Control Self-Assessment Controls Assessment (Chapter 10) Frameworks Prisoner’s Dilemma Worldcom’s Prisoner’s Dilemma Ethics and IT (in Hong Kong) Practicum: St James Clothiers (IT-based vs. Manual Accounting Systems)
Feb 18, 2016
Control Self-Assessment
Controls Assessment (Chapter 10)FrameworksPrisoner’s DilemmaWorldcom’s Prisoner’s DilemmaEthics and IT (in Hong Kong)Practicum: St James Clothiers
(IT-based vs. Manual Accounting Systems)
What is ‘Control Self-
Assessment’?
DEFINITIONControl Self-assessment (CSA) is a leading edge process
in which auditors facilitate a group of staff members
who have expertise in a specific process,
with the objective of identifying opportunities for internal control enhancement
pertaining to critical operating areas designated by management
Nascency Originally a way of measuring ‘soft controls' which
traditional auditing found difficult to measure, e.g.Management integrity, honesty, trustWillingness of employees to circumvent controlsEmployee morale
The tone and ethics of a firm are set by top management And this is a way of eliciting these
It’s become especially important post Sarbanes-Oxley
Why is CSA Important? Without commitment to good internal control
And inherent honest and ethical behavior of employees throughout the organization
Internal control systems (preventive, detective and corrective) Would quickly become the single most expensive part of the firm’s
accounting systems Internal and external audits would become prohibitively expensive Financial statements would lose their value to outside investors
Causing stock price to fallBank borrowing interest rates to riseAnd firm operations to cease being competitive
This happened in some of Arthur Andersen’s clients Where financial statements came to be known as: Andersen’s Fairy Tales
COSO Framework COSO (Committee of Sponsoring Organizations of
the Treadway Commission) Founded in aftermath of the 1977 Lockheed Scandal
Internal Control was supposed to insure:Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations
COCO Framework CoCo (Criteria of Control Board)
Founded by Canadian Institute of Chartered AccountantsThe world’s premier group in setting internal auditing
standards
Internal Control was supposed to insure:Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations & internal
policies
Cadbury Framework Committee of the Financial Aspects of Corporate Governance
of the Institute of Chartered Accountants in England and Wales (Cadbury Committee … you can see why they adopted the latter name) Contemporaneous with CoCo
Internal Control was supposed to insure: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Safeguarding of assets against unauthorized use of disposition Maintenance of proper accounting records and the reliability of
financial information used with in the business or for publication
COBIT Framework COBIT (Control Objectives for Information and Related
Technology) Contemporaneous with CoCo and Cadbury
Internal Control was supposed to insure: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Safeguarding of assets against unauthorized use of disposition Maintenance of proper accounting records and the reliability of
financial information used with in the business or for publicationAn important difference as COBIT was directed specifically
towards Information Technology
SAC / eSAC Framework SAC (Systems Auditability and Control report)
Originally published in 1977, but updated in 1991-4 contemporaneous with CoCo and Cadbury
Internal Control insure the same things as CoCo and Cadbury But provide an extensive module-based framework
Audit & control Environment IT in Auditing Managing computer resources Managing Information and Developing System Business Systems End user and Departmental Computing Telecommunications Security Contingency Planning Emerging tech
An important difference as SAC / eSAC was directed specifically towards Information Technology, and provides more detailed direction for IT audits
SASs 55, 78 & 94 Extensions to the COSO Framework that are essentially
summarized in SAS 94 (2001)
Specific IT related Internal Control risks are targeted: Reliance on IT that is inaccurately processing data Unauthorized access to data, destruction, inaccurate recording, privacy
breach Unauthorized changes to systems Failure to make needed changes to systems Inappropriate manual intervention Potential loss of data
SAS 94 also emphasizes the importance of specialized IT Auditing skills (important for this class)
Practicum: Evaluation of Manual & IT-Based
Sales Accounting System Risks
St. James Clothiers
Prisoner's dilemma Two suspects A, B are arrested by the police. The police have insufficient evidence for a conviction, and having separated both
prisoners, visit each of them and offer the same deal: If one testifies for the prosecution (turns King's Evidence) against the other and the other
remains silent, the silent accomplice receives the full 10-year sentence and the betrayer goes free.
