AIS PDF - Accounting Information Systems

102 PART I Overview of Accounting Information Systems d. Indexed random files are easy to maintain in c. Infrequent transactions are recorded in the terms of adding records. general journal. 10. Which statement is NOT correct? The indexed d. Frequent transactions are recorded in special sequential access method journals. a. is used for very large files that need both direct 16. Which of the following is true of the relationship access and batch processing. between subsidiary ledgers and general ledger b. may use an overflow area for records. accounts? c. provides an exact physical address for each a. The two contain different and unrelated record. data. d. is appropriate for files that require few inser- b. All general ledger accounts have subsidiaries. tions or deletions. c. The relationship between the two provides an 11. Which statement is true about a hashing structure? audit trail from the financial statements to the source documents. a. The same address could be calculated for two records. d. The total of subsidiary ledger accounts usually exceeds the total in the related general ledger b. Storage space is used efficiently. account. c. Records cannot be accessed rapidly. 17. Real-time systems might be appropriate for all of d. A separate index is required. the following EXCEPT 12. In a hashing structure a. airline reservations. a. two records can be stored at the same address. b. payroll. b. pointers are used to indicate the location of all c. point-of-sale transactions. records. d. air traffic control systems. c. pointers are used to indicate location of a record e. all of these applications typically utilize real- with the same address as another record. time processing. d. all locations on the disk are used for record 18. is the system flowchart symbol for: storage. a. on-page connector. 13. An advantage of a physical address pointer is that b. off-page connector. a. it points directly to the actual disk storage loca- tion. c. home base. b. it is easily recovered if it is inadvertently lost. d. manual operation. c. it remains unchanged when disks are reorga- e. document. nized. 19. A chart of accounts would best be coded using d. all of the above are advantages of the physical a(n) ______________ coding scheme. address pointer. a. alphabetic 14. Which of the following is NOT true of a turn- b. mnemonic around document? c. block a. They may reduce the number of errors made d. sequential by external parties. 20. Which of the following statements is NOT true? b. They are commonly used by utility companies a. Sorting records that are coded alphabetically (gas, power, water). tends to be more difficult for users than sorting c. They are documents used by internal parties only. numeric sequences. d. They are both input and output documents. b. Mnemonic coding requires the user to memo- 15. Which of the following is NOT a true statement? rize codes. a. Transactions are recorded on source docu- c. Sequential codes carry no information content ments and are posted to journals. beyond their order in the sequence. b. Transactions are recorded in journals and are d. Mnemonic codes are limited in their ability to posted to ledgers. represent items within a class. CHAPTER 2 Introduction to Transaction Processing 103 21. A coding scheme in the form of acronyms and c. alphabetic code. other combinations that convey meaning is a(n) d. mnemonic code. a. sequential code. b. block code. Problems 1. TRANSACTION CYCLE discrepancies, then sending this form back to the payroll department. Any discrepancies noted must be corrected IDENTIFICATION by the payroll department. Categorize each of the following activities into the ex- penditure, conversion, or revenue cycles, and identify the applicable subsystem. 4. ENTITY RELATIONSHIP a. preparing the weekly payroll for manufacturing per- DIAGRAM sonnel Shown here is a partial entity relationship diagram of a b. releasing raw materials for use in the manufacturing purchase system. Describe the business rules repre- cycle sented by the cardinalities in the diagram. c. recording the receipt of payment for goods sold d. recording the order placed by a customer e. ordering raw materials f. determining the amount of raw materials to order PROBLEM 4: ENTITY RELATIONSHIP DIAGRAM 2. TYPES OF FILES Updates Contains Inventory For each of the following records, indicate the appropri- M 1 ate related file structure: master file, transaction file, ref- M erence file, or archive file. a. customer ledgers b. purchase orders 1 c. list of authorized vendors Supplier d. records related to prior pay periods 1 e. vendor ledgers f. hours each employee has worked during the current pay period g. tax tables M M M h. sales orders that have been processed and recorded Is Associated with Receiving Purchase Report 1 1 Order 3. SYSTEM FLOWCHART Figure 2-4 illustrates how a customer order is trans- formed into a source document, a product document, and a turnaround document. Develop a similar flowchart for the process of paying hourly employees. Assume time sheets are used and the payroll department must total the 5. ENTITY RELATIONSHIP hours. Each hour worked by any employee must be DIAGRAM charged to some account (a cost center). Each week, the Refer to the entity relationship diagram in Problem 4. manager of each cost center receives a report listing the Modify the diagram to deal with payments of merchan- employee’s name and the number of hours charged to dise purchased. Explain the business rules represented this center. The manager is required to verify that this in- by the cardinalities in the diagram. (You may wish to formation is correct by signing the form and noting any refer to Chapter 5.) 104 PART I Overview of Accounting Information Systems 6. ENTITY RELATIONSHIP PROBLEM 8: SYSTEM FLOWCHART DIAGRAM Prepare an entity relationship diagram, in good form, for the expenditure cycle, which consists of both pur- chasing and cash disbursements. Describe the business n Time rules represented by the cardinalities in the diagrams.... Sheets 2 (You may wish to refer to Chapter 4.) 1 7. SYSTEM FLOWCHART Enter Data Using the diagram for Problem 7, answer the following questions: ! What do Symbols 1 and 2 represent? Payroll ! What does the operation involving Symbols 3 Data and 4 depict? ! What does the operation involving Symbols 4 Employee Master File and 5 depict? Edit ! What does the operation involving Symbols 6, Errors 8, and 9 depict? Cost Center Master File PROBLEM 7: SYSTEM FLOWCHART Enter Corrections Symbol 1 Edited Transactions Employee Symbol 2 Master File Update Cost Center Symbol 3 Symbol 4 Symbol 5 Master File Edited Transactions Symbol Symbol 6 Paychecks 8 Symbol 7 Symbol 10 Report Program Symbol 6 Reports Symbol 9 9. SYSTEM FLOWCHARTS AND PROGRAM FLOWCHART From the diagram in Problem 8, identify three types of 8. SYSTEM FLOWCHART errors that may cause a payroll record to be placed in Analyze the system flowchart in Problem 8, and the error file. Use a program flowchart to illustrate the describe in detail the processes that are occurring. edit program. CHAPTER 2 Introduction to Transaction Processing 105 10. DATA FLOW DIAGRAM cash disbursements clerk. Upon receipt of the voucher, Data flow diagrams employ four different symbols. the cash disbursements clerk prepares a check and sends What are these symbols, and what does each symbol it to the supplier. The clerk records the check in the represent? check register and files a copy of the check in the department filing cabinet. 11. TRANSACTION CYCLE Required RELATIONSHIP Prepare a data flow diagram and a system flowchart of Refer to Figure 2-1, which provides a generic look at the expenditure cycle procedures previously described. relationships between transaction cycles. Modify this figure to reflect the transaction cycles you might find at a dentist’s office. 13. RECORD STRUCTURES FOR RECEIPT OF ITEMS ORDERED 12. SYSTEM DOCUMENTATION— Refer to Figure 2-28 and the discussion about updating EXPENDITURE CYCLE (MANUAL master files from transaction files. The discussion PROCEDURES) presents the record structures for a sales transaction. Prepare a diagram (similar to Figure 2-28) that presents The following describes the expenditure cycle manual the record structure for the receipt (Receiving Report) procedures for a hypothetical company. of inventory items ordered. Presume a purchase order The inventory control clerk examines the inventory file exists and will be updated through information col- records for items that must be replenished and prepares a lected via a receiving report. Further, presume the pur- two-part purchase requisition. Copy 1 of the requisition chase was made on account. is sent to the purchasing department, and Copy 2 is filed. Upon receipt of the requisition, the purchasing clerk selects a supplier from the valid vendor file (reference 14. SYSTEM DOCUMENTATION— file) and prepares a three-part purchase order. Copy 1 is PAYROLL sent to the supplier, Copy 2 is sent to the accounts pay- The following describes the payroll procedures for a hy- able department where it is filed temporarily, and Copy pothetical company. 