The document discusses various topics related to ethics, fraud, and internal controls. It begins with an icebreaker activity called "Never Have I Ever" and poses several personal questions. It then covers business ethics and issues, computer ethics, and the Sarbanes-Oxley Act. Fraud topics discussed include the fraud triangle, schemes like fraudulent statements and asset misappropriation, and perpetrators of fraud. Underlying problems like lack of auditor independence are analyzed. Finally, the document discusses internal control concepts around safeguarding assets, ensuring accurate records, and promoting efficiency.

1. ETHICS, FRAUD &
INTERNAL
CONTROL
1

2. 2
ICEBREAKER
“GETTING TO KNOW EACH
OTHER”

3. 3
“NEVER HAVE
I EVER”

4. 1ST QUESTION
4
NEVER HAVE I EVER
BEEN DRUNK…
I
HAVE
I
HAVEN’T

5. 2ND QUESTION
5
NEVER HAVE I EVER CHEATED
ON AN EXAM/QUIZ…
I
HAVE
I
HAVEN’T

6. 3RD QUESTION
6
NEVER HAVE I EVER PRETENDED
TO LAUGH AT A JOKE I
DIDN’T GET…
I
HAVE
I
HAVEN’T

7. 4TH QUESTION
7
NEVER HAVE I EVER GOOGLED MY
OWN NAME TO SEE WHAT COMES
UP…
I
HAVE
I
HAVEN’T

8. 5TH QUESTION
8
NEVER HAVE I EVER FORGED
SOMEONES SIGNATURE…
I
HAVE
I
HAVEN’T

9. 6TH QUESTION
9
NEVER HAVE I EVER
STALKED SOMEONE ONLINE…
I
HAVE
I
HAVEN’T

10. 7TH QUESTION
10
NEVER HAVE I EVER
SKIPPED CLASS…
I
HAVE
I
HAVEN’T

11. 8TH QUESTION
11
NEVER HAVE I EVER
STOLE SOMETHING…
I
HAVE
I
HAVEN’T

12. 9TH QUESTION
12
NEVER HAVE I EVER TOOK A QUIZ
WITHOUT STUDYING THE NIGHT
PRIOR…
I
HAVE
I
HAVEN’T

13. 10TH QUESTION
13
NEVER HAVE I EVER LIED TO MY
PARENTS WHERE I AM GOING…
I
HAVE
I
HAVEN’T

14. 11TH QUESTION
14
NEVER HAVE I EVER DONE
SOMETHING I REGRET…
I
HAVE
I
HAVEN’T

15. ETHICAL ISSUES IN BUSINESS
• Business Ethics
• Computer Ethics
• Sarbanes-Oxley Act and Ethical
Issues

16. Ethical Issues in
Business
Ethical standards are derived from
societal mores and deep-rooted
personal beliefs about issues of
right and wrong that are not
universally agreed upon.

17. we confuse ethical
issues with legal
issues.
17
UP!!!!

18. ETHICS
18
It pertains to the principles of
conduct that individuals use in
making choices and guiding
their behavior in situations that
involve the concepts of right
and wrong.

19. BUSINESS ETHICS
19
Involves finding the answers to two
questions:
(1) How do managers decide what is right in
conducting their business?
(2) Once managers have recognized what is
right, how do they achieve it?
UP!!!!

20. BUSINESS ETHICS
20
Ethical issues in business can be divided into
four areas:
Equity
Rights
Honesty
The Exercise
of Corporate
Power

21. 21
Table 3-1 ETHICAL ISSUES IN BUSINESS

22. Business organizations have conflicting
responsibilities to their employees,
shareholders, customers, and
the public.
Making Ethical
Decisions

23. Every major decision has
consequences that potentially
harm or benefit these constituents.
Making Ethical
Decisions

24. The benefit from a decision
must outweigh the risks.
PROPORTIONALITY
UP!!!!

25. »Justice
The benefits of the decision should be
distributed fairly to those who share the risks.
Those who do not benefit should not carry
the burden of risk.
PROPORTIONALITY

26. »Minimize Risk
Even if judged acceptable by the principles,
the decision should be implemented so as
to minimize all of the risks and avoid any
unnecessary risks.
PROPORTIONALITY

27. COMPUTER ETHICS
27
the analysis of the nature and social impact
of computer technology and the
corresponding formulation and justification
of policies for the ethical use of such
technology
UP!!!!

