I.

Introduction to Ethical Standards

● Definition of Ethical Standards

o Derived from societal mores and personal beliefs about right and wrong.
o Not universally agreed upon, leading to different interpretations.
● Ethical vs. Legal Issues
o Ethical issues are not always aligned with legal issues.
o Example: A politician charged with ethical misconduct may declare no legal wrongdoing.
● Prevalence of Ethical Issues in Business
o Ethical misconduct is seen in high-profile corporate scandals (e.g., Enron, WorldCom).
II. Examples of Ethical Violations in Business

● Corporate Scandals and Misconduct

o Enron's CFO, Andy Fastow: Personal wealth increase of $40 million through covert compensation schemes.
o Executives from Tyco, HealthSouth, WorldCom (Dennis Kozlowski, Richard Scrushy, Bernie Ebbers): Gained
immense wealth while leading their companies into ruin.

● Period of Scandals (1999–2002)

o 25 companies extracted $25 billion in special compensation, stock options, and private loans while company stock
values collapsed by over 75%.
III. Business Ethics

● Definition of Business Ethics

o Involves the principles of conduct guiding behavior in business decisions.
o Focus on determining right vs. wrong in business situations.
● Key Ethical Questions for Business Managers
0. How do managers decide what is right in business?
1. Once they recognize what is right, how do they act on it?

● Categories of Ethical Issues in Business

0. Equity – Fairness in business decisions.
1. Rights – Respect for individual rights in business practices.
2. Honesty – Upholding truthfulness and integrity.
3. Exercise of Corporate Power – Ensuring ethical use of corporate influence.
IV. Making Ethical Decisions in Business

● Conflicting Responsibilities
o Managers have to balance conflicting responsibilities to employees, shareholders, customers, and the public.
o Example: Introducing a new information system may cause job losses while benefiting others.
● Ethical Decision-Making Framework
o Every decision has consequences that may harm or benefit different groups.
o Managers must seek balance and fairness when making these decisions.
V. Ethical Principles for Business Decision-Making

● Proportionality
o Benefits from a decision must outweigh the risks.
o No alternative decision should provide greater benefit with less risk.
● Justice
o Benefits should be distributed fairly to those sharing the risks.
o Individuals who do not benefit should not bear the burden of risk.

● Minimize Risk
o Even when a decision is judged acceptable, the implementation should minimize unnecessary risks.
I. Introduction to Computer Ethics

● Definition of Computer Ethics

o The analysis of the nature and social impact of computer technology.
o Involves formulating and justifying policies for the ethical use of technology (software, hardware, and networks).
● Impact of Information Technology
o Raises ethical issues related to computer crime, working conditions, privacy, etc.
● Scope of Computer Ethics
o Concerns extend beyond just computers to include their systems and networks.
II. Levels of Computer Ethics

● Pop Computer Ethics

o Exposure to computer ethics through popular media (e.g., stories about viruses or assistive technologies).
o Society’s general awareness of the consequences of computer technology.
● Para Computer Ethics
o Developing a deeper interest in computer ethics.
o Gaining knowledge and skills to effectively handle ethical dilemmas in technology (critical for systems professionals
and accounting information students).

● Theoretical Computer Ethics

 o Involves multidisciplinary research (philosophy, sociology, psychology) to understand the ethical implications of
computer science.
o Aimed at bringing new perspectives and understanding to the field.
III. A New Problem or Just a New Twist on an Old Problem?

● Debate: Do Computers Present New Ethical Issues?

o Some argue that ethical issues raised by computers are simply new versions of old ethical problems (e.g., property
rights).
o The issue of intellectual property (copyright, trade secrets, patents) is often debated in the context of computer
programs.

● Intellectual Property Debate

o Is intellectual property (e.g., software) the same as real property?
o There is no consensus on whether computers create entirely new ethical issues or just new dimensions of existing
ones.