3 is filed in the purchases department. Every Thursday, the timekeeping clerk sends em- A few days after the supplier ships the order, the ployee time cards to the payroll department for process- goods arrive at the receiving department. They are ing. Based on the hours worked reflected on the time inspected, and the receiving clerk prepares a three-part cards, the employee pay rate and withholding informa- receiving report describing the number and quality of tion in the employee file, and the tax rate reference file, the items received. Copy 1 of the receiving report the payroll clerk calculates gross pay, withholdings, and accompanies the goods to the stores, where they are net pay for each employee. The clerk then manually pre- secured. Copy 2 is sent to inventory control, where the pares paychecks for each employee, files hard copies of clerk posts it to the inventory records and files the docu- the paychecks in the payroll department, and posts the ment. Copy 3 is sent to the accounts payable depart- earnings to the hard-copy employee records. Finally, the ment, where it is filed with the purchase order. clerk manually prepares a payroll summary and sends it A day or two later, the accounts payable clerk receives and the paychecks to the cash disbursements department. the supplier’s invoice (bill) for the items shipped. The The cash disbursements clerk reconciles the payroll clerk pulls the purchase order and receiving report from summary with the paychecks and manually records the the temporary file and compares the quantity ordered, transaction in the hard-copy cash disbursements journal. quantity received, and the price charged. After reconcil- The clerk then files the payroll summary and sends the ing the three documents, the clerk enters the purchase in paychecks to the treasurer for signing. the purchases journal and posts the amount owed to the The signed checks are then sent to the paymaster, who accounts payable subsidiary account. distributes them to the employees on Friday morning. On the payment due date, the accounts payable clerk posts to the accounts payable subsidiary account to Required remove the liability and prepares a voucher authorizing Prepare a data flow diagram and a system flowchart of payment to the vendor. The voucher is then sent to the the payroll procedures previously described. 106 PART I Overview of Accounting Information Systems 15. SYSTEM DOCUMENTATION— slip and the check are sent to the bank; the other de- posit slip is filed in the cash receipts department. PAYROLL 2. The remittance advice is sent to the AR clerk, who Required posts to the digital subsidiary accounts and then Assuming the payroll system described in Problem 14 files the document. uses database files and computer processing procedures, Required prepare a data flow diagram, an entity relationship dia- Prepare a data flow diagram and a system flowchart of gram, and a systems flowchart. the revenue cycle procedures previously described. 17. SYSTEM DOCUMENTATION— 16. SYSTEM DOCUMENTATION— EXPENDITURE CYCLE (MANUAL REVENUE CYCLE MANUAL AND AND COMPUTER PROCEDURES) COMPUTER PROCESSES The following describes the expenditure cycle for a hy- The following describes the revenue cycle procedures pothetical company. for a hypothetical company. The company has a centralized computer system The sales department clerk receives hard-copy cus- with terminals located in various departments. The ter- tomer orders and manually prepares a six-part hard- minals are networked to a computer application, and copy sales order. Copies of the sales order are distrib- digital accounting records are hosted on a server in the uted to various departments as follows: Copies 1, 2, and data processing department. 3 go to the shipping department, and Copies 4, 5, and 6 Each day, the computer in the data processing center are sent to the billing department where they are tempo- scans the inventory records looking for items that must rarily filed by the billing clerk. be replenished. For each item below its reorder point, Upon receipt of the sales order copies, the shipping the system creates a digital purchase order and prints clerk picks the goods from the warehouse shelves and two hard copies. A technician in the data center sends ships them to the customer. The clerk sends Copy 1 of the purchase orders to the purchasing department clerk. the sales order along with the goods to the customer. Upon receipt of the purchase orders, the purchasing Copy 2 is sent to the billing department, and Copy 3 is clerk reviews and signs them. He sends Copy 1 to the filed in the shipping department. supplier and files Copy 2 in the purchases department. When the billing clerk receives Copy 2 from the A few days later, the supplier ships the order and the warehouse, she pulls the other copies from the tempo- goods arrive at the receiving department. The receiving rary file and completes the documents by adding prices, clerk reviews the digital purchase order from his termi- taxes, and freight charges. Then, using the department nal, inspects the goods, creates a digital Receiving PC, the billing clerk records the sale in the digital Sales Report record, and prints two hard copies of the receiv- Journal, sends Copy 4 (customer bill) to the customer, ing report. The system automatically updates the inven- and sends Copies 5 and 6 to the AR and inventory con- tory records to reflect the receipt of goods. The clerk trol departments, respectively. sends Copy 1 of the receiving report with the goods to Upon receipt of the documents from the billing clerk, the stores, where they are secured. Copy 2 is filed in the the accounts receivable and inventory control clerks receiving department. post the transactions to the AR Subsidiary and Inven- A day or two later, the accounts payable clerk receives tory Subsidiary ledgers, respectively, using their depart- a hard-copy supplier’s invoice (bill) for the items shipped. ment PCs. Each clerk then files the respective sales The clerk accesses the digital receiving report and pur- order copies in the department. chase order from her terminal. She then reconciles these On the payment due date, the customer sends a documents with the supplier’s invoice. If all aspects of the check for the full amount and a copy of the bill (the order reconcile, the clerk records the purchase in the digi- remittance advice) to the company. These documents tal purchases journal and posts the amount owed to the are received by the mailroom clerk who distributes them accounts payable subsidiary account from her terminal. as follows: Each day, the computer application in the data proc- 1. The check goes to the cash receipts clerk, who essing department automatically scans the accounts pay- manually records it in the hard-copy cash receipts able subsidiary file for items that are due for payment journal and prepares two deposit slips. One deposit and prints a two-part check. The system closes out the CHAPTER 2 Introduction to Transaction Processing 107 accounts payable record and creates a record in the digi- Land tal cash disbursements journal. A data processing clerk Accounts Payable then sends the check to the Cash Disbursement depart- Wages Payable ment where it is approved, signed, and distributed to the Taxes Payable supplier. The check copy is filed in the Cash Disburse- ments department. Notes Payable Bonds Payable Required Common Stock Prepare a data flow diagram and a system flowchart of the expenditure cycle procedures previously described. Paid-In Capital in Excess of Par Treasury Stock Retained Earnings 18. CODING SCHEME Sales Devise a coding scheme using block and sequential Sales Returns and Allowances codes for the following chart of accounts for Jensen Dividend Income Camera Distributors. Cost of Goods Sold Cash Wages Expense Accounts Receivable Utility Expense Office Supplies Inventory Office Supplies Expense Prepaid Insurance Insurance Expense Inventory Depreciation Expense Investments in Marketable Securities Advertising Expense Delivery Truck Fuel Expense Accumulated Depreciation—Delivery Truck Interest Expense Equipment Accumulated Depreciation—Equipment 19. CODING SCHEME Furniture and Fixtures Devise a coding scheme for the warehouse layout Accumulated Depreciation—Furniture and Fixtures shown in Problem 19. Be sure to use an appropriate Building coding scheme that allows the inventory to be located Accumulated Depreciation—Building efficiently from the picking list. PROBLEM 19: CODING SCHEME WAREHOUSE LAYOUT Three warehouse locations—Warehouses 1, 2, and 3 Each warehouse is organized by aisles. Aisle A Aisle B Aisle C Aisle D Aisle E (continued) 108 PART I Overview of Accounting Information Systems PROBLEM 19: CODING SCHEME (continued) WAREHOUSE LAYOUT Each aisle is separated into a right and left side, with 7 shelves of goods and 17 partitions, with each storage area called a “bin.” 7 6 5 4 3 2 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Legacy Systems Problems 20. ACCESS METHODS accounts, one check per month is received. These receipts are recorded in a batch file, and the cus- For each of the following file processing operations, tomer account records are updated biweekly. In a indicate whether a sequential file, indexed random file, typical month, customer inquiries are received at the virtual storage access method, hashing, or pointer struc- rate of about 20 per day. ture would work best. You may choose as many as you b. A national credit card agency has 12 million wish for each step. Also indicate which would perform customer accounts. On average, 30 million pur- the least optimally. chases and 700,000 receipts of payments are pro- a. Retrieve a record from the file based on its primary cessed per day. Additionally, the customer support key value. hotline provides information to approximately 150,000 credit card holders and 30,000 merchants b. Update a record in the file. per day. c. Read a complete file of records. c. An airline reservations system assumes that the d. Find