If both stay silent, the police can only give both prisoners 6 months for a minor charge. If both betray each other, they receive a 2-year sentence each.
This can be summarized:
Prisoner A Stays Silent Prisoner A Betrays
Prisoner B Stays Silent Bother Serve 6 months
Prisoner B serves ten years; Prisoner A goes free
Prisoner B Betrays
Prisoner A serves ten years; Prisoner B goes free Both serve two years
The Dilemma Each prisoner has two options:
to cooperate with his accomplice and stay quiet, or to betray his accomplice and give evidence.
The outcome of each choice depends on the choice of the accomplice. However, neither prisoner knows the choice of his accomplice.
The optimal solution would be for both prisoners to cooperate with each other, as this would reduce the total jail time served by the group to one year total.
Any other decision would be worse for the two prisoners considered together. However by each following their individual interests, the two prisoners each receive a lengthy sentence.
Prisoner's dilemma (Corporate Setting) Two officers of the corporation – the CEO and the Comptroller are arrested for Financial
Reporting fraud The police have insufficient evidence for a conviction (they didn’t take my course) and
having separated both prisoners, visit each of them and offer the same deal: If one testifies for the prosecution against the other and the other remains silent, the silent
accomplice receives the full 10-year sentence and the betrayer goes free. If both stay silent, the police can only give both prisoners 6 months for a minor charge. If both betray each other, they receive a 2-year sentence each.
This can be summarized:
Comptroller Cooperates Comptroller Betrays
CEO Cooperates -.5,-.5 0,-10
CEO Betrays -10,0 -2,-2
The Deal (another view) Or stated differently
Here is how the deal will look to the CEO and the Comptroller
Comptroller Cooperates Comptroller Betrays
CEO Cooperates Win-win Win much – lose much
CEO Betrays Lose much – win much Lose - lose
The Deal Or stated differently
Here is how the deal will look to the CEO and the Comptroller
Comptroller Cooperates Comptroller Betrays
CEO Cooperates Cooperation, 6 months eachComptroller Temptation to Defect
payoff of zero years
CEO BetraysCEO Temptation to Defect payoff
of zero years Sucker’s Payoff (two years each)
Why Ethics are Important! The prisoner's dilemma is a type of non-zero-sum game
it is assumed that each individual player ("prisoner") is trying to maximize his own advantage, without concern for the well-being of the other players.
In Econo-speak: The Nash equilibrium for this type of game does not lead to Pareto optimums (jointly optimum solutions)
Each side has an individual incentive to cheat even after promising to cooperate. This is the heart of the dilemma.
In the iterated prisoner's dilemma the game is played repeatedly. Thus each player has an opportunity to "punish" the other player for previous non-
cooperative play. Cooperation may then arise as an equilibrium outcome. The incentive to cheat may then be overcome by the threat of punishment, leading to
the possibility of a superior, cooperative outcome.
As the number of iterations approach infinity, the Nash equilibrium tends to the Pareto Optimum, because when you face eternity the threat of grudges is a grave one indeed
Fraud at WorldCom
A Corporate IT Auditing Ethical Dilemma
Oops On June 27, 2002, markets around the world were sent
reeling when it was discovered that WorldCom had overstated the prior 15 months of earnings by US$3.9 billion to which was later added another US$3.2 billion for a total of US$7.1 billion in accounting misstatements Ultimately the overstatement of income totaled $11 billion
For a company that reported US$1.4 billion net income in 2001 it seems difficult for the auditors to dismiss this as “immaterial.”
Great Auditing, guys Roman Weil, a professor of accounting at the
University of Chicago, noted that WorldCom’s fraudulent accounting “is so basic that I teach it in the second week of my class.”
Yet the ploy, which misclassified supposedly difficult-to-manipulate cash flows, fooled both Arthur Andersen and KPMG, two of the (at the time) Big 5 accounting firms.
