Chapter 3: Ethics, Fraud, & Internal Control

Question 1

Why should we be concerned about ethics in the business world?

Ethics are needed when conflicts arise—the
people need to choose

Question 2

In business, conflicts may arise between:

Answer 2

● employees
● management
● stakeholders
● Litigation

Question 3

____ ____ involves finding the answers to two
questions:
● How do managers decide on what is right in
conducting their business?
● Once managers have recognized what is right, how
do they achieve it?

Answer 3

Business ethics

Question 4

concerns the social impact of computer technology (hardware,
software, and telecommunications).

Answer 4

Computer Ethics…

Question 5

What are the main computer ethics issues?

Answer 5

▪ Privacy
▪ Security—accuracy and confidentiality
▪ Ownership of property
▪ Environmental issues
▪ Artificial intelligence
▪ Unemployment and displacement
▪ Misuse of computer

Question 6

Legal Definition of Fraud

Answer 6

● False representation
● Material fact-
● Intent to deceive must exist
● The misrepresentation must have resulted in
justifiable reliance upon information, which
caused someone to act
● The misrepresentation must have caused
injury or loss

Question 7

Legal Definition of Fraud

false statement or disclosure

Answer 7

False representation

Question 8

Legal Definition of Fraud

a fact must be substantial in inducing someone to act

Answer 8

Material fact-

Question 9

Legal Definition of Fraud

______ must exist

Answer 9

Intent to deceive

Question 10

Legal Definition of Fraud

The misrepresentation must have resulted in
______ ______ upon information, which
caused someone to act

Answer 10

justifiable reliance

Question 11

Legal Definition of Fraud

The misrepresentation must have caused
______ or ____

Answer 11

injury or loss

Question 12

Fraud Triangle

Question 13

Enron, WorldCom, Adelphia Underlying Problems

Answer 13

• Lack of Auditor Independence:
● Lack of Director Independence
● Questionable Executive Compensation Schemes:
● Inappropriate Accounting Practices

Question 14

Enron, WorldCom, Adelphia Underlying Problems

Auditing firms also engaged by their clients to perform nonaccounting activities

Answer 14

Lack of Auditor Independence:

Question 15

Enron, WorldCom, Adelphia Underlying Problems

directors who also serve on the boards of other companies, have a business trading relationship, have a financial relationship as stockholders or have received personal loans, or have an operational relationship as employees

Answer 15

Lack of Director Independence

Question 16

Enron, WorldCom, Adelphia Underlying Problems

short-term stock options as compensation result in short-term strategies aimed at driving up stock prices at the expense of the firm’s long-term health.

Answer 16

Questionable Executive Compensation Schemes:

Question 17

Enron, WorldCom, Adelphia Underlying Problems

: a characteristic common to many financial statement fraud schemes.
● Enron made elaborate use of special purpose entities
● WorldCom transferred transmission line costs from current expense accounts to capital accounts

Answer 17

Inappropriate Accounting Practices

Question 18

Employee Fraud

Committed by _______

Answer 18

non-management personnel/employee

Question 19

T or F?

Employee Fraud usually consists of: an employee taking cash or other assets for personal gain by circumventing a company’s system of internal controls

Answer 19

T

Question 20

Perpetrated at levels of management above the
one to which internal control structure relates

Frequently involves using financial statements to
create an illusion that an entity is more healthy
and prosperous than it actually is

Answer 20

Management Fraud

Question 21

T or F?

Management Fraud involves misappropriation of assets, it frequently is shrouded in a maze of complex business transactions

Answer 21

T

Question 22

Fraud Schemes
Three categories of fraud schemes according to the
Association of Certified Fraud Examiners:

Answer 22

A. fraudulent statements
B. corruption
C. asset misappropriation

Question 23

● Misstating the financial statements to make the copy appear better than it is
● Usually occurs as management fraud
● May be tied to focus on short-term financial measures for success
● May also be related to management bonus packages being tied to financial statements

Answer 23

Fraudulent Statements

Question 24

Corruption

Examples:

Answer 24

● bribery
● illegal gratuities
● conflicts of interest
● economic extortion
● Foreign Corrupt Practice Act of 1977:
● indicative of corruption in business world
● impacted accounting by requiring accurate
records and internal controls

Question 25

Most common type of fraud and often occurs as employee fraud

Answer 25

Asset Misappropriation

Question 26

making charges to expense accounts to cover theft of asset (especially cash)

Answer 26

Asset Misappropriation

Question 27

using customer’s check from one account to cover theft from a different account

Answer 27

Asset Misappropriation lapping:

Question 28

deleting, altering, or adding false transactions to steal assets

Answer 28

Asset Misappropriation transaction fraud:

Question 29

Internal Control Objectives According to AICPA SAS

Answer 29

1. Safeguard assets of the firm 2. Ensure accuracy and reliability of accounting records and information 3. Promote efficiency of the firm’s operations 4. Measure compliance with management’s prescribed policies and procedures

Question 30

Modifying Assumptions to the Internal Control Objectives

Answer 30

1. Management Responsibility 2. Reasonable Assurance 3. Methods of Data Processing

Question 31

The establishment and maintenance of a system of internal control is the responsibility of management

Answer 31

Management Responsibility

Question 32

The cost of achieving the objectives of internal control should not outweigh its benefits.