the next record in a file. traveler knows the departing city. From that e. Insert a record into a file. point, fares and flight times are examined based on the destination. When a flight is identified as f. Delete a record from a file. being acceptable to the traveler, the availability is g. Scan a file for records with secondary keys. checked and, if necessary, a seat is reserved. The volume of transactions exceeds one-half million per day. 21. FILE ORGANIZATION d. A library system stocks over 2 million books and For the following situations, indicate the most appropri- has 30,000 patrons. Each patron is allowed to check ate type of file organization. Explain your choice. out five books. On average, there are 1.3 copies of each title in the library. Over 3,000 books are a. A local utility company has 80,000 residential cus- checked out each day, with approximately the same tomers and 10,000 commercial customers. The amount being returned daily. The checked-out books monthly billings are staggered throughout the month are posted immediately, as well as any returns of and, as a result, the cash receipts are fairly uniform overdue books by patrons who wish to pay their throughout the month. For 99 percent of all fines. CHAPTER 2 Introduction to Transaction Processing 109 22. BACKUP AND RECOVERY file for a sequential file update process. Indicate the PROCEDURES FOR DATABASE FILES order in which the transactions are processed. Indicate which master file records are updated and which are Figure 2-30 provides a backup and recovery system for read and written, unchanged, into the new master file. files that are updated using a destructive update approach. Also illustrate the relationship between the transaction Now think about a specific situation that might use this file and the master file, that is, T ¼ M, T < M, and T > approach. A company creates its sales order transaction M, in your answer. How would the update change if a file in batches. Once a day, a sales clerk compiles a trans- direct access file is used instead? action file by entering data from the previous day’s sales orders to the transaction file. When these transactions have all been entered and the transaction file passes edit- PROBLEM 24: CODING SCHEME ing, the transaction file is used to destructively update both the sales and the accounts receivable master files. Transaction Master Each of these master files is then backed up to a magnetic File File tape. The magnetic tapes are stored (offline) in a remote Records Records Order of Order of location. Now consider what might happen if, in the mid- Processing Processing dle of an update of the sales master file, lightning hit the company’s building, resulting in a power failure that (Key) (Key) caused the computer to corrupt both the transaction file 1 Data 1 Data and the master files. 6 2 a. Which, if any, files contain noncorrupted data (transaction file, accounts receivable 8 3 master file, sales master file, or backup master 9 4 files)? b. Will a clerk have to re-enter any data? If so, what 10 5 data will have to be re-entered? 13 6 c. What steps will the company have to take to obtain noncorrupted master files that contain the previous 11 7 day’s sales data? 15 8 23. HASHING ALGORITHM 17 9 The systems programmer uses a hashing algorithm to 10 determine storage addresses. The hashing structure is 11 9,997/key. The resulting number is then used to locate the record. The first two digits after the decimal point 12 represent the cylinder number, while the second two digits represent the surface number. The fifth, sixth, and 13 seventh digits after the decimal point represent the 14 record number. This algorithm results in a unique address 99 percent of the time. What happens the re- 15 mainder of the time when the results of the algorithm 16 are not unique? Explain in detail the storage process when key value 3 is processed first, key value 2307 at a 17 later date, and shortly thereafter key value 39. 18 19 24. UPDATE PROCESS Examine the diagram for Problem 24, which contains 20 the processing order for a transaction file and a master This page intentionally left blank chapter 3 Ethics, Fraud, and Internal Control T his chapter examines three closely related areas of concern, which are specifically addressed by the Sarbanes-Oxley Act (SOX) and are important to accountants and management. These are ethics, fraud, and internal control. We begin the chapter by surveying ethical issues that highlight the organization’s conflicting responsi- bilities to its employees, shareholders, customers, and the general public. Organization managers have an ethical responsibility to seek a balance between the risks and bene- Learning Objectives fits to these constituents that result from their decisions. Management and accountants must recognize the new After studying this chapter, you should: implications of information technologies for such historic Understand the broad issues issues as working conditions, the right to privacy, and the pertaining to business ethics. potential for fraud. The section concludes with a review of Have a basic understanding of ethi- the code of ethics requirements that SOX mandates. cal issues related to the use of infor- The second section is devoted to the subject of fraud and mation technology. its implications for accountants. Although the term fraud is very familiar in today’s financial press, it is not always clear Be able to distinguish between man- what constitutes fraud. In this section, we discuss the nature agement fraud and employee fraud. and meaning of fraud, differentiate between employee fraud Be familiar with common types of and management fraud, explain fraud-motivating forces, fraud schemes. review some common fraud techniques, and outline the key Be familiar with the key features of elements of the reform framework that SOX legislates to SAS 78/COSO internal control remedy these problems. framework. The final section in the chapter examines the subject of Understand the objectives and appli- internal control. Both managers and accountants should be cation of physical controls. concerned about the adequacy of the organization’s internal control structure as a means of deterring fraud and prevent- ing errors. In this section, internal control issues are first presented on a conceptual level. We then discuss internal control within the context of the Statement on Auditing Standards no. 78/ Committee of Sponsoring Organizations of the Treadway Commission (SAS 78/COSO) framework recommended for SOX compliance. 112 PART I Overview of Accounting Information Systems Ethical Issues in Business Ethical standards are derived from societal mores and deep-rooted personal beliefs about issues of right and wrong that are not universally agreed upon. It is quite possible for two individuals, both of whom consider themselves to be acting ethically, to be on opposite sides of an issue. Often, we confuse ethical issues with legal issues. When the Honorable Gentleman from the state of——, who is charged with ethi- cal misconduct, stands before Congress and proclaims that he is ‘‘guilty of no wrongdoing,’’ is he really saying that he did not break the law? We have been inundated with scandals in the stock market, stories of computer crimes and viruses, and almost obscene charges of impropriety and illegalities by corporate executives. Using covert compen- sation schemes, Enron’s Chief Financial Officer (CFO) Andy Fastow managed to improve his personal wealth by approximately $40 million. Similarly, Dennis Kozowski of Tyco, Richard Scrushy of Health- South, and Bernie Ebbers of WorldCom all became wealthy beyond imagination while driving their com- panies into the ground. Indeed, during the period from early 1999 to May 2002, the executives of 25 companies extracted $25 billion worth of special compensation, stock options, and private loans from their organizations while their companies’ stock plummeted 75 percent or more.1 A thorough treatment of ethics issues is impossible within this chapter section. Instead, the objective of this section is to heighten the reader’s awareness of ethical concerns relating to business, information systems, and computer technology. BUSINESS ETHICS Ethics pertains to the principles of conduct that individuals use in making choices and guiding their behavior in situations that involve the concepts of right and wrong. More specifically, business ethics involves finding the answers to two questions: (1) How do managers decide what is right in conducting their business? and (2) Once managers have recognized what is right, how do they achieve it? Ethical issues in business can be divided into four areas: equity, rights, honesty, and the exercise of corporate power. Table 3-1 identifies some of the business practices and decisions in each of these areas that have ethical implications. Making Ethical Decisions Business organizations have conflicting responsibilities to their employees, shareholders, customers, and the public. Every major decision has consequences that potentially harm or benefit these constituents. For example, implementing a new computer information system within an organization may cause some employees to lose their jobs, while those who remain enjoy the benefit of improved working conditions. Seeking a balance between these consequences is the managers’ ethical responsibility. The following ethical principles provide some guidance in the discharge of this responsibility.2 PROPORTIONALITY. The benefit from a decision must outweigh the risks. Furthermore, there must be no alternative decision that provides the same or greater benefit with less risk. Justice. The benefits of the decision should be distributed fairly to those who share the risks. Those who do not benefit should not carry the burden of risk. Minimize risk. Even if judged acceptable by the principles, the decision should be implemented so as to minimize all of the risks and avoid any unnecessary risks. COMPUTER ETHICS The use of information technology in business has had a major impact on society and thus raises significant ethical issues regarding computer crime, working conditions, privacy, and more. Computer ethics is ‘‘the 1 Robert Prentice, Student Guide to the Sarbanes-Oxley Act, Thomson Publishing, 2005, p. 23. 