the answers to the following questions:

1. How do managers decide what is right in conducting their business? and

2. Once managers have recognized what is right, how do they achieve it?

Ethical issues in business can be divided into four areas:

1. equity,
2. rights,
3. honesty, and
4. the exercise of corporate power.

Presented beloware some of the business practices and decisions in each of these areas that have
ethical implications.
 INTRODUCTION TO ACCOUNTING INFORMATION
3
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

(excerpted from Accounting Information System by James Hall)

Course Module
 Sarbanes Oxley Act
LO 2 (excerpted from European Association of Communications Agencies)

What is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act was passed in the US in 2002, having been drawn up followinga
number ofhigh profile accounting scandals, such as Enron, that seriously dentedinvestor
confidence.

The Act brought significant legislative changes to financial practice and

corporategovernance regulation with the stated objective to "protect investors by
improving theaccuracy and reliability of corporate disclosures made pursuant to the
securities laws."

Which companies are affected by Sarbanes-Oxley?

The Act applies to US public companies and their global subsidiaries and from June 2005 it
will also apply to any foreign company whose shares are traded on the US stock exchange
and those who are contemplating such a listing.

The US Securities and Exchange Commission (SEC) have extended the deadline for non US
companies to comply with section 404 of the Sarbanes-Oxley Act to July 2006. The 12-
month extension will allow most UK companies a full financial year to deal with the
International Financial Reporting Standard (IFRS), the European Union's financial services
action plan and the new listing regime in the UK before full compliance with Sarbanes-
Oxley

Who will this affect?

The Sarbanes-Oxley Act is likely to affect the following:

1. Agencies with US parents

2. Agencies with non US parents but who have a listing on the US stock market
3. Agencies who have clients that are traded on the US stock market may also find they are
requested to indicate that they are Sarbanes-Oxley compliant
 INTRODUCTION TO ACCOUNTING INFORMATION
5
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

What does the Sarbanes-Oxley Act require?

The Sarbanes-Oxley legislation is wide ranging and establishes new or enhanced standards
for all US public company Boards, Management, and public accounting firms.

Under the terms of the act the CEO and CFO must certify that company accounts and other
financial statements fairly represent their firm's financial position. In addition the
company's management must state annually that they are responsible for financial control
within their company, have assessed the effectiveness of their internal systems and
processes for financial control and have confirmed their operation in practice.

Sarbanes-Oxley law contains 11 titles, or sections, ranging from additional Corporate Board
responsibilities to criminal penalties. The act requires Security and Exchange Commission
(SEC) to implement rulings on requirements to comply with the new law

There are two main requirements of the act:

1. Section 302 - Management assessment of disclosure controls

a. Disclosure of material information to the SEC
b. changes to disclosure controls
c. changes to internal control over financial reporting all known control
deficiencies and weaknesses any acts of fraud
2. Section 404 - Management assessment of internal controls over financial reporting
a. This section requires public companies to verify that their financial reporting
systems have the proper controls, such as ensuring that revenue is recognized
correctly. More specifically measures must be put in place to evaluate design &
effectiveness of internal controls disclose all significant deficiencies and material
weaknesses disclose acts of fraud

Course Module
 The Sarbanes-Oxley Act requires that these changes be made to safeguard against
possibility of fraud through contract compliance, written policies and stronger internal
controls to match the contract compliance in line with the policies.

What does this mean in practice?

Agencies will need to ensure that every process that impacts upon the financial processes
of the agency is fully documented. This is likely to impact a range of departments across the
agency not just those in the financial department. There is likely for example to a significant
impact upon IT departments in an era where much information is generated and stored
electronically.

Agencies will need to ensure that all key risks are identified and that the controls they have
in place match those risks.

Agencies will need to ensure that the key controls they have in place are tested and that
any gaps they have in those controls are reported upon and closed.

For well run agencies this will be:

• an exercise in documentation
• an opportunity to identify operational improvements

For agencies with unknown control weaknesses Sarbanes-Oxley offers an opportunity to fix
them.

For agencies with known control weaknesses Sarbanes-Oxley offers the opportunity to set
the record straight.
 INTRODUCTION TO ACCOUNTING INFORMATION
7
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

What are the implications for supplying information that is knowingly false?

The act makes the chief executives and chief financial officers of companies personally
responsible for the information that is included in their financial accounts and systems of
internal financial control.

The penalties for supplying information that is knowingly false are severe:

1. 20 years imprisonment
2. $5m fine

Are there any benefits to be gained from Sarbanes-Oxley compliance?

