Chapter 3-1. Chapter 3-2 Accounting Information Systems, 1 st Edition Fraud, Ethics, and Internal Control.

Chapter 3-1

Chapter 3-2 Accounting Information Systems, 1st Edition

Fraud, Ethics, and Internal Control

Chapter 3-3

1. An introduction to the need for a code of ethics and good internal controls

2. The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

3. The nature of management fraud

4. The nature of employee fraud

5. The nature of customer fraud

6. The nature of vendor fraud

7. The nature of computer fraud

8. The policies that assist in the avoidance of fraud and errors

9. The maintenance of a code of ethics

10. The maintenance of accounting internal controls

11. The maintenance of information technology controls

Study ObjectivesStudy ObjectivesStudy ObjectivesStudy Objectives

Chapter 3-4

During 2001 and 2002, several companies were named in regards to fraudulent financial reporting.

SO 1 An introduction to the need for a SO 1 An introduction to the need for a code of ethics and good internal code of ethics and good internal controlscontrols

Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls


WorldCom

(Audit firm)

Chapter 3-5

When management is unethical, fraud is likely to occur.Management obligations:

Stewardship.

Provide accurate reports.

Maintain internal controls.

Enforce a code of ethics.




Chapter 3-6

c. preventive control.

The careful and responsible oversight and use of the assets entrusted to management is called

Quick ReviewQuick Review

b. stewardship.

d. security.




a. control environment.

Chapter 3-7

Fraud - theft, concealment, and conversion to personal gain of another’s money, physical assets, or information.

Misappropriation of Assets - defalcation or internal theft.

Misstatement of Financial Records - earnings management or fraudulent financial reporting.

SO 2 The accounting related fraud that can occur when SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not ethics codes and internal controls are weak or not correctly appliedcorrectly applied

Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud

Chapter 3-8

Fraud, three conditions must exist.



Exhibit 3-1 The Fraud Triangle

Chapter 3-9

Categories of Accounting-Related Fraud


Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud Exhibit 3-2 Categories of AccountingRelated Fraud

Chapter 3-10

c. conversion.

Which of the following is not a condition in the fraud triangle?


b. incentive.

d. opportunity.

a. rationalization.



Chapter 3-11

Management Fraud is usually in the form of fraudulent financial reporting.

Managers misstate financial statements in order to:

1. Increased stock price.

2. Improved financial statements.

3. Enhanced chances of promotion, or avoidance of firing or demotion.

4. Increased incentive-based compensation.

5. Delayed cash flow problems or bankruptcy.

SO 3 The nature of management fraudSO 3 The nature of management fraud

The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud

Chapter 3-12

Management Fraud may involve:

Overstating revenues and assets.

Understating expenses and liabilities.

Misapplying accounting principles.



Two Examples:Enron’s top management had been hiding debt and losses by using special purpose entities (SPEs).

Managers at Xerox approved and encouraged accounting practices that violated GAAP and accelerated revenue recognition.

Chapter 3-13

c. enhanced promotion opportunities.

There are many possible indirect benefits to management when management fraud occurs. Which of the following is not an indirect benefit of management fraud?


b. delayed cash flow problems.

d. increased incentive-based compensation.

a. delayed exercise of stock options.



Chapter 3-14

Employee Fraud usually means that an employee steals cash or assets for personal gain.

Kinds of Employee Fraud:

1. Inventory theft.

2. Cash receipts theft.

3. Accounts payable fraud.

4. Payroll fraud.

5. Expense account fraud.

SO 4 The nature of employee fraudSO 4 The nature of employee fraud

The Nature of Employee FraudThe Nature of Employee FraudThe Nature of Employee FraudThe Nature of Employee Fraud

Kickback

Skimming

Collusion

Larceny

Chapter 3-15

c. kickbacks.

Which of the following is not an example of employee fraud?


b. larceny.

d. earnings management.

a. skimming.



Chapter 3-16

c. recording the transactions in subsidiary records.