2 M. McFarland, ‘‘Ethics and the Safety of Computer System,’’ Computer (February 1991). CHAPTER 3 Ethics, Fraud, and Internal Control 113 T A B L E 3-1 ETHICAL ISSUES IN BUSINESS Equity Executive Salaries Comparable Worth Product Pricing Rights Corporate Due Process Employee Health Screening Employee Privacy Sexual Harassment Diversity Equal Employment Opportunity Whistle-Blowing Honesty Employee and Management Conflicts of Interest Security of Organization Data and Records Misleading Advertising Questionable Business Practices in Foreign Countries Accurate Reporting of Shareholder Interests Exercise of Corporate Power Political Action Committees Workplace Safety Product Safety Environmental Issues Divestment of Interests Corporate Political Contributions Downsizing and Plant Closures Source: The Conference Board, ‘‘Defining Corporate Ethics,’’ in P. Madsen and J. Shafritz, Essentials of Business Ethics (New York: Meridian, 1990): 18. analysis of the nature and social impact of computer technology and the corresponding formulation and jus- tification of policies for the ethical use of such technology.… [This includes] concerns about software as well as hardware and concerns about networks connecting computers as well as computers themselves.’’3 One researcher has defined three levels of computer ethics: pop, para, and theoretical.4 Pop computer ethics is simply the exposure to stories and reports found in the popular media regarding the good or bad ram- ifications of computer technology. Society at large needs to be aware of such things as computer viruses and computer systems designed to aid handicapped persons. Para computer ethics involves taking a real interest in computer ethics cases and acquiring some level of skill and knowledge in the field. All systems professio- nals need to reach this level of competency so they can do their jobs effectively. Students of accounting infor- mation systems should also achieve this level of ethical understanding. The third level, theoretical computer ethics, is of interest to multidisciplinary researchers who apply the theories of philosophy, sociology, and psy- chology to computer science with the goal of bringing some new understanding to the field. A New Problem or Just a New Twist on an Old Problem? Some argue that all pertinent ethical issues have already been examined in some other domain. For exam- ple, the issue of property rights has been explored and has resulted in copyright, trade secret, and patent laws. Although computer programs are a new type of asset, many believe that these programs should be 3 J. H. Moor, ‘‘What Is Computer Ethics?’’ Metaphilosophy 16 (1985): 266–75. 4 T. W. Bynum, ‘‘Human Values and the Computer Science Curriculum’’ (Working paper for the National Conference on Computing and Values, August 1991). 114 PART I Overview of Accounting Information Systems considered no differently from other forms of property. A fundamental question arising from such debate is whether computers present new ethical problems or just create new twists on old problems. Where the latter is the case, we need only to understand the generic values that are at stake and the principles that should then apply.5 However, a large contingent vociferously disagree with the premise that computers are no different from other technology. For example, many reject the notion of intellectual property being the same as real property. There is, as yet, no consensus on this matter. Several issues of concern for students of accounting information systems are discussed in the follow- ing section. This list is not exhaustive, and a full discussion of each of the issues is beyond the scope of this chapter. Instead, the issues are briefly defined, and several trigger questions are provided. Hopefully, these questions will provoke thought and discussion in the classroom. Privacy People desire to be in full control of what and how much information about themselves is available to others, and to whom it is available. This is the issue of privacy. The creation and maintenance of huge, shared databases make it necessary to protect people from the potential misuse of data. This raises the issue of ownership in the personal information industry.6 Should the privacy of individuals be protected through policies and systems? What information about oneself does the individual own? Should firms that are unrelated to individuals buy and sell information about these individuals without their permission? Security (Accuracy and Confidentiality) Computer security is an attempt to avoid such undesirable events as a loss of confidentiality or data integ- rity. Security systems attempt to prevent fraud and other misuse of computer systems; they act to protect and further the legitimate interests of the system’s constituencies. The ethical issues involving security arise from the emergence of shared, computerized databases that have the potential to cause irreparable harm to individuals by disseminating inaccurate information to authorized users, such as through incor- rect credit reporting.7 There is a similar danger in disseminating accurate information to persons unau- thorized to receive it. However, increasing security can actually cause other problems. For example, security can be used both to protect personal property and to undermine freedom of access to data, which may have an injurious effect on some individuals. Which is the more important goal? Automated moni- toring can be used to detect intruders or other misuse, yet it can also be used to spy on legitimate users, thus diminishing their privacy. Where is the line to be drawn? What is an appropriate use and level of se- curity? Which is most important: security, accuracy, or confidentiality? Ownership of Property Laws designed to preserve real property rights have been extended to cover what is referred to as intellec- tual property, that is, software. The question here becomes what an individual (or organization) can own. Ideas? Media? Source code? Object code? A related question is whether owners and users should be con- strained in their use or access. Copyright laws have been invoked in an attempt to protect those who develop software from having it copied. Unquestionably, the hundreds of thousands of program development hours should be protected from piracy. However, many believe the copyright laws can cause more harm than good. For example, should the look and feel of a software package be granted copyright protection? Some argue that this flies in the face of the original intent of the law. Whereas the purpose of copyrights is to promote the progress of science and the useful arts, allowing a user interface the protec- tion of copyright may do just the opposite. The best interest of computer users is served when industry standards emerge; copyright laws work against this. Part of the problem lies in the uniqueness of 5 G. Johnson, ‘‘A Framework for Thinking about Computer Ethics,’’ in J. Robinette and R. Barquin (eds.), Computers and Ethics: A Sourcebook for Discussions (Brooklyn: Polytechnic Press, 1989): 26–31. 6 W. Ware, ‘‘Contemporary Privacy Issues’’ (Working paper for the National Conference on Computing and Human Values, August 1991). 7 K. C. Laudon, ‘‘Data Quality and Due Process in Large Interorganizational Record Systems,’’ Communications of the ACM (1986): 4–11. CHAPTER 3 Ethics, Fraud, and Internal Control 115 software, its ease of dissemination, and the possibility of exact replication. Does software fit with the cur- rent categories and conventions regarding ownership? Equity in Access Some barriers to access are intrinsic to the technology of information systems, but some are avoidable through careful system design. Several factors, some of which are not unique to information systems, can limit access to computing technology. The economic status of the individual or the affluence of an organi- zation will determine the ability to obtain information technology. Culture also limits access, for example, when documentation is prepared in only one language or is poorly translated. Safety features, or the lack thereof, have limited access to pregnant women, for example. How can hardware and software be designed with consideration for differences in physical and cognitive skills? What is the cost of providing equity in access? For what groups of society should equity in access become a priority? Environmental Issues Computers with high-speed printers allow for the production of printed documents faster than ever before. It is probably easier just to print a document than to consider whether it should be printed and how many copies really need to be made. It may be more efficient or more comforting to have a hard copy in addition to the electronic version. However, paper comes from trees, a precious natural resource, and ends up in landfills if not properly recycled. Should organizations