Академический Документы
Профессиональный Документы
Культура Документы
1999 – May 2002, executives of 25 companies extracted Computer ethics – analysis of nature and social impact
$25 billion worth of special compensation, stock options, of computer technology and the corresponding
and private loans from their organizations while their formulation and justification of policies for the ethical
companies’ stock plummeted 75% more use of such technology
Ethics – principles of conduct that individuals use in Includes concern about software as well as
making choices and guiding their behavior in situations hardware and concerns about networks
that involve the concepts of right and wrong connecting computers and computer
themselves
Business ethics – involves finding answers to two
questions: THREE LEVELS:
1. How do managers decide what is right in 1. Pop – exposure to stories and reports found in
conducting their business? popular media regarding the good or bad
2. Once managers have considered what is right, ramifications of computer technology
how do they achieve it?
Note: society at large needs to be aware as
FOUR ARES: computer viruses and computer systems designed
to aid handicapped persons
a. Equity
b. Rights 2. Para – taking a real interest in computer ethics
c. Honesty cases and acquiring some level of competency
d. Exercise of corporate power so they can do their jobs effectively
3. Theoretical – interest to multidisciplinary
Making Ethical Decisions
researchers who apply the theories of
Every major decision has consequences that philosophy, sociology, and psychology to
potentially harm or benefit these constituents. computer science with goal of bringing some
new understanding to the field
Ex. Implementing a new computer information system
within an organization may cause some employees to A New Problem or Just a New Twist on an Old Problem?
lose their jobs, while those who remain enjoy benefit of
improved working conditions
1
All pertinent ethical issues have already been Misuse of computers: copying of proprietary software,
examined in some other domain. using a company’s computer for personal benefit, and
snooping other people’s files
Ex. Issue of property rights has been explored and
resulted in copyright, trade secret, & patent laws SARBANES-OXLEY ACT AND ETHICAL ISSUES
Privacy – people desire to be in full control of what and Sarbanes-Oxley Act – wide-sweeping legislation
how much information about themselves is available to
Most significant securities law since the SEC
others, and to whom it is available
Acts of 1993 and 1934
Ownership – creation and maintenance of huge, shared - has many provisions designed to deal with
databases make it necessary to protect people from the specific problems relating to capital markets,
potential misuse of data corporate governance, and auditing profession
Computer security – attempt to avoid such undesirable Section 406 – Code of Ethics for Senior Financial Officers
events as a loss of confidentiality or data integrity
Requires public companies to disclose to SEC
Security systems – attempt to prevent fraud and other whether they have adopted a code of ethics
misuse of computer systems that applies to organization’s chief executive
officer (CEO), CFO, controller, or persons
They act to protect and further the legitimate
performing similar actions
interests of the system’s constituencies
Applies specifically to executive and financial
Ethical issues involving security arise from emergence of
officers of company, company’s code of ethics
shared, computerized databases that have potential to
should apply equally to all employees.
cause irreparable harm to individuals by disseminating
inaccurate information to authorized user, through Top management’s attitude toward ethics sets
incorrect credit reporting the tone for business practice, but it also
responsibility of lower-level managers and non-
Ownership of Property
managers to uphold a firm’s ethical standards.
Intellectual property = software
A public company may disclose its code of ethics in
Copyright laws – have been invoked in an attempt to several ways:
protect those who develop software from having it
1. By including the code as an exhibit to its annual
copied
report
Cause more harm than good 2. By posting the code to the company website
3. By agreeing to provide copies of code upon
Best interest of computer users is served when industry
request
standards emerge
ETHICAL ISSUES:
Knowledge engineers – those who write the programs
1. Conflicts of interest – the issue here is in dealing
Domain experts – those who provide knowledge about
with conflicts of interest, not prohibiting them
the task being automated
Avoidance is not the best policy, sometimes
Both must be concerned about their responsibility for conflicts are unavoidable
faulty decisions, incomplete or inaccurate knowledge 2. Full and fair disclosures – objective is to ensure
bases, and role given to computers in decision-making that future disclosures are candid, open,
process. truthful, and void of such deceptions
2
3. Legal compliance – code of ethics should 1. False representation – false statement or
require employees to follow applicable nondisclosure
government laws, rules, and regulations 2. Material fact – fact must be substantial factor in
To accomplish, organization must provide inducing someone to act
employees with training and guidance 3. Intent – intent to deceive or knowledge one’s
4. Internal reporting of code violations – code of statement is false
ethics must provide mechanism to permit 4. Justifiable reliance – misrepresentation must
prompt internal reporting of ethics violations have been substantial factor on which injured
Similar to section 301 & 806 (designed to party relied
encourage and protect whistle-blowers 5. Injury or loss – deception must have caused
5. Accountability – section 301 (directs injury or loss to victim of fraud
organization’s audit committee to establish
Two levels of fraud:
procedures for receiving, retaining, and treating
1. Employee fraud – designed to directly convert
such complaints about accounting procedures
cash or other assets to employee’s personal
and internal control violations
benefit.