Answer 32

Reasonable Assurance

Question 33

The techniques of achieving the objectives will vary with different types of technology

Answer 33

Methods of Data Processing

Question 34

Limitations of Internal Controls

Answer 34

● Possibility of honest errors ● Circumvention via collusion ● Management override ● Changing conditions--especially in companies with high growth

Question 35

Exposures of Weak Internal Controls (Risk) ● ____ of an asset ● ____ of an asset ● ____ of information ●_____ of the information system

Answer 35

● Destruction of an asset ● Theft of an asset ● Corruption of information ● Disruption of the information system

Question 36

The Internal Controls Shield Undesirable Events

Answer 36

1 Access 2 Fraud 3. Errors 4. Mischief

Question 37

SAS 78 / COSO Describes the relationship between the firm’s…

Answer 37

● internal control structure, ● auditor’s assessment of risk, and ● the planning of audit procedures

Question 38

T or F? The weaker the internal control structure, the higher the assessed level of risk; the higher the risk, the more auditor procedures applied in the audit.

Answer 38

T

Question 39

Five Internal Control Components: SAS 78 / COSO

Answer 39

1. Control environment 2. Risk assessment 3. Information and communication 4. Monitoring 5. Control activities

Question 40

● Integrity and ethics of management ● Organizational structure ● Role of the board of directors and the audit committee ● Management’s policies and philosophy ● Delegation of responsibility and authority ● Performance evaluation measures ● External influences—regulatory agencies ● Policies and practices managing human resources

Answer 40

The Control Environment

Question 41

● Identify, analyze and manage risks relevant to financial reporting which includes: ● changes in external environment ● risky foreign markets ● significant and rapid growth that strain internal controls ● new product lines ● restructuring, downsizing ● changes in accounting policies

Answer 41

Risk Assessment

Question 42

● The AIS should produce high quality information which: ● identifies and records all valid transactions ● provides timely information in appropriate detail to permit proper classification and financial reporting ● accurately measures the financial value of transactions ● accurately records transactions in the time period in which they occurred

Answer 42

Information and Communication

Question 43

Information and Communication

Question 44

The process for assessing the quality of internal control design and operation Accomplished by : ● Separate procedures—test of controls by internal auditors ● Ongoing monitoring: ● computer modules integrated into routine operations ● management reports which highlight trends and exceptions from normal performance

Answer 44

Monitoring

Question 45

● Policies and procedures to ensure that the appropriate actions are taken in response to identified risks ● Fall into two distinct categories: ● IT controls—relate specifically to the computer environment ● Physical controls—primarily pertain to human activities

Answer 45

Control Activities

Question 46

Control Activities Fall into two distinct categories: ______ —relate specifically to the computer environment

Answer 46

IT controls

Question 47

Control Activities Fall into two distinct categories: _____ —primarily pertain to human activities

Answer 47

Physical controls

Question 48

Two Types of IT Controls

Answer 48

1. General controls 2. Application controls

Question 49

________ _____ —pertain to the entitywide computer environment ● Examples: controls over the data center, organization databases, systems development, and program maintenance

Answer 49

General controls

Question 50

____ ___ —ensure the integrity of specific systems ● Examples: controls over sales order processing, accounts payable, and payroll applications

Answer 50

Application controls

Question 51

Six Types of Physical Controls

Answer 51

● Transaction Authorization ● Segregation of Duties ● Supervision ● Accounting Records ● Access Control ● Independent Verification

Question 52

Physical Controls ● used to ensure that employees are carrying out only authorized transactions ● general (everyday procedures) or specific (non- routine transactions) authorizations

Answer 52

Transaction Authorization

Question 53

Physical Controls ● In manual systems, separation between: ● authorizing and processing a transaction ● custody and recordkeeping of the asset ● subtasks ● In computerized systems, separation between: ● program coding ● program processing ● program maintenance

Answer 53

Segregation of Duties

Question 54

Physical Controls ● a compensation for lack of segregation; some may be built into computer systems

Answer 54

Supervision

Question 55

Physical Controls ● provide an audit trail

Answer 55

Accounting Records

Question 56

Physical Controls ● help to safeguard assets by restricting physical access to them

Answer 56

Access Controls

Question 57

Physical Controls ● reviewing batch totals or reconciling subsidiary accounts with control accounts

Answer 57

Independent Verification

Question 58

Physical Controls in IT Contexts ● The rules are often embedded within computer programs. ● EDI/JIT: automated re-ordering of inventory without human intervention

Answer 58

Transaction Authorization

Question 59

Physical Controls in IT Contexts ● A computer program may perform many tasks that are deemed incompatible. ● Thus the crucial need to separate program development, program operations, and program maintenance.

Answer 59

Segregation of Duties

Question 60

Physical Controls in IT Contexts ● The ability to assess competent employees becomes more challenging due to the greater technical knowledge required.

Answer 60

Supervision

Question 61

Physical Controls in IT Contexts ● ledger accounts and sometimes source documents are kept magnetically ● no audit trail is readily apparent

Answer 61

Accounting Records

Question 62

Physical Controls in IT Contexts ● Data consolidation exposes the organization to computer fraud and excessive losses from disaster.

Answer 62

Access Control

Question 63

Physical Controls in IT Contexts ● When tasks are performed by the computer rather than manually, the need for an independent check is not necessary. ● However, the programs themselves are checked.

Answer 63

Independent Verification