limit nonessential hard copies? Can nonessential be defined? Who can and should define it? Should proper recycling be required? How can it be enforced? Artificial Intelligence A new set of social and ethical issues has arisen out of the popularity of expert systems. Because of the way these systems have been marketed—that is, as decision makers or replacements for experts—some people rely on them significantly. Therefore, both knowledge engineers (those who write the programs) and domain experts (those who provide the knowledge about the task being automated) must be con- cerned about their responsibility for faulty decisions, incomplete or inaccurate knowledge bases, and the role given to computers in the decision-making process.8 Further, because expert systems attempt to clone a manager’s decision-making style, an individual’s prejudices may implicitly or explicitly be included in the knowledge base. Some of the questions that need to be explored are: Who is responsible for the com- pleteness and appropriateness of the knowledge base? Who is responsible for a decision made by an expert system that causes harm when implemented? Who owns the expertise once it is coded into a knowledge base? Unemployment and Displacement Many jobs have been and are being changed as a result of the availability of computer technology. People unable or unprepared to change are displaced. Should employers be responsible for retraining workers who are displaced as a result of the computerization of their functions? Misuse of Computers Computers can be misused in many ways. Copying proprietary software, using a company’s computer for personal benefit, and snooping through other people’s files are just a few obvious examples.9 Although copying proprietary software (except to make a personal backup copy) is clearly illegal, it is commonly done. Why do people think that it is not necessary to obey this law? Are there any good argu- ments for trying to change this law? What harm is done to the software developer when people make unauthorized copies? A computer is not an item that deteriorates with use, so is there any harm to the employer if it is used for an employee’s personal benefit? Does it matter if the computer is used during 8 R. Dejoie, G. Fowler, and D. Paradice (eds.), Ethical Issues in Information Systems (Boston: Boyd & Fraser, 1991). 9 K. A. Forcht, ‘‘Assessing the Ethic Standards and Policies in Computer-Based Environments,’’ in R. Dejoie, G. Fowler, and D. Paradice (eds.), Ethical Issues in Information Systems (Boston: Boyd & Fraser, 1991). 116 PART I Overview of Accounting Information Systems company time or outside of work hours? Is there a difference if some profit-making activity takes place rather than, for example, using the computer to write a personal letter? Does it make a difference if a profit-making activity takes place during or outside working hours? Is it okay to look through paper files that clearly belong to someone else? Is there any difference between paper files and computer files? SARBANES-OXLEY ACT AND ETHICAL ISSUES Public outcry surrounding ethical misconduct and fraudulent acts by executives of Enron, Global Cross- ing, Tyco, Adelphia, WorldCom, and others spurred Congress into passing the American Competitive- ness and Corporate Accountability Act of 2002. This wide-sweeping legislation, more commonly known as the Sarbanes-Oxley Act (SOX), is the most significant securities law since the Securities and Exchange Commission (SEC) Acts of 1933 and 1934. SOX has many provisions designed to deal with specific problems relating to capital markets, corporate governance, and the auditing profession. Several of these are discussed later in the chapter. At this point, we are concerned primarily with Section 406 of the act, which pertains to ethical issues. Section 406—Code of Ethics for Senior Financial Officers Section 406 of SOX requires public companies to disclose to the SEC whether they have adopted a code of ethics that applies to the organization’s chief executive officer (CEO), CFO, controller, or persons per- forming similar functions. If the company has not adopted such a code, it must explain why. A public company may disclose its code of ethics in several ways: (1) included as an exhibit to its annual report, (2) as a posting to its Web site, or (3) by agreeing to provide copies of the code upon request. Whereas Section 406 applies specifically to executive and financial officers of a company, a com- pany’s code of ethics should apply equally to all employees. Top management’s attitude toward ethics sets the tone for business practice, but it is also the responsibility of lower-level managers and nonmanag- ers to uphold a firm’s ethical standards. Ethical violations can occur throughout an organization from the boardroom to the receiving dock. Methods must therefore be developed for including all management and employees in the firm’s ethics schema. The SEC has ruled that compliance with Section 406 necessi- tates a written code of ethics that addresses the following ethical issues. CONFLICTS OF INTEREST. The company’s code of ethics should outline procedures for dealing with actual or apparent conflicts of interest between personal and professional relationships. Note that the issue here is in dealing with conflicts of interest, not prohibiting them. Whereas avoidance is the best pol- icy, sometimes conflicts are unavoidable. Thus, one’s handling and full disclosure of the matter become the ethical concern. Managers and employees alike should be made aware of the firm’s code of ethics, be given decision models, and participate in training programs that explore conflict of interest issues. FULL AND FAIR DISCLOSURES. This provision states that the organization should provide full, fair, accurate, timely, and understandable disclosures in the documents, reports, and financial statements that it submits to the SEC and to the public. Overly complex and misleading accounting techniques were used to camouflage questionable activities that lie at the heart of many recent financial scandals. The objective of this rule is to ensure that future disclosures are candid, open, truthful, and void of such deceptions. LEGAL COMPLIANCE. Codes of ethics should require employees to follow applicable governmental laws, rules, and regulations. As stated previously, we must not confuse ethical issues with legal issues. Nevertheless, doing the right thing requires sensitivity to laws, rules, regulations, and societal expecta- tions. To accomplish this, organizations must provide employees with training and guidance. INTERNAL REPORTING OF CODE VIOLATIONS. The code of ethics must provide a mechanism to permit prompt internal reporting of ethics violations. This provision is similar in nature to Sections 301 and 806, which were designed to encourage and protect whistle-blowers. Employee ethics hotlines are emerging as the mechanism for dealing with these related requirements. Because SOX requires this function to be confidential, many companies are outsourcing their employee hotline service to independent vendors. CHAPTER 3 Ethics, Fraud, and Internal Control 117 ACCOUNTABILITY. An effective ethics program must take appropriate action when code violations occur. This will include various disciplinary measures, including dismissal. Employees must see an em- ployee hotline as credible, or they will not use it. Section 301 directs the organization’s audit committee to establish procedures for receiving, retaining, and treating such complaints about accounting procedures and internal control violations. Audit committees will also play an important role in the oversight of ethics enforcement activities. Fraud and Accountants Perhaps no major aspect of the independent auditor’s role has caused more controversy than their respon- sibility for detecting fraud during an audit. In recent years, the structure of the U.S. financial reporting system has become the object of scrutiny. The SEC, the courts, and the public, along with Congress, have focused on business failures and questionable practices by the management of corporations that engage in alleged fraud. The question often asked is, ‘‘Where were the auditors?’’ The passage of SOX has had a tremendous impact on the external auditor’s responsibilities for fraud detection during a financial audit. It requires the auditor to test controls specifically intended to prevent or detect fraud likely to result in a material misstatement of the financial statements. The current authorita- tive guidelines on fraud detection are presented in Statement on Auditing Standards (SAS) No. 99, Con- sideration of Fraud in a Financial Statement Audit. The objective of SAS 99 is to seamlessly blend the auditor’s consideration of fraud into all phases of the audit process. In addition, SAS 99 requires the audi- tor to perform new steps such as a brainstorming during audit planning to assess the potential risk of ma- terial misstatement of the financial statements from fraud schemes. DEFINITIONS OF FRAUD Although fraud is a familiar term in today’s financial press, its meaning is not always clear. For example, in cases of bankruptcies and business failures, alleged fraud is often the result of poor management deci- sions or adverse business conditions. Under such circumstances, it becomes necessary to clearly define and understand the nature and meaning of fraud. Fraud denotes a false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to justifiably rely on the fact to his or her detriment. Accord- ing to common law, a fraudulent act must meet the following five conditions: 1. False representation. There must be a false statement or a nondisclosure. 