Chapter 12:

Business Ethics, Fraud and

Fraud Detection

IT Auditing, Hall, 4e

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Learning Objectives

o Understand the broad issues pertaining to business ethics.

o Understand what constitutes fraudulent behavior.
o Be able to explain fraud-motivating forces.
o Be familiar with typical fraud schemes perpetrated by
managers and employees.
o Be familiar with the common anti-fraud techniques used in
both manual systems and computer based systems.
o Be familiar with the used of ACL in the detection of fraud.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Ethical Issues in Business

o Ethics: Principles of conduct used in making choices and

behavior in situations involving right and wrong.
o Business ethics involves two questions:
o How do managers decide on what is right in conducting business?
o Once managers have recognized what is right, how to they
achieve it?

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Ethical Issues in Business

o Firm has conflicting responsibilities to employees,

shareholders, customers and the public.
o Decisions have consequences that benefit or harm each group.
o Seeking a balance is the manager’s ethical responsibility.
o Benefits of decisions must outweigh risks and be fairly distributed
to those who share the risk. Decisions should be implemented to
minimize and avoid all unnecessary risks.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part,except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Ethical Issues in Business

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Computer Ethics

o “The analysis of the nature and social impact of computer

technology and the corresponding formulation and justification
of policies for the ethical use of such technology…”
o Levels of computer ethics:
o Pop: Exposure to stories and reports in popular media.
o Para: Taking a real interest in computer ethics cases and acquiring
some level of skill and knowledge.
o Theoretical : Multi-disciplinary researchers who apply theories of
philosophy, sociology, and psychology to computer science,
intending to bring some new understanding to the field.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Computer Ethical Issues

o Privacy relates to the desire to control what personal information

is available to others.
o Huge, shared databases raise the issue of ownership in the
personal information industry.
o Computer security is an attempt to prevent loss of
confidentiality or data integrity.
o Shared databases can cause irreparable harm to individuals by
disseminating inaccurate info to authorized users .
o Ownership of property:
o Real property laws extended to intellectual property.
o What can be owned? Ideas? Media? Code?
o Do federal copyright laws do more harm than good?

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Computer Ethical Issues

o Equity in Access:
o Factors include: economic status, affluence of firm, cultural
limitations, safety issues.
o Environmental issues:
o Should firms limit non-essential hard copies? What is non-
essential? Should recycling be required?
o Artificial Intelligence:
o Who is responsible for the knowledge base or harm from
implemented expert system decisions? Who owns the expertise
once it is coded into a knowledge base?

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Computer Ethical Issues

o Unemployment & displacement:

o Should employers be responsible for retraining workers?
o Misuse of computers:
o Should laws regarding copying proprietary software be
changed? Is there harm is an employee uses a firm’s
computers for personal benefit? Is there a difference
between looking at paper versus computer files?

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Sarbanes – Oxley Act and
Ethical Issues

o Section 406 code of ethics for senior financial officers.

Compliance requires companies to disclose written code
pertaining to:
o Conflicts of interest, Full and fair disclosures, Legal compliance
o Internal reporting of code violations, Accountability
o Company’s code of ethics should apply equally to all
employees.
o Top management responsible to “set the tone”.
o All employees responsible to uphold standards.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud and Accountants

o No major aspect of independent auditor’s role has caused more

controversy than responsibility for detecting fraud during an
audit. SOX has had a huge impact on this responsibility.
o SOX requires testing of control specifically intended to prevent or
detect fraud that could lead to material misstatements.
o SAS 99 requires new steps such as brainstorming during planning
to access potential risks from fraud schemes.
o Fraud denotes a false representation of a material fact made by
one party to another party with the intent to deceive and induce
the other party to justifiably rely on the fact to his/her detriment.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud

o A fraudulent act must meet five conditions:

o (1) False representation of a (2) material fact made with (3) intent
to deceive or knowledge statement is false. There must be (4)
justifiable reliance on the part of the injured party and the
deception must have caused the victim (5) injury or loss.
o In the business environment, fraud is an intentional deception,
misappropriation of company assets or manipulation of financial
data to the advantage of the perpetrator.
o Also known as white collar crime, defalcation, embezzlement and
irregularities.
o Encountered at two levels: employee fraud and management fraud.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Employee Fraud

o Employee fraud generally designed to convert cash or

other assets to employee’s personal benefit.
o Can usually be prevented or detected if an effective system
of internal controls is in place.
o Involves (1) theft of asset, (2) conversion of asset to cash
and (3) concealment of crime.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Management Fraud

