 Ethical standards are derived from societal mores and deep-rooted with the goal of bringing some new

goal of bringing some new understanding to the

personal beliefs about issues of right and wrong that are not field.
universally agreed upon.
 Ethics pertains to the principles of conduct that individuals use in
making choices and guiding their behavior in situations that involve
the concepts of right and wrong.
COMPUTER ETHICS (PSOEEAUM)
 Business ethics involves finding the answers to two questions: (1)  Privacy. People desire to be in full control of what and how much
How do managers decide what is right in conducting their business? information about themselves is available to others, and to whom it is
and (2) Once managers have recognized what is right, how do they available.
achieve it? 1. Ownership. The creation and maintenance of huge, shared
 Ethical issues in business can be divided into databases make it necessary to protect people from the potential
o Four areas: misuse of data.
 equity,  Computer security is an attempt to avoid such undesirable events
 rights, as a loss of confidentiality or data integrity.
 honesty, and  Ownership of Property. Laws designed to preserve real property
 the exercise of corporate power. rights have been extended to cover what is referred to as intellectual
 Ethical responsibility property, that is, software.
 PROPORTIONALITY. The benefit from a decision  Equity in Access. Some barriers to access are intrinsic to the
must outweigh the risks. Furthermore, there must be technology of information systems, but some are avoidable through
no alternative decision that provides same or greater careful system design.
benefit with less risk.  Environmental Issues. Computers with high-speed printers allow
1. Justice. The benefits of the decision should be for the production of printed documents faster than ever before.
distributed fairly to those who share the risks.  Artificial Intelligence. A new set of social and ethical issues has
Those who do not benefit should not carry the arisen out of the popularity of expert systems. Because of the way
burden of risk. these systems have been marketed—that is, as decision makers or
2. Minimize risk. Even if judged acceptable by replacements for experts—some people rely on them significantly.
the principles, the decision should be  Knowledge engineers (those who write the
implemented so as to minimize all of the risks and programs)
avoid any unnecessary risks.  Domain experts (those who provide the knowledge
 Computer ethics is ‘‘the analysis of the nature and social impact of about the task being automated)
computer technology and the corresponding formulation and  Unemployment and Displacement. Many jobs have been and are
justification of policies for the ethical use of such technology.… [This being changed as a result of the availability of computer technology.
includes] concerns about software as well as hardware and concerns People unable or unprepared to change are displaced.
about networks connecting computers as well as computers  Misuse of Computers. Computers can be misused in many ways.
themselves.’’ Copying proprietary software, using a company’s computer for
 Three levels of computer ethics: pop, para, and theoretical. personal benefit, and snooping through other people’s files are just a
 Pop computer ethics is simply the exposure to stories and few obvious examples.
reports found in the popular media regarding the good or
bad ramifications of computer technology.  Sarbanes-Oxley Act (SOX), is the most significant securities law
 Para computer ethics involves taking a real interest in since the Securities and Exchange Commission (SEC) Acts of 1933
computer ethics cases and acquiring some level of skill and and 1934. SOX have many provisions designed to deal with specific
knowledge in the field. problems relating to capital markets, corporate governance, and the
 Theoretical computer ethics, is of interest to auditing profession.
multidisciplinary researchers who apply the theories of SARBANES-OXLEY ACT AND ETHICAL ISSUES (CFLIA)
philosophy, sociology, and psychology to computer science  Section 406 of SOX requires public companies to disclose to the
SEC whether they have adopted a code of ethics that applies to the
 organization’s chief executive officer (CEO), CFO, controller, or (1) stealing something of value (an asset),
persons performing (2) converting the asset to a usable form (cash),
Similar functions. (3) concealing the crime to avoid detection
 CONFLICTS OF INTEREST. The company’s code of ethics should  Management fraud is more insidious than employee fraud because
outline procedures for dealing with actual or apparent conflicts of it often escapes detection until the organization has suffered
interest between personal and professional relationships. irreparable damage or loss.
 FULL AND FAIR DISCLOSURES. This provision states that the  Management fraud typically
organization should provide full, fair, accurate, timely, and contains three special characteristics:
understandable disclosures in the documents, reports, and financial 1. The fraud is perpetrated at levels of management above the one
statements that it submits to the SEC and to the public. to which internal control structures generally relate.
 LEGAL COMPLIANCE. Codes of ethics should require employees 2. The fraud frequently involves using the financial statements to
to follow applicable governmental laws, rules, and regulations. create an illusion that an entity is healthier and more prosperous
 INTERNAL REPORTING OF CODE VIOLATIONS. The code of than, in fact, it is.
ethics must provide a mechanism to permit prompt internal reporting 3. If the fraud involves misappropriation of assets, it frequently is
of ethics violations. shrouded in a maze of complex business transactions, often
 ACCOUNTABILITY. An effective ethics program must take involving related third parties.
appropriate action when code violations occur. This will include  Fraud triangle consists of three factors that contribute to or are
various disciplinary measures, including dismissal. associated with management and employee fraud.