2. Material fact. A fact must be a substantial factor in inducing someone to act. 3. Intent. There must be the intent to deceive or the knowledge that one’s statement is false. 4. Justifiable reliance. The misrepresentation must have been a substantial factor on which the injured party relied. 5. Injury or loss. The deception must have caused injury or loss to the victim of the fraud. Fraud in the business environment has a more specialized meaning. It is an intentional deception, mis- appropriation of a company’s assets, or manipulation of its financial data to the advantage of the perpetra- tor. In accounting literature, fraud is also commonly known as white-collar crime, defalcation, embezzlement, and irregularities. Auditors encounter fraud at two levels: employee fraud and manage- ment fraud. Because each form of fraud has different implications for auditors, we need to distinguish between the two. Employee fraud, or fraud by nonmanagement employees, is generally designed to directly convert cash or other assets to the employee’s personal benefit. Typically, the employee circumvents the com- pany’s internal control system for personal gain. If a company has an effective system of internal control, defalcations or embezzlements can usually be prevented or detected. Employee fraud usually involves three steps: (1) stealing something of value (an asset), (2) converting the asset to a usable form (cash), and (3) concealing the crime to avoid detection. The third step is often 118 PART I Overview of Accounting Information Systems the most difficult. It may be relatively easy for a storeroom clerk to steal inventories from the employer’s warehouse, but altering the inventory records to hide the theft is more of a challenge. Management fraud is more insidious than employee fraud because it often escapes detection until the organization has suffered irreparable damage or loss. Management fraud usually does not involve the direct theft of assets. Top management may engage in fraudulent activities to drive up the market price of the company’s stock. This may be done to meet investor expectations or to take advantage of stock options that have been loaded into the manager’s compensation package. The Commission on Auditors’ Responsibilities calls this performance fraud, which often involves deceptive practices to inflate earnings or to forestall the recognition of either insolvency or a decline in earnings. Lower-level management fraud typically involves materially misstating financial data and internal reports to gain additional compensa- tion, to garner a promotion, or to escape the penalty for poor performance. Management fraud typically contains three special characteristics:10 1. The fraud is perpetrated at levels of management above the one to which internal control structures generally relate. 2. The fraud frequently involves using the financial statements to create an illusion that an entity is healthier and more prosperous than, in fact, it is. 3. If the fraud involves misappropriation of assets, it frequently is shrouded in a maze of complex busi- ness transactions, often involving related third parties. The preceding characteristics of management fraud suggest that management can often perpetrate irregularities by overriding an otherwise effective internal control structure that would prevent similar irregularities by lower-level employees. THE FRAUD TRIANGLE The fraud triangle consists of three factors that contribute to or are associated with management and employee fraud. These are (1) situational pressure, which includes personal or job-related stresses that could coerce an individual to act dishonestly; (2) opportunity, which involves direct access to assets and/or access to information that controls assets, and; (3) ethics, which pertains to one’s character and degree of moral opposition to acts of dishonesty. Figure 3-1 graphically depicts the interplay among these three forces. The figure suggests that an individual with a high level of personal ethics, who is confronted by low pressure and limited opportunity to commit fraud, is more likely to behave honestly than one with weaker personal ethics, who is under high pressure and exposed to greater fraud opportunities. Research by forensic experts and academics has shown that the auditor’s evaluation of fraud is enhanced when the fraud triangle factors are considered. Obviously, matters of ethics and personal stress do not lend themselves to easy observation and analysis. To provide insight into these factors, auditors of- ten use a red-flag checklist consisting of the following types of questions:11 ! Do key executives have unusually high personal debt? ! Do key executives appear to be living beyond their means? ! Do key executives engage in habitual gambling? ! Do key executives appear to abuse alcohol or drugs? ! Do any of the key executives appear to lack personal codes of ethics? ! Are economic conditions unfavorable within the company’s industry? ! Does the company use several different banks, none of which sees the company’s entire financial picture? 10 R. Grinaker, ‘‘Discussant’s Response to a Look at the Record on Auditor Detection of Management Fraud,’’ Proceedings of the 1980 Touche Ross University of Kansas Symposium on Auditing Problems (Kansas City: University of Kansas, 1980). 11 Ibid. CHAPTER 3 Ethics, Fraud, and Internal Control 119 F I G U R E 3-1 FRAUD TRIANGLE Pressure Opportunity Pressure Opportunity No Fraud Fraud E thics Ethics ! Do any key executives have close associations with suppliers? ! Is the company experiencing a rapid turnover of key employees, either through resignation or termination? ! Do one or two individuals dominate the company? A review of some of these questions shows that contemporary auditors may need to use professional investigative agencies to run confidential background checks on key managers of existing and prospec- tive client firms. FINANCIAL LOSSES FROM FRAUD A research study published by the Association of Certified Fraud Examiners (ACFE) in 2008 estimates losses from fraud and abuse to be 7 percent of annual revenues. This translates to approximately $994 bil- lion in fraud losses for 2008. The actual cost of fraud is, however, difficult to quantify for a number of reasons: (1) not all fraud is detected; (2) of that detected, not all is reported; (3) in many fraud cases, incomplete information is gathered; (4) information is not properly distributed to management or law enforcement authorities; and (5) too often, business organizations decide to take no civil or criminal action against the perpetrator(s) of fraud. In addition to the direct economic loss to the organization, indi- rect costs including reduced productivity, the cost of legal action, increased unemployment, and business disruption due to investigation of the fraud need to be considered. Of the 959 occupational fraud cases examined in the ACFE study, the median loss from fraud was $175,000, while 25 percent of the organizations experienced losses of $1 million or more. The distribu- tion of dollar losses is presented in Table 3-2. 120 PART I Overview of Accounting Information Systems THE PERPETRATORS OF FRAUDS The ACFE study examined a number of factors that profile the perpetrators of the frauds, including posi- tion within the organization, collusion with others, gender, age, and education. The median financial loss was calculated for each factor. The results of the study are summarized in Tables 3-3 through 3-7.12 T A B L E 3-2 DISTRIBUTION OF LOSSES Amount of Loss ($) Percent of Frauds 1–999 1.9 1,000–9,999 7.0 10,000–49,999 16.8 50,000–99,999 11.2 100,000–499,999 28.2 500,000–999,999 9.6 1,000,000 and up 25.3 Source: Report to the Nation on Occupational Fraud & Abuse (Austin, TX: Association of Certified Fraud Examiners, 2008): 9. T A B L E 3-3 LOSSES FROM FRAUD BY POSITION Position Percent of Frauds Loss ($) Owner/Executive 23 834,000 Manager 37 150,000 Employee 40 70,000 T A B L E 3-4 LOSSES FROM FRAUD BY COLLUSION Perpetrators Loss ($) Two or more (36%) 500,000 One (64%) 115,500 T A B L E 3-5 LOSSES FROM FRAUD BY GENDER Gender Loss ($) Male (59%) 250,000 Female (41%) 110,000 12 Report to the Nation on Occupational Fraud & Abuse (Austin, TX: Association of Certified Fraud Examiners, 2008): 48–57. CHAPTER 3 Ethics, Fraud, and Internal Control 121 T A B L E 3-6 LOSSES FROM FRAUD BY AGE Age Range Loss ($) 60 435,000 T A B L E 3-7 LOSSES FROM FRAUD BY EDUCATIONAL LEVEL Education Level Loss ($) High School 100,000 College 210,000 Postgraduate 550,000 Fraud Losses by Position within the Organization Table 3-3 shows that 40 percent of the reported fraud cases were committed by nonmanagerial employ- ees, 37 percent by managers, and 23 percent by executives or owners. Although the reported number of frauds perpetrated by employees is higher than that of managers and almost twice that of executives, the average losses per category are inversely related. Fraud Losses and the Collusion Effect Collusion among employees in the commission of a fraud is difficult to both prevent and detect. This is particularly true when the collusion is between managers and their subordinate employees. Management plays a key role in the internal control structure of an organization. They are relied upon to prevent and detect fraud among their subordinates. When they participate in fraud with the employees over whom they are supposed to provide oversight, the organization’s control structure is