ethics fraud
TRANSCRIPT
-
8/6/2019 Ethics Fraud
1/49
Date:17/ 9/ 07 College of Agricultural Banking, RBI , PUNE
Ethics,Ethics,Fraud, andFraud, and
Internal ControlInternal Control
SUPRIYO BHATTACHARJEE
AGM & MOF
CAB,RBI,PUNE
-
8/6/2019 Ethics Fraud
2/49
Date: College of Agricultural Banking, RBI , PUNE
ObjectivesObjectives
Broad issues pertaining to business ethics
Ethics in accounting information systems Ethical issues in information technology
Management fraud and employee fraud
Common fraud techniques in manual and computer-based systems
Implications of computer technology on the internalcontrol structure
-
8/6/2019 Ethics Fraud
3/49
Date: College of Agricultural Banking, RBI , PUNE
Business EthicsBusiness Ethics
Why should we be concerned about ethics in the
business world? Ethics are needed when conflicts arise--the
need to choose
In business, conflicts may arise between: employees
management
stakeholders Litigation
-
8/6/2019 Ethics Fraud
4/49
Date: College of Agricultural Banking, RBI , PUNE
Four Main Areas of Business EthicsFour Main Areas of Business Ethics
-
8/6/2019 Ethics Fraud
5/49
Date: College of Agricultural Banking, RBI , PUNE
Behavioral Stage Theory of MoralBehavioral Stage Theory of MoralDevelopmentDevelopment
-
8/6/2019 Ethics Fraud
6/49
Date: College of Agricultural Banking, RBI , PUNE
Computer EthicsComputer Ethics
Concerns the social impact of computer technology (hardware, software,and telecommunications).
What are the main computer ethics issues?
Privacy
Security and accuracy Ownership of property
Environmental issues
Equity in access
Artificial intelligence Unemployment and displacement
Computer misuse
Internal control integrity
-
8/6/2019 Ethics Fraud
7/49
Date: College of Agricultural Banking, RBI , PUNE
What is Fraud?What is Fraud?Five Conditions of FraudFive Conditions of Fraud
Fa lse r ep r esen t a t ion - false statement or
disclosure Mat er ia l f act - a fact must be substantial in
inducing someone to act
I n t en t t o d ecei v e must exist The misrepresentation must have resulted in
j us t i f i ab le r e l iance upon information, whichcaused someone to act
The misrepresentation must have causedi n j u r y o r l o s s
-
8/6/2019 Ethics Fraud
8/49
Date: College of Agricultural Banking, RBI , PUNE
2002 CFE Study of Fraud2002 CFE Study of Fraud
Loss due to fraud equal to 6% of revenues
approximately $600 billion Loss by position within the company:
Other results: higher losses due to men, employeesacting alone, employees with advance degrees
-
8/6/2019 Ethics Fraud
9/49
Date: College of Agricultural Banking, RBI , PUNE
Enron, WorldCom, AdelphiaEnron, WorldCom, AdelphiaThe Underlying ProblemsThe Underlying Problems
Lack of Auditor Independence: auditing firms also engaged by their clientsto perform nonaccounting activities such as actuarial services, internalaudit outsourcing services, and consulting
Lack of Director Independence: directors who have a personal relationshipby serving on the boards of other companies, have a business tradingrelationship as key customers or suppliers, have a financial relationship asprimary stockholders or have received personal loans, or have anoperational relationship as employees
Questionable Executive Compensation Schemes: short-term stock optionsas compensation scheme result in short-term strategies aimed at drivingup stock prices at the expense of the firms long-term health.
Inappropriate Accounting Practices: a characteristic common to manyfinancial statement fraud schemes. Enron made elaborate use of special purpose entities to hide liabilities
through off-balance-sheet accounting. WorldCom transferred transmission line costs from current expense
accounts to capital accounts, allowing them to defer some operatingexpenses and report higher earnings.
