Chapter 3

Ethics, Fraud, and Internal

Control

Introduction to Accounting Information

Systems, 8e
James A. Hall

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Business Ethics

Why should we be concerned about ethics in

the business world?
 Ethics are needed when conflicts arise—the
need to choose
 In business, conflicts may arise between:
 employees
 management
 stakeholders
 Litigation
2
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Business Ethics

Business ethics involves finding the answers to

two questions:
 How do managers decide on what is right in
conducting their business?
 Once managers have recognized what is right,
how do they achieve it?

 Proportionality: The benefit from a decision

must outweigh the risks.
3
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Ethics…
Concerns the social impact of computer technology
(hardware, software, and telecommunications).

What are the main computer ethics issues?

 Privacy
 Security—accuracy and confidentiality
 Ownership of property
 Equity in access
 Environmental issues
 Artificial intelligence
 Unemployment and displacement
 Misuse of computer

4
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer ethics issues
 Privacy:
People desire to be in full control about the
availability of their information to others.
 Security (accuracy and confidentiality):
It arises from the creation of shared, computerized
databases that have the potential to cause
irreparable harm to individuals.
 Ownership of property:
Copyright attempt to protect those who develop
software from having it copied.
5
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer ethics issues
 Equity in access:
Several factors some of which are not unique to
information systems, can limit access to computing
technology.
 Environmental issues:
Papers come from trees, a precious natural
resource ends up in landfills if not properly
recycled.
 Unemployment and displacement:
People unable to change as a result of computer
technology are displaced. 6
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer ethics issues
 Artificial intelligence:
Both who write the programs and who provide the
knowledge about the task being automated must
be concerned about their responsibility for faulty
decisions and incomplete or inaccurate
knowledge.
 Misuse of computer:
Copying proprietary software, using a company’s
software for personnel benefit and snooping
through other people’s files…

7
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Legal Definition of Fraud
 False representation - false statement or
disclosure
 Material fact - a fact must be substantial in
inducing someone to act
 Intent to deceive must exist
 The misrepresentation must have resulted in
justifiable reliance upon information, which
caused someone to act
 The misrepresentation must have caused
injury or loss
8
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Employee Fraud Level

 Committed by non-management personnel

 Usually consists of an employee taking cash or

other assets for personal gain by circumventing a
company’s system of internal controls

9
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Management Fraud Level
 Perpetrated at levels of management above the
one to which internal control structure relates

 Frequently involves using financial statements to

create an illusion that an entity is more healthy and
prosperous than it actually is

10
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Fraud Triangle
 It consists of 3 factors:

1- situational pressure, personal or job-related

stresses that could coerce an individual to act
dishonestly

2- opportunity, direct access to assets, weakness

of internal control system

3- ethics, character and degree of moral

opposition to act dishonestly
11
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Fraud Triangle
Pressure Opportunity
No Fraud

Pressure Opportunity

Person with high Ethics

Fraud
Person with low Ethics12
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Financial Losses From Fraud
The actual cost of fraud is difficult to quantify for
many reasons:
 Not all fraud is detected
 Not all fraud reported
 Incomplete information is gathered
 Information is not properly distributed to
management
 Too often, organizations decide to take no civil or
criminal action against the perpetrator

13
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Fraud schemes
 Fraudulent Statements
 Corruption
 Asset Misappropriation

1- Fraudulent Statements, associated with

management fraud. It must bring direct or
indirect financial benefit to the perpetrator

14
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Fraud schemes
2- Corruption, involves an executive, manager or
employee in collusion with an outsider.
 Examples:
 Bribery: giving, offering, soliciting or receiving things of
value to influence the performance of lawful duties.

 Illegal gratuities: similar to bribery but the transaction

occur after the fact.

 Conflicts of interest: an employee acts on behalf of a

third party

 Economic extortion: the use of force to obtain

15
something of value.
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Fraud schemes
3- Asset Misappropriation, assets are either
directly or indirectly diverted to the perpetrator’s
benefit.
 Most common type of fraud and often occurs as
employee fraud
 Examples:
 Skimming: stealing cash before it is recorded in books
 Cash Larceny: cash receipts are stolen after they have
been recorded in the books
 Check Tampering: forging in checks that the firm has
written to a legitimate payee.
16
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Asset Misappropriation examples
 Billing schemes: perpetrated by employees who cause
their employer to issue a payment to a false vendor:
a- Shell Company Fraud: perpetrator establish a false
supplier on the books
b- Pass through Fraud: similar to shell company but the
transaction actually takes place
c- Pay-and-Return: a clerk with check-writing who pays
a vendor twice for the same invoice
 Payroll Fraud: distribution of fraudulent paychecks to
existent or nonexistent employees

 Thefts Of Cash: direct theft of cash on hand

17
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Asset Misappropriation examples
 Expense reimbursements: an employee makes a claim
for reimbursement of fictitious or inflated expenses.

 Non-Cash Misappropriation: the theft or the misuse of

non-cash assets

 Computer Fraud: requires an awareness of technology

and internal control issues

18
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Internal Control System

 Internal control system includes a set of rules,

policies, and procedures an organization
implements to prevent, detect and correct fraud,
errors and other undesirable events..