FRAUD AND ACCOUNTANTS If company has effective internal control,
defalcations or embezzlements can usually be
U.S. financial reporting system – object of scrutiny
prevented or detected.
Statement on Auditing Standards (SAS) No. 99,
Three steps:
Consideration of Fraud in a Financial Statement Audit –
objective is to seamlessly blend auditor’s consideration Stealing something of value (asset)
of fraud into all phases of audit process. Converting asset to usable form (cash)
Concealing the crime to avoid detection
Requires auditor to perform new steps such as
brainstorming during audit planning to assess
2. Management fraud – more insidious and often
potential risk of material misstatement of
escapes detection until organization suffered
financial statements from fraud schemes
irreparable damage or loss.
Fraud: Bankruptcies and business failures – fraud is Top management – fraudulent activities to drive up
result of poor management decisions or adverse market price of company’s stocks (involves deceptive
business conditions practices to inflate earnings or to forestall recognition
of either insolvency or decline in earnings
Fraud: business environment – intentional deception,
Lower-level management – involves materially
misappropriation of assets, or manipulation of
misstating financial data and internal reports to gain
company’s financial data to advantage of perpetrator.
additional compensation, to garner promotion, or to
Fraud: accounting literature – also known as white- escape penalty for poor performance.
collar crime, defalcation, embezzlement, irregularities
Three characteristics:
Fraud – denotes false representation of material fact
1. Fraud is perpetrated at levels of management
made by one party to another party with intent to
above one to which internal control structures
deceive and induce other party to justifiably rely on fact
generally relate
to his or her detriment.
2. Fraud frequently involves using financial
Fraudulent act must meet ff. conditions: statements to create illusion that entity is
healthier and more prosperous than it is
3
3. Fraud involves misappropriation of assets, greater access to company funds and other
frequently shrouded in maze of complex assets.
business transactions, often involving related Collusion – when individuals in critical positions
third parties collude, they create opportunities to control or
gain access to assets that otherwise would not
FRAUD TRIANGLE exist
Three (3) factors:
1. Situational pressure – personal or job-related FRAUD SCHEMES:
stresses that could coerce an individual to act 1. Fraudulent statements (7.6)
dishonestly 2. Corruption (33.4)
2. Opportunity – direct access to assets and/or 3. Asset misappropriation (86.7)
access to information that control assets
3. Ethics – pertains to one’s character and degree Fraudulent statements – associated with management
of moral opposition of acts of dishonesty fraud. Must itself bring direct or indirect financial
benefit to perpetrator
FIANCIAL LOSSES FROM FRAUD Misstating cash account balance to cover theft of cash is
Association of Certified Fraud Examiners (ACFE) in not financial statement fraud. Understating liabilities to
2010 estimated losses from fraud 5% of annual present favorable picture of organization, to drive up
revenues. stock prices.
THE UNDERLYING PROBLEMS.
Actual cost of fraud, difficult to quantify for a 1. Lack of Auditor Independence – firms
number of reasons: essentially auditing their own work. Risk is that
1. Not all fraud is detected as auditors they will not bring to management’s
2. Of that detected, not all is reported attention the detected problems that may
3. In many fraud cases, incomplete information is adversely affect their consulting fees.
gathered Arthur Andersen – Enron auditors – were also
4. Information is not properly distributed to their internal auditor and management
management or law enforcement authorities consultants.