o Management fraud often escapes detection until damage

or loss has occurred. Three characteristics:
o Perpetrated at levels of management above the one to which
internal controls structures generally relate.
o Frequently involves using the financial statements to create false
image of corporate financial health
o If fraud involves asset misappropriation, shrouded in maze of
complex business transactions, often involving third parties.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Triangle

o Three factors that contribute to fraud:

o Situational pressures like stress that could coerce dishonesty.
o Opportunity involving direct access to assets or information.
o Rationalization or character and moral opposition to acts of
dishonesty.
o Person with high level of personal ethics, limited pressure and
opportunity to commit fraud most likely to behave honestly than
one with weaker personal ethics who is under high pressure and
has opportunities to commit fraud.
o Evaluation enhanced when fraud triangle factors are considered.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Triangle

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Checklist Questions

o Do key executives:
o have unusually high personal debt or appear to be living beyond
their means?
o engage in habitual gambling or appear to abuse alcohol or drugs?
o appear to lack personal codes of ethics or have close
associations with suppliers?
o Are industry economic conditions unfavorable?
o Does the company use several different banks?
o Is the company experiencing rapid turnover of key employees?
o Do one or two individuals dominate the company?
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Financial Losses from Fraud

o ACFE 2010 research study estimated losses to be 5% of annual

revenues. Translates to approximately $3.5 trillion in fraud losses
for 2014. Actual cost of fraud is difficult to quantify:
o Not all fraud is detected and not all detected fraud is reported.
o In many cases, incomplete information is gathered.
o Information not properly distributed to management or law
enforcement authorities and, sometimes business organizations take
no civil or criminal action against perpetrator of fraud.
o Indirect costs of fraud – reduced productivity, legal costs,
increased unemployment and business disruptions – must also be
considered.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Distribution of Losses

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Perpetrators of Fraud

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Perpetrators of Fraud

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Conclusions

o Greater access to assets (i.e. opportunity to commit fraud) is

influenced by position, gender, age, and education.
o Highest positions in the organization are beyond the internal control
structure and have the greatest access to assets.
o Men, older employees and those with higher levels of education tend
to have more higher positions and thus more opportunities to commit
fraud.
o One reason for segregating duties is to deny potential perpetrators
the opportunity to commit fraud.
o When individuals in critical positions collude, opportunities to control
or gain access to assets that would otherwise not exist are created.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraudulent Statements

o Management fraud that must bring direct or indirect financial

benefit to perpetrator.
o Accounts for 7.6% of fraud cases, but the median loss is
significantly higher than other fraud schemes.
o Underlying problems:
o Lack of auditor independence.
o Lack of director independence.
o Questionable executive compensation schemes.
o Inappropriate accounting practices.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraudulent Statements

o PCAOB created to set standards; inspect registered accounting

firms; conduct investigations; take disciplinary actions.
o Act addresses auditor independence by creating more separation
between a firm’s attestation and nonauditing activities.
o Corporate governance and responsibility:
o Requires audit committee independence, prohibits executive loans
and requires attorneys to report evidence of material violations of
security laws or breaches of fiduciary duty.
o Issuer and management disclosure imposes new corporate
disclosure requirements.
o Imposes a range of criminal penalties for fraud.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Corruption

o Involves an executive, manager, or employee in collusion with

an outsider. Types:
o Bribery involves giving, offering, soliciting, or receiving things of
value to influence an official in the performance of his or her lawful
duties.
o Illegal gratuity involves giving, offering, soliciting, or receiving
something of value because an official act has been taken.
o Conflict of interest occurs when an employee acts on behalf of a
third party when discharging his or her duties or has self-interest in
the activity being performed.
o Economic extortion is the use (or threat) of force (including
economic sanctions) to obtain something of value.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Asset Misappropriation

o Skimming involves stealing cash before it is recorded.

o Mailroom fraud occurs when employee opens mail, steals checks,
and destroys remittance advices.
o Cash larceny involves stealing recorded cash.
o Lapping: Clerk uses customer’s check from one account to cover
theft from a different account.
o Check tampering involves forging or changing checks written to
legitimate payees.
o Payroll fraud is the distribution of fraudulent paychecks to
existent or nonexistent employees.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Schemes: Asset
Misappropriation
o Billing schemes or vendor fraud involves causing payments to
be issued to false vendors.
o Shell company fraud requires a false supplier with fraudster
submitting false documents and receiving payments.
o Pass-through fraud includes an actual transaction with inflated price.
Fraudster pockets difference between the market and higher price.
o Pay-and-return involves paying a vendor twice and pocketing the
reimbursement for the second payment.
o Expense reimbursement fraud involves inflating reports.
o Thefts of cash and non-cash fraud involves theft of misuse of
company assets.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Computer Fraud Schemes

o Theft, misuse, or misappropriation of assets by altering

computer-readable records and files.
o Theft, misuse, or misappropriation of assets by altering logic
of computer software.
o Theft or illegal use of computer-readable information.
o Theft, corruption, illegal copying or intentional destruction of
software.
o Theft, misuse, or misappropriation of computer hardware.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 General Model for Accounting
Information Systems

