Professional Documents
Culture Documents
COMPUTER ETHICS
Computer ethics - is the analysis of the
nature and social impact of computer
technology and the corresponding
formulation and justification of policies for
the ethical use of such technology. [This
includes] concerns about software as well as
hardware and concerns about networks
connecting computers as well as computers
themselves.
Privacy
People desire to be in full control of
what and how much information about
themselves is available to others, and to
whom it is available.
Security (Accuracy and Confidentiality)
Computer security is an attempt to
avoid such undesirable events as a loss of
confidentiality or data integrity. Security
systems attempt to prevent fraud and other
misuse of computer systems; they act to
protect and further the legitimate interests
of the systems constituencies.
Section 406Code of Ethics for Senior
Financial Officers
Section 406 of SOX requires public
companies to disclose to the SEC whether
they have adopted a code of ethics that
applies to the organizations CEO, CFO,
controller, or persons performing similar
functions.
The SEC has ruled that compliance
with Section 406 necessitates a written code
of ethics that addresses the following ethical
issues.
- Conflicts of Interest
Internal Reporting of Code
Violations
- Full and Fair Disclosures
Accountability
- Legal Compliance
DEFINITIONS OF FRAUD
Fraud denotes a false representation
of a material fact made by one party to
another party with the intent to deceive and
induce the other party to justifiably rely on
the fact to his or her detriment.
Management fraud is more
insidious than employee fraud because it
often escapes detection until the
organization has suffered irreparable
damage or loss. Usually management fraud
does not involve the direct theft of assets.
Employee fraud, or fraud by nonmanagement employees, is generally
Fraud Losses
within the
Organization
Fraud Losses
Effect
Fraud Losses
Fraud Losses
Fraud Losses
by Position
FRAUD SCHEMES
Fraud schemes can be classified in a
number of different ways. For purposes of
discussion, this section presents the ACFE
classification format. Three broad categories
of fraud schemes are defined: fraudulent
statements,
corruption,
and
asset
misappropriation.
Fraudulent Statements
Fraudulent statements are associated
with management fraud. Whereas all fraud
involves
some
form
of
financial
misstatement, to meet the definition under
this class of fraud scheme, the statement
itself must bring direct or indirect financial
benefit to the perpetrator. In other words,
the statement is not simply a vehicle for
obscuring or covering a fraudulent act.
The Underlying Problems
1. Lack of auditor independence
4.
Inappropriate
executive
accounting
Expense Reimbursements
Expense reimbursement frauds are
schemes in which an employee makes a
claim for reimbursement of fictitious or
inflated business expenses.
Thefts of Cash
Thefts of cash are schemes that
involve the direct theft of cash on hand in
the organization
Non-Cash Misappropriations
Non cash fraud schemes involve the
theft or misuse of the victim organizations
non cash assets.
COMPUTER FRAUD
Data Collection - is the first operational
stage in the information system. The
objective is to ensure that transaction data
entering the system are valid, complete, and
free from material errors.
Masquerading involves a
perpetrator gaining access to the
system from a remote site by
pretending to be an authorized user.
Piggybacking is a technique in
which the perpetrator at a remote
site taps into the telecommunications
lines and latches onto an authorized
user who is logging into the system.
Data Processing - once collected, data
usually require processing to produce
information. Tasks in the data processing
stage range from simple to complex.
Program fraud includes the
following techniques:
(1) creating illegal programs that can
access data files to alter, delete,
or insert values into accounting
records
(2) destroying or corrupting a
programs logic using a computer
virus
(3) altering program logic to cause
the application to process data
incorrectly.
Operations fraud is the misuse or
theft of the firms computer
resources. This often involves using
the computer to conduct personal
business.
Inadequate disclosures
MISAPPROPRIATION OF ASSETS
TWO RISK FACTORS
1. Susceptibility of assets to
misappropriation - pertains to its
nature and the degree to which it is
subject to theft.
2. Controls - involves the inadequacy
or lack of controls designed to
prevent or detect misappropriation of
assets.
Examples of Common Schemes
Personal purchases Ghost
employees
Fictitious expenses
Lapping
Altered payee
Passthrough vendors Theft of cash (or
inventory)
AUDITOR'S RESPONSE TO RISK
ASSESSMENT
1. Engagement staffing and extent of
supervision.
2. Professional skepticism
3. Nature, timing, and extent of procedures
performed.
DOCUMENTATION REQUIREMENTS
Where risk factors are identified, the
documentation should include:
1. those risk factors identified
2. the auditors response to them.