Chapter 3

ETHICS,

FRAUD, AND

INTERNAL CONTROL
Objectives for Chapter 3
Understand the broad issues pertaining to business ethics
• Understand what constitutes fraudulent behavior
• Be able to explain fraud-motivating forces
• Be familiar with typical fraud schemes perpetrated by managers
and employees
• Be familiar with the common anti-fraud techniques used in both
manual systems and computer-based systems
• Be familiar with the use of the ACL in the detection of fraud
 Business Ethics
Ethics
- pertains to the principles of conduct that individuals use in ma
king choices and guiding their behavior in situations that involve t
he concept of right and wrong

Business ethics
1. How do managers decide what is right in conducting their busi
ness?
2. Once managers have recognized what is right, how do they ac
hieve it?
 Ethical principles that provide some guidance in the
discharge of manager's ethical responsibility:

• Proportionality
-benefit must outweigh the risk
• Justice
-benefit should be distributed fairly to those who
share the risk
• Minimize risk
. -the decision should be implemented so as to
minimize the risk and avoid unneccesary risk
Four Main Areas of Business Ethics
 COMPUTER ETHICS
concerns the social impact of computer technology (hardware, s
oftware, and telecommunications).

Three levels of computer ethics

• Pop
-exposure to stories and reports found in the popular media regarding the
good or bad ramifications of computer technology
• Para
-involves taking a real interest in computer ethics cases and acquiring
some level of skill and knowledge in the field
• Theoretical
-is of interest to multidisciplinary researchers with the goal of bringing some
understanding in the field
COMPUTER ETHICS

 Ownership of Property
 Does software fit with the current categories and conventions
regarding ownership?

 Equity in Access
 How can hardware and software be designed with consideration
for differences in physical and cognitive skills?
 COMPUTER ETHICS

 Environmental Issues
 Should organizations limit nonessential hard copies?
 Should proper recycling be required?
 How can it be enforced?
 Artificial Intelligence
 Who is responsible for the completeness and
appropriateness of the knowledge base?
 Who owns the expertise once it is coded into a knowledge
base?
 COMPUTER ETHICS

 Unemployment and Displacement

 Should employers be responsible for the retraining workers who
are displaced as a result of computerization of their functions?

 Misuse of computers
 Does it matter if the computer is used during company time or
outside of work hours?
 Is it okay to look through files that belongs to someone else?
SARBANES-OXLEY ACT and ETHICAL ISSUES

▪ SOX is the most significant securities law

since the SEC Acts of 1933 and 1934.
▪ It has many provisions designed to deal with
specific problems relating to capital
markets, corporate governance and the
auditing profession.
SARBANES-OXLEY ACT and ETHICAL ISSUES

 Section 406-Code of Ethics for Senior

Financial Officers
 Requires public companies to disclose to the
SEC whether they have adopted a code of
ethics that applies to the organization’s CEO,
CFO, Controller or persons performing
similar functions.
SARBANES-OXLEY ACT and ETHICAL ISSUES

The SEC has ruled that compliance with the Section 406
necessitates a written code of ethics that addresses the following
ethical issues:

1. Conflict of interest
2. Full and Fair disclosures
3. Legal Compliance
4. Internal reporting of Code Violations
5. Accountability
"FRAUD & Accountants"
 Where were Auditors?

Statement on Auditing Standards (SAS) No. 99,

Consideration of Fraud in a Financial
Statement Audit.

The objective of SAS 99 is to seamlessly blend the

auditor’s consideration of fraud into all phases of
the audit process. In addition, SAS 99 requires the
auditor to perform new steps such as a
brainstorming during audit planning to assess the
potential risk of material misstatement of the
financial statements from fraud schemes.
Fraud denotes a false representation
of a material fact made by one party to
another party with the
intent to deceive and induce the other
party to justifiably rely on the fact to his
or her detriment
Five Conditions of Fraud
▪ False representation - false statement or nondisclosure
▪ Material fact - a fact must be substantial in inducing
someone to act
▪ Intent to deceive must exist
▪ The misrepresentation must have resulted in justifiable
reliance upon information, which caused someone to
act
▪ The misrepresentation must have caused injury or loss
Fraud in Business Environment

Intentional deception...
▪ Misappropriation of company's assets.
▪ Manipulation of financial data to the
advantage of financial perpetrator.
In accounting literature fraud is commonly known as:

• White-collar Crime
• Defalcation
• Embezzlement
• Irregularities
 Employee Fraud

▪ Committed by non-management personnel

▪ Usually consists of: an employee taking cash
or other assets for personal gain by
circumventing a company’s system of
internal controls
3 STEPS OF EMPLOYEE FRAUD

(1) stealing something of value (an asset),

(2) converting the asset to a usable form (cash),

and

(3) concealing the crime to avoid detection

Management Fraud

▪ More insidious than employee fraud.

