Chapter 3-1
Dec 21, 2015
Chapter 3-1
Chapter 3-2 Accounting Information Systems, 1st Edition
Fraud, Ethics, and Internal Control
Chapter 3-3
1. An introduction to the need for a code of ethics and good internal controls
2. The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied
3. The nature of management fraud
4. The nature of employee fraud
5. The nature of customer fraud
6. The nature of vendor fraud
7. The nature of computer fraud
8. The policies that assist in the avoidance of fraud and errors
9. The maintenance of a code of ethics
10. The maintenance of accounting internal controls
11. The maintenance of information technology controls
Study ObjectivesStudy ObjectivesStudy ObjectivesStudy Objectives
Chapter 3-4
During 2001 and 2002, several companies were named in regards to fraudulent financial reporting.
SO 1 An introduction to the need for a SO 1 An introduction to the need for a code of ethics and good internal code of ethics and good internal controlscontrols
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
WorldCom
(Audit firm)
Chapter 3-5
When management is unethical, fraud is likely to occur.Management obligations:
Stewardship.
Provide accurate reports.
Maintain internal controls.
Enforce a code of ethics.
SO 1 An introduction to the need for a SO 1 An introduction to the need for a code of ethics and good internal code of ethics and good internal controlscontrols
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
Chapter 3-6
c. preventive control.
The careful and responsible oversight and use of the assets entrusted to management is called
Quick ReviewQuick Review
b. stewardship.
d. security.
SO 1 An introduction to the need for a SO 1 An introduction to the need for a code of ethics and good internal code of ethics and good internal controlscontrols
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
Need for a Code of Ethics and Internal Need for a Code of Ethics and Internal ControlsControls
a. control environment.
Chapter 3-7
Fraud - theft, concealment, and conversion to personal gain of another’s money, physical assets, or information.
Misappropriation of Assets - defalcation or internal theft.
Misstatement of Financial Records - earnings management or fraudulent financial reporting.
SO 2 The accounting related fraud that can occur when SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not ethics codes and internal controls are weak or not correctly appliedcorrectly applied
Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud
Chapter 3-8
Fraud, three conditions must exist.
SO 2 The accounting related fraud that can occur when SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not ethics codes and internal controls are weak or not correctly appliedcorrectly applied
Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud
Exhibit 3-1 The Fraud Triangle
Chapter 3-9
Categories of Accounting-Related Fraud
SO 2 The accounting related fraud that can occur when SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not ethics codes and internal controls are weak or not correctly appliedcorrectly applied
Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud Exhibit 3-2 Categories of AccountingRelated Fraud
Chapter 3-10
c. conversion.
Which of the following is not a condition in the fraud triangle?
Quick ReviewQuick Review
b. incentive.
d. opportunity.
a. rationalization.
SO 2 The accounting related fraud that can occur when SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not ethics codes and internal controls are weak or not correctly appliedcorrectly applied
Accounting Related FraudAccounting Related FraudAccounting Related FraudAccounting Related Fraud
Chapter 3-11
Management Fraud is usually in the form of fraudulent financial reporting.
Managers misstate financial statements in order to:
1. Increased stock price.
2. Improved financial statements.
3. Enhanced chances of promotion, or avoidance of firing or demotion.
4. Increased incentive-based compensation.
5. Delayed cash flow problems or bankruptcy.
SO 3 The nature of management fraudSO 3 The nature of management fraud
The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud
Chapter 3-12
Management Fraud may involve:
Overstating revenues and assets.
Understating expenses and liabilities.
Misapplying accounting principles.
SO 3 The nature of management fraudSO 3 The nature of management fraud
The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud
Two Examples:Enron’s top management had been hiding debt and losses by using special purpose entities (SPEs).
Managers at Xerox approved and encouraged accounting practices that violated GAAP and accelerated revenue recognition.
Chapter 3-13
c. enhanced promotion opportunities.
There are many possible indirect benefits to management when management fraud occurs. Which of the following is not an indirect benefit of management fraud?
Quick ReviewQuick Review
b. delayed cash flow problems.
d. increased incentive-based compensation.
a. delayed exercise of stock options.
SO 3 The nature of management fraudSO 3 The nature of management fraud
The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud
Chapter 3-14
Employee Fraud usually means that an employee steals cash or assets for personal gain.
Kinds of Employee Fraud:
1. Inventory theft.
2. Cash receipts theft.
3. Accounts payable fraud.
4. Payroll fraud.
5. Expense account fraud.
SO 4 The nature of employee fraudSO 4 The nature of employee fraud
The Nature of Employee FraudThe Nature of Employee FraudThe Nature of Employee FraudThe Nature of Employee Fraud
Kickback
Skimming
Collusion
Larceny
Chapter 3-15
c. kickbacks.
