3. Ethical Issues in Business
Ethical standards are derived from societal mores and deep-
rooted personal beliefs about issues of right and wrong that
are not universally agreed upon.
Ethics pertains to the principles of conduct that individuals
use in making choices and guiding their behavior in situations
that involve the concepts of right and wrong.
Business Ethics involves finding the answers to the two
questions: (1) How do managers decide what is right in
conducting their business? (2) Once managers have
recognized what is right, how do they achieve it?
3
4. Making Ethical Decision
Business organization have conflicting
responsibilities to their employees,
shareholders, customers, and the public. Every
major decision has consequences that
potentially harm or benefit this constituents.
(Ex. Pursuing computerize system will result to
employees losing their jobs.)
4
5. Proportionality
The benefit from the decision must outweigh the risks.
Furthermore, there must be no alternative decision that
provides the same or greater benefit with less risks.
Justice. The benefits of the decision should be distributed
fairly to those who share the risks. Those who do not benefit
should not carry the burden of risk.
Minimize risk. Even if judged acceptable by the principles, the
decision should be implemented so as to minimize all the
risks and avoid unnecessary risks.
5
6. Fraud
▸ Denotes a false representation of a material fact made by
one party to another party with the intent to deceive and
induce the other party to justifiably rely on the fact to his or
her detriment.
▸ Five Conditions of Fraudulent Act
▹ False Representation
▹ Material fact
▹ Intent
▹ Justifiable reliance
▹ Injury or loss 6
7. Kinds of Fraud
▸ Employee Fraud – is generally designed to directly convert
cash or other assets to the employee’s personal benefit.
Typically, the employee circumvents the company’s internal
control system for personal gain. If a company has an
effective internal control, defalcations or embezzlements
can usually be prevented or detected.
▹ Stealing something of value (an asset)
▹ Converting the asset to a usable form (cash)
▹ Concealing the crime to avoid detection
7
8. Kinds of Fraud
▸ Management Fraud
▸ Lower management fraud typically involves materially misstating
financial data and internal reports to gain additional compensation, to
garner promotion, or to escape the penalty for poor performance.
▸ Characteristics of Management Fraud
▹ The fraud is perpetrated at levels of management above the one
to which internal control structures generally relate.
▹ The fraud frequently involves using the financial statements to
create and illusion that an entity is healthier and more prosperous
than, in fact, it is.
▹ If the fraud involves misappropriation of assets, it is frequently is
shrouded in maze of complex business transaction, often involving
related third parties.
8
9. The Fraud Triangle
▸ Consists of three factors that contribute to or are associated
with management and employee fraud
▹ Situational Pressure. Which includes personal or job-
related stresses that could coerce an individual to act
dishonestly
▹ Opportunity. Which involves direct access to assets
and/or access to information that controls assets
▹ Ethics. Which pertains to one’s character and degree of
moral opposition to acts of dishonesty.
9
11. Fraud Schemes
▸ Fraudulent Statements
▸ Lack of Auditor Independence
▸ Lack of Director Independence
▸ Questionable Executive Compensation
Schemes
▸ Inappropriate Accounting Practices
11
12. Fraud Schemes
▸ Corruption - involves an executive, manager, or employee of the
organization in collusion with an outsider.
▸ Four Principal Types of Corruption
▹ Bribery. Involves giving, offering, soliciting, or receiving things of
value to influence an official in the performance of his/her lawful
duties.
▹ Illegal Gratuities. Involves giving, receiving, offering, or soliciting
something of value because of an official act that has been taken.
▹ Conflicts of Interest. Occurs when an employee acts on behalf of a
third party during the discharge of his/her duties or has a self-
interest in the activity being performed.
▹ Economic Extortion. Is the use (or threat) of force by an individual
or organization to obtain something of value.
12
13. Asset Misappropriation
▸ Skimming involves stealing cash from an organization
before it is recorded on the organization’s books and
records. (ex. Mail room fraud)
▸ Cash Larceny involves schemes in which cash receipts are
stolen from an organization after they have been recorded
in the organization’s books and records. (ex. Lapping)
▸ Billing Schemes (vendor fraud) are perpetrated by
employees who causes their employer to issue a payment to
a false supplier or vendor by submitting invoices for
fictitious goods or services.
13
14. Asset Misappropriation
▸ Check Tampering involves forging or changing in some
material way a check that the organization has written to a
legitimate payee.
▸ Payroll Fraud is the distribution of fraudulent paychecks to
existent and/or non-existent employees.
▸ Expense Reimbursements frauds are schemes in which an
employee makes a claim for reimbursements of fictitious or
inflated business expenses.
▸ Thefts of Cash are schemes that involve the direct theft of
cash on hand in the organization.