Cash Flow “How do you fake cash flow?
You simply move the negative things – the cash outflows – out of the operating section and you move it into the investing or financing section.”
What was significant was that few companies used the stratagems that undermined Enron; but all corporations use cash flow and earnings before interest,
taxes depreciation, and amortization (EBITDA) as a measure of value.
And cash flow has been championed by the analysts’ community that claims that it is not subject to the ambiguities of “income.”
Blessed by Accountants Did generally accepted accounting principles
(GAAP) contribute to the fraud? Yes; indeed, GAAP is a prime enabler of fraud. Without
double-entry bookkeeping, frauds such as WorldCom’s could never be perpetrated.
From an accounting standpoint, WorldCom had impeccable financials Audited by the Big5 Success solidly founded on inviolable cash flows
Here’s Bernie Bernie Ebbers, one of its original
nine investors in LDDS, was called in to run the company in 1984 Ebbers was previously employed as
a milkman, bartender, bar bouncer, car salesman, truck driver, basketball coach and hotelier.
While he lacked technology experience, Ebbers later joked that his most useful qualification was being "the meanest SOB they
could find." Ebbers took less than a year to
make the company profitable.
Ebbers is now A Prisoner
Corporate Culture (does it matter)
Growth through acquisitions led to a hodgepodge of peoples and cultures
Ebbers called an internal effort to create a corporate code of conduct a "colossal waste of time" encouraged "a systemic attitude conveyed from the top
down that employees should not question their superiors, but simply do what they were told"
Goals "Our goal is not to capture market share or be
global. Our goal is to be the No. 1 stock on Wall Street.“
Ebbers, in 1997
Revenue growth was a key to increasing the company's market value. the demand for revenue growth was "in every brick in every
building,"
Accounting at WorldCom It all centered on Accruals and Culture
Discuss Culture
“… you need to book the entry.“ Myers to David Schneeman, acting CFO of UUNET
When Schneeman refused, Myers told him "Book it right now, I can't wait another minute"
"Here's your number" Myers telling Timothy Schneberger, Director of International Fixed Costs to
release $370 millions of accruals
The Audit ‘Profession’ Arthur Andersen, WorldCom's independent external auditor,
from 1990 to 2002 called WorldCom its "flagship" and most "highly coveted" client, the firm's "Crown
Jewel" Andersen wanted to be considered as a committed member of
WorldCom's team. After WorldCom merged with MCI.
Andersen, which had a Mississippi-based team of 10—12 people working full-time on WorldCom's audits,
under-billed the company and justified the lower charges as a continuing investment in its
WorldCom relationship.
The Bottom Line Who was responsible for WorldCom’s Fraud? What was responsible for WorldCom’s Fraud? Why was it responsible for WorldCom’s Fraud?
Discuss
Ethics in ActionTrue stories from Hong Kong
Technology Hype: Pollution Control
A businesswoman with government ties gets an exclusive contract from the Environmental Protection Department to
supply high tech ‘exhaust cleaners’ to clean up the pollution from diesel taxis and buses in the city
These ‘exhaust cleaners’ are later found to be empty tins with a little steel wool thrown into them,
that were sold to the government at 300% markup The businesswoman uses the proceeds from her scam to promote the IPO of a
new company selling her ‘exhaust cleaners’ And promptly transfers the proceeds of the IPO to another company
Question: Was the businesswoman (1) clever, (2) working through a tradition of ‘guanxi’,
or (3) unethical? What remedy would you prescribe to compensate residents whose health has
deteriorated because of the pollution? To the taxpayers who paid for the scam?
Technology Hype: Pollution Control, part 2
A financial analyst and a celebrity columnist for the local newspaper find out about the bogus ‘exhaust cleaner’ scam, and publish their findings in the newspaper and on the Internet The businesswoman’s husband (who is owner of the company that was IPO’d) Posts material to his own Web site impugning the financial analyst’s character Falsely accusing the analyst of being a ‘porn star’
Question: The businesswoman’s husband (1) was justified in venting his personal anger, (2)
should adjust his medication, or (3) is unethical? What remedy would you prescribe to compensate the analyst?