Which of the following is not an example of employee fraud?
Quick ReviewQuick Review
b. larceny.
d. earnings management.
a. skimming.
The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud
SO 4 The nature of employee fraudSO 4 The nature of employee fraud
Chapter 3-16
c. recording the transactions in subsidiary records.
The most difficult type of misstatement to discover is fraud that is concealed by
Quick ReviewQuick Review
b. nonrecorded transactions.
d. related parties.
a. over-recording the transactions.
The Nature of Management FraudThe Nature of Management FraudThe Nature of Management FraudThe Nature of Management Fraud
SO 4 The nature of employee fraudSO 4 The nature of employee fraud
Chapter 3-17
Customer Fraud occurs when a customer improperly obtains cash or property from a company, or avoids a liability through deception.
Kinds of Customer Fraud:
1. Credit card fraud.
2. Check fraud.
3. Refund fraud.
SO 5 The nature of customer fraudSO 5 The nature of customer fraud
The Nature of Customer FraudThe Nature of Customer FraudThe Nature of Customer FraudThe Nature of Customer Fraud
Chapter 3-18
Vendor Fraud occurs when vendors obtain payments to which they are not entitled.
Vendors may:
1. Submit duplicate or incorrect invoices.
2. Send shipments in which the quantities are short.
3. Send lower-quality goods than ordered.
SO 6 The nature of vendor fraudSO 6 The nature of vendor fraud
The Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor Fraud
Chapter 3-19
c. collusion.
The review of amounts charged to the company from a seller that it purchased from is called a
Quick ReviewQuick Review
b. seller review.
d. customer review.
a. vendor audit.
SO 6 The nature of vendor fraudSO 6 The nature of vendor fraud
The Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor Fraud
Chapter 3-20
Computer Fraud may include:
1. Industrial espionage.
2. Software piracy.
SO 7 The nature of computer fraudSO 7 The nature of computer fraud
The Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer Fraud
Chapter 3-21 SO 7 The nature of computer fraudSO 7 The nature of computer fraud
The Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer Fraud
Internal Sources of Computer Fraud
1. Input manipulation
2. Program manipulation
a. Salami technique
b. Trojan horse programs
c. Trap door alterations
3. Output manipulation
Chapter 3-22 SO 7 The nature of computer fraudSO 7 The nature of computer fraud
The Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer FraudThe Nature of Computer Fraud
External Sources of Computer Fraud
In most cases conducted by someone outside thecompany who has gained unauthorized access to the computer.
Two Common Types:
1. Hacking.
Denial of Service attack (DoS)
2. Spoofing.
Chapter 3-23
c. program manipulation
Which of the following is generally an external computer fraud, rather than an internal computer fraud?
Quick ReviewQuick Review
b. input manipulation
d. output manipulation
a. spoofing
SO 6 The nature of vendor fraudSO 6 The nature of vendor fraud
The Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor FraudThe Nature of Vendor Fraud
Chapter 3-24 SO 8 The policies that assist in the avoidance of fraud and SO 8 The policies that assist in the avoidance of fraud and
errorserrors
Policies to Assist in the Avoidance of Policies to Assist in the Avoidance of Fraud and ErrorsFraud and ErrorsPolicies to Assist in the Avoidance of Policies to Assist in the Avoidance of Fraud and ErrorsFraud and Errors
Actions to assist in prevention or detection of fraud and errors:
1. Maintain and enforce a code of ethics.
2. Maintain a system of accounting internal controls.
3. Maintain a system of information technology controls.
Chapter 3-25 SO 9 The maintenance of a code of ethicsSO 9 The maintenance of a code of ethics
Maintain a Code of EthicsMaintain a Code of EthicsMaintain a Code of EthicsMaintain a Code of Ethics
Sarbanes–Oxley Act of 2002
Requirement - public companies adopt and disclose a code of ethics.
Concepts usually found in code of ethics: Obeying applicable laws and regulations.
Conduct that is honest, fair, and trustworthy.
Avoiding all conflicts of interest.
Creating and maintaining a safe work environment.
Protecting the environment.
Chapter 3-26 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Objectives of an internal control system are:
1. Safeguard assets (from fraud or errors).
2. Maintain accuracy and integrity of accounting data.
3. Promote operational efficiency.
4. Ensure compliance with management directives.
Chapter 3-27
Three types of controls:
Preventive controls
Detective controls
SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
COSO Report - five components of internal control: Control environment. Risk assessment. Control activities. Information and communication. Monitoring.
