Accounting Information System

ETHICS, FRAUD, AND

INTERNAL CONTROL
Chapter 3
Ethics, Fraud, and Internal Control
Enron Scandal
The Enron scandal, revealed in October 2001,
eventually led to the bankruptcy of the Enron
Corporation, an American energy company
based in Houston, Texas, and the dissolution of
Arthur Andersen, which was one of the five
largest audit and accountancy partnerships in
the world. In addition to being the largest
bankruptcy reorganization in American history
at that time, Enron was attributed as the
biggest audit failure.
Enron Scandal
Enron was formed in 1985 by Kenneth Lay after
merging Houston Natural Gas and InterNorth. Several
years later, when Jeffrey Skilling was hired, he
developed a staff of executives that, through the use
of accounting loopholes, special purpose entities, and
poor financial reporting, were able to hide billions in
debt from failed deals and projects. Chief Financial
Officer Andrew Fastow and other executives not only
misled Enron's board of directors and audit committee
on high-risk accounting practices, but also pressured
Andersen to ignore the issues.
Enron Scandal
Shareholders lost nearly $11 billion when Enron's stock
price, which hit a high of US$90 per share in mid-
2000, plummeted to less than $1 by the end of
November 2001. The U.S. Securities and Exchange
Commission (SEC) began an investigation, and rival
Houston competitor Dynegy offered to purchase the
company at a fire sale price. The deal fell through,
and on December 2, 2001, Enron filed for
bankruptcy under Chapter 11 of the United States
Bankruptcy Code. Enron's $63.4 billion in assets made
it the largest corporate bankruptcy in U.S. history until
WorldCom's bankruptcy the following year.
Enron Scandal
Many executives at Enron were indicted for a variety of
charges and were later sentenced to prison. Enron's
auditor, Arthur Andersen, was found guilty in a United
States District Court, but by the time the ruling was
overturned at the U.S. Supreme Court, the firm had
lost the majority of its customers and had shut down.
Employees and shareholders received limited returns
in lawsuits, despite losing billions in pensions and stock
prices.
Enron Scandal
As a consequence of the scandal, new regulations and
legislation were enacted to expand the accuracy of
financial reporting for public companies. One piece
of legislation, the Sarbanes-Oxley Act, expanded
repercussions for destroying, altering, or fabricating
records in federal investigations or for attempting to
defraud shareholders. The act also increased the
accountability of auditing firms to remain unbiased
and independent of their clients.
 Sarbanes-Oxley Act of 2002
Section 404 –
 Management must identify, document, and evaluate

significant internal controls

 Auditors must report on management’s assertions

regarding internal controls

Section 409 –
 Requires disclosure to the public on a

“rapid and current” basis of material changes in an

organization’s financial condition.

Implications for both public and private accountants

8
Ethical Issues in Business
 Ethical standards are derived from societal mores and
deep-rooted personal beliefs about issues of right and
wrong that are not universally agreed upon.
 Ethics pertains to the principles of conduct that
individuals use in making choices and guiding their
behavior in situations that involve the concepts of right
and wrong.
 Business Ethics involves finding the answers to the two
questions: (1) How do managers decide what is right in
conducting their business? (2) Once managers have
recognized what is right, how do they achieve it?
Making Ethical Decision
 Business organization have conflicting
responsibilities to their employees,
shareholders, customers, and the public. Every
major decision has consequences that
potentially harm or benefit this constituents.
(Ex. Pursuing computerize system will result to
employees losing their jobs.)
Proportionality
 The benefit from the decision must outweigh the
risks. Furthermore, there must be no alternative
decision that provides the same or greater benefit
with less risks.
 Justice. The benefits of the decision should be
distributed fairly to those who share the risks. Those
who do not benefit should not carry the burden of
risk.
 Minimize risk. Even if judged acceptable by the
principles, the decision should be implemented so as
to minimize all the risks and avoid unnecessary risks.
Computer Ethics
 Is the analysis of the nature and social impact of
computer technology and the corresponding
formulation and justification of policies for the
ethical use of such technology.
 Concerns for Computer Ethics
 Privacy - Unemployment and Displacement
 Security (Accuracy and Confidentiality)

 Ownership of Property - Misuse of Computers

 Equity of Access

 Environmental Issues

 Artificial Intelligence
Fraud
 Denotes a false representation of a material fact
made by one party to another party with the intent
to deceive and induce the other party to justifiably
rely on the fact to his or her detriment.
 Five Conditions of Fraudulent Act
 False Representation
 Material fact

 Intent

 Justifiable reliance

 Injury or loss
Kinds of Fraud
 Employee Fraud – is generally designed to directly
convert cash or other assets to the employee’s
personal benefit. Typically, the employee
circumvents the company’s internal control system for
personal gain. If a company has an effective
internal control, defalcations or embezzlements can
usually be prevented or detected.
 Stealingsomething of value (an asset)
 Converting the asset to a usable form (cash)

