m



  6th edition
James A. Hall

g
 
 g g 
!"#$
~

 
Ê x oad issues pe taining to business ethics
Ê Ethical issues elated to the use of info mation
technology
Ê Distinguish between management f aud and
employee f aud
Ê Common types of f aud schemes
Ê Key featu es of SAS 78 / COSO inte nal cont ol
f amewo

Ê Objects and application of physical cont ols
x  
{hy should we be conce ned about ethics in
the business wo ld?
Ê Ethics a e needed when conflicts a iseȄthe
need to choose
Ê In business, conflicts may a ise between:
Ê employees
Ê management
Ê sta
eholde s
Ê Litigation
x  
x



involves finding the answe s to two
questions:
Ê How do manage s decide on what is ight in
conducting thei business?
Ê Once manage s have ecognized what is ight, how do
they achieve it?
ÿ

x  

  
conce ns the social impact of compute technology (ha dwa e,
softwa e, and telecommunications).
{ 
  





D •

D 

  



D  
  
D 


D 
 

D 



 

D   

D 
 
© 

ÿ

Ê ÿ
 
 d false statement o
disclosu e
Ê  
  d a fact must be substantial in
inducing someone to act
Ê 
   must exist
Ê ñhe mis ep esentation must have esulted in
a   

 upon info mation, which
caused someone to act
Ê ñhe mis ep esentation must have caused
a 



ÿ
 
 

ÿ


ÿ

ÿ

Ê Loss due to f aud equal to 6% of evenuesȄ
app oximately $660 billion
Ê Loss by position within the company:

Ê Othe esults: highe losses due to men,

employees acting in collusion, and employees
with advance deg ees





 



Ê © 
m

 uditing fi ms also engaged by thei
clients to pe fo m nonaccounting activities
Ê © 

 

 di ecto s who also se ve on the boa ds
of othe companies, have a business t ading elationship, have a
financial elationship as stoc
holde s o have eceived pe sonal loans,
o have an ope ational elationship as employees
Ê Î
 

 sho t-te m stoc

options as compensation esult in sho t-te m st ategies aimed at
d iving up stoc
p ices at the expense of the fi mǯs long-te m health.
Ê 


m

  a cha acte istic common to many
financial statement f aud schemes.
Ê En on made elabo ate use of special pu pose entities
Ê {o ldCom t ansfe ed t ansmission line costs f om cu ent expense
accounts to capital accounts
 ~ 
 
Its p incipal efo ms pe tain to:
Ê C eation of the Public Company Accounting
Ove sight xoa d (PCAOx)
Ê Audito independenceȄmo e sepa ation between a
fi mǯs attestation and non-auditing activities
Ê Co po ate gove nance and esponsibilityȄaudit
committee membe s must be independent and the
audit committee must ove see the exte nal audito s
Ê Disclosu e equi ementsȄinc ease issue and
management disclosu e
Ê New fede al c imes fo the dest uction of o
tampe ing with documents, secu ities f aud, and
actions against whistleblowe s

ÿ

Ê Committed by    


Ê ‰sually consists of: an employee ta
ing cash o othe
assets fo pe sonal gain by ci cumventing a companyǯs
system of inte nal cont ols
 ÿ

Ê Pe pet ated at levels of management above the
one to which inte nal cont ol st uctu e elates
Ê F equently involves using financial statements to
c eate an illusion that an entity is mo e healthy
and p ospe ous than it actually is
Ê Involves misapp op iation of assets, it f equently
is sh ouded in a maze of complex business
t ansactions
ÿ
 
ñh ee catego ies of f aud schemes acco ding to the
Association of Ce tified F aud Examine s:
A. f audulent statements
x. co uption
C. asset misapp op iation
!ÿ

Ê isstating the financial statements to ma
e the copy
appea bette than it is
Ê ‰sually occu s as management f aud
Ê ay be tied to focus on sho t-te m financial measu es
fo success
Ê ay also be elated to management bonus pac
ages
being tied to financial statements
x!
 

