Chapter 12

BUSINESS ETHICS, FRAUD,

AND FRAUD DETECTION
ETHICAL ISSUES IN BUSINESS
Ethical standards are derived from
societal mores and deep-rooted personal
beliefs about issues of right and wrong that
are not universally agreed upon. It is quite
possible for two individuals, both of whom
consider themselves to be acting ethically,
to be on opposite sides of an issue.
BUSINESS ETHICS
Ethics - pertains to the principles of conduct
that individuals use in making choices and
guiding their behavior in situations that
involve the concepts of right and wrong.
Business Ethics - involves finding the
answers to two questions:
1. How do managers decide what is
right in conducting their business?
2. Once managers have recognized
what is right, how do they achieve it?
Four Areas of Ethical Issues in Business
- Equity
- Honesty
- Rights
- Exercise of corporate
power
Making Ethical Decisions
The following ethical principles
provide some guidance in the discharge of
responsibility:
Proportionality - the benefit from a
decision must outweigh the risks.
Furthermore, there must
be no alternative decision that
provides the same or greater benefit with
less risk.
Justice - the benefits of the decision should
be distributed fairly to those who share the
risks.
Those who do not benefit should not
carry the burden of risk.
Minimize risk - even if judged acceptable
by the principles, the decision should be
implemented
so as to minimize all of the risks and
avoid any unnecessary risks.

COMPUTER ETHICS
Computer ethics - is the analysis of the
nature and social impact of computer
technology and the corresponding
formulation and justification of policies for
the ethical use of such technology. [This
includes] concerns about software as well as
hardware and concerns about networks
connecting computers as well as computers
themselves.
Privacy
People desire to be in full control of
what and how much information about
themselves is available to others, and to
whom it is available.
Security (Accuracy and Confidentiality)
Computer security is an attempt to
avoid such undesirable events as a loss of
confidentiality or data integrity. Security
systems attempt to prevent fraud and other
misuse of computer systems; they act to
protect and further the legitimate interests
of the systems constituencies.
Section 406Code of Ethics for Senior
Financial Officers
Section 406 of SOX requires public
companies to disclose to the SEC whether
they have adopted a code of ethics that
applies to the organizations CEO, CFO,
controller, or persons performing similar
functions.
The SEC has ruled that compliance
with Section 406 necessitates a written code
of ethics that addresses the following ethical
issues.
- Conflicts of Interest
Internal Reporting of Code
Violations
- Full and Fair Disclosures
Accountability
- Legal Compliance
DEFINITIONS OF FRAUD
Fraud denotes a false representation
of a material fact made by one party to
another party with the intent to deceive and
induce the other party to justifiably rely on
the fact to his or her detriment.
Management fraud is more
insidious than employee fraud because it
often escapes detection until the
organization has suffered irreparable
damage or loss. Usually management fraud
does not involve the direct theft of assets.
Employee fraud, or fraud by nonmanagement employees, is generally

designed to directly convert cash or other

assets to the employees personal benefit.
THE FRAUD TRIANGLE
The fraud triangle consists of three factors
that contribute to or are associated with
management and employee fraud. These
are:
1. situational pressure, which
includes personal or job-related
stresses that could coerce an
individual to act dishonestly;
2. opportunity, which involves direct
access to assets and/or access to
information that controls assets,
and;
3. ethics, which pertains to ones
character and degree of moral
opposition to acts of dishonesty.
THE PERPETRATORS OF FRAUDS

Fraud Losses
within the
Organization

Fraud Losses
Effect

Fraud Losses

Fraud Losses

Fraud Losses

by Position

and the Collusion

by Gender
by Age
by Education

FRAUD SCHEMES
Fraud schemes can be classified in a
number of different ways. For purposes of
discussion, this section presents the ACFE
classification format. Three broad categories
of fraud schemes are defined: fraudulent
statements,
corruption,
and
asset
misappropriation.
Fraudulent Statements
Fraudulent statements are associated
with management fraud. Whereas all fraud
involves
some
form
of
financial
misstatement, to meet the definition under
this class of fraud scheme, the statement
itself must bring direct or indirect financial
benefit to the perpetrator. In other words,
the statement is not simply a vehicle for
obscuring or covering a fraudulent act.
The Underlying Problems
1. Lack of auditor independence

2. Lack of director independence

3.
Questionable
compensation schemes
practices.

4.

Inappropriate

executive
accounting

Sarbanes-Oxley Act and Fraud

The act establishes a framework to
modernize and reform the oversight and
regulation of public company auditing. Its
principal reforms pertain to the following:
(1) the creation of an accounting
oversight board,
(2) auditor independence,
(3) corporate governance and
responsibility,
(4) disclosure requirements, and
(5) penalties for fraud and other
violations.
These provisions are discussed in the
following section.
1. Accounting oversight board. SOX
created the Public Company
Accounting Oversight Board (PCAOB)
to set auditing, quality control, and
ethics standards; to inspect
registered accounting firms; to
conduct investigations; and to take
disciplinary actions.
Corruption
Corruption involves an executive,
manager, or employee of the organization in
collusion with an outsider.
Bribery
Bribery involves giving, offering,
soliciting, or receiving things of value to
influence an official in the performance of his
or her lawful duties.
Illegal Gratuities
An illegal gratuity involves giving,
receiving, offering, or soliciting something of
value because of an official act that has
been taken
Conflicts of Interest
A conflict of interest occurs when an
employee acts on behalf of a third party
during the discharge of his or her duties or