Yes, Virginia, there is a Santa Claus
A businessman runs a successful business selling plastic Christmas trees He announces plans to sell off this core business (accounting for 99.9% of revenue) To reposition the firm as a producer of game software In order to justify this shift, the businessman claimed last year’s reported profits
dropped 9.6% in the core business whereas they actually increased profits 12.5%
Subsequent analysis revealed that the sale of the plastic Christmas tree business would be to a related party at a substantial discount to the value of the business.
The difference would be borne by (expropriated from) the minority shareholders
Question: Was the businessman (1) ‘clever’, or (2) properly exercising his ‘guanxi’ or (2)
unethical?
What remedy would you prescribe to compensate minority shareholders? Would you recommend that next time they should heed the dictum ‘caveat emptor’ – let the buyer beware?
Cyber-sport
A businessman uses his government ties To coerce the government to subsidize (at taxpayer expense of
$10 billion) a large property development on the last developable ocean view property in the city
The businessman promises that the unique design of this property will make the city a world leader in information technology The property is 75% residential, with another 15% dedicated to
shopping; The remaining 10% is office space no different than available
elsewhere in the city for 50% of the price
Question: Was the businessman (1) ‘clever’, or (2) properly exercising his
‘guanxi’ or (2) unethical?
What remedy would you prescribe to compensate taxpayers?
Cyber-sport, part 2 A businessman uses his investment in government subsidized real estate
To promote an IPO in stock Based on promises of this company becoming a leading global information technology firm The businessman spent millions on marketing firms, ghost writers and payments to create an
image of high technology for himself and his firm
An analysis of the assets of the firm indicates an IPO value of $5 per share, maximum The local securities firm handling the IPO estimates the share value at $25 per share Analysts who contradicted the $25 share price were followed by private investigators The IPO was successful, and the businessman immediately transferred $1 billion from the
IPO into one of his other companies The stock price subsequently collapsed to under $2 per share
Question: Was the businessman (1) ‘clever’, or (2) unethical? What remedy would you prescribe to compensate investors, many of whom were pensioners
or had placed their life savings in these shares?
Cyber-sport, part 3 Government bureaucrats, being unwilling to renege on their real
estate subsidy Instead takes an ownership position in the property And dictate that rental prices will be substantially less than for
property owned by rival property developers This essentially robs paying customers from other property And further depresses the cities property market
Driving investment overseas
Question: The bureaucrats (1) were right to save ‘face’, or (2) were doing their
civil service by protecting the taxpayers subsidy (i.e., two wrongs might make a right) or (3) unethical?
What remedy would you prescribe to compensate rival property owners,
or are they all just too rich and powerful to deserve helping?
Loose Lips
The chairman of a stock exchange publicly announces that he is considering delisting a technology-heavy class of stocks The next trading day, prices collapse, and sell-side liquidity drops
to zero, resulting in investor losses in the billions Acquisitive companies purchase the nearly valueless shares, gain
control, strip the assets from the firms, and fire management and employees
Question: Was the stock exchange chairman (1) careless, or (2) unethical? What remedy would you prescribe to compensate investors,
managers and employees who have been wronged, many of whom were pensioners or had placed their life savings in these shares?
Should the exchange chairman be fired?
Accounting for Technology The President of the Professional Society of Accountants
objects to new accounting rules as ‘invasive’ These rules would crack down on corporate crooks who have used ‘technology hype’ and faulty accounting for
technology assets to rob investors of trillions of dollars, putting it into their own off-shore bank accounts
there are no other rules or regulations in force which will catch the crooks
Question: Question: Accountants (1) have no duty to protect investors, only to make
sure that accounts satisfy accounting principles, or (2) the President of the Professional Society of Accountants has made an unethical recommendation, or (3) something else?
What remedy would you prescribe to compensate investors, managers and employees who have been wronged by these corporate crooks? Should accountants be sued for their part in helping the crooks?