Chapter 11:

Introduction to Business
Ethics and Fraud

IT Auditing & Assurance, 2e, Hall &

IT Auditing & Assurance,
Singleton2e, Hall & Singleton
 ETHICS
Pertains to the principles of conduct that
individuals use in making choices and
guiding their behavior in situations that
involve the concepts of right and wrong.
Business Ethics
 How do managers decide on what is right in
conducting business?
 Once managers have recognized what is
right, how to they achieve it?
 The necessity to have an articulate
foundation for ethics and a consistent
application of the ethical standards.
IT Auditing & Assurance, 2e, Hall & Singleton
 BUSINESS ETHICS
Basis of Ethical Standards
 Religious
 Philosophical
 Historical
 IBM combination of all three
Ethical Issues in Business [Table 11-1]
 Equity  Honesty
 Exec. salaries  Conflicts of interest
 Pricing  Security of data & records
 Foreign practices [FCPA]
 Rights  Accurate F/S reporting
 Health (screening)  Exercise of Corp. Power
 Privacy  PAC, and politics
 Sexual harassment  Workplace safety
 Equal opportunity  Downsizing, closures
 Whistleblowing

IT Auditing & Assurance, 2e, Hall & Singleton

IMPLEMENTING BUSINESS ETHICS
Role of Management
 Create and maintain appropriate ethical atmosphere
 Limit the opportunity and temptation for unethical
behavior
 Management needs a methodology for including
lower-level managers and employees in the ethics
schema
 Many times, lower-level managers responsible to uphold
ethical standards
 Poor ethical standards among employees are a root cause of
employee fraud and abuses
 Managers and employees both should be made aware
of firm’s code of ethics
 What if management is unethical? e.g., Enron

IT Auditing & Assurance, 2e, Hall & Singleton

IMPLEMENTING BUSINESS ETHICS
Making Ethical Decisions
 Business schools can and should be involved in ethical
development of future managers
 Business programs can teach students analytical techniques to
use in trying to understand and properly handle a firm’s conflicting
responsibilities to its employees, shareholders, customers, and
the public
 Every ethical decision has risks and benefits. Balancing them is
the manager’s ethical responsibility:

Ethical Principles
 Proportionality: Benefits of a decision must outweigh the
risks. Choose least risky option.
 Justice: Distribute benefits of decision fairly to those who
share risks. Those who do not benefit should not carry any risk
 Minimize Risk: Minimize all risks.

IT Auditing & Assurance, 2e, Hall & Singleton

 COMPUTER ETHICS
A new problem or just a new twist to an old
problem?

Although computer programs are a new type of asset,

many believe that they should not be considered as
different form other forms of property; i.e.,
intellectual property is the same as real property and
the rights associated with real property.

IT Auditing & Assurance, 2e, Hall & Singleton

COMPUTER ETHICAL ISSUES
1. Privacy:
 Ownership of personal information
 Policies
2. Security:
 Systems attempt to prevent fraud and abuse of
computer systems, furthering the legitimate
interests of firm
 Shared databases have potential to disseminate
inaccurate info to authorized users
3. Ownership of Property:
 Federal copyright laws
4. Race:
 African-Americans and Hispanics constitute 20%
of population but 7% of MIS professionals
IT Auditing & Assurance, 2e, Hall & Singleton
COMPUTER ETHICAL ISSUES
5. Equity in Access:
 Some barriers are avoidable, some are not
 Factors: economic status, affluence of firm,
documentation language, cultural limitations
6. Environmental Issues:
 Should firms limit non-essential hard copies?
 What is non-essential?
 Disposal of equipment and supplies (toner)
7. Artificial Intelligence:
 Who is responsible for faulty decisions from
an Expert System?
 What is the extent of AI/ES in decision-making
processes?
IT Auditing & Assurance, 2e, Hall & Singleton
COMPUTER ETHICAL ISSUES
8. Unemployment & Displacement:
 Computers and technology sometimes replace jobs
(catch-22, productivity)
 Some people unable to change with IT, get displaced
and find it difficult to obtain new job
9. Misuse of Computer:
 Copying proprietary software
 Using a firm’s computers for personal benefit
 Snooping through firm’s files
10. Internal Control Responsibility:
 Unreliable information leads to bad decision, possible
financial distress
 Management must establish and maintain a system of
appropriate internal controls to ensure integrity and
reliability of data (antithetical)
 IS professionals and accountants are central to
adequate internal controls
IT Auditing & Assurance, 2e, Hall & Singleton
 FRAUD & ACCOUNTANTS
The lack of ethical standards* is fundamental to the occurrence of
business fraud.
No major aspect of the independent auditor’s role has caused more
difficulty for public accounting than the responsibility for detection of
fraud during an audit. [article]
This issue has gathered momentum outside the accounting profession to
the point where the profession faces a crisis in public confidence in
its ability to perform independent attest functions. [SAS 82]
Fraud denotes a false representation of a material fact
made by one party to another party with the intent to
deceive and induce the other party to justifiably rely on
the fact to his/her detriment, i.e., his/her injury or loss.
Synonyms: White-collar crime, defalcation,
embezzlement, irregularities.