▪ Usually does not involve direct theft of
assets.
TOP LEVEL MANAGEMENTS

Top management may engage in fraudulent

activities to drive up the market price of
the company’s stock. This may be done to meet
investor expectations or to take advantage of
stock
options that have been loaded into the
manager’s compensation package.
 The Commission on Auditors’
Responsibilities calls this performance fraud, which...

...often involves deceptive practices to

inflate earnings
or to forestall the recognition of either
insolvency or a decline in earnings
LOWER-LEVEL MANAGEMENTS

typically involves materially misstating financial

data and internal reports to gain additional
compensation, to garner a promotion, or to
escape the penalty for poor performance
3 SPECIAL CHARACTERISTICS OF MANAGEMENT
FRAUD
▪ It is perpetrated at levels of management above the
one to which internal control structure relates.
▪ It frequently involves using the financial statements
to create an illusion that an entity is more healthy
and prosperous than it actually is.
▪ If it involves misappropriation of assets, it frequently
is shrouded in a maze of complex business
transactions, often involving third parties.
Why Fraud Occurs

Fire needs...

Oxygen Fuel

Spark
FRAUD TRIANGLE

Situational
Available
Pressures
Opportunitie
an employee is
s poor
experiencing
internal
financial difficulties
controls

Personal Characteristics
personal morals of individual employees
Red flag checklist questionnaires.

• Do key executives have unusually high

personal debt?

• Do key executives appear to be living beyond

their means?

• Do key executives engage in habitual

gambling?

• Do key executives appear to abuse alcohol or

drugs?
 Red flag checklist questionnaires.

• Do any of the key executives appear to lack

personal codes of ethics?

• Are economic conditions unfavorable within the

company’s industry?

• Does the company use several different banks,

none of which sees the company’s entire
financial
picture?
Red flag checklist questionnaires.

• Do any key executives have close associations

with suppliers?

• Is the company experiencing a rapid turnover of

key employees, either through resignation or
termination?

• Do one or two individuals dominate the

company?
Financial Losses from Fraud
Association of Certified Fraud Examiners (ACFE)
Study in 2018
 Fraud Schemes

Fraudulent Asset
Corruption
Statements Misappropriation
Fraudulent Statement

Associated with management fraud

Statement itself must bring direct or
indirect benefit to the perpetrator
e.g Understating liability to present a
more favourable financial picture of
the organization
Fraudulent Statement
Loss
Asset
Percentage Of Corruption
Misappro
375,000.0
Fraud 0 priation

150,0…
Fraudulent
Fraudulen Statement
t s
Statement Corruption
s, 10% , 27%,
21% Fraudulent Statements 2,000,000.
Corruption
Asset 00
Misappro Asset Misappropriation
priation,
89%

Fraudulent Statements Corruption

Asset Misappropriation
Underlying Problems

Lack of Auditor Independence

Lack of Director Independence
Questionable Executive compensation
Scheme

Inappropriate accounting practices

CORRUPTION

1. BRIBERY
- Involves giving, offering, soliciting, or receiving things of
value to influence an official in the performance of his or her lawful
duties.

2. ILLEGAL GRATUITIES
- Involves giving, receiving, offering or soliciting something of
value because of an official act that has been taken.
- This is similar to Bribe, but the transaction occurs after the
fact.
3. CONFLICT OF INTEREST
- Occurs when an employee acts on behalf of a
third party during this discharge of his or her duties or
has self-interest in the activity being performed.

4. ECONOMIC EXTORTION
- Is the use (or threat) of force by an individual or
organization to obtain something of value.
ASSET MISAPPROPRIATION

▪ SKIMMING
- involves stealing cash from an
organization before it is recorded on the
organization’s books and records.