● Controversy
o Some people reject the idea that computer-based intellectual property should be treated the same as other forms of
property.
IV. Key Ethical Issues in Computer Ethics (Particularly for Accounting Information Systems)

● Introduction to Key Issues

o Ethical concerns related to computer systems, privacy, and intellectual property in the context of accounting
information systems.
o The list of issues is not exhaustive, and further exploration would require more in-depth discussion.
● Trigger Questions for Thought and Discussion
o Questions provided to provoke discussion and analysis in classroom settings.
I. Privacy

● Desire for Control Over Personal Information

o Individuals want control over what information about themselves is shared and with whom.
● Issues of Privacy in the Digital Age
o The creation of large, shared databases necessitates protections against misuse.
● Key Questions in Privacy
o Should privacy be protected through policies and systems?
o What personal information does an individual own?
o Should companies buy and sell personal information without consent?
II. Security (Accuracy and Confidentiality)

● Purpose of Computer Security

o Prevent loss of confidentiality and data integrity, protect against fraud.
o Protect legitimate interests of system users.
● Ethical Issues in Security
o Risks of disseminating inaccurate information (e.g., credit reporting errors).
o Risks of unauthorized access to accurate information.
● Challenges with Increasing Security
o Balancing security with freedom of access to data.
o Security measures can sometimes undermine privacy (e.g., automated monitoring can be used to spy on users).
● Ethical Dilemma in Security
o What is the appropriate balance between security, accuracy, and confidentiality?
III. Ownership of Property

● Intellectual Property
o Laws protecting real property are extended to software, raising questions of ownership over ideas, source code, and
object code.

● Copyright Issues
o Should copyright laws protect the "look and feel" of software?
o Some argue this restricts industry standards and promotes monopolies.
o Does software fit with current concepts of ownership, given its ease of replication?
IV. Equity in Access

● Barriers to Access
o Economic status, culture, and physical limitations can affect access to technology.
● Designing for Equity
o How can hardware and software be designed for diverse physical and cognitive needs?
o What is the cost of providing equitable access?
● Priority for Equity in Access
o Which groups should be prioritized in ensuring access to technology?
V. Environmental Issues

● Impact of Printing Technology

o High-speed printing and excess paper usage contribute to environmental waste.
 o Should organizations limit nonessential printing and enforce recycling practices?

● Questions Around Environmental Responsibility

o Who defines what is essential? Should recycling be mandated and how?
VI. Artificial Intelligence

● Ethical Issues in Expert Systems

o As decision-making tools, expert systems raise concerns about accountability for faulty decisions.
o Responsibility for incomplete or biased knowledge bases (potentially reflecting prejudices).
● Key Ethical Questions
o Who is responsible for errors in expert system decisions?
o Who owns the knowledge base once it’s encoded into the system?
VII. Unemployment and Displacement

● Job Displacement Due to Technology

o Technological advancements displace workers unable to adapt.
● Employer Responsibility
o Should companies be responsible for retraining displaced workers due to computerization?
VIII. Misuse of Computers

● Common Forms of Misuse

o Copying proprietary software, using company computers for personal tasks, snooping through files.
● Ethical Considerations
o Why is software piracy common despite being illegal?
o Is using company computers for personal tasks ethical, depending on time or profit-making activity?
o Is there a difference between accessing physical vs. digital files?
IX. Sarbanes-Oxley Act and Ethical Issues

● Background and Context

o Passed in response to corporate scandals (e.g., Enron, WorldCom).
● Section 406: Code of Ethics for Senior Financial Officers
o Public companies must disclose their adoption of a code of ethics for senior officers (CEO, CFO, etc.).
● Key Provisions of Section 406
0. Conflicts of Interest: Procedures to handle conflicts of interest and promote transparency.
1. Full and Fair Disclosures: Ensure transparency in financial reports to prevent misleading accounting.
2. Legal Compliance: Adherence to laws, rules, and regulations.
3. Internal Reporting of Violations: Mechanisms for confidential reporting of ethics violations.
4. Accountability: Ensuring that violations are addressed with appropriate disciplinary measures.
I. Introduction

● Controversy around auditors' role in detecting fraud

● Scrutiny of the U.S. financial reporting system

● Impact of business failures and questionable practices on public perception

● The key question: "Where were the auditors?"