IT Auditing & Assurance, 2e, Hall & Singleton

 FRAUD
A fraudulent act must meet the following 5
conditions:

1. False representation
2. Material fact
3. Intent
4. Justifiable reliance
5. Injury or loss

IT Auditing & Assurance, 2e, Hall & Singleton

 FRAUD TREE
 Asset misappropriation fraud
1. Stealing something of value – usually cash or inventory (i.e.,
asset theft)
2. Converting asset to usable form
3. Concealing the crime to avoid detection
4. Usually, perpetrator is an employee

 Financial fraud
1. Does not involve direct theft of assets
2. Often objective is to obtain higher stock price (i.e., financial fraud)
3. Typically involves misstating financial data to gain additional
compensation, promotion, or escape penalty for poor
performance
4. Often escapes detection until irreparable harm has been done
5. Usually, perpetrator is executive management
 Corruption fraud
1. Bribery, etc.

IT Auditing & Assurance, 2e, Hall & Singleton

 FRAUD SCHEMES
 Fraudulent financial statements {5%}
 Corruption {10%}
 Bribery
 Illegal gratuities
 Conflicts of interest
 Economic extortion
 Asset misappropriation {85%}
 Charges to expense accounts
 Lapping ?
 Kiting ?
 Transaction fraud

IT Auditing & Assurance, 2e, Hall & Singleton

 EMPLOYEE FRAUD

 Employee Theft

1) Theft of asset
2) Conversion of asset (to cash)
3) Concealment of fraud

IT Auditing & Assurance, 2e, Hall & Singleton

 MANAGEMENT FRAUD
 Special Characteristics:

1. Perpetrated at levels of management above the one

where internal controls relate
2. Frequently involves using the financial statements to
create false image of corporate financial health
3. If fraud involves misappropriation of assets, it
frequently is shrouded in a complex maze of
business transactions, and often involves third
parties. [e.g., ZZZZ Best fraud]

IT Auditing & Assurance, 2e, Hall & Singleton

 FRAUD TRIANGLE
 People engage in fraudulent activities as a result of forces
within the individual (their ethical system) and without (from
temptation and/or stress from the external environment)
1. Situational Pressures
2. Opportunity
3. Rationalization
 A person with a high level of personal ethics and limited
pressure and opportunity to commit fraud is most likely to
behave honestly [Figure 11-2]
 A person with low level of integrity, and moderate to high
pressures, and moderate to high opportunity is most likely
to commit fraud
 Auditors can develop a “red flag” checklist to detect
possible fraudulent activity
 A questionnaire approach could be used to help auditors
uncover motivations for fraud
IT Auditing & Assurance, 2e, Hall & Singleton
 POSSIBLE QUESTIONNAIRE
Do key executives have unusually high personal debt?
Do key executives appear to be living beyond their means?
Do key executives engage in habitual gambling?
Do key executives appear to abuse alcohol or drugs?
Do key executives appear to lack personal codes of ethics?
Do key executives appear to be unstable (e.g., frequent job or residence changes,
mental or emotional problems)?
Are economic conditions unfavorable within the company’s industry?
Does the company use several different banks, none of which sees the company’s
entire financial picture?
Do key executives have close associations with suppliers?
Do key executives have close associations with members of the Audit Committee
or Board?
Is the company experiencing a rapid turnover of key employees, either through
quitting or being fired?
Do one or two individuals dominate the company?
Does anyone never take a vacation?

IT Auditing & Assurance, 2e, Hall & Singleton

 FINANCIAL LOSSES FROM
FRAUD
 1996, 2002, and 2004 study by Association of CFE (“Report to the
Nation”) estimated losses from fraud and abuse at 6% of annual
revenues! Based on GDP in 2002, that would be $600B, and in
2004 $660B in losses.
 Actual cost is difficult to quantify because:
1. All fraud is not detected
2. Of ones detected, not all are reported
3. In many cases, incomplete information is gathered
4. Information is not properly distributed to management or law
enforcement authorities
5. Too often, business organizations decide to take no civil or
criminal action against the perpetrator of fraud
 Organizations with 100 or fewer employees were the most
vulnerable to fraud
 SEC fraud violations reported in COSO “Landmark Study”
1998 IT Auditing & Assurance, 2e, Hall & Singleton
 FINANCIAL LOSSES FROM
FRAUD
 Profile of perpetrator:
 By position – Table 11-3
 By gender – Table 11-5
 By age – Table 11-6
 By Education – Table 11-7
 Conclusions about profile?
 Fraudsters do not look like crooks!
 Collusion – Table 11-4
1. Significant reason to adhere to segregation of duties
2. Risks associated with a key position held by a trusted
employee who unknowingly has weak ethics

IT Auditing & Assurance, 2e, Hall & Singleton

 UNDERLYING PROBLEMS

 Lack of auditor independence

 Lack of director independence
 Questionable executive
compensation schemes
 Inappropriate accounting practices

IT Auditing & Assurance, 2e, Hall & Singleton

 SARBANES-OXLEY ACT
 PCAOB
 Auditor independence
 List of services considered non-
independent
 Corporate governance
 Issuer and management disclosure
 Fraud and criminal penalties

IT Auditing & Assurance, 2e, Hall & Singleton

ANTI-FRAUD PROFESSION
 Fraud auditors
 Forensic accountants
 Association of Certified Fraud Examiners
 Certified Fraud Examiner certification
 – http://www.acfe.org
Forensic Accounting
 Investigation
 Evidence for court
 Litigation
 CFE – Association of Certified Fraud Examiners
 See newsletter sample at ACFE web site

IT Auditing & Assurance, 2e, Hall & Singleton

 The End

IT Auditing & Assurance, 2e, Hall &

IT Auditing & Assurance,
Singleton 2e, Hall & Singleton