Day-7 Internal Control System, Ethics, Fraud and Controls For AIS PDF

PEMP-ACF501
Day 7
Internal Control System, Ethics,
Fraud and Controls for AIS
Session Speaker
p
Ms. Shubha P.
M.S.Ramaiah School of Advanced Studies - Bangalore 1

PEMP-ACF501
Session Objectives
At the end of this session students will be able to
understand:
• The internal control concept
• The environment and structure of internal control
• The internal controlling activities
• The
Th risk
i k assessmentt
• The controlling activities in the revenue and
expenditure
• The activities on the internal control on general ledger

PEMP-ACF501
Session Objectives
At the end of the session students will be able to
understand:
• Meaning of Business ethics and computer ethics
• Process of fraud.
• Factors that contribute to Fraud.
• Computer fraud and its schemes
• Computer Fraud in Accounting
• IT Control
C t l on computer t fraud
f d
• Approaches and techniques to commit computer fraud
3
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 3
PEMP-ACF501
Session Contents
• Internal Control
• Concepts of internal control
• Internal control structure and its environment
• Controlling activities and its risk
• Control problems caused by computers
• Controls on revenue, expenditure and general ledger

PEMP-ACF501
Session content
• Introduction to ethics
• Meaning of Business ethics and computer ethics
• Fraud and its process
• Factors that contribute to Fraud.
• Computer fraud and its schemes
• Computer Fraud in Accounting
• IT Control
C t l on computer t fraud
f d
• Approaches and techniques to commit computer
fraud
5
PEMP-ACF501
Internal Control
9“Internal
9 Internal control is defined as a process effected
by an organisation's structure, work and authority
flows,, ppeople
p and Accounting g information systems,
y ,
designed to help the organisation accomplish specific
goals or objectives”
9 “Internal Control is a state that management strives
to achieve to provide reasonable assurance that the
fi ’ objectives
firm’s bj i will
ill be
b achieved”
hi d”

PEMP-ACF501
Importance of Internal Control

9 It plays an important role in preventing and detecting
fraud
9 Protectingg the organisation's
g resources,,
both physical (e.g., machinery and property)
intangible (e.g.,
(e g reputation or intellectual property
such as trademarks).
9 Internal
e control
co o objectives
objec ves relate
e e too thee reliability
e b y of o
financial reporting

PEMP-ACF501
Importance of Internal Control
9 Timely feedback on the achievement of operational or
Strategic goals,
goals and compliance with laws and
regulations.
9 Internal control refers to the actions taken to achieve
a specific objective (e.g., how to ensure the
organisation's
g ppayments
y to third pparties are for valid
services rendered.)
9 Internal control pprocedures reduce pprocess variation,,
leading to more predictable outcomes.

PEMP-ACF501
Control Concepts
Internal Control systems comprises policies,
practices and procedures employed by the
organisation to achieve 4 broad objectives.
1. To safeguard assets of the firm
2. To ensure the accuracy and reliability of accounting
records
d andd information.
i f i
3. To promote efficiency in the firm’s operation.
4. To measure compliance with management’s
prescribed policies and procedures.

PEMP-ACF501
Control Concepts
Inherent to these control objectives are four
modifying
df assumptions that
h guide d designers
d andd
auditors of internal control:
1 Management
1. M t responsibility:
ibilit Establishment
E t bli h t andd
maintenance of a system of internal control is a
management responsibility.
responsibility
2. Reasonable Assurance: Internal Control system
should provide reasonable assurance that the
objectives are met in a cost effective manner.

PEMP-ACF501
Control Concepts
3. Methods of Data processing: IC should achieve
objectives regardless of the data processing method
used.
4. The control framework is called the Internal
Control Structure.