II. Impact of SOX on Auditors' Responsibilities

● Overview of SOX (Sarbanes-Oxley Act) and its influence on auditors

● Requirement to test controls designed to prevent or detect fraud

● SAS No. 99: Guidelines for fraud detection

o Integration of fraud consideration into all phases of an audit
o New steps like brainstorming during audit planning to assess fraud risk
III. Defining Fraud

● General definition of fraud: False representation to deceive and cause harm

● Five conditions for a fraudulent act according to common law:

1. False representation
2. Material fact
3. Intent to deceive
4. Justifiable reliance
5. Injury or loss caused by the fraud

● Fraud in the business environment:

o Intentional deception, misappropriation, or manipulation for personal gain
o Known as white-collar crime, defalcation, embezzlement, and irregularities
IV. Types of Fraud

● Employee Fraud:
o Fraud committed by non-management employees
o Typically involves theft of company assets
o Three steps involved: stealing assets, converting them, and concealing the crime
o Importance of internal controls in detecting and preventing employee fraud
 ● Management Fraud:
o More insidious and harder to detect
o Does not involve direct theft of assets but manipulates financial data
o Often perpetrated to inflate stock prices or gain from stock options
o Lower management fraud typically involves misstating financial data for personal gain
o Three key characteristics:
1. Occurs at management levels higher than internal controls typically address
2. Creates an illusion of a healthier financial condition
3. May involve complex transactions to hide fraud
V. Factors Contributing to Fraud

● Interaction of individual personality and external environment

● Three major contributing factors:

1. Situational Pressures: External pressures influencing fraud
2. Opportunities: Situations that create chances for fraud
3. Personal Characteristics (Ethics): Ethical standards of individuals

● The influence of these factors on an individual’s likelihood to commit fraud

VI. Auditors’ Role in Detecting Fraud

● Auditors’ limitations in influencing personal ethics or external pressures

● Use of red-flag checklists to detect fraud

● Examples of questions auditors might consider:

o Personal debt of key executives
o Executives living beyond their means
o Habitual gambling or substance abuse by executives
o Unfavorable economic conditions
o Irregularities like rapid employee turnover or domination by a few individuals
● Use of investigative agencies for confidential background checks on key managers
I. Introduction to Financial Losses from Fraud

● ACFE study estimate: Fraud and abuse account for 6% of annual revenues (~$660 billion).

● Challenges in quantifying fraud costs:

1. Not all fraud is detected.
2. Not all detected fraud is reported.
3. Incomplete information in fraud cases.
4. Poor distribution of fraud information to management and law enforcement.
5. Decision to take no action in many fraud cases.

● Indirect costs: Reduced productivity, legal costs, unemployment, and business disruption from investigations.
II. Impact of Fraud

● Findings from the ACFE study:

o 508 cases analyzed.
o More than half of fraud cases cost at least $100,000.
o 15% of cases resulted in losses of $1 million or more.
● Distribution of dollar losses (Table 3-2).
III. Perpetrators of Fraud

● Key factors examined in the study: Position within the organization, collusion, gender, age, and education.

● Median financial loss by these factors (Tables 3-3 to 3-7).

IV. Fraud Losses by Position within the Organization

● 68% of fraud cases by non-managerial employees, 34% by managers, and 12% by executives or owners.

● Inversely related average losses:

o Higher losses for fraud committed by managers and executives.
o More common but smaller losses from frauds by non-managerial employees (Table 3-3).
V. Fraud Losses and the Collusion Effect

● Collusion makes fraud harder to detect and prevent, especially when managers collude with employees.

● Importance of internal controls and management oversight in preventing fraud.

● Comparison of losses:
o Single-perpetrator fraud median loss: $58,000.
o Collusion fraud median loss: $200,000 (Table 3-4).
VI. Fraud Losses by Gender

● Median loss for frauds committed by males: $160,000.

