Accounting Info Systems: Ethics, Fraud, and Control

Questions and Answers

Why should we be concerned about ethics in the business world?

Ethics are needed when conflicts arise and in business, conflicts may arise between employees, management, and stakeholders.

What does business ethics involve?

Business ethics involves answering two questions: How do managers decide on what is right in conducting their business? Once managers have recognized what is right, how do they achieve it?

Which of the following is an ethical issue related to Equity?

• Employee Health Screening
• Sexual Harassment
• Product Pricing (correct)
• Whistle-Blowing

Which of the following is an ethical issue related to Exercise of Corporate Power?

Product Safety (C)

What does computer ethics concern?

The social impact of computer technology.

Which of the following is one of the main computer ethics issues?

All of the above (D)

A 'material fact' in the legal definition of fraud is a fact that is not substantial in inducing someone to act.

False (B)

Intent to deceive does not need to exist for the legal definition of fraud to be met.

False (B)

The misrepresentation must have resulted in justifiable reliance upon information, which caused someone to act, for it to be considered fraud.

True (A)

According to the legal definition of fraud, the misrepresentation must have caused injury or loss.

True (A)

What are the three components of the fraud triangle?

Situational pressures, opportunities, and personal characteristics (ethics)

According to the 2004 ACFE study, approximately what percentage of revenues is lost due to fraud?

6%

According to the 2004 ACFE study, which position within a company experienced the highest median loss due to fraud?

Owner/Executive (B)

Which of the following was NOT an underlying problem in the Enron, WorldCom, and Adelphia scandals?

Conservative executive compensation schemes (C)

Which is a principal reform of the Sarbanes-Oxley Act of 2002?

Creation of the Public Company Accounting Oversight Board (PCAOB) (B)

Employee fraud is committed by management personnel.

False (B)

What does employee fraud usually consist of?

An employee taking cash or other assets for personal gain by circumventing a company's system of internal controls

Where are management frauds perpetrated in the company?

At levels of management above the one to which internal control structure relates

What is the purpose of fraudulent statements?

To make a copy of the company's financial statements appear better than it actually is

Which of the following is an example of corruption?

Bribery (A)

Which of the following can be considered an example of asset misappropriation?

Making charges to expense accounts to cover theft of assets (C)

What is lapping?

using customer's check from one account to cover theft from a different account (D)

Which of the following is an example of computer fraud?

Altering computer-readable records and files (D)

This aspect of the system is the most ______ because it is relatively easy to change data as it is being entered into the system.

vulnerable

Which phase of information processessing is most vulnerable?

Data Collection (A)

What is GIGO principle?

Garbage in, garbage out principle

Which of the following is an example of Data Processing Fraud?

altering programs to allow illegal access to and/or manipulation of data files (A)

Which of the following is an example of Operations Frauds?

misuse of company computer resources, such as using the computer for personal business (B)

Who usually conducts Database Management Fraud?

Disgruntled or ex-employee

Name the activity that involves searching through the trash cans on the computer center for discarded output?

Scavenging

According to AICPA SAS, which of the following is among the firms Internal Control Objectives?

All of the above (D)

Management responsibility dictates that the establishment and maintenance of a system of internal control is the responsibility of management.

True (A)

The cost of achieving the objectives of internal controls should outweigh its benefits.

False (B)

Which of the following is considered an exposure of weak internal controls?

All of the above (D)

Is the following statement true or false: The weaker the internal control, the lower the assessed level of risk?

False (A)

Which of the following is one of the Five Internal Control Components of SAS 78 / COSO?

Risk assessment (A)

Which of the following could be included in The Control Environment?

All of the above (D)

Which of the following could be included in Risk Assessment?

all of the above (D)

Which is not an element of the information and communication component?

accruately records transactions in past time periods (A)

What are the two categories of control activites?

IT controls and Physical controls (B)

Which is are two types of IT Controls?

General controls and Application controls (C)

Match the description to the physical control

Transaction Authorization = Used to ensure that employees are carrying out only authorized transactions Segregation of Duties = Separation between authorizing and processing a transaction Accounting Records = Provide an audit trail Access Controls = Help to safeguard assets by restricting physical access to them

What is often embedded within computer programs in IT Context

Transaction Authorization

In IT Contexts, a computer program cannot perform many task that are deemed incompatible.

False (B)

Flashcards

What is a candlestick chart?

A graphical representation that represents a financial instrument's price over time.

What does the 'body' of a candlestick represent?

It represents the range between the opening and closing prices during a given period.

What do the 'wicks' (or shadows) of a candlestick represent?

These lines indicate the highest and lowest prices reached during the period.

What is an 'engulfing pattern'?