weakened, or completely circumvented, and the company becomes more vulnerable to losses. Table 3-4 compares the median losses from frauds committed by individuals acting alone (regardless of position) and frauds involving collusion. This includes both internal collusion and schemes in which an employee or manager colludes with an outsider such as a vendor or a customer. Although frauds involving collusion are less common (36 percent of cases), the median loss is $500,000 as compared to $115,500 for frauds perpetrated by individuals working alone. Fraud Losses by Gender Table 3-5 shows that the median fraud loss per case caused by males ($250,000) was more than twice that caused by females ($110,000). Fraud Losses by Age Table 3-6 indicates that perpetrators younger than 26 years of age caused median losses of $25,000, while those perpetrated by individuals 60 and older were approximately 20 times larger. Fraud Losses by Education Table 3-7 shows the median loss from frauds relative to the perpetrator’s education level. Frauds commit- ted by high school graduates averaged only $100,000, whereas those with bachelor’s degrees averaged 122 PART I Overview of Accounting Information Systems $210,000. Perpetrators with advanced degrees were responsible for frauds with a median loss of $550,000. Conclusions to Be Drawn Although the ACFE fraud study results are interesting, they appear to provide little in the way of anti- fraud decision-making criteria. Upon closer examination, however, a common thread appears. Notwith- standing the importance of personal ethics and situational pressures in inducing one to commit fraud, opportunity is the factor that actually facilitates the act. Opportunity was defined previously as access to assets and/or the information that controls assets. No matter how intensely driven by situational pressure one may become, even the most unethical individual cannot perpetrate a fraud if no opportunity to do so exists. Indeed, the opportunity factor explains much of the financial loss differential in each of the demo- graphic categories presented in the ACFE study: ! Position. Individuals in the highest positions within an organization are beyond the internal control structure and have the greatest access to company funds and assets. ! Gender. Women are not fundamentally more honest than men, but men occupy high corporate posi- tions in greater numbers than women. This affords men greater access to assets. ! Age. Older employees tend to occupy higher-ranking positions and therefore generally have greater access to company assets. ! Education. Generally, those with more education occupy higher positions in their organizations and therefore have greater access to company funds and other assets. ! Collusion. One reason for segregating occupational duties is to deny potential perpetrators the opportunity they need to commit fraud. When individuals in critical positions collude, they create opportunities to control or gain access to assets that otherwise would not exist. FRAUD SCHEMES Fraud schemes can be classified in a number of different ways. For purposes of discussion, this section presents the ACFE classification format. Three broad categories of fraud schemes are defined: fraudulent statements, corruption, and asset misappropriation.13 Fraudulent Statements Fraudulent statements are associated with management fraud. Whereas all fraud involves some form of fi- nancial misstatement, to meet the definition under this class of fraud scheme the statement itself must bring direct or indirect financial benefit to the perpetrator. In other words, the statement is not simply a vehicle for obscuring or covering a fraudulent act. For example, misstating the cash account balance to cover the theft of cash is not financial statement fraud. On the other hand, understating liabilities to present a more favorable financial picture of the organization to drive up stock prices does fall under this classification. Table 3-8 shows that whereas fraudulent statements account for only 10 percent of the fraud cases cov- ered in the ACFE fraud study, the median loss from this type of fraud scheme is significantly higher than losses from corruption and asset misappropriation. T A B L E 3-8 LOSSES FROM FRAUD BY SCHEME TYPE Scheme Type Percent of Frauds* Loss ($) Fraudulent statements 10 2,000,000 Corruption 27 375,000 Asset misappropriation 89 150,000 *The sum of the percentages exceeds 100 because some of the reported frauds in the ACFE study involved more than one type of fraud scheme. 13 Report to the Nation on Occupational Fraud & Abuse. (Austin, TX: Association of Certified Fraud Examiners, 2008): 7. CHAPTER 3 Ethics, Fraud, and Internal Control 123 Appalling as this type of fraud loss appears on paper, these numbers fail to reflect the human suffering that parallels them in the real world. How does one measure the impact on stockholders as they watch their life savings and retirement funds evaporate after news of the fraud breaks? The underlying problems that permit and aid these frauds are found in the boardroom, not the mail room. In this section, we examine some prominent corporate governance failures and the legislation to remedy them. THE UNDERLYING PROBLEMS. The series of events symbolized by the Enron, WorldCom, and Adelphia debacles caused many to question whether our existing federal securities laws were adequate to ensure full and fair financial disclosures by public companies. The following underlying problems are at the root of this concern. 1. Lack of Auditor Independence. Auditing firms that are also engaged by their clients to perform non- accounting activities such as actuarial services, internal audit outsourcing services, and consulting, lack independence. The firms are essentially auditing their own work. The risk is that as auditors they will not bring to management’s attention detected problems that may adversely affect their consulting fees. For example, Enron’s auditors—Arthur Andersen—were also their internal auditors and their management consultants. 2. Lack of Director Independence. Many boards of directors are composed of individuals who are not in- dependent. Examples of lack of independence are directors who have a personal relationship by ser- ving on the boards of other directors’ companies; have a business trading relationship as key customers or suppliers of the company; have a financial relationship as primary stockholders or have received personal loans from the company; or have an operational relationship as employees of the company. A notorious example of corporate inbreeding is Adelphia Communications, a telecommunications company. Founded in 1952, it went public in 1986 and grew rapidly through a series of acquisitions. It became the sixth largest cable provider in the United States before an accounting scandal came to light. The founding family (John Rigas, CEO and chairman of the board; Timothy Rigas, CFO, Chief Administrative Officer, and chairman of the audit committee; Michael Rigas, Vice President for oper- ation; and J.P. Rigas, Vice President for strategic planning) perpetrated the fraud. Between 1998 and May 2002, the Rigas family successfully disguised transactions, distorted the company’s financial picture, and engaged in embezzlement that resulted in a loss of more than $60 billion to shareholders. Whereas it is neither practical nor wise to establish a board of directors that is totally void of self- interest, popular wisdom suggests that a healthier board of directors is one in which the majority of directors are independent outsiders, with the integrity and the qualifications to understand the com- pany and objectively plan its course. 3. Questionable Executive Compensation Schemes. A Thomson Financial survey revealed the strong belief that executives have abused stock-based compensation.14 The consensus is that fewer stock options should be offered than currently is the practice. Excessive use of short-term stock options to compensate directors and executives may result in short-term thinking and strategies aimed at driving up stock prices at the expense of the firm’s long-term health. In extreme cases, financial statement misrepresentation has been the vehicle to achieve the stock price needed to exercise the option. As a case in point, Enron’s management was a firm believer in the use of stock options. Nearly ev- ery employee had some type of arrangement by which he or she could purchase shares at a discount or were granted options based on future share prices. At Enron’s headquarters in Houston, televisions were installed in the elevators so employees could track Enron’s (and their own portfolio’s) success. Before the firm’s collapse, Enron executives added millions of dollars to their personal fortunes by exercising stock options. 4. Inappropriate Accounting Practices. The use of inappropriate accounting techniques is a characteristic common to many financial statement fraud schemes. Enron made elaborate use of special-purpose enti- ties to hide liabilities through off-balance-sheet accounting. Special-purpose entities are legal, but their application in this case was clearly intended to deceive the market. Enron also employed income-inflat- ing techniques. For example, when the company sold a contract to provide natural gas for a period of two years, they would recognize all the future revenue in the period when the contract was sold. 14 H. Stock, ‘‘Institutions Prize Good Governance: Once Bitten, Twice Shy, Investors Seek Oversight and Transparency.’’ Investor Relations Business (November 4, 2002). 