This document discusses ethics, fraud, and internal controls. It defines legal fraud, common fraud schemes like fraudulent statements, corruption, and asset misappropriation. It also discusses the COSO internal control framework, which establishes five components: control environment, risk assessment, control activities, information and communication, and monitoring activities. Major corporate frauds like Enron and Worldcom are examined, highlighting issues like lack of auditor independence, questionable compensation, and inappropriate accounting practices.
This document discusses ethics, fraud, and internal controls. It defines legal fraud, common fraud schemes like fraudulent statements, corruption, and asset misappropriation. It also discusses the COSO internal control framework, which establishes five components: control environment, risk assessment, control activities, information and communication, and monitoring activities. Major corporate frauds like Enron and Worldcom are examined, highlighting issues like lack of auditor independence, questionable compensation, and inappropriate accounting practices.
This document discusses ethics, fraud, and internal controls. It defines legal fraud, common fraud schemes like fraudulent statements, corruption, and asset misappropriation. It also discusses the COSO internal control framework, which establishes five components: control environment, risk assessment, control activities, information and communication, and monitoring activities. Major corporate frauds like Enron and Worldcom are examined, highlighting issues like lack of auditor independence, questionable compensation, and inappropriate accounting practices.
Chapter 3 Material fact - a fact must be substantial in
Ethics, Fraud, and Internal Control inducing someone to act
Objectives for Chapter 3 Intent to deceive must exist Broad issues pertaining to business ethics The misrepresentation must have resulted in Ethical issues related to the use of information justifiable reliance upon information, which technology caused someone to act Distinguish between management fraud and The misrepresentation must have caused injury employee fraud or loss Common types of fraud schemes Key features of SAS 78 / COSO internal control framework Objects and application of physical controls Business Ethics Why should we be concerned about ethics in the business world? Ethics are needed when conflicts arise—the need to choose In business, conflicts may arise between: employees management stakeholders 2008 ACFE Study of Fraud Litigation Loss due to fraud equal to 7% of revenues— Business Ethics approximately $994 billion Business ethics involves finding the answers to Loss by position within the company: two questions: How do managers decide on what is right in conducting their business? Once managers have recognized what is right, how do they achieve it? Four Main Areas of Business Ethics Other results: higher losses due to men, employees acting in collusion, and employees with advance degrees Enron, WorldCom, Adelphia Underlying Problems Lack of Auditor Independence: auditing firms also engaged by their clients to perform nonaccounting activities Lack of Director Independence: directors who also serve on the boards of other companies, have a business trading relationship, have a financial relationship as stockholders or have received personal loans, or have an operational relationship as employees Questionable Executive Compensation Schemes: Computer Ethics… short-term stock options as compensation concerns the social impact of computer technology result in short-term strategies aimed at driving (hardware, software, and telecommunications). up stock prices at the expense of the firm’s What are the main computer ethics issues? long-term health Legal Definition of Fraud Inappropriate Accounting Practices: a False representation - false statement or characteristic common to many financial disclosure statement fraud schemes Enron made elaborate use of special purpose entities. WorldCom transferred transmission line conflicts of interest costs from current expense accounts to economic extortion capital accounts. Foreign Corrupt Practice Act of 1977: Sarbanes-Oxley Act of 2002 indicative of corruption in business Its principal reforms pertain to: world Creation of the Public Company impacted accounting by requiring Accounting Oversight Board (PCAOB) accurate records and internal controls Auditor independence—more C. Asset Misappropriation separation between a firm’s attestation Most common type of fraud and often occurs as and non-auditing activities employee fraud Corporate governance and Examples: responsibility—audit committee making charges to expense accounts to members must be independent and the cover theft of asset (especially cash) audit committee must oversee the lapping: using customer’s check from external auditors one account to cover theft from a Disclosure requirements—increase different account issuer and management disclosure transaction fraud: deleting, altering, or New federal crimes for the destruction adding false transactions to steal assets of or tampering with documents, Internal Control Objectives According to AICPA securities fraud, and actions against SAS whistleblowers 