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
Data Collection and Data Processing

o Data collection frauds involve entering falsified data into the

system by deleting, altering or creating a transaction.
o Masquerading involves gaining remote access by pretending to be
an authorized user. Piggybacking involves latching onto an
authorized user in the system. Hacking involves both schemes
motivated by the challenge of trying to access the system.
o Data processing frauds are in two classes:
o Program fraud includes creating illegal programs or destroying,
corrupting or altering computer logic to cause data to be processed
incorrectly.
o Operations fraud is misuse or theft of computer resources.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Database Management and
Information Generation

o Database management fraud involves altering, deleting,

corrupting, destroying, or stealing an organization’s data.
o Often associated with transaction or program fraud and disgruntled
employees who may copy, sell or destroy data.
o Information generation fraud involves stealing, misdirecting or
misusing computer output.
o Useful information has: relevance, timeliness, accuracy,
completeness and summarization.
o Scavenging involves searching for discarded output.
o Eavesdropping involves listening to output transmissions over
telecommunication lines.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Auditor’s Responsibility for
Detecting Fraud
o SAS No. 99 – “Consideration of Fraud in a Financial Statement
Audit”
• Description and
characteristics of fraud • Responding to the
• Professional skepticism assessment
• Engagement personnel • Evaluating audit
discussion evidence and information
• Obtaining audit evidence • Communicating possible
and information fraud
• Identifying risks • Documenting
• Assessing the identified consideration of fraud
risks

o Auditor also required to assess risk factors related to fraudulent

financial reporting and misappropriation of assets.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraudulent Financial Reporting

o Risk factors:
o Management’s characteristics and influence over the control
environment, industry conditions and operating characteristics and
financial stability.
o Common schemes:
o Improper revenue recognition or treatment of sales.
o Improper asset valuation or deferral of costs and expenses.
o Improper recording of liabilities.
o Inadequate disclosures.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Misappropriation of Assets

o Risk factors:
o Susceptibility of assets to misappropriation and controls.
o Common schemes:
o Personal purchases or ghost employees.
o Fictitious expenses or altered payee.
o Pass-through vendors.
o Theft of cash (or inventory).
o Lapping.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Auditor’s Response to Risk
Assessment

o Judgments about the risk of material misstatements may affect the

audit in regards to:
o Engagement staffing, extent of supervision, professional skepticism,
nature, timing, extent of procedures performed.
o Risk of material misstatement due to fraud always exists. Auditor:
o may determine currently planned audit procedures are sufficient to
respond to risk factors.
o may determine to extend audit and modify planned procedures.
o may conclude procedures cannot be modified sufficiently to address
risk and consider withdrawing.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Auditor’s Response to Detected
Misstatements Due to Fraud

o If no material effect: Refer matter to management and ensure

implications to other aspects of audit have been addressed.
o If effect is material or undeterminable:
o Consider implications for other aspects of the audit.
o Discuss with senior management and audit committee.
o Attempt to determine if material effect.
o Suggest client consult with legal counsel.
o Working papers document criteria used for assessing fraud risk:
o Where risk factors are identified, documentation should include. (1)
those risk factors identified and (2) auditor’s response to them.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Detection Techniques
Using ACL

o Payments to fictitious vendors:

o Sort records of the invoice file by invoice number and vendor
number.
o Filter and verify the validity of vendors with P.O. boxes.
o Join the employee and vendor files to look matching addresses and
review them.
o Use the duplicate function to search for multiple vendors with the
same address.
o Create a value around the invoice threshold amount and sort
payment records in this range by vendor.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
 Fraud Detection Techniques
Using ACL

o Payroll fraud:
o Use expression builder to test for excessive hours worked.
o Use duplicate function to test for duplicate payments.
o Use join function to link payroll and employee files to test for non-
existent employees.
o Lapping Accounts Receivable:
o Use expression builder to locate and investigate invoices whose
Remittance Amount is less than the Invoice Amount.
o Calculate the amounts carried forward and use the duplicates
command to search for carry-forward amounts that are the same.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.