▪ CASH LARCENY
- involves schemes where cash
receipts are stolen from an organization
Sarbanes-Oxley and Fraud

Accounting Oversight Board

Auditor Independence
Corporate Governance and Responsibility

Issuer and management Disclosure

Fraud and Criminal Penalties
Auditor Independence

1. Bookkeeping
2. Financial information systems design and implementation
3. Appraisal or valuation services, fairness opinions, or contribution-
in-kind reports
4. Actuarial services
5. Internal audit outsourcing services
6. Management functions or human resources
7. Broker-dealer, investment adviser, or investment banking services
8. Legal services and expert services unrelated to the audit
9. Any other service that the PCAOB determines impermissible
Billing Schemes

▪ Vendor fraud
▪ Perpetrated by employees who cause their
employer to issue a payment to false supplier or
vendor.
○ HOW?
■ By submitting invoices for fictitious
goods or services.
■ By submitting inflated invoices.
■ By submitting invoices for personal
purchases.
3 examples of billing schemes:

1. Shell company fraud

▫ Requires the perpetrator establish a false supplier on the
books of the victim company then manufactures the false
PO, receiving reports and invoices in the name of the vendor
and submits them to the accounting system .
3 examples of billing schemes:

▪ 2. Pass- through fraud

▫ The perpetrator establish a false vendor . The false vendor
then purchases the needed inventory from a legitimate
vendor. False vendor charges the victim company a much
higher than the market price for the items, but pays only the
market price to the legitimate vendor. The difference is the
profit that the perpetrator pockets.
3 examples of billing schemes:

▪ Pay- and- return scheme

▫ Third form of vendor fraud.
▫ A clerk with check writing authority who pays a vendor twice
for the same products received.
Check tampering
• Forging or changing in some
material way a check that the
organization has written to
legitimate payee.

Payroll Fraud
▪ Distribution of fraudulent paychecks
to existent and/or nonexistent
employees.
Expense
Reimbursements
Employee which makes a claim
for reimbursement of fictitious
or inflated business expenses.

Thefts of Cash
Direct theft of cash on
hand in the organization.

Non- cash
Misappropriations
Misuse of the victim
organizations non- cash
assets.
Computer Fraud

▪ The theft, misuse, or misappropriation of assets by

altering computer readable- records and files
▪ The theft, misuse, or misappropriation of assets by
altering the logic of computer software.
▪ The theft or illegal use of computer- readable information.
▪ The theft, corruption, illegal copying, or intentional
destruction of computer software.
▪ The theft, misuse, or misappropriation of computer
hardware.
Data Collection

▪ To ensure that transaction data entering system are valid,

complete, and free from material errors.
▪ Filter irrelevant facts from the system.
▪ Two rules govern the design of data collection procedures:
▫ Relevance and Efficiency
▪ Simplest way to perpetrate computer fraud is at the data
collection or entry stage . The fraudulent act involves
entering falsified data into the system.
 Data Processing
Data requires processing to produce information

Data Processing Frauds:

 Database Management

▪ Database- physical repository for financial

and nonfinancial data.
▪ Database Management Fraud- includes
altering, deleting, corrupting, destroying, or
stealing an organization’s data.
 Information Generation
▪ It is the process of compiling, arranging, formatting and presenting
information to users.
▪ Useful information has the following characteristics:
 Relevance
 Timeliness
 Accuracy
 Completeness
 Summarization
Information Generation Frauds:

▪ Scavenging- searching through the trash

cans of the computer center
▪ Eavesdropping- listening to output
transmissions over telecommunications line.
AUDITOR’S
RESPONSIBILITY FOR
DETECTING FRAUD
SAS NO.99 , Consideration of Fraud in a
Financial Statement Audit

▪ Pertains to the following areas of

financial statement Audit:
1. Description & Characteristics of Fraud
2. Professional Skepticism
3. Engagement Personnel Discussion
SAS No. 99 – Part of Audit Planning
JOA – Before & During Information Gathering
4.Obtaining Audit
Evidence &
Information

5.Identifying Risks

6. Assessing the
Identified Risks
7. Responding to the Assessment

A response that has an over-all effect on how the audit

is conducted.

extent
A response to identify risk that involves the nature, timing &
of the auditing procedures to be performed.