Ê Examples:
Ê b ibe y
Ê illegal g atuities
Ê conflicts of inte est
Ê economic exto tion
Ê Fo eign Co upt P actice Act of 1977:
Ê indicative of co uption in business wo ld
Ê impacted accounting by equi ing accu ate eco ds and
inte nal cont ols
!


Ê ost common type of f aud and often occu s as
employee f aud
Ê Examples:
Ê ma
ing cha ges to expense accounts to cove theft of
asset (especially cash)
Ê : using custome ǯs chec
f om one account to
cove theft f om a diffe ent account
Ê 
 

: deleting, alte ing, o adding false
t ansactions to steal assets
 
 ÿ
 
Ê ñheft, misuse, o misapp op iation of assets by
alte ing compute - eadable eco ds and files
Ê ñheft, misuse, o misapp op iation of assets by
alte ing logic of compute softwa e
Ê ñheft o illegal use of compute - eadable
info mation
Ê ñheft, co uption, illegal copying o intentional
dest uction of softwa e
Ê ñheft, misuse, o misapp op iation of compute
ha dwa e
 ‰

 


  
 
   
 




ÿ

Ê ñhis aspect of the system is the 
 

because it is elatively easy to change data as it is being
ente ed into the system.
Ê Also, the GIGO (ga bage in, ga bage out) p inciple
eminds us that if the input data is inaccu ate,
p ocessing will esult in inaccu ate output.

ÿ

•




Ê alte ing p og ams to allow illegal access to and/o
manipulation of data files
Ê dest oying p og ams with a vi us
~ 




Ê misuse of company compute esou ces, such as
using the compute fo pe sonal business
 ÿ

Ê Alte ing, deleting, co upting, dest oying, o stealing
an o ganizationǯs data
Ê Oftentimes conducted by disg untled o ex-employee


"
ÿ


 





 
Ê sea ching th ough the t ash cans on the compute
cente fo disca ded output (the output should be
sh edded, but f equently is not)


~





ü  



of the fi m



 
 
 of accounting
eco ds and info mation
 •
of the fi mǯs ope ations
 

  with managementǯs
p esc ibed policies and p ocedu es
 

  

 


~

Ê   


ñhe establishment and maintenance of a system of inte nal
cont ol is the esponsibility of management.
Ê 
 



ñhe cost of achieving the objectives of inte nal cont ol should
not outweigh its benefits.
Ê 
  •



ñhe techniques of achieving the objectives will va y with
diffe ent types of technology.
©




Ê Possibility of honest e o s
Ê Ci cumvention via collusion
Ê anagement ove ide
Ê Changing conditions--especially in companies with
high g owth
 
 
#


$%#&
Ê 

 of an asset
Ê ñ of an asset
Ê g

of info mation

Ê 

of the info mation system
ñ 

 

•









  
Undesirable Events

Preventive Preventive Preventive Preventive

Levels Detective Detective Detective

of
Control

Corrective Corrective Corrective

 '()~~
Desc ibes the elationship between the fi mǯsǥ
Ê inte nal cont ol st uctu e,
Ê audito ǯs assessment of is
, and
Ê the planning of audit p ocedu es
à






%"#$#$
##"&"!
'$''# 
ÿ




*'()~~
1. Cont ol envi onment
2. Ris
assessment
3. Info mation and communication
4. onito ing
5. Cont ol activities
ü*ñ 



Ê Integ ity and ethics of management
Ê O ganizational st uctu e
Ê Role of the boa d of di ecto s and the audit
committee
Ê anagementǯs policies and philosophy
Ê Delegation of esponsibility and autho ity
Ê Pe fo mance evaluation measu es
Ê Exte nal influencesȄ egulato y agencies
Ê Policies and p actices managing human
esou ces
*%#
Ê Identify, analyze and manage is
s elevant to
financial epo ting:
Ê changes in exte nal envi onment
Ê is
y fo eign ma
ets
Ê significant and apid g owth that st ain inte nal
cont ols
Ê new p oduct lines
Ê est uctu ing, downsizing
Ê changes in accounting policies
*