▸ Non-Cash fraud schemes involve the theft or misuse of the
victim organization’s non-cash assets. 14
15. Concepts of Internal Control
▸ Definition - set of policies and procedures adopted by a
firm in order to provide reasonable assurance that their
objectives will be met. Consequently, it is considered to
be a means of providing assurance that errors and
irregularities will be prevented, detected and corrected
on a timely manner by employees of the company.
15
16. Internal Control
▸ Comprises of policies , practices, and procedures employed
by the organization to achieve four broad objectives:
1. To safeguard assets of the firm
2. To ensure the accuracy and reliability of accounting
records and information
3. To promote efficiency in the firm’s operations
4. To measure compliance with management’s prescribed
policies and procedures
16
17. Subdivisions of Internal Control
▸ Accounting controls
▹ Those policies and procedures which aim to
safeguard company’s assets and to ensure
reliability of accounting records.
▸ Administrative controls
▹ Policies and procedures to encourage adherence
to mgt. policies and to promote operational
efficiency.
17
18. Modifying Assumptions
▸ Management Responsibility
▸ Reasonable Assurance
▸ Methods of Data Processing
▸ Limitations
▹ Possibility of errors – no perfect system
▹ Circumvention
▹ Management Override
▹ Changing Conditions
18
21. Five Internal Control
Components: SAS 78 / COSO
▸ 1. Control environment
▸ 2. Risk assessment
▸ 3. Information and communication
▸ 4. Monitoring
▸ 5. Control activities
21
22. The Control Environment
▸ which means the overall attitude, awareness
and actions of directors and management
regarding the internal control system and its
importance in the entity.
▸ Factors reflected in control environment are:
M O F A M P E
22
23. MOFAMPE stands for
▸ M – management philosophy and operating
style
▸ O – Organizational structure
▸ F – Functioning of BOD / Audit committee
▸ A – Assignment of responsibilities
▸ M – Management controls
▸ P – Personnel policies
▸ E – External Influences
23
24. ▸ • Integrity and ethics of management
▸ • Organizational structure
▸ • Role of the board of directors and the audit
▸ committee
• Management’s policies and philosophy
• Delegation of responsibility and authority
• Performance evaluation measures
• External influences—regulatory agencies
• Policies and practices managing human resources
24
25. Risk Assessment
▸ Ability of management to take actions in
response to business risks and providing
solutions to identified problems.
▸ Capability of management to find out root-
cause of problems and formulating
appropriate solutions thereon.
25
26. Risk Assessment
▸ • Identify, analyze and manage risks relevant to
financial reporting:
– changes in external environment
– risky foreign markets
– significant and rapid growth that strain internal controls
– new product lines
– restructuring, downsizing
– changes in accounting policies
26
27. Information and Communication
▸ Interrelated set of components which aims to
convert data into meaningful information
and providing such information to authorized
users.
27
28. Information and Communication
• The AIS should produce high quality information which:
– identifies and records all valid transactions
– provides timely information in appropriate
detail to permit proper classification and financial
reporting
–accurately measures the financial value of transactions
– accurately records transactions in the time period in
which they occurred
28
29. Information and Communication
• Auditors must obtain sufficient knowledge of the IS to
understand:
– the classes of transactions that are material
• how these transactions are initiated[ input]
• the associated accounting records and accounts used
in processing [input]
– the transaction processing steps involved from the
initiation of a transaction to its inclusion in the financial
statements[process]
– the financial reporting process used to compile financial
statements, disclosures, and estimates [output]
29
30. Monitoring
To provide reasonable assurance that the other
elements of internal control are being applied as
prescribed. Normally performed by internal
audit department.
30
31. Monitoring
The process for assessing the quality of internal control
design and operation
• Separate procedures—test of controls by
internal auditors
• Ongoing monitoring:
– computer modules integrated into routine
operations
– management reports which highlight trends and
exceptions from normal performance
31
32. Control Procedures
▸ which means those policies and procedures
in addition to the control environment which
management has established to achieve the
entity’s specific objectives.
▸ Fundamental principles of controls - ASDAR
32
33. ASDAR stands for
▸ A – Authorization ( Specific and General)
▸ S – Segregation (CARE)
▸ D – Documentation
▸ A – Access
▸ R – Reviews
33
34. Control Procedures
• Policies and procedures to ensure that the
appropriate actions are taken in response to
identified risks
• Fall into two distinct categories:
– IT controls—relate specifically to the
computer environment
– Physical controls—primarily pertain to human
activities
34
35. 35
Responsibility of Parties
▸ Management and those in-
charge of Governance –
primary party responsible in
designing and implementing
internal controls.
▸ Employees – entrusted with
the Prevention, Detection and
Correction of internal controls.