PEMP-ACF501
Components and Major
Considerations of the IC Structure

PEMP-ACF501
Control Environment
The Control Environment establishes the tone of a
company influencing the control consciousness of its
company,
employees.
It is comprised
p off eight
g components:
p
1. Management philosophy and operating style
2. Integrity and ethical values
3 Commitment
3. C it t to
t competence
t
4. The Board of Directors and the Audit Committee
5. Organisational
g Structure
6. Assignment of authority and responsibility
7. Human resources policies and practices
8. External Influences
PEMP-ACF501
Internal Environment
Management Philosophy and Operating Style:
Management emphasises short-term profits and
operating goals over long-term goals
Management dominated
d i d by
b one or a few
individuals
Type of business risks does management take and
the risk.
Management conservative or aggressive toward
selecting
l ti from
f available
il bl alternative
lt ti accounting
ti
principles

PEMP-ACF501
Organisation Structure:
• An up-to-date organisation chart prepared,
showing the names of key personnel
• The information systems function
separated from incompatible functions
• The accounting department is organised
• The internal audit function separate and distinct
from accounting
• Subordinate managers report to more than one
supe v so
supervisor

PEMP-ACF501
Assignment of Authority and Responsibility
• The company prepare written employee job
descriptions defining specific duties and reporting
relationships
• Written approval required for changes made to
information systems
y
• The company clearly delineate employees and
managers the boundaries of authority
responsibility relationships
• The company properly delegate authority to
employees and departments

PEMP-ACF501
Human Resource Policies and Practices:
• N
New personnell indoctrinated
i d t i t d withith respectt to
t Internal
I t l
Controls, Ethics Policies, and Corporate Code of Conduct
• Grievance Procedures to manage conflict in force
• The company maintains a sound employee relations
program
• Employees work in a safe and healthy environment
• Counseling Programs are available to employees
• Proper Separation Programs in force for employees who
leave the firm
• Critical employees linking

PEMP-ACF501
Control Activity
Control activities may also be explained by the type
or nature of activity.
These include:
• Segregation of duties - separating authorisation,
custody,
y, and record keeping
p g roles to limit risk of
fraud or error by one person.
• Authorisation of transactions - review of particular
transactions by an appropriate person.

PEMP-ACF501
Control Activity
• Top-level
Top level reviews/analysis of actual results versus
organisational goals or plans, periodic and regular
operational reviews, metrics, and other Key
Performance Indicators (KPI’s).
• Retention of records - maintaining documentation to
substantiate transactions.
• Supervision or monitoring of operations -
observation or review of ongoing operational activity.

PEMP-ACF501
Control Activity
• IT Security
S it - usage off passwords,
d access llogs, etc.
t tot
ensure access restricted to authorised personnel.
• Top level reviews-Management
reviews Management review of reports
comparing actual performance versus plans, goals,
and established objectives.
• Controls over information processing- A variety of
control activities are used in information processing.
p g

PEMP-ACF501
Risk
Business firms face risks that reduce the chances of
achieving their control objectives.
9 Risk exposures
p arise from internal sources,, such as
employees, as well as external sources, such as
computer hackers.
9 Risk assessment consists of identifying relevant risks,
analysing the extent of exposure to those risks, and
managing risks by proposing effective control
procedures.

PEMP-ACF501
Risk Assessment
1. Top management must be directly involved in
Business Risk Assessment.
2. This involves the identification and analysis of
relevant risks that may prevent the attainment of
Company-wide Objectives
3 Objectives
3. Obj i off organisational
i i l Units
U i
4. The formation of a plan
5. To determine how to manage the risks.

PEMP-ACF501
Information & Communication

9 All Transactions entered for pprocessing g are Valid and
Authorised
9 All valid transactions are captured and entered for
processing on a Timely Basis and in Sufficient Detail
to permit the proper Classification of Transactions
9 The input data of all entered transactions are Accurate
andd Complete,
C l t with
ith the
th transactions
t ti being
b i expressedd
in proper Monetary terms
9 All transactions
s c o s aree recorded
eco ded in thee proper
p ope
Accounting Period

PEMP-ACF501
I f
Information
i & Communication
C i i
9 All enteredd transactions
i are processedd properly
l to
update all affected records of Master Files and/or
Other Types
y of Data sets
9 All required Outputs are prepared according to
Appropriate Rules to provide Accurate and Reliable
Information

PEMP-ACF501
Monitoring
9 A Internal control system requires onon-going
going
monitoring.
9 The aim is to check its relevance and appropriateness
pp p
to the company’s objectives.
9 Monitoringg principally
p p y comprises
p the analysis
y of the
main incidents that have been recorded, the result of
the controls performed, together with the work
carried out by the internal audit team.