5. Too often, business organizations decide to take 2. Lack of Director Independence
no civil or criminal action against perpetrators directors who have personal relationship
of fraud. by serving on boards of other director’s
Indirect cost: reduced productivity, cost of legal action, companies;
increased unemployment, business disruption due to have business trading relationship as key
investigation of fraud, need to be considered. customers or suppliers of company;
Demographic categories presented in the ACFE study: have financial relationship as primary
stockholders or have received personal
Position – beyond internal control structure and loans from company;
have the greatest access to company funds and have an operational relationship as
assets employees of company
Gender – affords men greater access to assets Example of corporate inbreeding – Adelphia
Age – older employees tend to occupy higher- Communications – founded in 1952, went
ranking positions public in 1986. Became sixth largest cable
Education – with more education occupy higher provider in United States before accounting
positions in organization and therefore have
4
scandal came to light. Founding family (John public company auditing. Its principal reforms
Rigas – CEO and chairman of the board;Timothy pertain to:
Rigas – CFO, chief administrative officer, & 1. Creation of an accounting oversight board
chairman of audit committee; Michael Rigas – 2. Auditor independence
vice president of operation; JP Rigas – vice 3. Corporate governance and responsibility
president for strategic planning) perpetrated 4. Disclosure requirements
the fraud. Between 1998 and May 2002, 5. Penalties for fraud and other violations
engaged in embezzlement resulted in loss of
more than $60 billion to shareholders. Public Company Oversight Accounting Board (PCAOB) –
empowered to set auditing, quality control, and ethics
Popular wisdom suggests that healthier board standards to inspect registered accounting firms; to
of directors is one in which majority of directors conduct investigations; to take disciplinary actions.
are independent outsiders, with integrity and
qualifications to understand the company and Auditor Independence is intended to specify categories
objectively plan its course. of services that public accounting firm cannot perform
for its client. these include the ff. nine functions:
3. Questionable Executive Compensation Schemes 1. Bookkeeping or other related services to
– Thomson Financial survey revealed: accounting records or financial statement
executives have abused stock-based 2. Financial information systems design and
compensation. Consensus is that fewer stock implementation
options should be offered than currently is the 3. Appraisal or valuation services, fairness
practice. opinions, or contribution-in-kind reports
4. Inappropriate Accounting Practices – use of 4. Actuarial services
inappropriate techniques is characteristic 5. Internal auditing outsourcing services
common to many financial statement fraud 6. Management functions or human resources
schemes. 7. Broker or dealer, investment adviser, or
Special-purpose entities are legal, but their investment banking services
application in this case was clearly intended to 8. Legal services and expert services unrelated to
deceive the market. audit
9. Any other service that PCAOB determines is
WorldCom – April 2001, WorldCom impermissible
management decided to transfer transmission SOX prohibits auditor from providing these
line costs from current expense accounts to services to their audit clients, they are not
capital accounts. prohibited from performing such services for
nonaudit clients or privately held companies.
SARBANES-OXLEY ACT AND FRAUD
Sarbanes-Oxley – this landmark legislation was written Corporate Governance and Responsibility – the act
to deal with problems related to capital markets, requires all audit committee members to be
corporate governance, and auditing profession, and has independent and requires audit committee to hire and
fundamentally changed the way public companies do oversee the external auditors.
business and how accounting profession performs its - This provision is consistent with many investors
attest function. who consider board composition to be critical
- The act establishes a framework to modernize investment factor.
and reform the oversight and regulation of
5
Thomson Financial survey revealed most been taken. Similar to bribe, but the transaction occurs
institutional investors want corporate boards to after the fact.
be composed of at least 75% independent
directors. Conflict of interest – occurs when an employee acts on
behalf of third party during discharge of his or her
Two other significant provisions: duties or has self-interest in activity being performed
1. Public companies are prohibited from making When employee’s conflict of interest is unknown to
loans to executive officers and directors employer and results in financial loss, fraud has
2. Act requires attorneys to report evidence of occurred.
material violation of securities laws or breaches
of fiduciary duty to CEO, CFO, or PCAOB. Economic extortion – use (or threat) of force (including
economic sanctions) by an individual or organization to
SOX imposes new corporate disclosure requirements, obtain something of value
including:
1. Public companies must report all off balance Asset Misappropriation – assets are either directly or
sheet transaction indirectly diverted to perpetrator’s benefit. Almost 90%
2. Annual reports filed with SEC must include of frauds included in ACFE study fall in this category.
statement by management asserting that it’s Transactions involving:
responsible for creating and maintaining Cash
adequate internal controls and asserting to Checking accounts
effectiveness of those controls Inventory
3. Officers must certify that company’s accounts Supplies
“fairly present” firm’s financial condition and Equipment
results of operations Information
4. Knowingly filing false certification is criminal Are most vulnerable to abuse.
offense
Skimming (14.6%) – stealing cash from organization
Corruption – involves an executive, manager, or before it is recorded on organization’s books and
employee of organization in collusion with an outsider. records.