28. COMPUTER ETHICS
28
Three levels of computer
ethics:
✘ Pop
✘ Para
✘ Theoretical

29. COMPUTER ETHICS
29
✘ Pop Computer Ethics
simply the exposure to stories and reports
found in the popular media regarding the
good or bad ramifications of computer
technology.

30. COMPUTER ETHICS
30
✘ Para Computer Ethics
involves taking a real interest in computer
ethics cases and acquiring some level of skill
and knowledge in the field

31. COMPUTER ETHICS
31
✘ Theoretical Computer Ethics
interest to multidisciplinary researchers who
apply the theories of philosophy, sociology,
and psychology to computer science with the
goal of bringing some new understanding to
the field.

32. “
A New Problem or Just a New
Twist on an Old Problem?
32
Privacy
People desire to be in full control of
what and how much information
about themselves is available to
others, and to whom it is available.
Should the privacy of individuals be protected
through policies and systems?
What information about oneself does the individual
own?
Should firms that are unrelated to individuals buy and sell
information about these individuals without their
permission?

33. “
A New Problem or Just a New
Twist on an Old Problem?
33
Security (Accuracy
and Confidentiality)
Security systems attempt to prevent
fraud and other misuse of computer
systems, they act to protect
and further the legitimate interests of
the system’s constituencies.
Which is the more important goal? Automated monitoring
can be used to detect intruders or other misuse, yet it can also be
used to spy on legitimate users, thus diminishing their privacy.
Where is the line to be drawn? What is an appropriate use and
level of security? Which is most important: security, accuracy, or
confidentiality?
UP!!!!

34. “
A New Problem or Just a New
Twist on an Old Problem?
34
Ownership of Property
Copyright laws have been
invoked in an attempt to protect
those who develop software
from having it copied.

35. “
A New Problem or Just a New
Twist on an Old Problem?
35
Equity in Access
Some barriers to access are
intrinsic to the technology of
information systems, but some
are avoidable through careful
system design.

36. “
A New Problem or Just a New
Twist on an Old Problem?
36
Environmental Issues
Computers with high-speed printers allow for the
production of printed documents faster than ever
before. It may be more efficient or more
comforting to have a hard copy in addition to the
electronic version. However, paper comes from
trees, a precious natural resource, and ends up in
landfills if not properly recycled.

37. “
A New Problem or Just a New
Twist on an Old Problem?
37
Unemployment and Displacement
Many jobs have been and are being
changed as a result of the
availability of computer technology
People unable or unprepared to
change are displaced.
Should employers be responsible for retraining workers
who are displaced as a result of the computerization of
their functions?
UP!!!!

38. “
A New Problem or Just a New
Twist on an Old Problem?
38
Misuse of Computers
Computers can be misused in many ways.
Copying proprietary software, using a
company’s computer for personal benefit,
and snooping through other people’s files
are just a few obvious examples.
What harm is done to the software developer when people
make unauthorized copies?
A computer is not an item that deteriorates with use, so is there
any harm to the employer if it is used for an employee’s personal
benefit?
Is it okay to look through paper files that clearly belong to
someone else?
Is there any difference between paper files and computer files?
UP!!!!