1. Safeguard assets of the firm Employee Fraud 2. Ensure accuracy and reliability of accounting Committed by non-management personnel records and information Usually consists of: an employee taking cash or 3. Promote efficiency of the firm’s operations other assets for personal gain by circumventing 4. Measure compliance with management’s a company’s system of internal controls prescribed policies and procedures Management Fraud Modifying Assumptions to the Internal Control Perpetrated at levels of management above the Objectives one to which internal control structure relates Management Responsibility Frequently involves using financial statements The establishment and maintenance of a system of to create an illusion that an entity is more internal control is the responsibility of management. healthy and prosperous than it actually is Reasonable Assurance Involves misappropriation of assets, it The cost of achieving the objectives of internal control frequently is shrouded in a maze of complex should not outweigh its benefits. business transactions Methods of Data Processing Fraud Schemes The techniques of achieving the objectives will vary Three categories of fraud schemes according to the with different types of technology. Association of Certified Fraud Examiners: Limitations of Internal Controls A. fraudulent statements Possibility of honest errors B. corruption Circumvention via collusion C. asset misappropriation Management override A. Fraudulent Statements Changing conditions--especially in companies Misstating the financial statements to make the with high growth copy appear better than it is Exposures of Weak Internal Controls (Risk) Usually occurs as management fraud Destruction of an asset May be tied to focus on short-term financial Theft of an asset measures for success Corruption of information May also be related to management bonus Disruption of the information system packages being tied to financial statements B. Corruption Examples: bribery illegal gratuities The Internal Controls Shield Policies and practices managing human resources 2: Risk Assessment Identify, analyze and manage risks relevant to financial reporting: changes in external environment risky foreign markets significant and rapid growth that strain internal controls new product lines restructuring, downsizing changes in accounting policies 3: Information and Communication The AIS should produce high quality information which: identifies and records all valid Preventive, Detective, and Corrective Controls transactions SAS 109 / COSO provides timely information in appropriate detail to permit proper classification and financial reporting accurately measures the financial value of transactions accurately records transactions in the time period in which they occurred Information and Communication Auditors must obtain sufficient knowledge of the IS to understand: the classes of transactions that are material • how these transactions are initiated [input] • the associated accounting Describes the relationship between the firm’s… records and accounts used in internal control structure, processing [input] auditor’s assessment of risk, and the transaction processing steps the planning of audit procedures involved from the initiation of a How do these three interrelate? transaction to its inclusion in the Five Internal Control Components: SAS 109 / financial statements [process] COSO the financial reporting process used to 1. Control environment compile financial statements, 2. Risk assessment disclosures, and estimates [output] 3. Information and communication 4: Monitoring 4. Monitoring The process for assessing the quality of internal control 5. Control activities design and operation 1: The Control Environment [This is feedback in the general AIS model.] Integrity and ethics of management Separate procedures—test of controls by Organizational structure internal auditors Role of the board of directors and the audit Ongoing monitoring: committee computer modules integrated into Management’s policies and philosophy routine operations Delegation of responsibility and authority management reports which highlight Performance evaluation measures trends and exceptions from normal External influences—regulatory agencies performance 5: Control Activities help to safeguard assets by restricting physical Policies and procedures to ensure that the access to them appropriate actions are taken in response to Independent Verification identified risks reviewing batch totals or reconciling subsidiary Fall into two distinct categories: accounts with control accounts IT controls—relate specifically to the computer environment Physical controls—primarily pertain to human activities Two Types of IT Controls General controls—pertain to the entitywide computer environment Examples: controls over the data center, organization databases, systems development, and program maintenance Application controls—ensure the integrity of specific systems Examples: controls over sales order Physical Controls in IT Contexts processing, accounts payable, and Transaction Authorization payroll applications The rules are often embedded within computer Six Types of Physical Controls programs. Transaction Authorization EDI/JIT: automated re-ordering