PEMP-ACF501
Monitoring
9 Monitoring also takes into consideration the
observations made by the statutory auditors
9 Monitoringg tools can be useful to keepp an active
watch on internal control best practices.
9 Monitoringg together
g with the best ppractices watch,,
culminate, where required, in the implementation of
corrective actions and adjustments of internal control
system.

PEMP-ACF501
Threats in information system

i. Due to flaws in the operating system that are
exploited either accidentally or intentionally
ii. Accidental threats include hardware failures that
cause the operating system to crash.
crash
iii. Errors in user application program which the
operating system cannot interpret
iv. Intentional threats to the operating system are most
commonly attempts to illegally access data or
violate user privacy for financial gain.

PEMP-ACF501
Examples of Threats
9 Theft of Computer Hardware & Software

9 Un-authorised
Un authorised Use of Computer Facilities for
Personal Use
9 Fraudulent Modification or Use of Data or
Programs

PEMP-ACF501
Reasons Why Computers Cause
Control Problems
1. Processingg is Concentrated
2. Audit Trails may be Undermined
3. Human Judgment is bypassed
4
4. D t are stored
Data t d ini Device-Oriented
D i O i t d rather
th than
th Human-
H
Oriented forms
• Invisible Data
• Stored data are Erasable
• Data are stored in a Compressed form
• Stored data are relatively accessible
5. Computer Equipment is Powerful but Complex and
Vulnerable

PEMP-ACF501
Control on Revenue
9 Transaction Authorisation - Only the valid transaction
needs to be processed.
9 Proper
p application
pp of the firm’s credit policies.
p
9 Verify the customer’s check and remittances advices
match in amount.
9 Segregation duties ensures that no single individual
or department processes a transaction in its entirety.

PEMP-ACF501
Control on Revenue
9 Supervision
p provides
p control in systems
y that are
properly segregated.
9 Audit trail on the accounting records can discover
where an error occurred.
9 Access controls prevent and detect un-authorised
and illegal access to the firm’s assets.
9 Independent verification is to verify the accuracy
and completeness of tasks performed.

PEMP-ACF501
Control on Expenditure
9 The inventory control function continually monitors
inventory levels.
9 The authorisation pprocess promotes
p efficient
inventory management and ensures the legitimacy of
purchases transaction.
9 AP function authorises cash disbursements to provide
effective control over the flow of cash from the firm.

PEMP-ACF501
Control on Expenditure
9 An auditor should be able to reconcile inventory
records to the physical inventory.
9 Supervision
p in the receivingg department
p is veryy
essential.
9 Inspecting
p g and countingg the items received protects
p
the firm from the incomplete orders and damaged
goods.

PEMP-ACF501
C
Control
l on Expenditure
E di
9 Auditor’s concern in the expenditure cycle is that
obligations may be materially understated on the
financial statements because of unrecorded
transaction.
9 In expenditure
p cycle
y a firm must control access to
physical assets such as cash and inventory.
9 AP functions pplays
y a vital role in the verification of
the work done by others in this system.