● Median loss for frauds committed by females: $60,000 (Table 3-5).

VII. Fraud Losses by Age

● Median loss for perpetrators aged 25 or younger: $18,000.

 ● Median loss for perpetrators aged 60 or older: $527,000 (Table 3-6).
VIII. Fraud Losses by Education

● Median loss for frauds by high school graduates: $50,000.

● Median loss for frauds by bachelor's degree holders: $150,000.

● Median loss for frauds by individuals with advanced degrees: $325,000 (Table 3-7).
IX. Key Conclusions

● The fraud classification scheme doesn’t offer direct anti-fraud decision-making criteria.

● Opportunity is the primary factor contributing to fraud:

o Access to and control over company assets are essential elements of opportunity.
● Common factors influencing opportunities for fraud:
o Gender: More men in positions of authority, providing greater access to assets.
o Position: Higher positions have greater access to company funds and assets.
o Age: Older employees in higher-ranking positions with more access to assets.
o Education: Higher education often leads to higher positions with greater access to company resources.
o Collusion: Individuals in critical positions can collude, creating opportunities to access and control assets.
I. Introduction to Fraud Schemes

● Fraud schemes are classified into three broad categories according to ACFE:
1. Fraudulent Statements
2. Corruption
3. Asset Misappropriation

II. Fraudulent Statements

● Definition: Fraudulent statements are management fraud schemes that directly or indirectly benefit the perpetrator. These are
not merely tools for covering up fraudulent acts but are intentionally misleading statements to gain financial advantages.

● Example:
o Misstating liabilities to inflate stock prices is fraudulent financial reporting, whereas misstating cash balances to cover
theft is not.
● Frequency and Impact:
o Only 8% of fraud cases are fraudulent statements, but they result in significantly higher losses compared to
corruption and asset misappropriation (Table 3-8).

● Human Impact: The real-world consequences of such fraud include loss of shareholders' savings, highlighting the
seriousness of corporate governance failures.

III. Underlying Problems Contributing to Fraud

● 1. Lack of Auditor Independence

o Auditors who provide non-accounting services, like consulting or internal audits, risk conflicts of interest.
o Example: Enron’s auditors, Arthur Andersen, were also internal auditors and consultants for the company, which
undermined independence.

● 2. Lack of Director Independence

o Many boards consist of individuals with personal or financial relationships, compromising their objectivity.
o Example: Adelphia Communications, where the founding family controlled the board, leading to massive fraud.
o Ideal boards should have a majority of independent directors with the integrity to oversee the company.
● 3. Questionable Executive Compensation
o Excessive stock-based compensation, especially stock options, can encourage short-term, fraudulent behavior to
drive up stock prices for personal gain.
o Example: Enron's management manipulated the company’s financials to increase their stock options’ value.
● 4. Inappropriate Accounting Practices
o Companies may use complex accounting methods to hide financial problems or inflate earnings.
o Example: Enron used special-purpose entities (SPEs) to hide liabilities; WorldCom capitalized expenses to artificially
inflate profits.

IV. Sarbanes-Oxley Act (SOX) and Fraud Prevention

● Purpose: SOX was enacted in 2002 to address issues of fraud and corporate governance after the collapse of companies like
Enron and WorldCom, restoring investor confidence.

● Key Provisions of SOX:

1. Accounting Oversight Board (PCAOB)

▪ PCAOB sets standards for auditing, inspects registered accounting firms, and conducts investigations.
2. Auditor Independence

▪ The act mandates a separation between auditing and non-auditing services. Auditors cannot provide certain
services, including bookkeeping, management functions, and legal services, to their clients.
3. Corporate Governance and Responsibility
 ▪ Audit committees must be independent and oversee external auditors. The act also prohibits public
companies from making loans to executive officers and directors.
4. Issuer and Management Disclosure

▪ Companies must disclose off-balance-sheet transactions and confirm the effectiveness of internal controls.
CEOs and CFOs must certify financial statements' accuracy, and filing false certifications is a criminal
offense.
5. Fraud and Criminal Penalties

▪ SOX introduces penalties for document destruction, securities fraud, and tampering with evidence,
alongside protections for whistleblowers.
Corruption in Fraud Schemes

● Definition: Corruption occurs when an employee, manager, or executive colludes with an outsider (such as a vendor or
government official) to gain a benefit at the expense of the organization. It accounts for about 10% of occupational fraud
cases.