Agencies may find that there are benefits of upgrading their financial management systems
such as:

1. operations that are more streamlined

• a better linkage between project management and financial reporting better
management of internal and external resources better and more timely
information leading to better decision making implementing a modern business
management and finance system and allow agency management and staff to
focus on the core business of the agency
2. cost efficiency is likely to have an impact upon the bottom line
• clients and/or procurement departments may prefer to deal with agencies that
are Sarbanes-Oxley compliant as this gives an indication that financial
operations are transparent, well managed and accurately reported.

Fraud
LO 3

Course Module
- It denotes a false representation of a material fact made by one party to another party
with the intent to deceive and induce the other party to justifiably rely on the fact to his
or her detriment.
- In a business setup, it is an intentional deception, misappropriation of a company’s
assets, or manipulation of its financial data to the advantage of the perpetrator.
- It is commonly known as white-collar crime, defalcation, embezzlement, and
irregularities.
- According to common law, a fraudulent act must meet the following five conditions:
1. False representation
- There must be a false statement or a nondisclosure.
2. Material fact
- A fact must be a substantial factor in inducing someone to act.
3. Intent
- There must be the intent to deceive or the knowledge that one’s
statement is false.
4. Justifiable reliance
- The misrepresentation must have been a substantial factor on which the
injured party relied.
5. Injury or loss
- The deception must have caused injury or loss to the victim of the fraud.
- Levels of Fraud:
• employee fraud
• management fraud

Employee Fraud
▪ This is a fraud committed by non-management employees where
employee circumvents the company’s internal control system for
personal gain
▪ Usually involves the following steps:
1. stealing something of value (an asset),
2. converting the asset to a usable form (cash), and
3. concealing the crime to avoid detection.
 INTRODUCTION TO ACCOUNTING INFORMATION
9
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

Management Fraud

▪ This is a fraud does not involve a direct theft of assets.

▪ Top management may engage in fraudulent activities to meet investor
expectations through
o driving up the market price of the company’s stock or
o taking advantage of stock options that have been loaded into the
manager’s compensation package.
▪ Typically, it typically contains the following three special characteristics:
1. The fraud is perpetrated at levels of management above the one to
which internal control structures generally relate.
2. The fraud frequently involves using the financial statements to
create an illusion that an entity is healthier and more prosperous
than, in fact, it is.
3. If the fraud involves misappropriation of assets, it frequently is
shrouded in a maze of complex business transactions, often
involving related third parties.

Course Module
LO 4
Fraud Triangle

It consists of three factors that contribute to or are associated with management and employee
fraud.

• Situational Pressure
• Opportunity
• Ethics

Situational Pressure
▪ These are personal or job-related stresses that could coerce an individual
to act dishonestly

Opportunity

▪ Involves direct access to assets and/or access to information that controls

assets

Ethics

▪ Pertains to one’s character and degree of moral opposition to acts of

dishonesty.

Evaluation of fraud isenhanced when the fraud triangle factors are considered. In doing so,
auditors often use a red-flag checklist consisting of the following types of questions:

• Do key executives have unusually high personal debt?

• Do key executives appear to be living beyond their means?
• Do key executives engage in habitual gambling?
• Do key executives appear to abuse alcohol or drugs?
• Do any of the key executives appear to lack personal codes of ethics?
• Are economic conditions unfavorable within the company’s industry?
• Does the company use several different banks, none of which sees the company’s
entire financialpicture?
• Do any key executives have close associations with suppliers?
• Is the company experiencing a rapid turnover of key employees, either through
resignation or termination?
• Do one or two individuals dominate the company?
 INTRODUCTION TO ACCOUNTING INFORMATION
11
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

(excerpted from Accounting Information System by James Hall)

LO 5 Types of Fraud

1. FraudulentStatements

2. Corruption

3. Asset Misappropriation

Fraudulent Statements

- This is associated with management fraud.

- This involves some form of financial misstatement that has direct or indirect
financial benefit to the perpetrator
- Example:

Course Module
 Understating liabilities to present a more favorable financial picture of the
organization to drive up stock prices.

Corruption

- This involves an executive, manager, or employee of the organization incollusion

with an outsider
- Four principal types of corruption:
1. bribery,
2. illegal gratuities,
3. conflicts of interest, and
4. economic extortion.

Bribery

• It involves giving, offering, soliciting, or receiving things of value to

influence an official in the performance of his or her lawful duties.

Illegal Gratuities
• It involves giving, receiving, offering, or soliciting something of
value because of an official act that has been taken.

Conflicts of Interest
• It occurs when an employee acts on behalf of a third party during
the discharge of his or her duties or has self-interest in the activity
being performed.