10% of occupational fraud cases. Ex. Mail room fraud – an employee opening mail steals
Four (4) principal types: customer’s check and destroys the associated
1. Bribery remittance advice
2. Illegal gratuities
3. Conflicts of interest Cash larceny (11%) – schemes in which cash receipts are
4. Economic exertion stolen from an organization after they have been
recorded in organization’s books and records
Bribery – giving, offering, soliciting, or receiving things Ex. Lapping – cash receipts clerk first steals and cashes
of value to influence an official in performance of his or check from customer A, to conceal the payment of
her lawful duties customer B will be credited to A’s account.
- Defrauds the entity of the right to honest and - Employees involved in this sort of fraud often
loyal services from those employed by it. rationalize that they are simply borrowing cash
and plan to repay it at some future date.
Illegal gratuity – giving, receiving, offering, or soliciting
something of value because of an official act that has
6
Billing schemes (vendor fraud) (24.9%) – perpetrated by Non-cash misappropriations (17.2%) – theft or misuse
employees who cause their employer to issue a of victim organization’s non-cash assets.
payment to false supplier by submitting invoices for
Ex. A warehouse clerk who steals inventory from a
fictitious goods or services, inflated invoices, or invoices
warehouse or storeroom. Customer services clerk who
for personal purchases.
sells confidential customer information to third party.
Three (3) examples:
1. Shell company fraud – first requires perpetrator INTERNAL CONTROL CONCEPTS AND TECHNIQUES
to establish false supplier on books of victim
Internal control system – comprises policies, practices,
company.
and procedures employed by organization to achieve
2. Pass through fraud – similar to shell company
four broad objectives:
with exception that a transaction actually takes
place 1. To safeguard assets of firm
3. Pay-and-return fraud – involves clerk with 2. To ensure accuracy and reliability of accounting
check-writing authority who intentionally pays a records and information
vendor twice for the same invoice for purchase 3. To promote efficiency in firm’s operations
on inventory or supplies. 4. To measure compliance with management’s
prescribed policies and procedures
Check tampering (11.9%) – forging or changing in some
Internal control system – shield that protects firm’s
material way a check that the organization has written
assets from numerous undesirable events that bombard
to legitimate payee.
the organization. These include:
Example is an employee who steals an outgoing check to
a vendor, forges the payee signature, and cashes the Unauthorized access to firm’s assets
check. Fraud perpetrated by persons both inside and
outside firm
Payroll fraud (9.3%) – distribution of fraudulent Errors due to employee incompetence
paycheck to existent and/or nonexistent employees. Faulty computer programs and corrupted input
The fraud works best in organizations in which data
supervisor is responsible for distributing Mischievous acts (unauthorized access by
paychecks to employees. computer hackers and threats from computer
viruses that destroy programs and databases
Expense reimbursement frauds (14.5%) – employee
makes claim for reimbursement of fictitious or inflated Four (4) modifying assumptions that guide designers
business expenses. and auditors of internal controls:
Ex. A company salesperson files false expense reports 1. Management responsibility – this concept holds
that never occurred. that establishment and maintenance of system
of internal control
Theft of cash (11.8%) – direct theft of cash on hand in 2. Reasonable assurance – cost-effective manner;
organization. no system of internal control is perfect and cost
Ex. An employee who makes false entries on of achieving improved control should not
cash register, such as voiding sale, to conceal outweigh its benefits.
fraudulent removal of cash. An employee who 3. Methods of data processing
steals cash from the vault. 4. Limitations:
7
Possibility of error – no system is Detective controls – devices, techniques, and
perfect procedures designed to identify and expose undesirable
Circumvention – personnel may events that elude preventive controls
circumvent system through collusion or
- Identify anomalies and draw attention to them
other
- Reveal specific types of errors by comparing
Management override – management is
actual occurrences to pre-established standards
in position to override control
When detective control identifies a departure
procedure by personally distorting
from standards, it sounds an alarm to attract
transactions or by directing subordinate
attention to the problem.