These are (SOE)
Fraud and Accountants (1) situational pressure, which includes personal or job-related
 Statement on Auditing Standards (SAS) No. 99, Consideration stresses that could coerce an individual to act dishonestly;
of Fraud in a Financial Statement Audit. The current authoritative (2) opportunity, which involves direct access to assetsand/or
guidelines on fraud detection are presented. The objective of SAS 99 access to information that controls assets, and;
is to seamlessly blend the auditor’s consideration of fraud into all (3) ethics, which pertains to one’s character and degree of moral
phases of the audit process. opposition to acts of dishonesty.
 Fraud denotes a false representation of a material fact made by one Demographic categories presented in the ACFE study:
party to another party with the intent to deceive and induce the other  Position. Individuals in the highest positions within an organization
party to justifiably rely on the fact to his or her detriment. According are beyond the internal control structure and have the greatest
to common law, a fraudulent act must meet the following five access to company funds and assets.
conditions: (FMIJI)  Gender. Women are not fundamentally more honest than men, but
1. False representation. There must be a false statement or a men occupy high corporate positions
nondisclosure. in greater numbers than women. This affords men greater access to
2. Material fact. A fact must be a substantial factor in inducing assets.
someone to act.  Age. Older employees tend to occupy higher-ranking positions and
3. Intent. There must be the intent to deceive or the knowledge that therefore generally have greater access to company assets
one’s statement is false.  . Education. Generally, those with more education occupy higher
4. Justifiable reliance. The misrepresentation must have been a positions in their organizations and therefore have greater access to
substantial factor on which the injured party relied. company funds and other assets.
5. Injury or loss. The deception must have caused injury or loss to  Collusion. One reason for segregating occupational duties is to
the victim of the fraud. deny potential perpetrators the opportunity they need to commit
 Fraud is also commonly known as white-collar crime, defalcation, fraud. When individuals in critical positions collude, they create
embezzlement, and irregularities. opportunities to control or gain access to assets that otherwise would
 Employee fraud, or fraud by non-management employees, is not exist.
generally designed to directly convert cash or other assets to the FRAUD SCHEMES
employee’s personal benefit.  Three broad categories of fraud schemes are defined:
Employee fraud usually involves three steps: o fraudulent statements,
 o corruption, and inflated invoices, or invoices for personal purchases.
o asset misappropriation.  shell company fraud first requires that the
 Fraudulent statements are associated with management fraud. perpetrator establish a false supplier on the books of
Whereas all fraud involves some form of financial. Mis-statement, to the victim company.
meet the definition under this class of fraud scheme the statement  pass through fraud is similar to the shell company
itself must bring direct or indirect financial benefit to the perpetrator. fraud with the exception that a transaction
1. Lack of Auditor Independence actually takes place.
2. Lack of Director Independence  Pay-and-return scheme is a third form of vendor
3. Questionable Executive Compensation Schemes fraud. This typically involves a clerk with
4. Inappropriate Accounting Practices. checkwriting
 The act establishes a framework to modernize and reform the authority who pays a vendor twice for the same
oversight and regulation of public company auditing. Its principal products (inventory or supplies) received.
reforms pertain to (1) the creation of an accounting oversight board, 4. Check tampering involves forging or changing in some material way a
(2) auditor independence, check that the organization has
(3) corporate governance and responsibility, written to a legitimate payee.
(4) disclosure requirements, and 5. Payroll fraud is the distribution of fraudulent paychecks to existent and/or
(5)penalties for fraud and other violations. nonexistent employees.
 Corruption involves an executive, manager, or employee of the 6. Expense reimbursement frauds are schemes in which an employee
organization in collusion with an outsider. makes a claim for reimbursement of fictitious or inflated business expenses.
1. Bribery involves giving, offering, soliciting, or receiving things of 7. Thefts of cash are schemes that involve the direct theft of cash on hand
value to influence an official in the organization.
in the performance of his or her lawful duties. 8. Non-cash fraud schemes involve the theft or misuse of the victim
2. Illegal gratuity involves giving, receiving, offering, or soliciting organization’s non-cash assets.
something 9. Computer fraud
of value because of an official act that has been taken.