 Concealing the crime to avoid detection

Kinds of Fraud
 Management Fraud
 Lower management fraud typically involves materially misstating
financial data and internal reports to gain additional
compensation, to garner promotion, or to escape the penalty for
poor performance.
 Characteristics of Management Fraud
 The fraud is perpetrated at levels of management above the
one to which internal control structures generally relate.
 The fraud frequently involves using the financial statements to
create and illusion that an entity is healthier and more
prosperous than, in fact, it is.
 If the fraud involves misappropriation of assets, it is frequently
is shrouded in maze of complex business transaction, often
involving related third parties.
The Fraud Triangle
 Consists of three factors that contribute to or are
associated with management and employee fraud
 Situational Pressure. Which includes personal or job-
related stresses that could coerce an individual to act
dishonestly
 Opportunity. Which involves direct access to assets
and/or access to information that controls assets
 Ethics. Which pertains to one’s character and degree of
moral opposition to acts of dishonesty.
Fraud Triangle
Pressure Opportunity Pressure Opportunity

No
Fraud

Fraud

Ethics Ethics
Fraud Schemes

 Fraudulent Statements
 Lack of Auditor Independence

 Lack of Director Independence

 Questionable Executive Compensation

Schemes
 Inappropriate Accounting Practices
Fraud Schemes
 Corruption - involves an executive, manager, or employee of the
organization in collusion with an outsider.
 Four Principal Types of Corruption
 Bribery. Involves giving, offering, soliciting, or receiving things of
value to influence an official in the performance of his/her lawful
duties.
 Illegal Gratuities. Involves giving, receiving, offering, or soliciting
something of value because of an official act that has been
taken.
 Conflicts of Interest. Occurs when an employee acts on behalf of
a third party during the discharge of his/her duties or has a self-
interest in the activity being performed.
 Economic Extortion. Is the use (or threat) of force by an individual
or organization to obtain something of value.
Asset Misappropriation
 Skimming involves stealing cash from an organization
before it is recorded on the organization’s books and
records. (ex. Mail room fraud)
 Cash Larceny involves schemes in which cash receipts
are stolen from an organization after they have been
recorded in the organization’s books and records. (ex.
Lapping)
 Billing Schemes (vendor fraud) are perpetrated by
employees who causes their employer to issue a
payment to a false supplier or vendor by submitting
invoices for fictitious goods or services.
Asset Misappropriation
 Check Tampering involves forging or changing in some material
way a check that the organization has written to a legitimate
payee.
 Payroll Fraud is the distribution of fraudulent paychecks to
existent and/or nonexsitent employees.
 Expense Reimbursements frauds are schemes in which an
employee makes a claim for reimbursements of fictitious or
inflated business expenses.
 Thefts of Cash are schemes that involve the direct theft of cash
on hand in the organization.
 Non-Cash fraud schemes involve the theft or misuse of the victim
organization’s non-cash assets.
Internal Control
 Comprises of policies , practices, and procedures
employed by the organization to achieve four
broad objectives:
1. To safeguard assets of the firm
2. To ensure the accuracy and reliability of accounting
records and information
3. To promote efficiency in the firm’s operations
4. To measure compliance with management’s
prescribed policies and procedures
Modifying Assumptions
 Management Responsibility
 Reasonable Assurance
 Methods of Data Processing
 Limitations
 Possibility
of errors – no perfect system
 Circumvention

 Management Override

 Changing Conditions
The Internal Controls Shield
Preventive, Detective, and Corrective Controls
Five Internal Control
Components: SAS 78 / COSO
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment
• Integrity and ethics of management
• Organizational structure
• Role of the board of directors and the audit
committee
• Management’s policies and philosophy
• Delegation of responsibility and authority
• Performance evaluation measures
• External influences—regulatory agencies
• Policies and practices managing human
resources
2: Risk Assessment

• Identify, analyze and manage risks

relevant to financial reporting:
– changes in external environment
– risky foreign markets
– significant and rapid growth that strain internal
controls
– new product lines
– restructuring, downsizing
– changes in accounting policies
3: Information and Communication
• The AIS should produce high quality
information which:
– identifies and records all valid transactions
– provides timely information in appropriate
detail to permit proper classification and
financial reporting
–accurately measures the financial value of
transactions
– accurately records transactions in the time
period in which they occurred
Information and Communication
• Auditors must obtain sufficient knowledge of the IS to
understand:
– the classes of transactions that are material
• how these transactions are initiated[ in p ut]
• the associated accounting records and accounts
used in processing [input]
– the transaction processing steps involved from the
initiation of a transaction to its inclusion in the financial
statements[process]
– the financial reporting process used to compile
financial statements, disclosures, and estimates
[output]
4: Monitoring

The process for assessing the quality of

internal control design and operation
• Separate procedures—test of controls by
internal auditors
• Ongoing monitoring:
– computer modules integrated into routine
operations
– management reports which highlight trends
and exceptions from normal performance
5: Control Activities

• Policies and procedures to ensure that the

appropriate actions are taken in response
to identified risks
• Fall into two distinct categories:
– IT controls—relate specifically to the
computer environment
– Physical controls—primarily pertain to
human activities