Types of Corruption
1. Bribery
o Definition: Offering, giving, soliciting, or receiving something of value to influence the performance of an official's
duties, either in government or private organizations.
o Example: A manager of a meat-packing company offers a cash bribe to a health inspector to suppress violations
during an inspection. The inspector fails to report health violations.
o Victims: The organization, which is deprived of honest service from the inspector, and the public who rely on the
inspector’s reports.
o Losses: The loss includes the salary paid to the inspector for work not done and potential damages from health
violations that go unreported.
2. Illegal Gratuities
o Definition: Offering, receiving, or soliciting something of value after an official act has been performed, as a reward
for that act.
o Example: A plant manager influences a procurement process so that only one contractor can submit a satisfactory
bid. Afterward, the favored contractor secretly gives the manager a financial payment as a thank-you.
o Victims: The company and stakeholders who expected a fair and competitive bidding process.
o Losses: The company incurs higher costs due to the non-competitive pricing of the selected contractor's bid.
3. Conflicts of Interest
o Definition: Occurs when an employee has a personal or financial interest that interferes with the performance of their
duties for the employer. This results in a decision that benefits a third party (or the employee) rather than the
organization.
o Example: A purchasing agent for a contractor is also a part-owner of a plumbing supply company. The agent directs
purchase orders to their company, which charges the contractor above-market prices for the supplies.
o Victims: The employer (contractor) who is overcharged and harmed by the conflict of interest.
o Losses: The financial loss the employer faces due to inflated prices and unfair vendor selection, while the agent
benefits from the inflated purchases.
4. Economic Extortion
o Definition: The use or threat of force or economic sanctions to obtain something of value, such as money,
information, or cooperation.
o Example: A government procurement agent threatens to blacklist a contractor from future projects unless a financial
payment is made. The contractor complies out of fear of economic loss.
o Victims: The contractor who is coerced into paying the extortion, and the public sector entity that may face
suboptimal project execution or inflated costs due to the forced payment.
o Losses: The contractor faces financial loss from the extortion and potential future business risks, and the
government suffers from corrupted decision-making.
Asset Misappropriation: A Common Form of Fraud
Asset misappropriation is the most prevalent type of occupational fraud, accounting for 92% of fraud cases. This type of fraud involves
employees or executives using organizational assets for their personal benefit. The assets at highest risk of misappropriation include
cash, checking accounts, inventory, supplies, equipment, and information.
Fraud Schemes Involving Asset Misappropriation
Here are common methods of misappropriating assets:
1. Charges to Expense Accounts
o Definition: When an asset is stolen, the fraudster adjusts the accounting equation to hide the theft by charging the
stolen asset to an expense account.
o Example: If $20,000 cash is stolen, it might be charged to a miscellaneous operating expense account. This reduces
assets by $20,000, and equity is reduced by the same amount when the expense account is closed to retained
earnings, balancing the accounting equation.
o Concealment: This method hides the loss temporarily as the expense account resets each period.
2. Lapping
o Definition: Lapping involves using one customer’s payment to cover up a theft of another customer’s funds.
o Example: The employee steals $500 from Customer A’s account and later uses $500 from Customer B to cover the
loss, then Customer C’s payment is used to cover Customer B’s account, and so on.
o Rationalization: Perpetrators often justify their actions as temporary loans they plan to repay.
o Detection: The fraud is usually detected when the employee leaves or takes time off, as the accounting imbalance
will eventually catch up when the last customer’s payment is misused.
3. Transaction Fraud
 o Definition: This involves falsifying transactions, such as creating fake purchases, altering records, or
misappropriating assets through fraudulent entries.
o Example: A supervisor continues to submit timecards for an employee who has left the company. The supervisor
then forges the employee's signature on the paycheck and cashes it.
o Concealment: The company’s payroll records may not immediately detect this because the debit to payroll expense
balances the credit to the cash account.
4. Computer Fraud Schemes
o Definition: Computer fraud occurs when individuals manipulate data, alter program logic, or steal computer assets to
misappropriate resources.
o Scope: The damage caused by computer fraud is immense, with losses estimated at up to $100 billion annually.
o Common Techniques:
▪ Theft or misuse of data: Altering records or misappropriating computer files.