The most difficult type of misstatement to discover is fraud that is concealed by


b. nonrecorded transactions.

d. related parties.

a. over-recording the transactions.



Chapter 3-17

Customer Fraud occurs when a customer improperly obtains cash or property from a company, or avoids a liability through deception.

Kinds of Customer Fraud:

1. Credit card fraud.

2. Check fraud.

3. Refund fraud.

SO 5 The nature of customer fraudSO 5 The nature of customer fraud

The Nature of Customer FraudThe Nature of Customer FraudThe Nature of Customer FraudThe Nature of Customer Fraud

Chapter 3-18

Vendor Fraud occurs when vendors obtain payments to which they are not entitled.

Vendors may:

1. Submit duplicate or incorrect invoices.

2. Send shipments in which the quantities are short.

3. Send lower-quality goods than ordered.

SO 6 The nature of vendor fraudSO 6 The nature of vendor fraud

The Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor Fraud

Chapter 3-19

c. collusion.

The review of amounts charged to the company from a seller that it purchased from is called a


b. seller review.

d. customer review.

a. vendor audit.



Chapter 3-20

Computer Fraud may include:

1. Industrial espionage.

2. Software piracy.

SO 7 The nature of computer fraudSO 7 The nature of computer fraud

The Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer Fraud

Chapter 3-21 SO 7 The nature of computer fraudSO 7 The nature of computer fraud


Internal Sources of Computer Fraud

1. Input manipulation

2. Program manipulation

a. Salami technique

b. Trojan horse programs

c. Trap door alterations

3. Output manipulation

Chapter 3-22 SO 7 The nature of computer fraudSO 7 The nature of computer fraud


External Sources of Computer Fraud

In most cases conducted by someone outside thecompany who has gained unauthorized access to the computer.

Two Common Types:

1. Hacking.

Denial of Service attack (DoS)

2. Spoofing.

Chapter 3-23

c. program manipulation

Which of the following is generally an external computer fraud, rather than an internal computer fraud?


b. input manipulation

d. output manipulation

a. spoofing



Chapter 3-24 SO 8 The policies that assist in the avoidance of fraud and SO 8 The policies that assist in the avoidance of fraud and

errorserrors

Policies to Assist in the Avoidance of Policies to Assist in the Avoidance of Fraud and ErrorsFraud and ErrorsPolicies to Assist in the Avoidance of Policies to Assist in the Avoidance of Fraud and ErrorsFraud and Errors

Actions to assist in prevention or detection of fraud and errors:

1. Maintain and enforce a code of ethics.

2. Maintain a system of accounting internal controls.

3. Maintain a system of information technology controls.

Chapter 3-25 SO 9 The maintenance of a code of ethicsSO 9 The maintenance of a code of ethics

Maintain a Code of EthicsMaintain a Code of EthicsMaintain a Code of EthicsMaintain a Code of Ethics

Sarbanes–Oxley Act of 2002

Requirement - public companies adopt and disclose a code of ethics.

Concepts usually found in code of ethics: Obeying applicable laws and regulations.

Conduct that is honest, fair, and trustworthy.

Avoiding all conflicts of interest.

Creating and maintaining a safe work environment.

Protecting the environment.

Chapter 3-26 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls

System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls

Objectives of an internal control system are:

1. Safeguard assets (from fraud or errors).

2. Maintain accuracy and integrity of accounting data.

3. Promote operational efficiency.

4. Ensure compliance with management directives.

Chapter 3-27

Three types of controls:

Preventive controls

Detective controls

SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls


COSO Report - five components of internal control: Control environment. Risk assessment. Control activities. Information and communication. Monitoring.

Corrective controls



Control Environment

Integrity and ethics The company has a code of The company does not have

ethics, and it is rigidly a code of ethics, or if theyenforced. have one, it is not

enforced.

FactorExample of a less

risky control environment

Example of a more risky control environment

Philosophy and operating Management is very Management is verystyle conservative in its approach aggressive and risk taking

to things such as mergers. in its approach to thingssuch as mergers.