124 PART I Overview of Accounting Information Systems WorldCom was another culprit of the improper accounting practices. In April 2001, WorldCom management decided to transfer transmission line costs from current expense accounts to capital accounts. This allowed them to defer some operating expenses and report higher earnings. Also, through acquisitions, they seized the opportunity to raise earnings. WorldCom reduced the book value of hard assets of MCI by $3.4 billion and increased goodwill by the same amount. Had the assets been left at book value, they would have been charged against earnings over four years. Good- will, on the other hand, was amortized over a much longer period. In June 2002, the company declared a $3.8 billion overstatement of profits because of falsely recorded expenses over the previ- ous five quarters. The size of this fraud increased to $9 billion over the following months as addi- tional evidence of improper accounting came to light. SARBANES-OXLEY ACT AND FRAUD. To address plummeting institutional and individual inves- tor confidence triggered in part by business failures and accounting restatements, Congress enacted SOX into law in July 2002. This landmark legislation was written to deal with problems related to capital mar- kets, corporate governance, and the auditing profession and has fundamentally changed the way public companies do business and how the accounting profession performs its attest function. Some SOX rules became effective almost immediately, and others were phased in over time. In the short time since it was enacted, however, SOX is now largely implemented. The act establishes a framework to modernize and reform the oversight and regulation of public com- pany auditing. Its principal reforms pertain to (1) the creation of an accounting oversight board, (2) audi- tor independence, (3) corporate governance and responsibility, (4) disclosure requirements, and (5) penalties for fraud and other violations. These provisions are discussed in the following section. 1. Accounting Oversight Board. SOX created a Public Company Accounting Oversight Board (PCAOB). The PCAOB is empowered to set auditing, quality control, and ethics standards; to inspect registered accounting firms; to conduct investigations; and to take disciplinary actions. 2. Auditor Independence. The act addresses auditor independence by creating more separation between a firm’s attestation and nonauditing activities. This is intended to specify categories of services that a public accounting firm cannot perform for its client. These include the following nine functions: a. Bookkeeping or other services related to the accounting records or financial statements b. Financial information systems design and implementation c. Appraisal or valuation services, fairness opinions, or contribution-in-kind reports d. Actuarial services e. Internal audit outsourcing services f. Management functions or human resources g. Broker or dealer, investment adviser, or investment banking services h. Legal services and expert services unrelated to the audit i. Any other service that the PCAOB determines is impermissible Whereas SOX prohibits auditors from providing these services to their audit clients, they are not pro- hibited from performing such services for nonaudit clients or privately held companies. 3. Corporate Governance and Responsibility. The act requires all audit committee members to be inde- pendent and requires the audit committee to hire and oversee the external auditors. This provision is consistent with many investors who consider the board composition to be a critical investment factor. For example, a Thomson Financial survey revealed that most institutional investors want corporate boards to be composed of at least 75 percent independent directors.15 Two other significant provisions of the act relating to corporate governance are (1) public compa- nies are prohibited from making loans to executive officers and directors, and (2) the act requires attorneys to report evidence of a material violation of securities laws or breaches of fiduciary duty to the CEO, CFO, or the PCAOB. 4. Issuer and Management Disclosure. SOX imposes new corporate disclosure requirements, including: a. Public companies must report all off-balance-sheet transactions. 15 Ibid. CHAPTER 3 Ethics, Fraud, and Internal Control 125 b. Annual reports filed with the SEC must include a statement by management asserting that it is responsible for creating and maintaining adequate internal controls and asserting to the effectiveness of those controls. c. Officers must certify that the company’s accounts ‘‘fairly present’’ the firm’s financial condition and results of operations. d. Knowingly filing a false certification is a criminal offense. 5. Fraud and Criminal Penalties. SOX imposes a range of new criminal penalties for fraud and other wrongful acts. In particular, the act creates new federal crimes relating to the destruction of docu- ments or audit work papers, securities fraud, tampering with documents to be used in an official pro- ceeding, and actions against whistle-blowers. Corruption Corruption involves an executive, manager, or employee of the organization in collusion with an out- sider. The ACFE study identifies four principal types of corruption: bribery, illegal gratuities, conflicts of interest, and economic extortion. Corruption accounts for about 10 percent of occupational fraud cases. BRIBERY. Bribery involves giving, offering, soliciting, or receiving things of value to influence an of- ficial in the performance of his or her lawful duties. Officials may be employed by government (or regula- tory) agencies or by private organizations. Bribery defrauds the entity (business organization or government agency) of the right to honest and loyal services from those employed by it. For example, the manager of a meat-packing company offers a U.S. health inspector a cash payment. In return, the inspec- tor suppresses his report of health violations discovered during a routine inspection of the meat-packing facilities. In this situation, the victims are those who rely on the inspector’s honest reporting. The loss is salary paid to the inspector for work not performed and any damages that result from failure to perform. ILLEGAL GRATUITIES. An illegal gratuity involves giving, receiving, offering, or soliciting some- thing of value because of an official act that has been taken. This is similar to a bribe, but the transaction occurs after the fact. For example, the plant manager in a large corporation uses his influence to ensure that a request for proposals is written in such a way that only one contractor will be able to submit a satis- factory bid. As a result, the favored contractor’s proposal is accepted at a noncompetitive price. In return, the contractor secretly makes a financial payment to the plant manager. The victims in this case are those who expect a competitive procurement process. The loss is the excess costs the company incurs because of the noncompetitive pricing of the construction. CONFLICTS OF INTEREST. Every employer should expect that his or her employees will conduct their duties in a way that serves the interests of the employer. A conflict of interest occurs when an em- ployee acts on behalf of a third party during the discharge of his or her duties or has self-interest in the ac- tivity being performed. When the employee’s conflict of interest is unknown to the employer and results in financial loss, then fraud has occurred. The preceding examples of bribery and illegal gratuities also constitute conflicts of interest. This type of fraud can exist, however, when bribery and illegal payments are not present, but the employee has an interest in the outcome of the economic event. For example, a purchasing agent for a building contractor is also part owner in a plumbing supply company. The agent has sole discretion in selecting vendors for the plumbing supplies needed for buildings under contract. The agent directs a disproportionate number of purchase orders to his company, which charges above- market prices for its products. The agent’s financial interest in the supplier is unknown to his employer. ECONOMIC EXTORTION. Economic extortion is the use (or threat) of force (including economic sanctions) by an individual or organization to obtain something of value. The item of value could be a fi- nancial or economic asset, information, or cooperation to obtain a favorable decision on some matter under review. For example, a contract procurement agent for a state government threatens to blacklist a highway contractor if he does not make a financial payment to the agent. If the contractor fails to cooper- ate, the blacklisting will effectively eliminate him from consideration for future work. Faced with a threat of economic loss, the contractor makes the payment. 126 PART I Overview of Accounting Information Systems T A B L E 3-9 LOSSES FROM ASSET MISAPPROPRIATION SCHEMES Scheme Type Percent of Frauds* Loss ($) Skimming 17 80,000 Cash Larceny 10 75,000 Billing 24 100,000 Check Tampering 15 138,000 Payroll 9 49,000 Expense Reimbursement 13 25,000 Theft of Cash 15 50,000 Non-Cash Misappropriations 16 100,000 *The percentages exceed 100 percent because some fraud cases in the ACFE study involved multiple schemes from more than one category. Asset Misappropriation The most common fraud schemes involve some form of asset misappropriation in which assets are either directly or in

AIS PDF - Accounting Information Systems

Document Details

Tags

Related

Summary

Full Transcript