▪ Program fraud: Creating illegal programs that alter or delete data.

▪ Theft of hardware/software: Stealing physical assets or using software illegally.

▪ Hacking: Unauthorized access to systems, often through techniques like masquerading (pretending to be
an authorized user) or piggybacking (using an authorized user’s login credentials).
Stages in Information Systems and Potential Fraud Risks
The information systems in an organization are critical, and each stage can be vulnerable to fraud:
1. Data Collection
o Fraud can occur when data is entered incorrectly, deleted, or altered before it is processed. For example, a payroll
fraudster may insert a fraudulent transaction to create an extra paycheck for themselves.
2. Data Processing
o Program fraud: Fraud can occur by altering program logic, such as modifying rounding logic in a bank’s interest
calculation program to divert small amounts of money to a perpetrator’s account.
o Operations fraud: This involves using the company’s resources for personal gain, such as conducting personal
business on company computers.
3. Database Management
o Fraud can occur when sensitive data is altered, deleted, or stolen. A disgruntled employee might insert a destructive
routine (a logic bomb) into a program that erases critical data at a specific time.
4. Information Generation
o Scavenging: Searching through discarded or rejected reports to steal valuable information.
o Eavesdropping: Intercepting messages sent over unsecured communication channels to steal data.
Internal Control Objectives
Internal control systems aim to:
1. Safeguard assets.
2. Ensure accurate accounting records.
3. Promote operational efficiency.
4. Ensure compliance with policies and procedures.
Modifying Assumptions

● Management Responsibility: Ensuring effective internal controls is a management responsibility, emphasized by SOX.

● Reasonable Assurance: Internal controls should provide reasonable assurance in a cost-effective manner, balancing control
costs with benefits.

● Methods of Data Processing: Internal controls should function across different data processing methods, though techniques
may vary.

● Limitations: Internal controls are never perfect and can fail due to errors, circumvention, management override, or changi ng
conditions.
Exposures and Risks

● Exposures occur when there are gaps in the internal control system, exposing the firm to risks such as asset destruction,
theft, information corruption, or disruption of the information system.
Preventive-Detective-Corrective Model
1. Preventive Controls: The first line of defense to reduce undesirable events by ensuring compliance with prescribed actions
(e.g., well-designed source documents).
2. Detective Controls: Identify problems that evade preventive controls by comparing actual occurrences to standards (e.g.,
recalculating totals to detect errors).
3. Corrective Controls: Address errors identified by detective controls, though their application requires careful analysis to avoid
compounding the issue.
Sarbanes-Oxley (SOX) and Internal Controls
SOX mandates that public companies establish internal controls over financial reporting and transaction processing systems, w ith
management (including the CEO) certifying their effectiveness. This includes:

● Section 302: CEOs must certify the company’s internal controls quarterly and annually.

