Professional Documents
Culture Documents
Ethics, Fraud and Internal Control Business Ethics Privacy
Ethics, Fraud and Internal Control Business Ethics Privacy
Ethics, Fraud and Internal Control Business Ethics Privacy
ETHICS, FRAUD AND INTERNAL CONTROL People desire to be in full control of what and how much information
about themselves is available to others, and to whom it is available. This is the
BUSINESS ETHICS issue of privacy. The creation and maintenance of huge, shared databases make
Ethics pertains to the principles of conduct that individuals use in it necessary to protect people from the potential misuse of Data. This raises the
making choices and guiding their behavior in situations that involve the issue of ownership in the personal information industry.6 Should the privacy Of
concepts of right and wrong. More specifically, business ethics involves finding individuals be protected through policies and systems? What information about
the answers to two questions: (1) How do managers decide what is right in oneself does The individual own? Should firms that are unrelated to individuals
conducting their business? And (2) once managers have recognized what is buy and sell information about
right, how do they achieve it?
Ethical issues in business can be divided into four areas: equity, rights, SECURITY (ACCURACY AND CONFIDENTIALITY)
honesty, and the exercise Of corporate power. Table 3–1 identifies some of the Computer security is an attempt to avoid such risks as a loss of
business practices and decisions in each of confidentiality or data integrity. Security systems attempt to prevent fraud and
other misuse of computer systems; they act to protect and further the legitimate
THESE AREAS THAT HAVE ETHICAL IMPLICATIONS. interests of the system’s constituencies. The ethical issues involving Security
arise from the emergence of shared, computerized databases that have the
EQUITY potential to CA irreparable harm to individuals by disseminating inaccurate
Executive Salaries information to authorized Users, such as through incorrect credit reporting.7
Comparable Worth There is a similar danger in disseminating accurate in information to persons
Product Pricing unauthorized to receive it. Increasing security, however, can actually Cause
other problems. For example, security can be used both to protect personal
HONESTY property and To undermine freedom of access to data, which may have an
Rights Corporate Due Process injurious effect on some individuals.
Employee Health Screening
Employee Privacy OWNERSHIP OF PROPERTY
Sexual Harassment Laws designed to preserve real property rights have been
Diversity extended to cover what is referred to as intellectual property, that is, software.
The question here becomes what an individual (or organization) can Own.
Equal Employment Opportunity
Ideas? Media? Source code? Object code? A related question is whether owners
Whistle-Blowing
and users should Be constrained in their use or access. Copyright laws have
Honesty Employee and Management Conflicts of Interest
been invoked in an attempt to protect those Who develop software from having
Security of Organization Data and Records
it copied. Unquestionably, the hundreds of thousands of Development hours
Misleading Advertising should be protected from piracy. Many, however, believe the copyright laws can
Questionable Business Practices in Foreign Countries Cause more harm than good.
Accurate Reporting of Shareholder Interests
EQUITY IN ACCESS
EXERCISE OF CORPORATE POWER Some barriers to access are intrinsic to the technology of
Political Action Committees information systems, but some are avoidable through careful system design.
Workplace Safety Several factors, some of which are not unique to information. Systems, can limit
Product Safety access to computing technology. The economic status of the individual or the
Environmental Issues Affluence of an organization will determine the ability to obtain information
Divestment of Interests technology. Culture Also limits access, for example, when documentation is
Corporate Political Contributions prepared in only one language or is poorly Translated. Safety features, or the
Downsizing and Plant Closures lack thereof, have limited access to pregnant women, for example. How can
Ethical issues in Computer hardware and software be designed with consideration for differences in
physical and cognitive skills? What is the cost of providing equity in access? For THE FRAUD TRIANGLE
what groups of society Should equity in access become a priority?
ENVIRONMENTAL ISSUES
Computers with high-speed printers allow for the production of
printed documents faster than ever before. It is probably easier just to print a
document than to consider whether it should be printed and how miscopies
really need to be made. It may be more efficient or more comforting to have a
hard copy in addition to the electronic version. Paper, however, comes from
trees, which are a precious natural resource that ends up in landfills if not
properly recycled.
ARTIFICIAL INTELLIGENCE
A new set of social and ethical issues has arisen out of the popularity of
expert systems. Because of the way these systems have been marketed—that is,
as decision makers or replacements for Experts—some people rely on them
significantly. Therefore, both knowledge engineers (those who Write the
programs) and domain experts (those who provide the knowledge about the
task being Automated) must be concerned about their responsibility for faulty
decisions, incomplete or inaccurate knowledge bases, and the role given to
computers in the decision-making process.8 Further, Because expert systems
attempt to clone a manager’s decision-making style, an individual’s prejudices
may implicitly or explicitly be included in the knowledge base.
Safeguard assets
Ensure accuracy and reliability
Promote efficiency
Measure compliance
EXPOSURES OF WEAK INTERNAL CONTROLS (RISK)
Destruction of an asset
Theft of an asset
Corruption of information
Disruption of the information system
The Internal Controls Shield
COSO Internal Control Framework 5. CONTROL ACTIVITIES – policies and procedures to ensure that the
appropriate actions are taken in response to identified risks. It falls into
It consists of five components: two distinct categories:
1. THE CONTROL ENVIRONMENT – sets the tone for the organization
and influences the control awareness of its management and employees IT Controls – it relates specifically to the computer environment.
The integrity and ethical values of management
The structure of the organization General controls – pertains to the entity wide computer
environment (e.g., controls over the data center, organization
The participation of the organization’s board of directors and
databases, systems development, and program maintenance)
the audit committee, if one exists
Application controls – ensure the integrity of specific systems
Management’s philosophy and operating style
(e.g., controls over sales processing, accounts payable, and
The procedures for delegating responsibility and authority
payroll applications)
Management’s methods for assessing performance
External influences, such as examinations by regulatory PHYSICAL CONTROLS – it relates primarily to the human activities
agencies employed in accounting systems.