has self-interest in the activity being

performed.
Economic Extortion
Economic extortion is the use (or
threat) of force (including economic
sanctions) by an individual or organization to
obtain something of value
Asset Misappropriation
The most common fraud schemes
involve some form of asset misappropriation
in which assets are either directly or
indirectly diverted to the perpetrators
benefit
Skimming
Skimming involves stealing cash from
an organization before it is recorded on the
organizations books and records. One
example of skimming is an employee who
accepts payment from a customer but does
not record the sale. Another example is
mailroom fraud.
Cash Larceny
Cash larceny involves schemes
where cash receipts are stolen from an
organization after they have been recorded
in the organizations books and records
Billing Schemes
Billing schemes, also known as
vendor fraud, are perpetrated by employees
who cause their employer to issue a
payment to a false supplier or vendor by
submitting invoices for fictitious goods or
services, inflated invoices, or invoices for
personal purchases
Check Tampering
Check tampering involves forging or
changing in some material way a check that
the organization has written to a legitimate
payee. O
Payroll Fraud
Payroll fraud is the distribution of
fraudulent pay checks to existent and/or
non-existent employees.

Expense Reimbursements
Expense reimbursement frauds are
schemes in which an employee makes a
claim for reimbursement of fictitious or
inflated business expenses.
Thefts of Cash
Thefts of cash are schemes that
involve the direct theft of cash on hand in
the organization
Non-Cash Misappropriations
Non cash fraud schemes involve the
theft or misuse of the victim organizations
non cash assets.
COMPUTER FRAUD
Data Collection - is the first operational
stage in the information system. The
objective is to ensure that transaction data
entering the system are valid, complete, and
free from material errors.
Masquerading involves a
perpetrator gaining access to the
system from a remote site by
pretending to be an authorized user.
Piggybacking is a technique in
which the perpetrator at a remote
site taps into the telecommunications
lines and latches onto an authorized
user who is logging into the system.
Data Processing - once collected, data
usually require processing to produce
information. Tasks in the data processing
stage range from simple to complex.
Program fraud includes the
following techniques:
(1) creating illegal programs that can
access data files to alter, delete,
or insert values into accounting
records
(2) destroying or corrupting a
programs logic using a computer
virus
(3) altering program logic to cause
the application to process data
incorrectly.
Operations fraud is the misuse or
theft of the firms computer
resources. This often involves using
the computer to conduct personal
business.

KINDS OF COMMON SCHEMES:

Database Management - the
organizations database is its physical
repository for financial and nonfinancial
data. Database management fraud
includes altering, deleting, corrupting,
destroying, or stealing an organizations
data
Information Generation - Information
generation is the process of compiling,
arranging, formatting, and presenting
information to users. Regardless of physical
form, useful information has the following
characteristics: relevance, timeliness,
accuracy, completeness, and summarization.
AUDITORS RESPONSIBILITY FOR
DETECTING FRAUD
1. Description and characteristics of fraud
2. Professional scepticism
3. Engagement personnel discussion
4. Obtaining audit evidence and information
5. Identifying risks
6. Assessing the identified risks
7. Responding to the assessment
8. Evaluating audit evidence and information
9. Communicating possible fraud
10. Documenting consideration of fraud

FRAUDULENT FINANCIAL REPORTING

1. Managements characteristics and
influence over the control environment.
2. Industry conditions
3. Operating characteristics and financial
stability.

Improper revenue recognition

Improper treatment of sales

Improper asset valuation

Improper deferral of costs and

expenses

Improper recording of liabilities

Inadequate disclosures

MISAPPROPRIATION OF ASSETS
TWO RISK FACTORS
1. Susceptibility of assets to
misappropriation - pertains to its
nature and the degree to which it is
subject to theft.
2. Controls - involves the inadequacy
or lack of controls designed to
prevent or detect misappropriation of
assets.
Examples of Common Schemes
Personal purchases Ghost
employees
Fictitious expenses
Lapping
Altered payee
Passthrough vendors Theft of cash (or
inventory)
AUDITOR'S RESPONSE TO RISK
ASSESSMENT
1. Engagement staffing and extent of
supervision.
2. Professional skepticism
3. Nature, timing, and extent of procedures
performed.

FRAUD DETECTION TECHNIQUES

RESPONSE TO DETECTED
MISSTATEMENTS DUE TO FRAUD

Fraud Profile - identifies the data

characteristics that one would expect to find
in a specific type of fraud scheme.

When the auditor has determined that fraud

exists but has had no material effect on the
financial statements, the editor should:
Payments to Fictitious Vendors
Refer the matter to an appropriate level of
management at least one level above those
involved.

* Sequential Invoice Numbers

* Vendors with P.O Boxes

Be satisfied that implications for other

aspects of the audit have been adequately
considered.

* Vendors with Employee Addresses

* Multiple Companies with the Same Address

When the fraud has had a material

effect on the financial statements or the
auditor is unable to evaluate its degree of
materiality, the auditor should:

* Invoice Amounts Slightly below the Review

Threshold

Consider the implications for other aspects

of the audit.

Two Common Forms of Payroll Fraud

Discuss the matter with senior

management and with a board of directors
audit committee.

1. Over payment of employees - involves

inflating the number of hours worked and/or
issuing duplicate payroll checks.

Attempt to determine whether the fraud is

material.

2. Payments to non-existent employees

- involves entering fictitious employees into
the payroll system.

Suggest that the client consult with legal

counsel, if appropriate.

DOCUMENTATION REQUIREMENTS
Where risk factors are identified, the
documentation should include:
1. those risk factors identified
2. the auditors response to them.

LAPPING ACCOUNTS RECEIVABLE

Two Common Methods of Managing a
Accounts Receivable
1. The Balance Forward Method - is used
extensively for consumer accounts
2. The Open Invoice Method - is often
used to manage trade accounts receivable
(sales to other business organizations).