● Section 404: Management must assess and report on the effectiveness of these controls annually.
COSO Framework
The Committee of Sponsoring Organizations (COSO) framework, which is endorsed by the PCAOB and the SEC, provides guidelines
for internal control systems. It includes five components:
1. Control Environment: The foundation of internal control, influencing awareness and behavior related to controls.
2. Risk Assessment: Identifying and managing risks that could affect financial reporting.
 3. Information and Communication: Ensuring the organization’s accounting information system accurately records, processes,
and reports transactions.
4. Monitoring: Ongoing assessment of the internal control system's effectiveness.
5. Control Activities: Specific procedures and policies that ensure risks are mitigated.
Key Practices for a Strong Control Environment

● Ensure management integrity, separate the CEO and chairman roles, establish ethical standards, create independent audit
and compensation committees, and ensure proper governance for long-term stability.
Risk Assessment
Management must continually assess risks posed by factors like organizational changes, technology shifts, market conditions, and new
financial reporting standards.
Information and Communication
An effective accounting information system should accurately identify, classify, record, and report transactions. It ensures reliable
financial statements by providing detailed, timely, and accurate transaction data.
Monitoring
Monitoring is the process by which management ensures that internal controls are functioning as designed. It can be done thro ugh
ongoing activities or separate procedures. Internal auditors often carry out separate procedures by testing controls, gatheri ng evidence,
and reporting findings. They may also provide recommendations for improvements.
Ongoing monitoring can be integrated into daily operations using embedded computer modules that track and test controls
automatically. This ensures continuous oversight. Additionally, well-designed management reports are essential for monitoring
performance. These reports allow managers in various departments to track operations, identify trends, and spot anomalies, ensuring
internal controls are working as expected.
Control Activities
Control activities ensure that appropriate actions are taken to address risks and achieve objectives. These activities are typically divided
into IT controls and physical controls.
1. IT Controls: These are focused on the computer environment. They are further divided into:
o General controls, which concern the overall IT infrastructure (e.g., data center management, system development,
and maintenance).
o Application controls, which ensure the integrity of specific systems like sales order processing, payroll, or accounts
payable.
2. Physical Controls: These relate to human activities in the accounting system, which may involve manual processes or the
physical handling of computers and assets. The focus is on people performing or overseeing tasks that trigger transactions or
updates, rather than the computer systems themselves.
Categories of Physical Control Activities:
1. Transaction Authorization
Ensures all transactions are valid and aligned with management objectives. Authorization can be:
o General authorization: Applied for routine transactions like purchases based on predefined rules (e.g., purchasing
inventory when stock levels fall).
o Specific authorization: For nonroutine transactions, such as extending credit limits, typically requiring managerial
approval.
2. Segregation of Duties
To minimize the risk of fraud, duties should be separated into three areas:
o Authorization: The person who authorizes a transaction should not process it.
o Custody: Those who physically handle assets (e.g., inventory) should not record them.
o Record Keeping: Ensures no one has complete control over both asset custody and the record-keeping process,
reducing opportunities for fraud.
The goal is to make fraud difficult by requiring collusion between individuals who hold incompatible responsibilities.
3. Supervision
In smaller organizations, it may be impossible to segregate duties fully. In such cases, supervision compensates for the lack of
segregation. A manager with a manageable span of control oversees employees to ensure compliance with procedures.
Supervision assumes the employees are competent and trustworthy.
4. Accounting Records
Accurate accounting records, such as source documents, journals, and ledgers, capture the details of transactions. These
records create an audit trail, enabling auditors to trace any transaction through all phases—from initiation to financial
statements. This is essential for both operational effectiveness and audit purposes.
5. Access Control
Access to assets, whether physical or through indirect access to records, should be limited to authorized personnel only.
Unauthorized access poses a risk of theft, fraud, or damage to assets. Physical controls like locks and safes, along with
controls over document access, help prevent unauthorized personnel from misusing or destroying critical records.
6. Independent Verification
Verification procedures check the accuracy and integrity of transactions. Unlike supervision, which occurs during an activity,
independent verification happens afterward and is done by someone not directly involved with the task. This helps identify
errors or misstatements in the accounting system. Examples include:
o Reconciling batch totals during transaction processing.
o Comparing physical assets with accounting records.
o Reconciling subsidiary accounts with control accounts.
o Reviewing management reports.
The effectiveness of these controls depends on the organization’s resources, technology, and how frequently verification is c arried out.