A pattern where a smaller body is engulfed by a larger body, signaling a potential reversal.

What is a 'bearish trend' on a candlestick chart?

Several consecutive candlesticks all closing lower, showing strong bearish momentum.

What indicates a 'bullish trend' on a candlestick chart?

A series of candlesticks trending upwards suggests increasing buying pressure.

What is a 'support level'?

A line on a chart indicates a price level where the price tends to stop falling.

What is a 'resistance level'?

A level where a price tends to stop rising, acting as a ceiling.

What is 'fraud'?

A deceptive or illegal activity carried out for personal gain.

2001

Enron's downfall started in which year?

Study Notes

• Accounting Information Systems, 6th edition, Chapter 3 covers ethics, fraud, and internal control

Business Ethics

• Ethics are needed when conflicts arise that require a choice
• In business, such conflicts frequently involve employees, management, and stakeholders
• Litigation can also lead to business conflicts
• Business ethics ultimately seeks to answer two key questions: How do managers decide what is right when conducting business?
• How do managers achieve what is right, once identified?

Four Main Areas of Business Ethics

• Equity:
  • Executive salaries
  • Comparable worth standards
  • Product pricing
• Rights:
  • Corporate due process
  • Employee health screening
  • Employee privacy
  • Instances of sexual harassment
  • Diversity and equal employment opportunity
  • Whistle-blowing protections
• Honesty:
  • Management and employee conflicts of interest
  • Security of organizational data and records
  • Honesty in advertising
  • Business practices questionable in foreign countries
  • Accurate reporting of shareholder interests
• Exercise of corporate power:
  • Involvement in Political Action Committees
  • Workplace and product safety
  • Addressing environmental issues
  • Divestment of interests
  • Corporate political contributions
  • Handling downsizing and plant closures

Computer Ethics

• Computer ethics concerns social impact of technology like hardware, software, and telecommunications
• Key issues:
  • Privacy
  • Security: accuracy and confidentiality
  • Ownership of property
  • Equity in access
  • Environmental issues
  • Artificial intelligence
  • Unemployment and displacement due to automation
  • Misuse of computers

Legal Definition of Fraud

• Fraud involves:
  • False representation via false statement or disclosure
  • A material fact substantial enough to induce action
  • Intent to deceive
  • Justifiable reliance on the misinformation, leading someone to act
  • Injury or loss resulting from the misrepresentation

Factors That Contribute to Fraud

• Situational pressures (high)
• Opportunities (high)
• Personal characteristics (ethics - low)

2004 ACFE Study of Fraud

• Fraud resulted in a revenue loss equal to 6%, or approximately $660 billion
• Losses by position in company:
  • Owner/Executive: 12% of frauds, $900,000 loss
  • Manager: 34% of frauds, $140,000 loss
  • Employee: 68% of frauds, $62,000 loss
• Other findings showed higher losses due to men, employees acting in collusion, and employees with advanced degrees

Enron, WorldCom, Adelphia Underlying Problems

• Lack of auditor independence; auditing firms also performed nonaccounting activities for their audit clients
• Lack of director independence; directors had business or financial relationships rather than independence
• Short-term stock options led to questionable executive compensation schemes focused on short-term gains over long-term health
• Use of inappropriate accounting practices, a common fraud trait
  • Enron used special purpose entities
  • WorldCom moved transmission line costs from expense to capital accounts

Sarbanes-Oxley Act of 2002

• Primary reforms:
  • Established the Public Company Accounting Oversight Board (PCAOB)
  • Increased auditor independence by separating attestation from non-auditing activities
  • Enhanced corporate governance and responsibility; audit committee members must be independent and oversee external auditors
  • Increased disclosure requirements for issuers and management
  • Introduced new federal crimes for document destruction and fraud

Employee Fraud

• Committed by non-management personnel
• Involves theft of cash/assets through internal control circumvention

Management Fraud

• Perpetrated at levels of management that circumvents internal control
• Frequently using financial statements to present the entity as healthier and more prosperous than reality
• Often involves misappropriation of assets shrouded in complex transactions

Fraud Schemes

• According to the Association of Certified Fraud Examiners, three categories are:
  • Fraudulent statements
  • Corruption
  • Asset misappropriation

Fraudulent Statements

• Involves misstating financial statements to make them appear better
• Typically management fraud, focused on short-term financial gains
• Motivations include management bonus packages tied to financial statements

Corruption

• Examples include:
  • Bribery
  • Illegal gratuities
  • Conflicts of interest
  • Economic extortion
• The Foreign Corrupt Practices Act of 1977 indicates that a response is required to fight corruption in the business world
• This has impacted accounting by requiring maintaining accurate records and enforcing internal controls