 A response involving the performance of certain

procedures to further address the risk of material
misstatement.
SAS NO.99 , Consideration of Fraud in a Financial
Statement Audit

8. Evaluating Audit Evidence &

Information
9. Communicating Possible Fraud
10.Documenting Consideration of
Fraud
FRAUDULENT FINANCIAL REPORTING

Risk Factors
▪ Management’s Characteristics and
influence over the Control Environment
▪ Industry Conditions
▪ Operating Characteristics and
Financial Stability
Examples
-Improper treatment of Sales
-Improper Asset Valuation
MISAPPROPRIATION OF ASSETS

Risk Factors
▪ Succeptibility of Assets to Misappropriation
▪ Controls

Examples:
- Ghost Employees
- Lapping
- Theft of cash (or inventory)
Auditor’s Response to Risk Assessment

▪ Risk of material misstatements

due to fraud may affect the audit
in the following ways
1. Engagement Staffing and extent of
Supervision
2. Professional Skepticism
3. Nature, timing and extent of procedures
performed
Response to detected misstatements due to fraud

No Material Effect on FS
1. Refer to the appropriate level of
management at least one-level
above of those involved
2. Be satisfied that Implications for
other aspects of audit have been
considered
Response to detected misstatements
due to fraud
Has a Material Effect on FS
1. Consider the Implications for other aspects
of the audit
2. Discuss the matter with senior management
and with the Audit Committee
3. Attempt to determine whether the fraud is
material
4. Suggest that the Client consult with legal
counsel, if appropriate
FRAUD DETECTION TECHNIQUES
FRAUD DETECTION TECHNIQUES

▪ ACL (Audit Command Language)

ACL was designed as a meta-language for
auditors to access data stored in various digital
formats and to test them comprehensively. In
fact, many of the problems associated with
accessing complex data structures have been
solved by ACL’s Open Database Connectivity
(ODBC) interface.
FRAUD DETECTION TECHNIQUES

▪ Fraud Profile
To find the trail in the masses of data, the
auditor first develops a “fraud profile” that
identifies the data characteristics that one
would expect to find in a specific type of fraud
scheme.
 THREE COMMON FRAUD SCHEMES:
Payments to fictitious vendors payroll fraud lapping accounts
receivable
PAYMENT TO FICTITIOUS VENDORS

A preliminary step in this scheme requires the perpetrator to create

a phony vendor organization and establish it in the victim organization’s
record as a legitimate supplier. The fraud profile describing the false-vendor
scheme and the audit procedures are described next.

▪ Sequential Invoice Numbers

▪ Vendors with P.O. Boxes
▪ Vendors with Employee Address
▪ Multiple companies with the same address
▪ Invoice amount slightly below the review threshold
Sequential Invoice Numbers

The audit procedure is to use ACL to sort

the records of the invoice file by invoice
number and vendor number. This will highlight
records that possess series characteristics,
which can then be retrieved for further review.
Vendors with P.O. Boxes

The audit procedure is this: Using ACL’s

expression builder, create a filter to select
vendor records from the invoice file that use
P.O. box addresses.
Vendors with Employee Addresses

The audit procedure is to use ACL to join

the employee file and the invoice file using the
address fields as the common key for both files.
Only records that match should be passed to
the resulting combined file. These records can
then be reviewed further.
Multiple Companies with the Same Address

As an audit safeguard, use ACL’s

Duplicates command to generate a listing of
mailing addresses that are common to two or
more vendors
Invoice Amounts Slightly below the Review
Threshold

The audit procedure for this situation is to

use ACL’s expression builder to create a value
range around the control threshold. To highlight
suspicious activity that warrants further
investigation, sort payments records that fall
within this range by vendor.
PAYROLL FRAUD

▪ Test for excessive hours worked

▪ Test for duplicate payments
▪ Test for non-existent employees
Test for Excessive Hours Worked

Use ACL’s Expression Builder to select

payroll records that reflect excessive hours
worked.
Test for Duplicate Payments

Use ACL’s Duplicates function to search

payroll records for employees with the
following characteristics:

• Same employee number, same name, same address, etc. (duplicate payments)
• Same name with different mailing addresses
• Same name with different checking accounts
• Same name with different Social Security numbers
• Same mailing address with different employee names
Test for Nonexistent Employees

Use ACL’s Join feature to link the payroll

and employee files using Employee Number as
the common attribute.
LAPPING ACCOUNTS RECEIVABLE

▪ The Balance Forward Method

The balance forward method is used
extensively for consumer accounts. Total sales to
customers for the period are itemized and billed at
the period end. Customers are required to pay only
a minimum amount off the balance. The rest of the
balance, plus interest, is carried forward to the next
period
LAPPING ACCOUNTS RECEIVABLE

The Open Invoice Method

Often used to manage trade accounts receivable (sales

to other business organizations). Each invoice is recorded as a
separate item in the invoice file. Checks received from
customers are usually in payment of individual invoices. Since
good credit relations between customer and supplier are
critical, payments tend to be on time and in full. Partial
payments resulting in balances carried forward are the
exception rather than the norm