Professional Documents
Culture Documents
Chapter 2 - : Ethics, Fraud, and Internal Control
Chapter 2 - : Ethics, Fraud, and Internal Control
Chapter 2 - : Ethics, Fraud, and Internal Control
Part 11
Ethics, Fraud,
and Internal
Control
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2
FRAUD SCHEMES
• Three categories of fraud schemes according to the
Association of Certified Fraud Examiners (ACFE):
(1) Fraudulent Statements
(2) Corruption
(3) Asset Misappropriation
• Fraudulent Statements
• Misstating the financial statements to make the copy
appear better than it is
• Usually occurs as management fraud
• For example:
• Understating liabilities to present a more favorable
financial picture of the organization.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3
FRAUD SCHEMES (continued)
• Corruption
• Corruption involves an executive, a manager, or an
employee of the organization in collusion with an
outsider.
• Bribery involves giving, offering, soliciting, or
receiving things of value to influence an official in the
performance of his or her lawful duties.
• An illegal gratuity involves giving, receiving, offering,
or soliciting something of value because of an official
act that has been taken.
• A conflict of interest is an outline of procedures for
dealing with actual or apparent conflicts of interest
between personal and professional relationships.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4
FRAUD SCHEMES (continued)
• Economic extortion is the use (or threat) of force
(including economic sanctions) by an individual or
organization to obtain something of value. The item of
value could be a financial or economic asset,
information, or cooperation to obtain a favorable
decision on some matter under review.
• Asset Misappropriation
• Most common type of fraud and often occurs as
employee fraud.
• Skimming
• Skimming involves stealing cash from an organization
before it is recorded on the organization’s books and records.
Another example is mail room fraud, in which an employee
opening the mail steals a customer’s check and destroys the
associated remittance advice.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5
Losses from Fraud by Scheme Type
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6
Losses from Asset Misappropriation Schemes
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7
FRAUD SCHEMES (continued)
• Cash Larceny
• Cash larceny is theft of cash receipts from an
organization after those receipts have been recorded
in the organization’s books and records.
• Lapping is the use of customer checks, received in
payment of their accounts, to conceal cash previously
stolen by an employee.
• Billing Schemes
• Billing schemes, also known as vendor fraud, are
schemes under which an employee causes the
employer to issue a payment to a false supplier or
vendor by submitting invoices for fictitious
goods/services, inflated invoices, or invoices for
personal purchases.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8
FRAUD SCHEMES (continued)
• Billing Schemes (continued)
• A shell company is establishing a false vendor on the
company’s books, and then making false purchase orders,
receiving reports, and invoices in the name of the vendor and
submitting them to the accounting system, creating the illusion of
a legitimate transaction. The system ultimately issues a check to
the false vendor.
• A pass-through fraud is similar to shell company fraud except
that a transaction actually takes place. The perpetrator creates a
false vendor and issues purchase orders to it for inventory or
supplies. The false vendor purchases the needed inventory from
a legitimate vendor, charges the victim company a much higher
than market price for the items, and pockets the difference.
• A pay-and-return is a scheme under which a clerk with check
writing authority pays a vendor twice for the same products
(inventory or supplies) received and then intercepts and cashes
the overpayment returned by the vendor.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9
FRAUD SCHEMES (continued)
• Check Tampering
• Check tampering involves forging, or changing in
some material way, a check that was written to a
legitimate payee.
• Payroll Fraud
• Payroll fraud is the distribution of fraudulent
paychecks to existent and/or nonexistent employees.
• Expense Reimbursements
• Expense reimbursement fraud involves claiming
reimbursement of fictitious or inflated business
expenses.
• Thefts of Cash
• Thefts of cash is the direct theft of cash on hand in
the organization.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10
FRAUD SCHEMES (continued)
• Noncash Misappropriations
– Noncash fraud is the theft or misuse of non-cash
assets (e.g., inventory, confidential information).