Asset Misappropriation

• Common fraud type often committed by employees
• Examples:
  • Charging expenses to accounts to conceal asset theft
  • Lapping of customer payments to hide theft
  • Transaction fraud altering/adding false transactions to steal assets

Computer Fraud Schemes

• Misuse, theft, or misappropriation of assets by:
  • Altering computer-readable records/files
  • Altering the logic of computer software
  • Illegal use of computer-readable information
  • Corruption or destruction of software
  • Theft of computer hardware

Data Collection Fraud

• This system aspect is the most vulnerable because of how easy the data changes when entered in the system
• The GIGO principle means that inaccurate input data leads to inaccurate output

Data Processing Fraud

• Program frauds: altering programs to allow illegal access to/or manipulation of files
• Includes destruction via virus
• Operations frauds related to misuse of company computer assets such as for personal business

Database Management Fraud

• Involves altering, deleting, corrupting, or stealing data
• Oftentimes done by disgruntled former employees

Information Generation Fraud

• Includes stealing, redirecting, or misusing computer output
• Involves scavenging when searching through the trash for computer output

Internal Control Objectives According to AICPA SAS

• Must safeguard assets of any firm
• Ensure accuracy and reliability of accounting records and information
• Promote efficiency of the firm's operations
• Measure compliance with management's prescribed policies and procedures

Modifying Assumptions to the Internal Control Objectives

• Management has the responsibility for the establishment and maintenance of internal controls
• Reasonable assurance is in place such that the benefits outweigh the costs
• Methods of data processing techniques will vary with the types of technology

Limitations of Internal Controls

• Possibility of honest errors
• Circumvention via collusion
• Management override
• Changing conditions especially in companies with high growth

Exposures of Weak Internal Control (Risk)

• Destruction
• Theft of asset
• Corruption
• Disruption

SAS 78 / COSO

• It describes the relationship between:
  • Internal control structure
  • Auditor's assessment of risk
  • Planning of audit procedures
• The weaker the internal control structure, the higher the assessed risk level is
• The higher the risk, the more auditor procedures applied in the audit

Five Internal Control Components: SAS 78 / COSO:

• Control environment
• Risk assessment
• Information and communication
• Monitoring
• Control activities

The Control Environment

• Integrity and ethics of management
• Organizational structure
• Role of the board of directors and audit committee
• Management's policies and philosophy
• Delegation of responsibility and authority
• Performance evaluation measures
• External influences
• Policies and practices managing human resources

Risk Assessment

• Involves identifying, analyzing, and managing risks relevant to financial reporting
• This includes:
  • Changes in the external environment
  • Risky foreign markets
  • Significant and rapid growth that strain internal controls
  • New product lines
  • Corporate restructuring and downsizing
  • Changes in accounting policies

Information and Communication

• The AIS should produce high quality information that:
  • Identifies and records all valid transactions
  • Provides information in the time to permit proper classification
  • Accurately measures financial value of transactions
  • Accurately records transactions in the time frame in which they occurred
• Auditors need to understand classes of transactions that are material, how transactions are initiated (input), and associated accounting records (input)
• This encompasses processing steps from initiation to inclusion in financial statements (process) and financial reporting used to compile financial statements (output)

Monitoring

• Monitoring assesses internal control quality
• Separate procedures which can be initiated by the internal auditors -Ongoing monitoring with computer modules integrated into routine operations -Ongoing monitoring with management reports highlighting trends

Control Activities

• Establishing policies and procedures so the steps are in place to counter any risks
• Two broad categories:
  • IT (computer environment) controls
  • Physical (human activities) controls

Two Types of IT Controls

• General controls pertain to controls of a company's computer environment:
  • Data center
  • Organization databases
  • System development
  • Program maintenance
• Application ensures the integrity of certain steps of the process.
• Sales order processing
• Accounts payable
• Payroll application

Six Types of Physical Controls

• Transaction authorization
• Segregation of duties
• Supervision
• Accounting records
• Access control
• Independent verification

Transaction Authorization

• used to ensure only authorized transactions are being carried out by employees
• Includes general (everyday procedure and special)

Segregation of Duties

• Manual and computerized systems require separating who can:
  • Authorize and process
  • Custody and recordkeeping
  • Programs, processing and coding

Supervision

• A compensation for lack of segregation which may exist in some computer systems

Accounting Records

• Audit Trail

Access Control

• Help to ensure against unauthorized physical access

Independent Verification

• Batch totals need to often be reviewed or subsidiary accounts reconciled

Description

This lesson covers ethics, fraud, and internal control, as presented in Chapter 3 of Accounting Information Systems, 6th edition. It discusses conflicts in business involving employees, management, and stakeholders. It also highlights four main areas of business ethics.