 

Ê ñhe AIS should p oduce high quality info mation
which:
Ê identifies and eco ds all 
t ansactions
Ê p ovides  
 info mation in app op iate detail to
pe mit p ope classification and financial epo ting
Ê   
 measu es the financial value of t ansactions
Ê accu ately eco ds t ansactions  
 
 
 




 

Ê Audito s must obtain sufficient
nowledge of the IS to
unde stand:
Ê the classes of t ansactions that a e mate ial
Ê how these t ansactions a e initiated [input]
Ê the associated accounting eco ds and accounts used in
p ocessing [input]
Ê the t ansaction p ocessing steps involved f om the
initiation of a t ansaction to its inclusion in the financial
statements [p ocess]
Ê the financial epo ting p ocess used to compile financial
statements, disclosu es, and estimates [output]

A %#'#( !#)


*


ñhe p ocess fo assessing the quality of inte nal cont ol
design and ope ation
[ñhis is feedbac
in the gene al AIS model.]
Ê Sepa ate p ocedu esȄtest of cont ols by inte nal audito s
Ê Ongoing monito ing:
Ê compute modules integ ated into outine ope ations
Ê management epo ts which highlight t ends and
exceptions f om no mal pe fo mance

A %#'#( !#)

**


Ê Policies and p ocedu es to ensu e that the app op iate
actions a e ta
en in esponse to identified is
s
Ê Fall into two distinct catego ies:
Ê Iñ cont olsȄ elate specifically to the compute
envi onment
Ê Physical cont olsȄp ima ily pe tain to human activities
ñ
ñ
ñ


Ê Ú


pe tain to the entitywide
compute envi onment
Ê Examples: cont ols ove the data cente , o ganization
databases, systems development, and p og am
maintenance
Ê   

ensu e the integ ity of
specific systems
Ê Examples: cont ols ove sales o de p ocessing, accounts
payable, and pay oll applications
 ñ
 


Ê ñ ansaction Autho ization
Ê Seg egation of Duties
Ê Supe vision
Ê Accounting Reco ds
Ê Access Cont ol
Ê Independent Ve ification
 


ñ

 
 
Ê used to ensu e that employees a e ca ying out only
autho ized t ansactions
Ê 
 (eve yday p ocedu es) o    (non-
outine t ansactions) autho izations
 



  

Ê In manual systems, sepa ation between:
Ê 

!


 

Ê 





Ê 
Ê In compute ized systems, sepa ation between:
Ê 




Ê 





Ê 


 
 


 


Ê a compensation fo lac
of seg egation; some may
be built into compute systems
 


Ê p ovide an audit t ail
 




g


Ê help to safegua d assets by est icting physical
access to them
 
 
Ê eviewing batch totals o econciling subsidia y
accounts with cont ol accounts
 · 

 
  


g# (*
$

-.$,

g# (* g+ $

-.$

g+ $

g# (* ", "

", "

-.$/
 

ñ
 
ñ

 
 
Ê ñhe ules a e often embedded within compute
p og ams.
Ê EDI/JIñ: automated e-o de ing of invento y without
human inte vention
 

ñ
 

  

Ê A compute p og am may pe fo m many tas
s that a e
deemed incompatible.
Ê ñhus the c ucial need to sepa ate p og am development,
p og am ope ations, and p og am maintenance.
 

ñ
 
 


Ê ñhe ability to assess competent employees becomes
mo e challenging due to the g eate technical

nowledge equi ed.
 

ñ
 
 


Ê ledge accounts and sometimes sou ce documents a e

ept magnetically
Ê no audit t ail is eadily appa ent
 

ñ
 


g

Ê Data consolidation exposes the o ganization to compute
f aud and excessive losses f om disaste .
 

ñ
 
 
 
Ê {hen tas
s a e pe fo med by the compute athe than
manually, the need fo an independent chec
is not
necessa y.
Ê Howeve , the p og ams themselves a e chec
ed.