Professional Documents
Culture Documents
Ethics Fraud and Internal Control
Ethics Fraud and Internal Control
Chapter
3-1
Business Ethics
Ethics
Pertains to the principles of conduct that individuals use in making
choices and guiding their behavior in situations that involve the
concepts of right and wrong
Business Ethics
involves finding the answers to two questions:
How do managers decide on what is right in conducting their
business?
Once managers have recognized what is right, how do they
achieve it?
Chapter
3-2
Business Ethics
Chapter
3-3
Computer Ethics
This includes
software as well as hardware and concerns about
networks connecting computers as well as computers
themselves
Chapter
3-4
What are the main computer ethics
issues?
Chapter
3-6
Employee fraud
Chapter
3-7
Management fraud
Chapter
3-10
Fraud Schemes
Chapter
3-11
Fraudulent Statements
Chapter
3-14
Corruption
Chapter
3-15
Asset Misappropriation
Asset Misappropriation
Most common type of fraud and often occurs as employee fraud
Ø making charges to expense accounts to cover theft of asset
(especially cash)
Ø Transaction fraud involves deleting, altering, or adding false
transactions to divert assets to the perpetrator.
Ø Lapping involves the use of customer checks, received in
payment of their accounts, to conceal cash previously stolen by
an employee.
Chapter
3-16
Computer Fraud Schemes
The objective is to ensure that event data entering the system are valid,
complete, and free from material errors.
if the input data is inaccurate, processing will result in inaccurate output.
Two rules govern the design of data collection procedures:
Chapter
3-18
Data Collection Fraud
Chapter
3-19
Data Processing Fraud
Data processing frauds fall into two classes: program fraud and
operations fraud
Program fraud includes the following techniques:
1. Creating illegal programs that can access data files to alter,
delete, or insert values into accounting records;
2. Destroying or corrupting a program’s logic using a computer
virus.
3. Altering program logic to cause the application to process data
incorrectly
Chapter
3-20
Data Processing Fraud
Operations fraud
is the misuse or theft of the firm’s computer resources. This often
involves using the computer to conduct personal business.
For example, a programmer may use the firm’s computer time to
write software that he sells commercially
Chapter
3-21
Database Management.
Chapter
3-22
Definition of Internal Control
People Involved
Board of directors
Management
Other key personnel
Chapter
3-23
Definition of Internal Control
Chapter
3-24
Internal Control System
Objectives
Safeguard assets
Check the accuracy and reliability of accounting data
Promote operational efficiency
Enforce prescribed managerial policies
Chapter
3-25
Types of Controls
Preventive Controls
reduce the frequency of occurrence of undesirable events.
Prevent problems from occurring.
a company might install a firewall to prevent unauthorized
access to the company’s network, thereby safeguarding
the disclosure, alteration, or destruction of sensitive
information from external hackers
Chapter
3-26
Types of Controls
Detective Controls
alert managers when the preventive controls fail
As an example,
assume that a company’s information system prepares daily
responsibility accounting performance reports for management
that computes variations of actual production costs from
standard production costs. If a significant variance occurs, a
manager’s report signals this problem and the manager can
initiate corrective action
Chapter
3-27
Types of Controls
Detective Controls
Organizations can initiate corrective action only if corrective
controls are in place.
A company establishes corrective controls to remedy problems it
discovers by the detective controls.
Chapter
3-28
Types of Controls
Corrective controls
Solve or correct a problem
Corrective controls are actions taken to reverse the effects of
errors
detected in the previous step
Chapter
3-29
Internal Control Framework
Chapter
3-30
The Control Environment
Chapter
3-32
Information and Communication
Chapter
3-33
Monitoring
Chapter
3-35
Control Activities
Chapter
3-36
Control Activities
Physical Controls
This class of controls relates primarily to the human activities employed in
accounting systems
Transaction Authorization
The purpose of transaction authorization is to ensure that all material
Chapter
3-37
Control Activities
Segregation of Duties
Supervision
the firm employs competent and trustworthy personnel
supervisory efficiency
Accounting Records
Accounting records provide an audit trail of economic events.
The audit trail enables the auditor to trace any transaction through
all phases of its processing from the initiation of the event to the
financial statements
Chapter
3-38
Control Activities
Accounting Records
The audit trail helps employees respond to customer inquiries by
Chapter
3-39
Control Activities
Access Control
The purpose of access controls is to ensure that only authorized
assets.
Access to assets can be
Direct Physical security devices, such as locks, safes, fences, and electronic and
infrared alarm systems, control against direct access.
Indirect access to assets is achieved by gaining access to the records and
documents that control the use, ownership, and disposition of the asset
Chapter
3-40
Chapter
3-41