▸ Auditor – understanding IC for
planning purposes.
36. Detective internal controls
▸ are commonly used for things such as
fraud prevention, quality control, and
legal compliance. Examples of detective
controls include an inventory count,
internal audits, and surprise cash counts.
36
37. Preventive Internal Controls
▸ is a proactive control designed to prevent errors and
irregularities from occurring.
▸ Some examples of preventive controls are:
• Separation of duties: splitting tasks for bookkeeping,
deposits, reporting, and auditing, so there’s less chance
of employee fraud.
• Controlling access: this feature prevents team
members from logging into certain parts of the
accounting system unless they have a password.
• Double-entry accounting: a system that adds extra
reliability so that books are always balanced.
37
38. Corrective Internal Controls
▸ are put in place to correct any errors that were found by
the detective, internal controls. This type of internal
control usually begins by detecting undesirable
outcomes and keeping the spotlight on the problem
until management can solve it. If an error occurs, then it
is essential that an employee follow procedures that
have been put into place to correct the mistake.
38
39. ▸ Examples of corrective internal
accounting controls include physical
audits (such as hand counting money)
and physically tracking assets to reveal
well-hidden discrepancies. Implementing
a quality improvement team can be a
great way to address ongoing problems
and to correct processes.
39
40. Other Forms of Internal Controls
▸ Standardized Documentation
▸ Trial Balances
▸ Periodic Reconciliations
▸ Approval Authority
40
41. 41
PURCHASING
PROCESS
is an interacting structure of people,
equipment, activities, and controls that is
designed to accomplish the following:
Handle the repetitive work routines of
the purchasing department and the
receiving department.
Support the decision needs of those who
manage the purchasing and receiving
departments.
Assist in the preparation of internal and
external reports.
43. Key Controls for Purchasing Process
Approve purchase requisition: An authorized individual,
or several individuals, such as cost center or department
management, should approve purchase requisitions.
Use authorized vendor data: Vendors should be vetted to
determine their suitability to provide the organization
with goods and services. The screening process might
include vendor financial viability and performance record.
43
44. Key Controls for Purchasing Process
Independent vendor master data maintenance:
should be a separation of duties between the
personnel who create vendor records (to authorize
purchases and payments) and those that create and
approve POs, record accounts payable, and approve
payments. Without this separation:
▸ There could be kickbacks or conflict of interest.
▸ Accounts payable personnel could create a vendor
account to create an invalid/fraudulent invoice.
44
45. Key Controls for Purchasing Process
Compare vendors for favorable prices, terms, quality,
and product availability: Before executing a purchase,
prospective vendors should be compared to determine
that they are the optimal choice for the purchase.
Approve purchase order: appropriate personnel should
approve POs to ensure that an appropriate supplier has
been selected and that the correct goods and services, for
the correct amounts, are being purchased. Confirm
purchase order to requesting: department: The
requesting department should be informed when a PO has
been issued in response to a purchase requisition.
45
46. Key Controls for Purchasing Process
Independent authorization to record receipt: Before a
receipt can be accepted and recorded, the receipt data
should be compared with the PO master data to determine
that an approved PO, prepared by someone other than
receiving personnel, is on file. Compare input receipt
data to PO data: Before a receipt can be accepted and
recorded, the receipt data should be compared with the PO
master data to determine that the correct goods have been
received.
Inspect goods: To ensure that the correct goods are
received in acceptable condition.
46
47. 47
Accounts Payable/Cash
Disbursement (AP/CD) Process
is an interacting structure of people,
equipment, activities, and controls that is
designed to accomplish the following:
Handle the repetitive work routines
of the accounts payable department
and the cashier.
Support the decision needs of those
who manage the accounts payable
department and cashier.
Assist in the preparation of internal
and external reports.
49. Key Controls for the AP/CD Process
Independent validation of vendor invoices: authority to
record a vendor invoice should come from the PO and
receiving report data created by entities other than the
entity that records the vendor invoice.
Match invoice, purchase order, and receiving report:
The invoice should be matched to the PO and receiving
report data to ensure that items on the invoice were
ordered and received and that the invoice is accurately
recorded.
49
50. Key Controls for the AP/CD Process
Independent authorization to make payment: accounts
payable records on which the payment is based should be
created by an entity other than the entity that executes the
payment.
Reconcile bank account: Records of cash disbursements
should be matched to the bank’s records to ensure that all
disbursements actually made by the bank were authorized
and accurate.
50
51. Jharam Tolentino, CPA, MBA, SMRIAcc
Program Head,
College of Accountancy
University of Luzon
Thank you for listening!
For your questions, please
contact me on
For gmail and fb:
jharam0714@gmail.com
09778501225