3. conflict of interest occurs when an employee  Internal Control System comprises policies, practices, and
acts on behalf of a third party during the discharge of his or her procedures employed by the organization to achieve objectives.
duties or has self-interest in the activity being performed. o Four broad objectives:
4. Economic extortion is the use (or threat) of force (including  1. To safeguard assets of the firm.
economic sanctions) by an individual or organization to obtain  2. To ensure the accuracy and reliability of
something of value. The item of value could be a financial or accounting records and information.
economic asset, information, or cooperation to obtain a favorable  3. To promote efficiency in the firm’s operations.
decision on some matter  4. To measure compliance with management’s
under review. prescribed policies and procedures.16
 Asset Misappropriation. The most common fraud schemes involve Modifying Assumptions
some form of asset misappropriation in which assets are either o MANAGEMENT RESPONSIBILITY. This concept holds that
directly or indirectly diverted to the perpetrator’s benefit. the establishment and maintenance of a system of internal
1. Skimming involves stealing cash from an organization before it is control.
recorded on the organization’s books and records. (Mail room F) o REASONABLE ASSURANCE. The internal control system
2. Cash larceny involves schemes in which cash receipts are stolen should provide reasonable assurance that the four broad
from an organization after they have been recorded in the objectives of internal control are met in a cost-effective
organization’s books and records. ( Lapping) manner.
3. Billing schemes, also known as vendor fraud, are perpetrated by o METHODS OF DATA PROCESSING. Internal controls
employees who causes their employer should achieve the four broad objectives regardless of the
to issue a payment to a false supplier or vendor by submitting invoices for data processing method used.
fictitious goods or services,
 o LIMITATIONS. Every system of internal control has 1. The control environment is the foundation for the other four control
limitations on its effectiveness. components. The control environment
 1. Possibility of error sets the tone for the organization and influences the control awareness of its
 2. Circumvention management and
 3. Management override employees.
 4. Changing Condition 2. Risk Assessment. Organizations must perform a risk assessment to
 The absence or weakness of a control is called an exposure. identify, analyze, and manage risks relevant to financial reporting.
 Weakness in internal control may expose the firm to one or more of 3. Information and Communication. The accounting information system
the following types of consists of the records and methods used to initiate, identify, analyze,
risks: classify, and record the organization’s transactions and to account for the
1. Destruction of assets (both physical assets and information). related assets and liabilities.
2. Theft of assets. 4. Monitoring. Management must determine that internal controls are
3. Corruption of information or the information system. functioning as intended. Monitoring is the process by which the quality of
4. Disruption of the information system. internal control design and operation can be assessed. This may be
accomplished by separate procedures or by ongoing activities.
 Internal control shield is composed of three levels of control: 5. Control Activities. Control activities are the policies and procedures
o preventive controls, used to ensure that appropriate actions are taken to deal with the
o detective controls, and organization’s identified risks. Control activities can be grouped into two
o corrective controls. distinct categories: information technology (IT) controls and physical
 This is the preventive–detective–corrective (PDC) controls.
control model.  IT CONTROLS. IT controls relate specifically to the computer
environment. They fall into
 PREVENTIVE CONTROLS. Prevention is the first line of defense in o Two broad groups:
the control structure. Preventive controls are passive techniques  general controls and
designed to reduce the frequency of occurrence of undesirable  application controls.
events. General controls pertain to entity-wide concerns such as
controls over the data center, organization databases, systems
 DETECTIVE CONTROLS. Detective controls form the second line development, and program maintenance.
of defense. These are devices, techniques, and procedures Application controls ensure the integrity of specific systems
designed to identify and expose undesirable events that elude such as sales order processing, accounts payable, and payroll
preventive controls. applications.
 PHYSICAL CONTROLS. This class of controls relates primarily to
the human activities employed in accounting systems. These
 CORRECTIVE CONTROLS. Corrective controls are actions taken
activities may be purely manual, such as the physical custody of
to reverse the effects of errors detected in the previous step. There is
assets, or they
an important distinction between detective controls and corrective
may involve the physical use of computers to record transactions or
controls
update accounts.
 TRANSACTION AUTHORIZATION. The purpose of transaction
authorization is to ensure that all material transactions processed
SAS 78/COSO INTERNAL CONTROL FRAMEWORK by the information system are valid and in accordance with
management’s objectives.
o Five components:  SEGREGATION OF DUTIES. One of the most important control
 Control Environment, activities is the segregation of employee duties to minimize
 Risk Assessment, incompatible functions. Segregation of duties can take many forms,
 Information and Communication, depending on the specific duties to be controlled.
 Monitoring, and
 Control Activities
 SUPERVISION. Implementing adequate segregation of duties
requires that a firm employ a sufficiently large number of employees.
Achieving adequate segregation of duties often presents difficulties
for small
organizations.
 ACCOUNTING RECORDS. The accounting records of an
organization consist of source documents, journals, and ledgers.
These records capture the economic essence of transactions and
provide an audit
trail of economic events.
 ACCESS CONTROL. The purpose of access controls is to ensure
that only authorized personnel have access to the firm’s assets.
 INDEPENDENT VERIFICATION. Verification procedures are
independent checks of the accounting system to identify errors and
misrepresentations.