CHAPTER 3 PRIVACY

ETHICS, FRAUD AND INTERNAL CONTROL People desire to be in full control of what and how much information
about themselves is available to others, and to whom it is available. This is the
BUSINESS ETHICS issue of privacy. The creation and maintenance of huge, shared databases make
Ethics pertains to the principles of conduct that individuals use in it necessary to protect people from the potential misuse of Data. This raises the
making choices and guiding their behavior in situations that involve the issue of ownership in the personal information industry.6 Should the privacy Of
concepts of right and wrong. More specifically, business ethics involves finding individuals be protected through policies and systems? What information about
the answers to two questions: (1) How do managers decide what is right in oneself does The individual own? Should firms that are unrelated to individuals
conducting their business? And (2) once managers have recognized what is buy and sell information about
right, how do they achieve it?
Ethical issues in business can be divided into four areas: equity, rights, SECURITY (ACCURACY AND CONFIDENTIALITY)
honesty, and the exercise Of corporate power. Table 3–1 identifies some of the Computer security is an attempt to avoid such risks as a loss of
business practices and decisions in each of confidentiality or data integrity. Security systems attempt to prevent fraud and
other misuse of computer systems; they act to protect and further the legitimate
THESE AREAS THAT HAVE ETHICAL IMPLICATIONS. interests of the system’s constituencies. The ethical issues involving Security
arise from the emergence of shared, computerized databases that have the
EQUITY potential to CA irreparable harm to individuals by disseminating inaccurate
 Executive Salaries information to authorized Users, such as through incorrect credit reporting.7
 Comparable Worth There is a similar danger in disseminating accurate in information to persons
 Product Pricing unauthorized to receive it. Increasing security, however, can actually Cause
other problems. For example, security can be used both to protect personal
HONESTY property and To undermine freedom of access to data, which may have an
 Rights Corporate Due Process injurious effect on some individuals.
 Employee Health Screening
 Employee Privacy OWNERSHIP OF PROPERTY
 Sexual Harassment Laws designed to preserve real property rights have been
 Diversity extended to cover what is referred to as intellectual property, that is, software.
The question here becomes what an individual (or organization) can Own.
 Equal Employment Opportunity
Ideas? Media? Source code? Object code? A related question is whether owners
 Whistle-Blowing
and users should Be constrained in their use or access. Copyright laws have
 Honesty Employee and Management Conflicts of Interest
been invoked in an attempt to protect those Who develop software from having
 Security of Organization Data and Records
it copied. Unquestionably, the hundreds of thousands of Development hours
 Misleading Advertising should be protected from piracy. Many, however, believe the copyright laws can
 Questionable Business Practices in Foreign Countries Cause more harm than good.
 Accurate Reporting of Shareholder Interests
EQUITY IN ACCESS
EXERCISE OF CORPORATE POWER Some barriers to access are intrinsic to the technology of
 Political Action Committees information systems, but some are avoidable through careful system design.
 Workplace Safety Several factors, some of which are not unique to information. Systems, can limit
 Product Safety access to computing technology. The economic status of the individual or the
 Environmental Issues Affluence of an organization will determine the ability to obtain information
 Divestment of Interests technology. Culture Also limits access, for example, when documentation is
 Corporate Political Contributions prepared in only one language or is poorly Translated. Safety features, or the
 Downsizing and Plant Closures lack thereof, have limited access to pregnant women, for example. How can
 Ethical issues in Computer hardware and software be designed with consideration for differences in
physical and cognitive skills? What is the cost of providing equity in access? For THE FRAUD TRIANGLE
what groups of society Should equity in access become a priority?

ENVIRONMENTAL ISSUES
Computers with high-speed printers allow for the production of
printed documents faster than ever before. It is probably easier just to print a
document than to consider whether it should be printed and how miscopies
really need to be made. It may be more efficient or more comforting to have a
hard copy in addition to the electronic version. Paper, however, comes from
trees, which are a precious natural resource that ends up in landfills if not
properly recycled.

ARTIFICIAL INTELLIGENCE
A new set of social and ethical issues has arisen out of the popularity of
expert systems. Because of the way these systems have been marketed—that is,
as decision makers or replacements for Experts—some people rely on them
significantly. Therefore, both knowledge engineers (those who Write the
programs) and domain experts (those who provide the knowledge about the
task being Automated) must be concerned about their responsibility for faulty
decisions, incomplete or inaccurate knowledge bases, and the role given to
computers in the decision-making process.8 Further, Because expert systems
attempt to clone a manager’s decision-making style, an individual’s prejudices
may implicitly or explicitly be included in the knowledge base.