 Management Responsibility
The establishment and maintenance of a system of
internal control is the responsibility of management.

19
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Internal Control Objectives

1. Safeguard assets of the firm

2. Ensure accuracy and reliability of accounting
records and information
3. Promote efficiency of the firm’s operations
4. Measure compliance with management’s
prescribed policies and procedures

20
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Limitations of Internal Controls

 Possibility of honest errors

 Circumvention via collusion
 Management override
 Changing conditions--especially in companies
with high growth
(control may become ineffective when some
conditions change)

21
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Exposures of Weak Internal
Controls (Risk)
The absence or weakness of a control.
Risks caused :
 Destruction of an asset
 Theft of an asset
 Corruption of information
 Disruption of the information system

22
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The Internal Controls Shield

23
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The Preventive-Detective-Corrective
Internal Control Model
 Preventive Control, passive techniques
designed to reduce the frequency of occurrence
undesirable events. Examples:
 Segregation of duties.
 Pre-approval of actions and transactions.
(Authorization)
 Physical control over assets (i.e. locks).
 Computer passwords and access controls.
 Employee screening and training.
24
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The Preventive-Detective-
Corrective Internal Control Model
 Detective Control, devices, techniques and
procedures designed to identify and expose
undesirable events that elude preventive controls.
Examples:
 Audits are an example of a detective control.
Monthly reconciliation of bank accounts,
reconciliation of petty cash accounts, audits of
payroll disbursements or conducting physical
inventory count.

25
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The Preventive-Detective-
Corrective Internal Control Model
 Corrective Control, are actions taken to
reverse the effects of errors detected in the
previous step. They are designed to prevent
errors and irregularities from reoccurring once
they are discovered. Examples:
 Policies and procedures for reporting errors and
irregularities so they can be corrected
 Continuous improvement processes to adopt the
latest operational techniques
26
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Preventive, Detective, and Corrective
Controls

Figure 3-3
27
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Five Internal Control Components:
SAS 109 / COSO
(Committee of Sponsoring Organizations of the Treadway Commission)

1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities

28
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 1: The Control Environment
 Integrity and ethics of management
 Organizational structure
 Role of the board of directors and the audit
committee
 Management’s policies and philosophy
 Delegation of responsibility and authority
 Performance evaluation measures
 External influences—regulatory agencies
 Policies and practices managing human
resources
29
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 2: Risk Assessment
 Identify, analyze and manage risks relevant to
financial reporting:
 changes in external environment
 risky foreign markets
 significant and rapid growth that strain internal
controls
 new product lines
 restructuring, downsizing
 changes in accounting policies
 New personnel
 Implementation of new technologies
30
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
3: Information and Communication
 The AIS should produce high quality information
which:
 identifies and records all valid transactions
 provides timely information in appropriate detail to
permit proper classification and financial reporting
 accurately measures the financial value of
transactions
 accurately records transactions in the time period in
which they occurred

31
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 4: Monitoring
The process for assessing the quality of internal
control design and operation
[This is feedback in the general AIS model. (evaluation)]
 Separate procedures—test of controls by internal
auditors
 Ongoing monitoring:
 computer modules integrated into routine
operations
 management reports which highlight trends and
exceptions from normal performance
[red shows relationship to the general AIS model]
32
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 5. Physical Controls

 Transaction Authorization
 Segregation of Duties
 Supervision
 Accounting Records
 Access Control
 Independent Verification

33
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Physical Controls
Transaction Authorization
 used to ensure that employees are carrying out
only authorized transactions
 general authorizations(everyday procedures)
- Example: list of approved vendors

 specific authorizations (non-routine transactions)

- Example: Purchase of a new fixed asset

34
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Physical Controls
Segregation of Duties
 In manual systems, separation between:
 Authorizing (purchasing) and processing (Inventory)
a transaction
 custody (Physical Inventory) and recordkeeping
( Inventory records) of the asset

 Organizations should be structured so that a

successful fraud requires collusion between
two or more individuals with incompatible resp.
35
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Segregations of Duties Objectives
TRANSACTION

Control
Objective 1 Authorization Processing

Control
Objective 2 Authorization Custody Recording

Control General
Objective 3
Journals Ta 1 Subsidiary
Ledgers Ledger

Figure 3-4
36
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Physical Controls
Supervision
 a compensation for lack of segregation of duties
that a firm employ a large number of employees;
which is difficult in small organizations.
 A competent and trustworthy employee
promotes the supervisory efficiency.
Accounting Records
 Provide an audit trail
 Source documents, journal, ledger

37
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Physical Controls
Access Controls
 Ensure that only authorized personnel have
access to assets. There are 2 types of access
controls:
 Direct access controls to assets: using
techniques to safeguard physical assets:
security alarm system, fences, safes, locks,…
 Indirect access controls to assets:
safeguard information and documents: using
passwords for computers, put the documents
in a safe box,…
38
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Physical Controls

 Independent Verification
 Independent checks of the accounting system
to identify errors and misrepresentations.
Examples:
 reviewing batch totals or reconciling subsidiary
accounts with control accounts.
 Comparing physical assets with accounting
records.
 Bank accounts reconciliation.
39
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Thank you!

40
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.