Corrective controls
Chapter 3-28 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Control Environment
Integrity and ethics The company has a code of The company does not have
ethics, and it is rigidly a code of ethics, or if theyenforced. have one, it is not
enforced.
FactorExample of a less
risky control environment
Example of a more risky control environment
Philosophy and operating Management is very Management is verystyle conservative in its approach aggressive and risk taking
to things such as mergers. in its approach to thingssuch as mergers.
Exhibit 3-5 Factors of the ControlEnvironment
Chapter 3-29
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
FactorExample of a less
risky control environment
Example of a more risky control environment
Assignment of authority Lines of authority are well Managers have overlapping
and responsibility established, and managers’ duties, and oftentimes
jobs and duties are clear to managers are not quite surethem. whether or not they have certain responsibilities and authority.Organization and Management carefully trains Management does
not spenddevelopment of people and cultivates employees to any money or time on the
be able to take on more training of employees.responsibility.Attention and direction by Members of the board
Members of the board dothe board of directors examine reports and hold not prepare for the
top management meetings they attend andaccountable for the are merely “big-name”accuracy of the reports. figureheads.
Chapter 3-30 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Risk Assessment
Management must develop a way to:
1. Identify the sources of risks.
2. Determine impact of risks.
3. Estimate chances of risks occurring.
4. Develop an action plan to reduce the impact and probability of risks.
5. Execute the action plan and continue the cycle, beginning again with the first step.
Chapter 3-31 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
1. Authorization of transactions
2. Segregation of duties
3. Adequate records and documents
4. Security of assets and documents
5. Independent checks and reconciliation
Chapter 3-32 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
1. Authorization of Transactions
General authorization
Specific authorization
Chapter 3-33 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
2. Segregation of Duties
Exhibit 3-6 Segregation of Duties
Chapter 3-34 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
3. Adequate Records and Documents
Supporting documentation for all significant transactions
Schedules and analyses of financial information
Accounting cycle reports
Audit Trail
Chapter 3-35 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
4. Security of Assets and Documents
Protecting physical assets
Protecting information
Cost-benefit comparison
Chapter 3-36 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControlsControl Activities
Categories:
5. Independent Checks and Reconciliation
Procedures: Reconciliation
Comparison of physical assets with records
Recalculation of amounts
Analysis of reports
Review of batch totals
Chapter 3-37
c. security of assets
Which control activity is intended to serve as a method to confirm the accuracy or completeness of data in the accounting system?
Quick ReviewQuick Review
b. segregation of duties
d. independent checks and reconciliations
a. authorization
SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Chapter 3-38
c. custody, execution, and reporting.
Proper segregation of functional responsibilities calls for separation of the functions of
Quick ReviewQuick Review
b. authorization, recording, and custody.
d. authorization, payment, and recording.
a. authorization, execution, and payment.
SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Chapter 3-39 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Information and Communication
An effective accounting system must:
1. Identify all relevant financial events transactions.
2. Capture the important data of these transactions.
3. Record and process the data through appropriate classification, summarization, and aggregation.
4. Report this summarized and aggregated information to managers.
Chapter 3-40 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Information and Communication
Monitoring
Any system of control must be constantly monitored to assure that it continues to be effective.
Chapter 3-41 SO 10 The maintenance of accounting internal controlsSO 10 The maintenance of accounting internal controls
System of Accounting Internal System of Accounting Internal ControlsControlsSystem of Accounting Internal System of Accounting Internal ControlsControls
Reasonable Assurance of Internal Controls
Controls achieve a sensible balance of reducing risk when compared with the cost of the control.
Not possible to provide absolute assurance, because:
Flawed judgments are applied in decision making.
Human error exists in every organization.
Controls can be circumvented or ignored.
Controls may not be cost beneficial.
Chapter 3-42 SO 11 The maintenance of information technology controlsSO 11 The maintenance of information technology controls
System of Information Technology System of Information Technology ControlsControlsSystem of Information Technology System of Information Technology ControlsControls
For any business process, there should be both
accounting internal controls as in COSO, and
IT controls as in the Trust Principles.
Risk and controls in IT are divided into five categories:
Security
Availability
Processing integrity.
Online privacy.
Confidentiality.
Chapter 3-43
c. processing integrity
AICPA Trust Principles identify five categories of risks and controls. Which category is best described by the statement, “Information process could beinaccurate, incomplete, or not properly authorized”?
Quick ReviewQuick Review
a. security
b. availability
d. confidentiality
SO 11 The maintenance of information technology controlsSO 11 The maintenance of information technology controls
System of Information Technology System of Information Technology ControlsControlsSystem of Information Technology System of Information Technology ControlsControls
Chapter 3-44
Copyright © 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
CopyrightCopyrightCopyrightCopyright