UNEMPLOYMENT AND DISPLACEMENT

Many jobs have been and are being changed as a result of the availability
of computer unable or unprepared to change are displaced. Should employers
be responsible for retraining workers who are displaced as a result of the
computerization of their functions?

FRAUD – denotes a false representation of a material fact made by one party to

another party with the intent to deceive and induce the other party to justifiably
rely on the fact to his or her detriment.
FRAUD TRIANGLE FACTORS
Base on common law, a fraudulent act must meet the following five conditions:
 SITUATIONAL PRESSURE which includes personal or job-related
1. FALSE REPRESENTATION – There must be a false statement or a stresses that could coerce an individual to act dishonesty.
nondisclosure.  OPPORTUNITY which involves direct access to assets and/or access to
2. MATERIAL FACT – A fact must be substantial factor inducing someone information that controls assets.
to act.  ETHICS which pertains to one’s character and degree of moral
3. INTENT – There must be the intent to deceive or the knowledge that opposition to acts dishonesty.
one’s statement is false.
4. JUSTIFIABLE RELIANCE – The misrepresentation must have been a
substantial factor on which the injured party relied.
5. INJURY AND LOSS – The deception must have caused injury or loss to
the victim of the fraud.
2 TYPES OF FRAUD For example, the plant manager in a large corporation uses his
influence to ensure that a request for proposals is written in such a way
EMPLOYEE FRAUD – fraud by management employees, is generally designed to that only one contractor will be able to submit a satisfactory bid.
directly convert cash or other assets to the employee’s personal benefits.
 CONFLICTS OF INTEREST - Every employer should expect that his or
Employees Fraud involves 3 steps her employees will conduct their duties in a way that serves the
1. Stealing something of value (an asset) interests of the employer. A conflict of interest occurs when an
2. Converting the asset to a usable form (cash) employee acts on behalf of a third party during the discharge of his or
3. Concealing the crime to avoid decision her duties or has self-interest in the activity being performed. When the
employee’s conflict of interest is unknown to the employer and results
MANAGEMENT FRAUD – more insidious than employee fraud because it often in financial loss, then fraud has occurred.
escapes detection until the organization suffered irreparable damage or loss.  ECONOMIC EXTORTION - is the use (or threat) of force (including
Management Fraud usually does not involve the direct theft of assets. economic sanctions) by an individual or organization to obtain
Management Fraud involves 3 special characteristics something of value. The item of value could be a financial or economic
asset, information, or cooperation to obtain a favorable decision on
1. The fraud is perpetrated at levels of management above the one to some matter under review.
which internal control structures generally relate.
2. The fraud frequently involves using the financial statement to create an ASSET MISAPPROPRIATION - which assets are either directly or indirectly
illusion that an entity is healthier and more prosperous than, in fact, it diverted to the perpetrator’s benefit.
is.
 SKIMMING involves stealing cash from an organization before it is
3. If the fraud involves misappropriation of assets, it frequently is
recorded on the organization’s books and records
shrouded in a maze of complex business transactions, often involving
 CASH LARCENY involves schemes in which cash receipts are stolen
related third parties.
from an organization after they have been recorded in the
organization’s books and records.
FRAUD SCHEMES
 BILLING SCHEMES, also known as vendor fraud, are perpetrated by
FRAUDULENT STATEMENTS are associated with management fraud. Whereas employees who causes their employer to issue a payment to a false
all fraud involves some form of financial misstatement, to meet the definition supplier or vendor by submitting invoices for fictitious goods or
under this class of fraud scheme the statement itself must bring direct or services, inflated invoices, or invoices for personal purchases.
indirect financial benefit to the perpetrator. In other words, the statement is not  CHECK TAMPERING involves forging or changing in some material
simply a vehicle for obscuring or covering a fraudulent act. way a check that the organization has written to a legitimate payee.
 PAYROLL FRAUD is the distribution of fraudulent paychecks to
CORRUPTION - involves an executive, manager, or employee of the existent and/or nonexistent employees.
organization in collusion with an outsider.  EXPENSE REIMBURSEMENT frauds are schemes in which an employee
TYPES OF CORRUPTION makes a claim for reimbursement of fictitious or inflated business
expenses.
 BRIBERY - involves giving, offering, soliciting, or receiving things of  THEFTS OF CASH are schemes that involve the direct theft of cash on
value to influence an official in the performance of his or her lawful hand in the organization.
duties. Officials may be employed by government (or regulatory)  NON-CASH FRAUD schemes involve the theft or misuse of the victim
agencies or by private organizations. Bribery defrauds the entity organization’s non-cash assets
(business organization or government agency) of the right to honest  COMPUTER FRAUD
and loyal services from those employed by it.

