Professional Documents
Culture Documents
Day 7
Internal Control System, Ethics,
Fraud and Controls for AIS
Session Speaker
p
Ms. Shubha P.
Session Objectives
At the end of this session students will be able to
understand:
• The internal control concept
• The environment and structure of internal control
• The internal controlling activities
• The
Th risk
i k assessmentt
• The controlling activities in the revenue and
expenditure
• The activities on the internal control on general ledger
Session Objectives
At the end of the session students will be able to
understand:
• Meaning of Business ethics and computer ethics
• Process of fraud.
• Factors that contribute to Fraud.
• Computer fraud and its schemes
• Computer Fraud in Accounting
• IT Control
C t l on computer t fraud
f d
• Approaches and techniques to commit computer fraud
3
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 3
PEMP-ACF501
Session Contents
• Internal Control
• Concepts of internal control
• Internal control structure and its environment
• Controlling activities and its risk
• Control problems caused by computers
• Controls on revenue, expenditure and general ledger
Session content
• Introduction to ethics
• Meaning of Business ethics and computer ethics
• Fraud and its process
• Factors that contribute to Fraud.
• Computer fraud and its schemes
• Computer Fraud in Accounting
• IT Control
C t l on computer t fraud
f d
• Approaches and techniques to commit computer
fraud
5
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 5
PEMP-ACF501
Internal Control
9“Internal
9 Internal control is defined as a process effected
by an organisation's structure, work and authority
flows,, ppeople
p and Accounting g information systems,
y ,
designed to help the organisation accomplish specific
goals or objectives”
9 “Internal Control is a state that management strives
to achieve to provide reasonable assurance that the
fi ’ objectives
firm’s bj i will
ill be
b achieved”
hi d”
Control Concepts
Internal Control systems comprises policies,
practices and procedures employed by the
organisation to achieve 4 broad objectives.
1. To safeguard assets of the firm
2. To ensure the accuracy and reliability of accounting
records
d andd information.
i f i
3. To promote efficiency in the firm’s operation.
4. To measure compliance with management’s
prescribed policies and procedures.
Control Concepts
Inherent to these control objectives are four
modifying
df assumptions that
h guide d designers
d andd
auditors of internal control:
1 Management
1. M t responsibility:
ibilit Establishment
E t bli h t andd
maintenance of a system of internal control is a
management responsibility.
responsibility
2. Reasonable Assurance: Internal Control system
should provide reasonable assurance that the
objectives are met in a cost effective manner.
Control Concepts
3. Methods of Data processing: IC should achieve
objectives regardless of the data processing method
used.
4. The control framework is called the Internal
Control Structure.
Control Environment
The Control Environment establishes the tone of a
company influencing the control consciousness of its
company,
employees.
It is comprised
p off eight
g components:
p
1. Management philosophy and operating style
2. Integrity and ethical values
3 Commitment
3. C it t to
t competence
t
4. The Board of Directors and the Audit Committee
5. Organisational
g Structure
6. Assignment of authority and responsibility
7. Human resources policies and practices
8. External Influences
M.S.Ramaiah School of Advanced Studies - Bangalore 13
PEMP-ACF501
Internal Environment
Management Philosophy and Operating Style:
Management emphasises short-term profits and
operating goals over long-term goals
Management dominated
d i d by
b one or a few
individuals
Type of business risks does management take and
the risk.
Management conservative or aggressive toward
selecting
l ti from
f available
il bl alternative
lt ti accounting
ti
principles
Internal Environment
Organisation Structure:
• An up-to-date organisation chart prepared,
showing the names of key personnel
• The information systems function
separated from incompatible functions
• The accounting department is organised
• The internal audit function separate and distinct
from accounting
• Subordinate managers report to more than one
supe v so
supervisor
Internal Environment
Assignment of Authority and Responsibility
• The company prepare written employee job
descriptions defining specific duties and reporting
relationships
• Written approval required for changes made to
information systems
y
• The company clearly delineate employees and
managers the boundaries of authority
responsibility relationships
• The company properly delegate authority to
employees and departments
Internal Environment
Human Resource Policies and Practices:
• N
New personnell indoctrinated
i d t i t d withith respectt to
t Internal
I t l
Controls, Ethics Policies, and Corporate Code of Conduct
• Grievance Procedures to manage conflict in force
• The company maintains a sound employee relations
program
• Employees work in a safe and healthy environment
• Counseling Programs are available to employees
• Proper Separation Programs in force for employees who
leave the firm
• Critical employees linking
Control Activity
Control activities may also be explained by the type
or nature of activity.
These include:
• Segregation of duties - separating authorisation,
custody,
y, and record keeping
p g roles to limit risk of
fraud or error by one person.