PEMP-ACF501
General ledger
¾ It is the main accounting record of a business which
uses double-entry
double entry bookkeeping
¾ It usually includes accounts for such items as current
assets fixed assets,
assets, assets liabilities,
liabilities revenue and expense
items, gains and losses.
¾ The left hand side lists debit transactions and the
right hand side lists credit transactions.
¾ The general ledger is a collection of the group of
accounts that supports the value items shown in the
major financial statements

PEMP-ACF501
General Ledger
9 The general ledger includes the date, description and
b l
balance or totall amount for
f eachh account
9 It is usually divided into at least seven main
categories.
t i
9 These categories generally include assets, liabilities,
owner's equity,
equity revenue
revenue, expenses
expenses, gains and losses.
losses
9 The main categories of the general ledger may be
further subdivided into sub-ledgers
sub ledgers to include
additional details of such accounts as AP/AR &
cash.

PEMP-ACF501
Ethics
9 Each society establishes rules and limits on
acceptable behaviour
9 These rules form a moral code
9 Sometimes
S ti the
th rules
l conflict
fli t
9 In general they are beliefs or conventions on good
andd evil,
il goodd or bad
b d conduct,
d t justice
j ti andd injustice
i j ti
9 The rules sometimes do not cover new situation
37
PEMP-ACF501
Business Ethics
¾ Business ethics (also known as Corporate ethics) is a
form of applied ethics or professional ethics that
examines ethical principles and moral or ethical
problems that arise in a business environment.
¾ It applies to all aspects of business conduct and is
relevant to the conduct of individuals and business
organisations as a whole.
38
PEMP-ACF501
Business Ethics
Business Ethics involves findings of two questions:
1. How do managers decide on what is right in
conductingg their business?
2. Once managers have recognised what is right, how
do theyy achieve it?
39
PEMP-ACF501
Ethical Issues in Business
Executive Salaries
Comparable Worth
Equity Product
oduc Pricing
c g
Corporate Due Process

Employee Health Screening
Rights Employee
p y Privacy y
Sexual Harassment
Diversity
p y and mgmt
Employee g Conflicts of Interest
Security of Organization Data and records
Honesty Misleading Advertising
Accurate Reporting of Shareholder Interests.
Political Action Committees

Exercise of Corporate
Workplace Safety
Power Product Safety
40
PEMP-ACF501
Computer Ethics
• Computer Ethics is a branch of practical philosophy
which deals with how computing professionals
should make decisions regarding professional and
social conduct.
• Computer ethics is set of moral principles that
regulate the use of computers.
• Some common issues of computer ethics include
intellectual property rights (such as copyrighted
electronic content), privacy concerns, and how
computers affect society.
society
41
PEMP-ACF501
C
Computer E
Ethics
hi
• For example, while it is easy to duplicate copyrighted

electronic ((or digital)
g ) content, computerp ethics would
suggest that it is wrong to do so without the author's
approval.
• And while it may be possible to access someone's
personal information on a computer system, computer
ethics
thi would ld advise
d i that
th t suchh an action
ti isi unethical.
thi l
42
PEMP-ACF501
The Fraud Process

Most frauds involve three steps
The theft of
something
Th conversion
The i
to cash
The
concealment
43
PEMP-ACF501
Fraud
• What is a common way to hide a theft?
– to charge the stolen item to an expense account
• What is a payroll example?
– to add a fictitious name to the company’s payroll
44
PEMP-ACF501
Fraud
Why Fraud Occurs?
Researchers have compared the psychological and demographic characteristics
of three groups of people:
White-collar
criminals
Few
Significant Differences
General
differences public
Violent
criminals
45
PEMP-ACF501
F d
Fraud
Five conditions of Fraud:
1. False representation-False Statement non-disclosure
2 Material Fact
2. Fact.-substantial
-substantial fact inducing someone to
act.
3. Intent
Intent-knowledge that one
one’ss statement is false
4. Justifiable reliance- Misrepresentation
5 Injury
5. I j Loss-Injury
or L j or loss
l
46
PEMP-ACF501
F
Factors that
h contribute
ib to Fraud
F d
• Situational Pressure
• Opportunities
• Personal Characteristics.
47
PEMP-ACF501
48
PEMP-ACF501
Computer Fraud
• Computer fraud is rampant, as the use of computers

becomes part of our daily lives, with greater and
greater
t frequency.
f
• The definition of what constitutes computer fraud
b
becomes ever more complex
l withith the
th ingenuity
i it off
people who intend to deceive, misrepresent, destroy,
steal information,
information or cause harm to others by
accessing information through deceptive and illegal
means.
49
PEMP-ACF501
Computer Fraud
Fraud by computer manipulation
• Input manipulation
• Program or data manipulation
• Output manipulation
50
PEMP-ACF501
Computer Fraud Schemes