to do so
Changing conditions – conditions may Corrective controls – actions taken to reverse effects of
change over time and render existing error detected in previous step
controls ineffective
- Actually fix the problem
EXPOSURE AND RISK
Statement on Auditing Standards (SAS) No. 109 –
Exposure – absence or weakness of internal control; current authoritative document for specifying internal
increase firm’s risk to financial loss or injury from control objectives and techniques which is based on
undesirable events. COSO framework
8
4. Explicit written conclusion as to effectiveness of Risk assessment – to identify, analyze, and manage risks
internal control over financial reporting relevant to financial reporting
5. Statement identifying framework used
(PAGE 118)
assessment of internal control
Accounting information system – consists of records
Committee of Sponsoring Organizations of the
and methods used to initiate, identify, analyze, classify,
Treadway Commission (COSO) – basis for SAS 109.
and record organization’s transactions and to account
SAS 109 – developed for auditors and describes the for related assets and liabilities
complex relationship between firm’s internal controls,
(PAGE 118)
auditor’s assessment of risk, and planning of audit
procedures Monitoring – process by which quality of internal
control design and operation can be assessed
- Requires auditors obtain sufficient knowledge
to assess attitude and awareness of Ongoing monitoring – may be achieved by integrating
organization’s management, board of directors, special computer modules into information system that
and owners regarding internal control. capture key data and/or permit tests of controls to be
(PAGE 117) conducted as part of routine operations
COSO INTERNAL CONTROL FRAMEWORK Embedded modules – allow management and auditors
to maintain constant surveillance over functioning of
Consist of five components:
internal controls
1. Control environment
PAGE 119 - last paragraph of monitoring
2. Risk assessment
3. Information and communication Control activities – policies and procedures used to
4. Monitoring ensure that appropriate actions are taken to deal with
5. Control activities the organization’s identified risks
9
Application controls – integrity of specific computer Segregation of duties – to minimize incompatible
systems such as: functions
10
3. correctness of data contained in accounting 1. addition errors – extra digit or character is
records added to code
2. truncation errors – a digit or character is
Examples of independent verification:
removed from end of code
1. reconciling batch totals @ point during 3. substitution errors – replacement of one digit in
transaction processing code with another
2. comparing physical assets with accounting
transposition errors:
records
3. reconciling subsidiary accounts with control 1. single transposition – two adjacent digits are
accounts reversed
4. reviewing management report that summarizes 2. multiple transposition – nonadjacent digits are
business activity transposed
IT APPLICATION CONTROLS 2.) Missing data check – this edit identifies blank or
incomplete input fields that should contain data that
Application controls are associated w/ specific
are required to process transaction
applications, such as:
3.) Numeric-alphabetic check – identifies when data in
payroll
particular fields are in wrong form
purchases
cash disbursement systems 4.) Limit check – used to identify field values that
exceed an authorize limit
and fall into three categories:
5.) Range check – upper and lower limits to their
1. input controls
acceptable values
2. processing controls
3. output controls - purpose is to detect keystroke errors by data entry
clerks
Input controls (edits) – programmed procedures which
perform tests on transaction data to ensure they are 6.) Reasonableness check – may be detected by test
free from errors that determines if value in one field, has already passed
a limit check and range check, is reasonable when
Edit controls in real-time systems – placed at data
considered along with data in other fields of records
collection stage to monitor data as they are entered
from terminals 7.) Validity check – compares actual field values against
known acceptable values.
Batch systems – collect data in transaction files, where
they are temporarily held for subsequent processing - used to verify such things as transaction codes, state
abbreviations, or employee job skill codes.
1) Check digit – control digit that is added to data code
when it is originally assigned. Allows integrity of Processing controls – programmed procedures to
code to be established during subsequent ensure that an application’s logic is functioning properly
processing
Batch controls – used to manage flow of high volumes
Simplest form: sum digits in code of transaction through batch processing systems
11
PAGE 124 Print programs – often complex systems that require
operator intervention
Run-to-run controls – use values in batch control record
to monitor batch as it moves from one programmed Page 131
procedure (run) to another
Waste – potential source of exposure
Page 125
- also source of passwords that perpetrator may
Hash total – summation of nonfinancial field to keep use to access firm’s computer system
track of the records in batch
Report distribution – primary risks include being lost,
Audit trail controls – ensure that every transaction can stolen, or misdirected in transit to user.
be traced through each stage of processing from its
economic source to its presentation in financial
statements.
EXAMPLES:
Page 127
Page 130
12