• Authorisation of transactions - review of particular
transactions by an appropriate person.
Control Activity
• Top-level
Top level reviews/analysis of actual results versus
organisational goals or plans, periodic and regular
operational reviews, metrics, and other Key
Performance Indicators (KPI’s).
• Retention of records - maintaining documentation to
substantiate transactions.
• Supervision or monitoring of operations -
observation or review of ongoing operational activity.
Control Activity
• IT Security
S it - usage off passwords,
d access llogs, etc.
t tot
ensure access restricted to authorised personnel.
• Top level reviews-Management
reviews Management review of reports
comparing actual performance versus plans, goals,
and established objectives.
• Controls over information processing- A variety of
control activities are used in information processing.
p g
Risk
Business firms face risks that reduce the chances of
achieving their control objectives.
9 Risk exposures
p arise from internal sources,, such as
employees, as well as external sources, such as
computer hackers.
9 Risk assessment consists of identifying relevant risks,
analysing the extent of exposure to those risks, and
managing risks by proposing effective control
procedures.
Risk Assessment
1. Top management must be directly involved in
Business Risk Assessment.
2. This involves the identification and analysis of
relevant risks that may prevent the attainment of
Company-wide Objectives
3 Objectives
3. Obj i off organisational
i i l Units
U i
4. The formation of a plan
5. To determine how to manage the risks.
I f
Information
i & Communication
C i i
9 All enteredd transactions
i are processedd properly
l to
update all affected records of Master Files and/or
Other Types
y of Data sets
9 All required Outputs are prepared according to
Appropriate Rules to provide Accurate and Reliable
Information
Monitoring
9 A Internal control system requires onon-going
going
monitoring.
9 The aim is to check its relevance and appropriateness
pp p
to the company’s objectives.
9 Monitoringg principally
p p y comprises
p the analysis
y of the
main incidents that have been recorded, the result of
the controls performed, together with the work
carried out by the internal audit team.
Monitoring
9 Monitoring also takes into consideration the
observations made by the statutory auditors
9 Monitoringg tools can be useful to keepp an active
watch on internal control best practices.
9 Monitoringg together
g with the best ppractices watch,,
culminate, where required, in the implementation of
corrective actions and adjustments of internal control
system.
Examples of Threats
Control on Revenue
9 Transaction Authorisation - Only the valid transaction
needs to be processed.
9 Proper
p application
pp of the firm’s credit policies.
p
9 Verify the customer’s check and remittances advices
match in amount.
9 Segregation duties ensures that no single individual
or department processes a transaction in its entirety.
Control on Expenditure
9 The inventory control function continually monitors
inventory levels.
9 The authorisation pprocess promotes
p efficient
inventory management and ensures the legitimacy of
purchases transaction.
9 AP function authorises cash disbursements to provide
effective control over the flow of cash from the firm.
Control on Expenditure
9 An auditor should be able to reconcile inventory
records to the physical inventory.
9 Supervision
p in the receivingg department
p is veryy
essential.
9 Inspecting
p g and countingg the items received protects
p
the firm from the incomplete orders and damaged
goods.
C
Control
l on Expenditure
E di
9 Auditor’s concern in the expenditure cycle is that
obligations may be materially understated on the
financial statements because of unrecorded
transaction.
9 In expenditure
p cycle
y a firm must control access to
physical assets such as cash and inventory.
9 AP functions pplays
y a vital role in the verification of
the work done by others in this system.
General ledger
¾ It is the main accounting record of a business which
uses double-entry
double entry bookkeeping
¾ It usually includes accounts for such items as current
assets fixed assets,
assets, assets liabilities,
liabilities revenue and expense
items, gains and losses.
¾ The left hand side lists debit transactions and the
right hand side lists credit transactions.
¾ The general ledger is a collection of the group of
accounts that supports the value items shown in the
major financial statements
General Ledger
9 The general ledger includes the date, description and
b l
balance or totall amount for
f eachh account
9 It is usually divided into at least seven main
categories.
t i
9 These categories generally include assets, liabilities,
owner's equity,
equity revenue
revenue, expenses
expenses, gains and losses.
losses
9 The main categories of the general ledger may be
further subdivided into sub-ledgers
sub ledgers to include
additional details of such accounts as AP/AR &
cash.
Ethics
9 Each society establishes rules and limits on
acceptable behaviour
9 These rules form a moral code
9 Sometimes
S ti the
th rules
l conflict
fli t
9 In general they are beliefs or conventions on good
andd evil,
il goodd or bad
b d conduct,
d t justice
j ti andd injustice
i j ti
9 The rules sometimes do not cover new situation
37
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 37
PEMP-ACF501
Business Ethics
¾ Business ethics (also known as Corporate ethics) is a
form of applied ethics or professional ethics that
examines ethical principles and moral or ethical
problems that arise in a business environment.