 ILLEGAL GRATUITIES - involves giving, receiving, offering, or

soliciting something of value because of an official act that has been
taken. This is similar to a bribe, but the transaction occurs after the fact.
INTERNAL CONTROL TYPES OF CONTROLS
- set of principles, procedures, and practices companies define to ensure they PREVENTIVE CONTROLS – designed to reduce the frequency of occurrence of
keep a check on risk-causing factors and rectify the same to avoid losses or undesirable events
frauds
DETECTIVE CONTROLS – designed to identify and expose risks that have
- an accounting and auditing processes used in a company's finance department eluded preventive controls
that ensure the integrity of financial reporting and regulatory compliance
CORRECTIVE CONTROLS – actions taken to reverse the effects of errors
INTERNAL CONTROL SYSTEM OBJECTIVES detected

 Safeguard assets
 Ensure accuracy and reliability
 Promote efficiency
 Measure compliance
EXPOSURES OF WEAK INTERNAL CONTROLS (RISK)

 Destruction of an asset
 Theft of an asset
 Corruption of information
 Disruption of the information system
The Internal Controls Shield
COSO Internal Control Framework 5. CONTROL ACTIVITIES – policies and procedures to ensure that the
appropriate actions are taken in response to identified risks. It falls into
It consists of five components: two distinct categories:
1. THE CONTROL ENVIRONMENT – sets the tone for the organization
and influences the control awareness of its management and employees IT Controls – it relates specifically to the computer environment.
 The integrity and ethical values of management
 The structure of the organization  General controls – pertains to the entity wide computer
environment (e.g., controls over the data center, organization
 The participation of the organization’s board of directors and
databases, systems development, and program maintenance)
the audit committee, if one exists
 Application controls – ensure the integrity of specific systems
 Management’s philosophy and operating style
(e.g., controls over sales processing, accounts payable, and
 The procedures for delegating responsibility and authority
payroll applications)
 Management’s methods for assessing performance
 External influences, such as examinations by regulatory PHYSICAL CONTROLS – it relates primarily to the human activities
agencies employed in accounting systems.

 Transaction Authorization – to ensure that all material

2. RISK ASSESSMENT – it identifies, analyze, and manage risks relevant
transactions processed by the information system are valid
to financial reporting
and in accordance with management’s objectives
 Changes in external environment
 Segregation of Duties – it minimizes incompatible functions
 Risky foreign markets
 Supervision – the firm employs competent and trustworthy
 Significant rapid growth that strains internal controls personnel. The competent and trustworthy employee
 New product lines assumption promotes supervisory efficiency
 Restructuring, downsizing  Accounting Records – it consists of source documents,
 Changes in accounting policies journals, and ledgers. It provides an audit trail of economic
events that helps employees respond to customer inquiries by
3. INFORMATION AND COMMUNICATION – the AIS should produce high showing the current status of transaction in process. It also
quality information which: enables the auditor to trace any transaction through all phases
 Identifies and records all valid transactions of its processing from the initiation of the event to the financial
 Provides timely information in appropriate detail to permit statements.
proper classification and financial reporting  Access Control – to ensure that only authorized personnel
 Accurately measures the financial value of transactions have access to the firm’s assets. Unauthorized access exposes
 Accurately records transactions in the time period in which assets to misappropriation damage, and theft.
they occurred  Independent Verification – independent checks of the
accounting system to identify errors and misrepresentation.
4. MONITORING – process of assessing the quality of internal control
design and operation
 SEPARATE PROCEDURES – test of controls by internal
auditors to communicate the control strength and weakness
management
 ONGOING MONITORING:
- Computer modules integrated into routine operations
- Management reports which highlight trends and
exceptions from normal performance