Economic Extortion

• It is the use (or threat) of force (including economic sanctions) by

an individual or organization to obtain something of value.
 INTRODUCTION TO ACCOUNTING INFORMATION
13
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

Asset Misappropriation

- This is the most common fraud schemes where assets are either directly or
indirectly diverted to the perpetrator’s benefit
- Transactions involving cash, checking accounts, inventory, supplies, equipment,
and information are the most vulnerable to abuse.
- The following are the fraud schemes involving asset misappropriation:
▪ Skimming
▪ Cash Larceny
▪ Billing
▪ Check Tampering
▪ Payroll
▪ Expense Reimbursement
▪ Theft of Cash
▪ Non-Cash Misappropriations

Skimming
• It involves stealing cash from an organization before it is recorded
on the organization’s books and records.
Cash Larceny
• It involves schemes in which cash receipts are stolen from an
organization after they have been recorded in the organization’s
books and records.
Billing
• Also known as “vendor fraud”
• This is perpetrated by employees who causes their employer to
issue a payment to a false supplier or vendor by submitting
invoices for fictitious goods or services, inflated invoices, or
invoices for personal purchases

Check Tampering

Course Module
 • This involves forging or changing in some material way a check
that the organization has written to a legitimate payee.
Example:
An employee steals an outgoing check to a vendor through
forging the payee’s signature, and then, cashes the check

Payroll
• This involves distribution of fraudulent paychecks to existent
and/or nonexistent employees.
Example:
A supervisor keeps an employee on the payroll who has left the
organization and still continues to submit time cards to the
payroll department as if the employee is still working in the
organization.
This scheme usually happens if the supervisor is responsible
for distributing paychecks to employees

Expense Reimbursement
• This involves a scheme wherein an employee makes a claim for
reimbursement offictitious or inflated business expenses
Example:
A salesperson files false expense reports, claiming meals,
lodging, and travel that never occurred

Theft of Cash
• This involves a direct theft of cash on hand in the organization.
Example:
An employee makes false entries on a cash register, such as
voiding a sale, to conceal the fraudulent removal of cash.
 INTRODUCTION TO ACCOUNTING INFORMATION
15
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

LO 6 Overview of Internal Control

A properly designed system of internal controls should reduce the risk of errors and prevent
anindividual from perpetrating and concealing fraud.

The internal control system comprises policies, practices, and procedures employed by the
organization to achieve the following four broad objectives:
1. To safeguard assets of the firm.
2. To ensure the accuracy and reliability of accounting records and information.
3. To promote efficiency in the firm’s operations.
4. To measure compliance with management’s prescribed policies and procedures.

The structure of an organization and assignment of job duties should be designed to segregate
certain functions within this environment.Cost-benefit criteria must be considered.

Segregation of duties
For any given transaction, the following functions preferably should be performed by
separate individuals in different parts of the organization:
• Authorization of the transaction
• Recording of the transaction
• Custody of assets associated with the transaction
• Internal control system is designed to detect fraud by one person but not fraud by
collusion or management override.

Course Module
 Organizational Hierarchy
1. In a medium-sized or larger organization, adequate segregation of duties can be
achieved by separating the responsibilities of the following corporate-level
executives:

VP of Operations/COO Sales, Purchasing, Warehousing, Receiving,

Shipping and Production
Controller/CAO A/R, Billing, A/P, GL, Inventory control, Cost
Accounting, Payroll
Treasurer/CFO Cash Receipts and Disbursement, Credit
VP of Administration Mail Room
VP of Human Resources Human Resources
 INTRODUCTION TO ACCOUNTING INFORMATION
17
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

LO 7
COSO Internal Framework

The SAS 78/COSO framework consists of five components:

1. Control Environment,
2. Risk Assessment,
3. Information and Communication,
4. Monitoring, and
5. Control Activities.

Control Environment

The control environment is the foundation for the other four control components.

It sets the tone for the organization and influences the control awareness of its
management andemployees.

Important elements of the control environment are:

• The integrity and ethical values of management.
• The structure of the organization.
• The participation of the organization’s board of directors and the audit
committee, if one exists.
• Management’s philosophy and operating style.
• The procedures for delegating responsibility and authority.
• Management’s methods for assessing performance.
• External influences, such as examinations by regulatory agencies.
• The organization’s policies and practices for managing its human resources.