of Segregation of Duties inventory without human intervention Supervision Physical Controls in IT Contexts Accounting Records Segregation of Duties Access Control A computer program may perform many tasks Independent Verification that are deemed incompatible. Physical Controls Thus the crucial need to separate program Transaction Authorization development, program operations, and used to ensure that employees are carrying out program maintenance. only authorized transactions Physical Controls in IT Contexts general (everyday procedures) or specific (non- Supervision routine transactions) authorizations The ability to assess competent employees Physical Controls becomes more challenging due to the greater Segregation of Duties technical knowledge required. In manual systems, separation between: Physical Controls in IT Contexts authorizing and processing a Accounting Records transaction ledger accounts and sometimes source custody and recordkeeping of the asset documents are kept magnetically subtasks no audit trail is readily apparent In computerized systems, separation between: Physical Controls in IT Contexts program coding Access Control program processing Data consolidation exposes the organization to program maintenance computer fraud and excessive losses from Physical Controls disaster. Supervision Physical Controls in IT Contexts a compensation for lack of segregation; some Independent Verification may be built into computer systems When tasks are performed by the computer Accounting Records rather than manually, the need for an provide an audit trail independent check is not necessary. Physical Controls However, the programs themselves are Access Controls checked. Application Controls hash totals – sum of non-financial Risks within specific applications numbers Can affect manual procedures (e.g., entering Application Processing Controls data) or embedded (automated) procedures Run-to-run controls - use batch figures to Convenient to look at in terms of: monitor the batch as it moves from one input stage programmed procedure (run) to another processing stage Audit trail controls - numerous logs used so output stage that every transaction can be traced through each stage of processing from its economic audit statements
Application Input Controls
Goal of input controls - valid, accurate, and complete input data Two common causes of input errors: transcription errors – wrong character or value transposition errors – ‘right’ character Transaction Log to Preserve or value, but in wrong place the Audit Trail Application Input Controls Master File Backup Controls Check digits – data code is added to produce a Sequential master file system control digit GFS Backup Technique especially useful for transcription and Batch system using direct access files transposition errors Destructive update approach calls for Missing data checks – control for blanks or Separate master back up procedure incorrect justifications Real-time system master file backup Numeric-alphabetic checks – verify that Processed continuously, therefore characters are in correct form Backup at pre-specified intervals Application Input Controls through the day Limit checks – identify values beyond pre- Application Output Controls set limits Goal of output controls is to ensure that system Range checks – identify values outside upper output is not lost, misdirected, or corrupted, and lower bounds and that privacy is not violated. Reasonableness checks – compare one field to In the following flowchart, there are exposures another to see if relationship is appropriate at every stage. Validity checks – compares values to known or standard values Application Processing Controls Programmed processes that transform input data into information for output Three categories: Batch controls Run-to-run controls Audit trail controls Application Processing Controls Batch controls - reconcile system output with the input originally entered into the system Based on different types of batch totals: total number of records total dollar value Stages in the Output Process
Application Controls Output
Output spooling – creates a file during the printing process that may be inappropriately accessed Printing – create two risks: production of unauthorized copies of output employee browsing of sensitive data Application Controls Output Waste – can be stolen if not properly disposed of, e.g., shredding Report distribution – for sensitive reports, the following are available: use of secure mailboxes require the user to sign for reports in person deliver the reports to the user Application Controls Output End user controls – end users need to inspect sensitive reports for accuracy shred after used Controlling digital output – digital output message can be intercepted, disrupted, destroyed, or corrupted as it passes along communications links
The impact of human engineering and human capital as mediator variables in the relationship between servant leadership and social capital أثر الهندسة البشرية ورأس المال البشري كمتغيرين وسيطين في العلاقة بين القيادة الخدمية ورأس المال الاجتماعي
Scrum Certification: All In One, The Ultimate Guide To Prepare For Scrum Exams And Get Certified. Real Practice Test With Detailed Screenshots, Answers And Explanations