ETHICS, FRAUD, AND INTERNAL CONTROL

1 3 James A. HallChapterAccounting Information Systems, 4th. , Fraud, & Intern. Notes Prepared by H. M. Savage South-Western Publishing Co., 2004 Page 3-1 CHAPTER 3 ETHICS, FRAUD, AND INTERNAL CONTROLThe three topics of this chapter are closely related. Ethics is a hallmark of the accountingprofession. The principles which guide a manager s decision making are important to allaffected. Computer ethics involves questions related to the use of technology and its is a serious problem for most businesses today and often technology compounds theproblem. In addition, the role of the independent auditor in the detection of fraud is managers and accountants need to be confident that the information produced by theaccounting system is both accurate and reliable, the importance of INTERNAL CONTROL is objectives of this chapter are:!

2 To understand the broad issues pertaining to business ethics;!to know why the subject of ethics is important to the study of accounting informationsystems;!to have a basic understanding of ethical issues relating to the use of informationtechnology;!to be able to distinguish between management fraud and employee fraud;!to be familiar with the common fraud techniques used in both manual systems andcomputer-based systems;!to be aware of the gap that exists between the expectations of users of financialstatements and the ability of auditors to detect fraud;!to understand the INTERNAL CONTROL structure defined by SAS 78; and!to recognize on a fundamental level the implications of the use of computertechnology for the INTERNAL CONTROL structure.

3 3 James A. HallChapterAccounting Information Systems, 4th. , Fraud, & Intern. Notes Prepared by H. M. Savage South-Western Publishing Co., 2004 Page Issues in BusinessThe first part of this chapter gives a very simple introductionto the subject of business ethics. Hopefully ethical questionshave been addressed in many of your business courses,especially your accounting courses. Ethics do matter. Anyaccounting student who does not agree is in the wrong major!!! is Business Ethics?Table 3-1, on page 119, identifies various businessdecisions which have ethical dimensions. These aregrouped according to the four areas of equity, rights,honesty, and exercise of corporate power. Manysituations in accounting, even related to the structureand content of systems, raise ethical must understand how managers determinewhat is right in doing business and how they Some Firms Address Ethical IssuesEthical behavior is the antithesis of the dog-eat-dog approach to doing business.

4 The importance ofmanagement setting the tone and supporting anethical climate cannot be overstated. As is true ofmany other management philosophies, it is lower-level managers who must carry out management sdirectives. Subordinates who feel that anorganization s commitment to ethical behavior islacking should start job-hunting. Fig. 3-1, on page 121, is a representation ofbehavioral stage theory which shows the levels ofmoral development. Where are you?? Read thismaterial Is Computer Ethics?This discussion of computer ethics is very well in particular the meaning of pop, para, andtheoretical computer ethics. Much has been writtenon this topic. Some of you may be surprised by someof the issues that arise from the adoption of a newtechnology.

5 The significant areas include:Cprivacy,Csecurity, including accuracy andconfidentiality,Cownership of property,Crace,Cequity of access, 3 James A. HallChapterAccounting Information Systems, 4th. , Fraud, & Intern. Notes Prepared by H. M. Savage South-Western Publishing Co., 2004 Page 3-3 Cenvironmental issues,Cartificial intelligence,Cunemployment and displacement,Cmisuse of computers, andCinternal CONTROL and AccountantsOne of the reasons, though not the only one, for the discussionof ethics is the reality of its absence. Reports of variousoccurrences of fraudulent behavior are commonplace in thepress. It appears that fraud is widespread. Your text discussestwo types of fraud, management fraud and employee FRAUD, and presents several motivating Concept of FraudDespite the fact that the purpose of a financial statement auditis to attest to the fairness of the financial statements preparedby management, the public and other groups often want toblame the auditors when fraud goes book does a good job of defining and discussing fraud asit has evolved in common law.

6 For an act to be regarded asfraudulent, five conditions must be present:!false representation [some misrepresentation oromission must have occurred],!material fact, [it must matter],!scienter, [there must be the intention to deceive],!justifiable reliance, [it affected someone s decision], and!injury or loss [must have occurred].Our discussion will focus on two forms of fraud which impactbusinesses: management fraud and employee fraud. Thedistinction is fraud usually involves the stealing of firm assets. The book discusses it in three steps: take, sell, and hide. Management fraud is a fraud committed not to directly linethe pockets of the perpetrator, but to present an overlyoptimistic picture of the firm in order to enhance share price orto obtain more favorable financing.

7 Several factors areparticularly usually occurs at levels above the normal internalcontrol is typically an intent to present a better picturethan is assets are misappropriated, the rout is quitedevious. 3 James A. HallChapterAccounting Information Systems, 4th. , Fraud, & Intern. Notes Prepared by H. M. Savage South-Western Publishing Co., 2004 Page that Contribute to FraudAfter presenting the results of a study by CertifiedFraud Examiners (CFE), your book discusses thetypes of forces which can interact to inspire anotherwise responsible person to commit fraud:situational pressures, availability of opportunity,personal characteristics. Read this material carefully. Another approach to explaining fraud lists skills, , non-shareable of fraud by external auditors is verydifficult.

8 Detection can occur if certain questions areasked. See the discussion in the Losses from FraudMuch information is reported from a 2002 study bythe Association of Certified Fraud Examiners. First isa discussion of the magnitude of losses. Thefollowing sections describes the characteristics Perpetrators of FraudsThis section will be an eye-opener. Read carefully thenarrative that accompanies Tables 3-2 to 3-7, onpages 129-131. In particular, consider the issues ofgender, position, age, education, and SchemesThe discussion of types of fraud is organizedfollowing the CFE categories: fraudulent statements,corruption, and asset misappropriation. Manyexamples are given. Regard this material as an eyeopener not a how to chapter!

9 The issue of fraudulent statements should be veryfamiliar, given the recent notoriety of Enron,WorldCom, and Adelphia. Four issue are key: lack ofauditor independence, lack of director independence,questionable executive compensation schemes, andinappropriate accounting practices. This leads to anexcellent discussion of the Sarbanes-Oxley Actpassed in July 3-3, on page 139, is a standard model for anAIS. The discussion of computer fraud techniques 3 James A. HallChapterAccounting Information Systems, 4th. , Fraud, & Intern. Notes Prepared by H. M. Savage South-Western Publishing Co., 2004 Page 3-5looks at the types of fraud possible at each of thestages in the system: !data collection (input),!data processing, !database management (storage), and !

10 Information generation (output). CONTROL Concepts and ProceduresAlthough it has always made sense for management to want tocontrol operations to make sure that plans are carried out andobjectives achieved, it is also law that a system of internalcontrol be set up and maintained. The Foreign CorruptPractices Act of 1977 mandates what common sense hasalways CONTROL in ConceptThe objectives of an INTERNAL CONTROL system cover theentire firm, not just the AIS. They should not besurprising:Cto safeguard the assets of the firm,Cto ensure the accuracy and reliability ofaccounting records and information,Cto promote efficiency in the firm soperations, andCto measure compliance with management sprescribed policies and , all things cannot be assured at 100%without bringing an organization to a halt.