39. ✘ The Act is named after its sponsors,
Senator Paul Sarbanes, D-Md., and
Congressman Michael Oxley, R-Ohio. It's
also called Sarbox or SOX. It became law
on July 30, 2002.
39
SARBANES-OXLEY ACT AND
ETHICAL ISSUES

40. ✘ The Sarbanes-Oxley Act of 2002 is a
federal law that established sweeping
auditing and financial regulations for
public companies. Lawmakers created
the legislation to help protect
shareholders, employees and the public
from accounting errors and fraudulent
financial practices.
40
SARBANES-OXLEY ACT AND
ETHICAL ISSUES

41. FRAUD AND ACCOUNTANTS
• Definitions of Fraud
• The Fraud Triangle
• Financial Losses from Fraud
• The Perpetrators of Frauds

42. - false representation of a material fact
made by one party to another party with
the intent to deceive and induce the
other party to justifiably rely on the fact
to his or her detriment.
FRAUD

43. ✘ False representation
✘ Material fact
✘ Intent
✘ Justifiable reliance.
✘ Injury or loss.
43
Fraudulent act must meet the
following five conditions:

44. In accounting literature, fraud
is also commonly known as
white-collar crime,
defalcation, embezzlement,
and irregularities.
44
UP!!!!

45. ✘ Give one of the five conditions…..
45
Fraudulent act must meet the
following five conditions:

46. Two levels of Fraud
46
✘ Employee fraud
✘ Management fraud

47. - or fraud by non-management
employees, is generally designed
to directly convert cash or other
assets to the employee’s personal
benefit.
47
Employee fraud

48. - is more insidious than employee
fraud because it often escapes
detection until the organization
has suffered irreparable damage
or loss.
48
Management fraud

49. ✘ The fraud is perpetrated at levels of management above
the one to which internal control structures generally
relate.
✘ 2. The fraud frequently involves using the financial
statements to create an illusion that an entity is healthier
and more prosperous than, in fact, it is.
✘ 3. If the fraud involves misappropriation of assets, it
frequently is shrouded in a maze of complex business
transactions, often involving related third parties.
49
Management fraud typically
contains three special
characteristics:

50. The fraud triangle consists of three
factors that contribute to or are
associated with management and
employee fraud
50
THE FRAUD TRIANGLE

51. ✘ (1) situational pressure, which includes personal or
job-related stresses that could coerce an individual
to act dishonestly;
✘ (2) opportunity, which involves direct access to
assets and/or access to information that controls
assets, and;
✘ (3) ethics, which pertains to one’s character and
degree of moral opposition to acts of dishonesty
51
THE FRAUD TRIANGLE
UP!!!!

52. The --------- consists of three
factors that contribute to or are
associated with management and
employee fraud
52

54. 54
PERPETRATORS OF FRAUDS

55. 55

56. 56

57. FRAUD AND ACCOUNTANTS
• Fraud Schemes

58. Three broad categories of fraud schemes
✘ fraudulent statements
✘ Corruption
✘ asset misappropriation
58
THE FRAUD SCHEMES

59. ✘ this class of fraud scheme, the
statement itself must bring direct or
indirect financial benefit to the
perpetrator
59
Fraudulent Statements

60. ✘ For example, misstating the cash account balance
to cover the theft of cash is not financial
statement fraud.
✘ On the other hand, understating liabilities to
present a more favourable financial picture of the
organization to drive up stock prices does fall
under this classification.
60
Fraudulent Statements

61. 61
these numbers fail to reflect the
human suffering that parallels them
in the real world
UP!!!

62. “
Three broad categories of
fraud schemes
✘ fraudulent statements
✘ asset misappropriation
✘ AND…?
62

63. “
✘ this class of fraud scheme,
the statement itself must
bring ---------------- benefit
to the perpetrator
63

64. THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
✘ Lack of Director Independence
✘ Questionable Executive Compensation
Schemes
✘ Inappropriate Accounting Practices
64

65. THE UNDERLYING PROBLEMS
✘ Lack of Auditor Independence
- Auditing firms that are also engaged by their
clients to perform non-accounting activities
- For example, Enron’s auditors—Arthur
Andersen—were also their internal auditors
and their management consultants.
65

66. THE UNDERLYING PROBLEMS
✘ Lack of Director Independence
directors who have a personal relationship
- by serving on the boards of other directors’ companies
- have a business trading relationship as key customers or
suppliers of the company
- have a financial relationship as primary stockholders or
have received personal loans from the company
- have an operational relationship as employees of the
company
66

67. THE UNDERLYING PROBLEMS
✘ Questionable Executive Compensation
Schemes
- fewer stock options should be offered than
currently is the practice
67

68. THE UNDERLYING PROBLEMS
✘ Inappropriate Accounting Practices
- use of special-purpose entities to hide
liabilities through off-balance-sheet
accounting
68
UP!!!