¾ It applies to all aspects of business conduct and is
relevant to the conduct of individuals and business
organisations as a whole.
38
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 38
PEMP-ACF501
Business Ethics
Business Ethics involves findings of two questions:
1. How do managers decide on what is right in
conductingg their business?
2. Once managers have recognised what is right, how
do theyy achieve it?
39
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 39
PEMP-ACF501
Ethical Issues in Business
Executive Salaries
Comparable Worth
Equity Product
oduc Pricing
c g
p y and mgmt
Employee g Conflicts of Interest
Security of Organization Data and records
Honesty Misleading Advertising
Accurate Reporting of Shareholder Interests.
40
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 40
PEMP-ACF501
Computer Ethics
• Computer Ethics is a branch of practical philosophy
which deals with how computing professionals
should make decisions regarding professional and
social conduct.
• Computer ethics is set of moral principles that
regulate the use of computers.
• Some common issues of computer ethics include
intellectual property rights (such as copyrighted
electronic content), privacy concerns, and how
computers affect society.
society
41
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 41
PEMP-ACF501
C
Computer E
Ethics
hi
42
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 42
PEMP-ACF501
The theft of
something
Th conversion
The i
to cash
The
concealment
43
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 43
PEMP-ACF501
Fraud
• What is a common way to hide a theft?
– to charge the stolen item to an expense account
• What is a payroll example?
– to add a fictitious name to the company’s payroll
44
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 44
PEMP-ACF501
Fraud
Why Fraud Occurs?
Researchers have compared the psychological and demographic characteristics
of three groups of people:
White-collar
criminals
Few
Significant Differences
General
differences public
Violent
criminals
45
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 45
PEMP-ACF501
F d
Fraud
Five conditions of Fraud:
1. False representation-False Statement non-disclosure
2 Material Fact
2. Fact.-substantial
-substantial fact inducing someone to
act.
3. Intent
Intent-knowledge that one
one’ss statement is false
4. Justifiable reliance- Misrepresentation
5 Injury
5. I j Loss-Injury
or L j or loss
l
46
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 46
PEMP-ACF501
F
Factors that
h contribute
ib to Fraud
F d
• Situational Pressure
• Opportunities
• Personal Characteristics.
47
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 47
PEMP-ACF501
48
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 48
PEMP-ACF501
Computer Fraud
Computer Fraud
Fraud by computer manipulation
• Input manipulation
• Program or data manipulation
• Output manipulation
50
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 50
PEMP-ACF501
51
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 51
PEMP-ACF501
52
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 52
PEMP-ACF501
53
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 53
PEMP-ACF501
55
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 55
PEMP-ACF501
Approaches and Techniques to
commit computer Fraud.
– Hacking
– Internet misinformation and terrorism
– Logic time bomb
– Masquerading or impersonation
– Password cracking
– Piggybacking
– Round-down
R dd
– Salami technique
56
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 56
PEMP-ACF501
P
Preventing
i Computer
C Fraud
F d
58
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 58
PEMP-ACF501
P
Preventing
i Computer
C Fraud
F d
1 Make fraud less likely to occur
– Use proper hiring and firing practices.
– Manage disgruntled employees.
– Train employees in security and fraud prevention.
– Manage and track software licenses.
– Require signed confidentiality agreements
– Identify risky areas
– Effectively supervise employees
59
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 59
PEMP-ACF501
60
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 60
PEMP-ACF501
61
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 61
PEMP-ACF501
Preventing and Detecting Computer
Fraud
4 Reduce fraud losses
– Maintain adequate
q insurance.
– Store backup copies of programs and data files in
a secure,, off-site location.
– Develop a contingency plan for fraud occurrences.
– Use software
so w e too monitor
o o system
sys e activity
c v y andd
recover from fraud.
62
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 62
PEMP-ACF501
Preventing and Detecting Computer
Fraud
5 Prosecute and incarcerate fraud perpetrators
– Most fraud cases go unreported and unprotected.
Why?
• Many cases of computer fraud are as yet
undetected.
• Companies are reluctant to report computer
crimes.
63
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 63
PEMP-ACF501
Session conclusion
• The concept of internal control was discussed
• The world of internal control environment and its
structure were explained
p
• The internal controlling activities were discussed
• The activities of communication,
communication monitoring and
threats were explained
• Co
Controlling
o g activities
c v es in General
Ge e Ledgeredge we
weree
discussed
Session conclusion
65
M.S.Ramaiah School of Advanced Studies ‐ Bangalore 65