Exhibit 3-5 Factors of the ControlEnvironment

Chapter 3-29


FactorExample of a less

risky control environment

Example of a more risky control environment

Assignment of authority Lines of authority are well Managers have overlapping

and responsibility established, and managers’ duties, and oftentimes

jobs and duties are clear to managers are not quite surethem. whether or not they have certain responsibilities and authority.Organization and Management carefully trains Management does

not spenddevelopment of people and cultivates employees to any money or time on the

be able to take on more training of employees.responsibility.Attention and direction by Members of the board

Members of the board dothe board of directors examine reports and hold not prepare for the

top management meetings they attend andaccountable for the are merely “big-name”accuracy of the reports. figureheads.



Risk Assessment

Management must develop a way to:

1. Identify the sources of risks.

2. Determine impact of risks.

3. Estimate chances of risks occurring.

4. Develop an action plan to reduce the impact and probability of risks.

5. Execute the action plan and continue the cycle, beginning again with the first step.


System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities

Categories:

1. Authorization of transactions

2. Segregation of duties

3. Adequate records and documents

4. Security of assets and documents

5. Independent checks and reconciliation



Categories:

1. Authorization of Transactions

General authorization

Specific authorization



Categories:

2. Segregation of Duties

Exhibit 3-6 Segregation of Duties



Categories:

3. Adequate Records and Documents

Supporting documentation for all significant transactions

Schedules and analyses of financial information

Accounting cycle reports

Audit Trail



Categories:

4. Security of Assets and Documents

Protecting physical assets

Protecting information

Cost-benefit comparison



Categories:

5. Independent Checks and Reconciliation

Procedures: Reconciliation

Comparison of physical assets with records

Recalculation of amounts

Analysis of reports

Review of batch totals

Chapter 3-37

c. security of assets

Which control activity is intended to serve as a method to confirm the accuracy or completeness of data in the accounting system?


b. segregation of duties

d. independent checks and reconciliations

a. authorization



Chapter 3-38

c. custody, execution, and reporting.

Proper segregation of functional responsibilities calls for separation of the functions of


b. authorization, recording, and custody.

d. authorization, payment, and recording.

a. authorization, execution, and payment.





Information and Communication

An effective accounting system must:

1. Identify all relevant financial events transactions.

2. Capture the important data of these transactions.

3. Record and process the data through appropriate classification, summarization, and aggregation.

4. Report this summarized and aggregated information to managers.



Information and Communication

Monitoring

Any system of control must be constantly monitored to assure that it continues to be effective.



Reasonable Assurance of Internal Controls

Controls achieve a sensible balance of reducing risk when compared with the cost of the control.

Not possible to provide absolute assurance, because:

Flawed judgments are applied in decision making.

Human error exists in every organization.

Controls can be circumvented or ignored.

Controls may not be cost beneficial.

Chapter 3-42 SO 11 The maintenance of information technology controlsSO 11 The maintenance of information technology controls

System of Information Technology System of Information Technology ControlsControlsSystem of Information Technology System of Information Technology ControlsControls

For any business process, there should be both

accounting internal controls as in COSO, and

IT controls as in the Trust Principles.

Risk and controls in IT are divided into five categories:

Security

Availability

Processing integrity.

Online privacy.

Confidentiality.

Chapter 3-43

c. processing integrity

AICPA Trust Principles identify five categories of risks and controls. Which category is best described by the statement, “Information process could beinaccurate, incomplete, or not properly authorized”?


a. security

b. availability

d. confidentiality

SO 11 The maintenance of information technology controlsSO 11 The maintenance of information technology controls

System of Information Technology System of Information Technology ControlsControlsSystem of Information Technology System of Information Technology ControlsControls

Chapter 3-44

Copyright © 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

CopyrightCopyrightCopyrightCopyright

Chapter 3-1. Chapter 3-2 Accounting Information Systems, 1 st Edition Fraud, Ethics, and Internal Control.

Documents

avoidance of fraud

fraud theft

edition fraud

fraud triangle slide

code of ethics

good internal controls

nature of management

ethics codes