• Computer Fraud
• Computer fraud involves theft, misuse, or
misappropriation of assets by altering computer-
readable records and files, or by altering the logic of
computer software; the illegal use of computer-
readable information; or the intentional destruction of
computer software or hardware.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11
Computer Fraud: Classifications
Data
Fraud
Computer
Instructions
Fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(a) Input Fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 13
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(b) Processor Fraud
• Include
unauthorized system use, including the theft of
computer time and services.
• Ex:use company computers for personal or outside business
records.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 14
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(b) Processor Fraud (Cont…)
Program Frauds
• Creating illegal programs that can access data files to alter, delete, or
insert values into accounting records.
• Destroying programs using a virus
• Altering program to cause the application to process data incorrectly.
Operations Frauds
• Misuseor theft of company computer resources, such as using the
computer for personal business
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 15
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(c) Computer Instructions Fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 16
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(d) Data Fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 17
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
(e) Output Fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 18
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Computer Fraud Techniques
• What are some of the more common techniques to commit computer fraud?
Data diddling Changing data before it is entered
Data leakage into the computer or after it has
Denial of service attack
entered into the computer
Eavesdropping
E-mail forgery and threats
Hacking Example: Employees are able to
Internet misinformation falsify time cards before the data
Internet terrorism
Logic time bomb
contained on the cards is entered
Masquerading or impersonation into the computer for payroll
Password cracking computation.
Piggybacking
Software piracy
Scavenging / Dumpster diving
Social engineering
Super zapping
Trap door / Back door
Trojan horse
Virus
Worm
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Risk Exposure
in AIS
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 21
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Types of Risks
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 22
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Types of Risks
• Unintentional Acts
• Include
– Accidents caused by:
• Human carelessness
• Failure to follow established procedures
• Poorly trained or supervised personnel
– Innocent errors or omissions
– Lost, destroyed, or misplaced data
– Logic errors
– Systems that do not meet needs or are incapable of
performing intended tasks
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 23
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Types of Risks
• Intentional Acts
• Include:
– Sabotage
– Computer fraud
– Misrepresentation, false use, or unauthorized disclosure of
data
– Misappropriation of assets
– Financial statement fraud
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 24
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Degrees of Risk Exposure
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 25
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Internal
Control
Concepts and
Techniques
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27
Internal Control Concepts and Techniques
(continued)
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28
Internal Control Shield
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29
Preventive, Detective, and Corrective Controls
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30
Internal Control Concepts and Techniques
(continued)
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31
The Internal Control Structure
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved. 32
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
COSO INTERNAL CONTROL FRAMEWORK
• The Control Environment
• The control environment is the foundation of internal control.
• Risk Assessment
• Risk assessment is the identification, analysis, and
management of risks relevant to financial reporting.
• Information and Communication
• Monitoring
• Monitoring is the process by which the quality of internal
control design and operation can be assessed.
• Control Activities
• Control activities are the policies and procedures to ensure
that appropriate actions are taken to deal with the
organization’s risks.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33
Control environment
• Actions, policies, and procedures that reflect the overall
attitude of the top management, directors, and owners of a
business about internal control and its importance
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Information and communication
• Identification, capture, and exchange of information in a form
and time frame that enables people to carry out their
responsibilities.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Monitoring
• A process that access the quality of internal
control performance over time
• Conducts ongoing and/or separate evaluations:
Separate procedures--test of controls by
internal auditors
Ongoing monitoring:
computer modules integrated into routine
operations
management reports which highlight
trends and exceptions from normal
performance
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
COSO INTERNAL CONTROL FRAMEWORK
(continued)
• Control Activities
• Control activities are the policies and procedures to ensure
that appropriate actions are taken to deal with the
organization’s risks.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38
COSO INTERNAL CONTROL FRAMEWORK
(continued)
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 39
Segregation of Duties Objectives
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 40
COSO INTERNAL CONTROL FRAMEWORK
(continued)
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 41
COSO INTERNAL CONTROL FRAMEWORK
(continued)
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 42