69. THE UNDERLYING PROBLEMS
✘ ----------------
- Auditing firms that are also engaged by their
clients to perform non-accounting activities
- For example, Enron’s auditors—Arthur
Andersen—were also their internal auditors
and their management consultants.
69

70. Three broad categories of fraud schemes
✘ fraudulent statements
✘ Corruption
✘ asset misappropriation
70
THE FRAUD SCHEMES
----------------------------------------------------------------

71. ✘ involves an executive, manager, or employee of
the organization in collusion with an outsider
✘ 4 principal types:
■ Bribery
■ illegal gratuities
■ conflicts of interest
■ economic extortion
71
Corruption

72. ✘ involves giving, offering, soliciting, or receiving
things of value to influence an official in the
performance of his or her lawful duties
72
BRIBERY

73. ✘ involves giving, receiving, offering, or soliciting
something of value because of an official act that
has been taken
73
ILLEGAL GRATUITIES

74. ✘ occurs when an employee acts on behalf of a
third party during the discharge of his or her
duties or has self-interest in the activity being
performed
74
CONFLICTS OF INTEREST

75. ✘ is the use (or threat) of force (including economic
sanctions) by an individual or organization to
obtain something of value
75
ECONOMIC EXTORTION
UP!!!

76. GIVE ONE OF THE
PRINCIPLE TYPES
OF CORRUPTION

77. Three broad categories of fraud schemes
✘ fraudulent statements
✘ Corruption
✘ asset misappropriation
77
THE FRAUD SCHEMES
----------------------------------------------------------------
------------------------------

78. 78

79. ✘ assets are either directly or indirectly diverted to
the perpetrator’s benefit
79
ASSET MISAPPROPRIATION

80. ✘ involves stealing cash from an organization before
it is recorded on the organization’s books and
records
80
SKIMMING

81. ✘ involves schemes in which cash receipts are
stolen from an organization after they have been
recorded in the organization’s books and records
81
CASH LARCENCY

82. ✘ also known as vendor fraud, are perpetrated by employees
who causes their employer to issue a payment to a false
supplier or vendor by submitting invoices for fictitious goods
or services, inflated invoices, or invoices for personal
purchases.
■ SHELL COMPANY
■ PASS THROUGH FRAUD
■ PAY-AND-RETURN
82
BILLING SCHEMES

83. ✘ involves forging or changing in some material way
a check that the organization has written to a
legitimate payee
83
CHECK TAMPERING

84. ✘ the distribution of fraudulent paychecks to
existent and/or non-existent employees
84
PAYROLL FRAUD

85. ✘ are schemes in which an employee makes a claim
for reimbursement of fictitious or inflated
business expenses. For example, a company
salesperson files false expense reports, claiming
meals, lodging, and travel that never occurred.
85
EXPENSE REIMBURSEMENTS

86. ✘ are schemes that involve the direct theft of cash
on hand in the organization
86
THEFTS OF CASH

87. ✘ schemes involve the theft or misuse of the victim
organization’s non-cash assets. One example of
this is a warehouse clerk who steals inventory
from a warehouse or storeroom.
87
NON-CASH MISAPPROPRIATION

88. ✘ Because computers lie at the heart of modern
accounting information systems, the topic of
computer fraud is of importance to auditors.
88
COMPUTER FRAUD

89. Internal Control Concepts and
Techniques

90. Internal Control Concepts and
Techniques
✘ 1. To safeguard assets of the firm.
✘ 2. To ensure the accuracy and reliability of
accounting records and information.
✘ 3. To promote efficiency in the firm’s
operations.
✘ 4. To measure compliance with management’s
prescribed policies and procedures

91. Modifying Assumptions
✘ Management Responsibility
✘ Reasonable Assurance.
✘ Methods of Data Processing.
✘ Limitations

94. The Preventive-Detective–Corrective
Internal Control Model
✘ Preventive Controls
It forces compliance with prescribed or desired
actions and thus screen out aberrant events.
 Detective Controls
These are devices, techniques, and procedures designed to
identify and expose undesirable events that elude preventive controls.
 Corrective Controls
These are actions taken to reverse the effects of
errors detected in the previous step.