Common internal computer fraud schemes:
• Billing schemes
• Inventory fraud
• Payroll fraud
• Ski
Skimming
i
• Check tampering
• R i
Register schemes
h
51
PEMP-ACF501

Fraud by damage to or modification of computer data
or programs:
• Economic advantage g over a competitor
p
• Theft of data or programs
• Holding data for ransom
• Sabotage
52
PEMP-ACF501

Common external computer fraud schemes
• Telecommunications fraud
• Hacking
• Internet fraud
• Software piracy
53
PEMP-ACF501
Computer Fraud in Accounting

9 Fraud is known to have occurred in the areas of petty
cash purchasing and accounts payable,
cash, payable invoicing and
accounts receivable, personnel and payroll, lapping
on cash collections, inventory manipulation and
abuse, or simply kickbacks of various kinds
9 A number of cases in banks deal with tampering
p g with
data and files by tellers or branch supervisors who
withdrew money from customer accounts.
9 Still others achieved their goal by entering deposits
manually in the customer's savings book and
pocketing the cash received.
54
PEMP-ACF501
Approaches
pp and Techniques
q to
commit computer Fraud.
Common techniques to commit computer fraud
– Cracking
– Data diddling
– Data leakage
– Denial of service attack
– Eavesdropping
– E-mail forgery and threats
55
PEMP-ACF501
Approaches and Techniques to
– Hacking
– Internet misinformation and terrorism
– Logic time bomb
– Masquerading or impersonation
– Password cracking
– Piggybacking
– Round-down
R dd
– Salami technique
56
PEMP-ACF501
Approaches and Techniques to

– Software piracy
– Scavenging
– Social engineering
– Super
p zapping
pp g
– Trap door
– Trojan horse
– Virus
– Worm
57
PEMP-ACF501
P
Preventing
i Computer
C Fraud
F d
What are some measures that can decrease the

potential of fraud?
1 Make fraud less likely to occur.
2 Increase the difficulty of committing fraud.
3 Improve detection methods.
4 Reduce fraud losses.
5 Prosecute and incarcerate fraud perpetrators.
58
PEMP-ACF501
P
Preventing
i Computer
C Fraud
F d
1 Make fraud less likely to occur
– Use proper hiring and firing practices.
– Manage disgruntled employees.
– Train employees in security and fraud prevention.
– Manage and track software licenses.
– Require signed confidentiality agreements
– Identify risky areas
– Effectively supervise employees
59
PEMP-ACF501
Preventing Computer Fraud
2 Increase the difficulty of committing fraud

– Develop a strong system of internal controls.
– Segregate duties.
– Require
q vacations and rotate duties.
– Restrict access to computer equipment and data
files.
– Encrypt data and programs.
60
PEMP-ACF501
Preventing and Detecting Computer

Fraud
3 Improve detection methods
– Protect telephone lines and the system from viruses.
viruses
– Control sensitive data.
– Control laptop computers
computers.
– Monitor hacker information.
61
PEMP-ACF501
Fraud
4 Reduce fraud losses
– Maintain adequate
q insurance.
– Store backup copies of programs and data files in
a secure,, off-site location.
– Develop a contingency plan for fraud occurrences.
– Use software
so w e too monitor
o o system
sys e activity
c v y andd
recover from fraud.
62
PEMP-ACF501
Fraud
5 Prosecute and incarcerate fraud perpetrators
– Most fraud cases go unreported and unprotected.
Why?
• Many cases of computer fraud are as yet
undetected.
• Companies are reluctant to report computer
crimes.
63
PEMP-ACF501
Session conclusion
• The concept of internal control was discussed
• The world of internal control environment and its
structure were explained
p
• The internal controlling activities were discussed
• The activities of communication,
communication monitoring and
threats were explained
• Co
Controlling
o g activities
c v es in General
Ge e Ledgeredge we
weree
discussed