Risk Assessment

Course Module
Organizations must perform a risk assessment to identify, analyze, and manage
risksrelevant to financialreporting. Risks can arise or change from circumstances
such as:

• Changes in the operating environment that impose new or changed

competitive pressures on the firm.
• New personnel who have a different or inadequate understanding of internal
control.
• New or reengineered information systems that affect transaction processing.
• Significant and rapid growth that strains existing internal controls.
• The implementation of new technology into the production process or
information system that impactstransaction processing.
• The introduction of new product lines or activities with which the
organization has little experience.
• Organizational restructuring resulting in the reduction and/or reallocation of
personnel such thatbusiness operations and transaction processing are
affected.
• Entering into foreign markets that may impact operations (that is, the risks
associated with foreign currencytransactions).
• Adoption of a new accounting principle that impacts the preparation of
financial statements.

SAS 78/COSO requires that auditors obtain sufficient knowledge of the

organization’s risk assessmentprocedures to understand how management
identifies, prioritizes, and manages the risks related to financialreporting.
 INTRODUCTION TO ACCOUNTING INFORMATION
19
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

Information and Communication

The accounting information system consists of the records and methods used
toinitiate, identify, analyze,classify, and record the organization’s transactions and
to account for the related assets and liabilities.

An effective accounting information system will:

• Identify and record all valid financial transactions.
• Provide timely information about transactions in sufficient detail to permit
proper classification and financial reporting.
• Accurately measure the financial value of transactions so their effects can be
recorded in financial statements.
• Accurately record transactions in the time period in which they occurred.

SAS 78/COSO requires that auditors obtain sufficient knowledge of the

organization’s information system to understand:

• The classes of transactions that are material to the financial statements and
how those transactions are initiated.
• The accounting records and accounts that are used in the processing of
material transactions.
• The transaction processing steps involved from the initiation of a transaction
to its inclusion in the financial statements.
• The financial reporting process used to prepare financial statements,
disclosures, and accounting estimates.

Course Module
Monitoring
Monitoring is the process by which the quality of internal control design and
operation can be assessed. Monitoring process is needed since the management
must determine if internal controls are functioning as intended

Control Activities
These are the policies and procedures used to ensure that appropriate actions are
taken to dealwith the organization’s identified risks.

Control activities can be grouped into two distinct categories

1. informationtechnology (IT) controls and
2. physical controls.

Information Technology (IT) Controls

IT controls relate specifically to the computer environment
Physical Controls
This type of controls relates primarily to manualactivities in the
accounting systems, such as the physical custody of assets and are
categorized into the following physical activities:
• transactionauthorization,
• segregation of duties,
• supervision,
• accounting records,
• access control, and
• independentverification

Transaction Authorization
- This ensures that allmaterial transactions
processed by the information system are valid and
in accordance with management’sobjectives.
- This may be a general or specific authorization.
 INTRODUCTION TO ACCOUNTING INFORMATION
21
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

▪ General Authorization
- This is granted to operations personnelto
perform day-to-day operations.
- Example:
Authorizing the purchase of inventories
from a designated vendor only when
inventory levels fall to their
predeterminedreorder points

▪ Specific Authorization
- This is granted in dealing with case-by-
case decisions associated with
nonroutinetransactions
- Example:
Decidingwhether to extend a particular
customer’s credit limit beyond thenormal
amount

Segregation of Duties
- Segregating employee duties to minimize
incompatible functions

Supervision
- A compensating control if an organization cannot
employ and achieve adequate segregation of duties
due to lack of manpower.

Accounting Records
Course Module
- Consist of source documents,journals, and ledgers
which captures the economic essence of
transactions and provide an audittrail of economic
events

Access Control
- This ensures that only authorized personnel
haveaccess to the firm’s assets.

Independent Verification
- These are verification procedures that are
independent checking of the accounting system to
identify errors and misrepresentations
- Example:
o Reconciling batch totals at points during
transaction processing.
o Comparing physical assets with accounting
records.
o Reconciling subsidiary accounts with control
accounts.
o Reviewing management reports (both
computer and manually generated) that
summarize businessactivity.
 INTRODUCTION TO ACCOUNTING INFORMATION
23
ETHICS, FRAUD AND OVERVIEW OF INTERNAL CONTROLS

References and Supplementary Materials

Books and Journals

1. Hall, James A (2016). Accounting Information System (9th ed). Boston City: Cengage
Learning.

Online Supplementary Reading Materials

1. Sarbanes Oxley Act of

2002;https://pcaobus.org/About/History/Documents/PDFs/Sarbanes_Oxley_Act_of_
2002.pdf; July 14, 2018.
2. Sarbanes Oxley Act Guideline; http://www.eaca.eu/wp-
content/uploads/2016/06/sarbanes.pdf; July 14, 2018.

Course Module