95. SAS 78 / COSO
Describes the relationship between the firm’s…
 internal control structure,
 auditor’s assessment of risk, and
 the planning of audit procedures
“The weaker the internal control structure, the higher the assessed level of
risk; the higher the risk, the more auditor procedures applied in the audit”.

96. Five Internal Control
Components: SAS 78 / COSO
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities

97. 1: The Control Environment
✘ Integrity and ethics of management
✘ Organizational structure
✘ Role of the board of directors and the audit
committee
✘ Management’s policies and philosophy
✘ Delegation of responsibility and authority
✘ Performance evaluation measures
✘ External influences—regulatory agencies
✘ Policies and practices managing human resources

98. 2: Risk Assessment
✘ Identify, analyze and manage risks relevant to
financial reporting:
✗ changes in external environment
✗ risky foreign markets
✗ significant and rapid growth that strain internal controls
✗ new product lines
✗ restructuring, downsizing
✗ changes in accounting policies

99. 3: Information and
Communication
✘ The AIS should produce high quality information
which:
✗ identifies and records all valid transactions
✗ provides timely information in appropriate detail to permit
proper classification and financial reporting
✗ accurately measures the financial value of transactions
✗ accurately records transactions in the time period in
which they occurred

100. 4: Monitoring
The process for assessing the quality of internal
control design and operation
✘ Ongoing monitoring:
✗ computer modules integrated into routine
operations
✗ management reports which highlight
trends and exceptions from normal
performance

101. 5: Control Activities
✘ Policies and procedures to ensure that the
appropriate actions are taken in response to
identified risks
✘ Fall into two distinct categories:
✗ IT controls—relate specifically to the computer
environment
✗ Physical controls—primarily pertain to human
activities

102. Two Types of IT Controls
✘ General controls—pertain to the entity-wide
computer environment
✗ Examples: controls over the data center, organization
databases, systems development, and program maintenance
✘ Application controls—ensure the integrity of specific
systems
✗ Examples: controls over sales order processing, accounts
payable, and payroll applications

103. Six Types of Physical
Controls
✘ Transaction Authorization
✘ Segregation of Duties
✘ Supervision
✘ Accounting Records
✘ Access Control
✘ Independent Verification

104. Physical Controls
Transaction Authorization
✘ used to ensure that employees are carrying out
only authorized transactions
✘ general (everyday procedures) or specific (non-
routine transactions) authorizations

105. Segregation of Duties
✘ In manual systems, separation between:
✗ authorizing and processing a transaction
✗ custody and recordkeeping of the asset
✗ subtasks
Physical Controls

106. Physical Controls
Supervision
✘ A compensation for lack of segregation; some
may be built into computer systems
✘ An underlying assumption of supervision control
is that the firm employs competent and
trustworthy personnel. The competent and
trustworthy employee assumption promotes
supervisory efficiency.

107. Physical Controls
Accounting Records
✘ The accounting records of an organization
consist of source documents, journals, and
ledgers. These records capture the economic
essence of transactions and provide an audit trail
of economic events.
✘ Audit Trail

108. Access Controls
✘ help to safeguard assets by restricting physical access to them
Independent Verification
✘ reviewing batch totals or reconciling subsidiary accounts with
control accounts
✘ Through independent verification procedures, management can
assess (1) the performance of individuals, (2) the integrity of the
transaction processing system, and (3) the correctness of data
contained in accounting records.
Physical Controls

109. Authorization
Authorization
Authorization
Processing
Custody Recording
Task 1 Task 2 Task 2
Task 1
Nested Control Objectives for
Transactions
Control
Objective 1
Control
Objective 2
Control
Objective 3
Custody Recording