PEMP-ACF501
Session conclusion
• Business ethics/corporate ethics was explained

• Fraud/computer fraud/schemes were discussed
• Computer fraud in accounting was explained
• Approaches and techniques were explained
• Preventing fraud was discussed
65

Day-7 Internal Control System, Ethics, Fraud and Controls For AIS PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Day-7 Internal Control System, Ethics, Fraud and Controls For AIS PDF

Uploaded by

Copyright:

Available Formats

PEMP-ACF501

M.S.Ramaiah School of Advanced Studies - Bangalore 1

M.S.Ramaiah School of Advanced Studies - Bangalore 2

M.S.Ramaiah School of Advanced Studies - Bangalore 4

M.S.Ramaiah School of Advanced Studies - Bangalore 6

Importance of Internal Control

M.S.Ramaiah School of Advanced Studies - Bangalore 7

M.S.Ramaiah School of Advanced Studies - Bangalore 8

M.S.Ramaiah School of Advanced Studies - Bangalore 9

M.S.Ramaiah School of Advanced Studies - Bangalore 10

M.S.Ramaiah School of Advanced Studies - Bangalore 11

M.S.Ramaiah School of Advanced Studies - Bangalore 12

M.S.Ramaiah School of Advanced Studies - Bangalore 14

M.S.Ramaiah School of Advanced Studies - Bangalore 15

M.S.Ramaiah School of Advanced Studies - Bangalore 16

M.S.Ramaiah School of Advanced Studies - Bangalore 17

M.S.Ramaiah School of Advanced Studies - Bangalore 18

M.S.Ramaiah School of Advanced Studies - Bangalore 19

M.S.Ramaiah School of Advanced Studies - Bangalore 20

M.S.Ramaiah School of Advanced Studies - Bangalore 21

M.S.Ramaiah School of Advanced Studies - Bangalore 22

Information & Communication

M.S.Ramaiah School of Advanced Studies - Bangalore 23

M.S.Ramaiah School of Advanced Studies - Bangalore 24

M.S.Ramaiah School of Advanced Studies - Bangalore 25

M.S.Ramaiah School of Advanced Studies - Bangalore 26

Threats in information system

M.S.Ramaiah School of Advanced Studies - Bangalore 27

9 Theft of Computer Hardware & Software

M.S.Ramaiah School of Advanced Studies - Bangalore 28

M.S.Ramaiah School of Advanced Studies - Bangalore 29

M.S.Ramaiah School of Advanced Studies - Bangalore 30

M.S.Ramaiah School of Advanced Studies - Bangalore 31

M.S.Ramaiah School of Advanced Studies - Bangalore 32

M.S.Ramaiah School of Advanced Studies - Bangalore 33

M.S.Ramaiah School of Advanced Studies - Bangalore 34

M.S.Ramaiah School of Advanced Studies - Bangalore 35

M.S.Ramaiah School of Advanced Studies - Bangalore 36

Corporate Due Process

Political Action Committees

• For example, while it is easy to duplicate copyrighted

The Fraud Process

• Computer fraud is rampant, as the use of computers

Computer Fraud Schemes

Computer Fraud Schemes

Computer Fraud Schemes

Computer Fraud in Accounting

Approaches and Techniques to

What are some measures that can decrease the

Preventing Computer Fraud

2 Increase the difficulty of committing fraud

Preventing and Detecting Computer

M.S.Ramaiah School of Advanced Studies - Bangalore 64

• Business ethics/corporate ethics was explained

You might also like