-
8/6/2019 Ethics Fraud
10/49
Date: College of Agricultural Banking, RBI , PUNE
SarbanesSarbanes--Oxley ActOxley Act Signed into law July 2002 Its principal reforms pertain to:
The creation of the Public Company Accounting Oversight
Board (PCAOB) Auditor independencemore separation between a firms
attestation and non-auditing activities Corporate governance and responsibilityaudit committee
members must be independent and the audit committeemust oversee the external auditors
Disclosure requirementsincrease issuer and managementdisclosure, including off-the-balance items
New federal crimes for the destruction of or tampering withdocuments, securities fraud, and actions againstwhistleblowers
-
8/6/2019 Ethics Fraud
11/49
-
8/6/2019 Ethics Fraud
12/49
Date: College of Agricultural Banking, RBI , PUNE
Why Fraud OccursWhy Fraud Occurs-- Fraud TriangleFraud Triangle
Situational
Pressures e.g.
an employee is
experiencing
financial difficulties
Available
Opportunities e.g poor
internal controls
Rationalisation
personal morals ofindividual
employees
-
8/6/2019 Ethics Fraud
13/49
-
8/6/2019 Ethics Fraud
14/49
Date: College of Agricultural Banking, RBI , PUNE
Management FraudManagement Fraud
It is perpetrated at levels of management above the one to
which internal control structure relates. It frequently involves using the financial statements to
create an illusion that an entity is more healthy andprosperous than it actually is.
If it involves misappropriation of assets, it frequently isshrouded in a maze of complex business transactions.
-
8/6/2019 Ethics Fraud
15/49
Date: College of Agricultural Banking, RBI , PUNE
Fraud SchemesFraud Schemes
Three categories of fraud schemes
according to the Association ofCertified Fraud Examiners:
A. fraudulent statementsB. corruption
C. asset misappropriation
-
8/6/2019 Ethics Fraud
16/49
Date: College of Agricultural Banking, RBI , PUNE
A. Fraudulent StatementsA. Fraudulent Statements
Misstating the financial statements tomake the copy appear better than it is
Usually occurs as management fraud
May be tied to focus on short-termfinancial measures for success
May also be related to management bonus
packages being tied to financialstatements
-
8/6/2019 Ethics Fraud
17/49
Date: College of Agricultural Banking, RBI , PUNE
B. CorruptionB. Corruption
Examples:
bribery illegal gratuities
conflicts of interest
economic extortion
-
8/6/2019 Ethics Fraud
18/49
-
8/6/2019 Ethics Fraud
19/49
Date: College of Agricultural Banking, RBI , PUNE
Computer FraudComputer Fraud
Theft, misuse, or misappropriation of assets by alteringcomputer data
Theft, misuse, or misappropriation of assets by alteringsoftware programming
Theft or illegal use of computer data/ information
Theft, corruption, illegal copying or destruction ofsoftware or hardware
Theft, misuse, or misappropriation of computer hardware
-
8/6/2019 Ethics Fraud
20/49
Date: College of Agricultural Banking, RBI , PUNE
Using the general IS model, explain how fraud can occur
at the different stages of information processing?
-
8/6/2019 Ethics Fraud
21/49
Date: College of Agricultural Banking, RBI , PUNE
Input ManipulationInput Manipulation
This phase of the system is most vulnerablebecause it is very easy to change data as it is
being entered into the system.
Often referred to as Data Diddling
Requires low level of computer expertise.
Also, GIGO (garbage in, garbage out)reminds us that if the input data isinaccurate, processing will result ininaccurate output.
-
8/6/2019 Ethics Fraud
22/49
Date: College of Agricultural Banking, RBI , PUNE
Program ManipulationProgram Manipulation
Program Frauds
Altering programs to allow illegal access to and/ormanipulation of data files
Destroying programs with a virus e.g Trojan Horse
Requires perpetrators to have program-specific knowledge.
Operations Frauds misuse of company computer resources, such as using the
computer for personal business
-
8/6/2019 Ethics Fraud
23/49
Date: College of Agricultural Banking, RBI , PUNE
Output ManipulationOutput Manipulation
Effected by targeting the output of the
computer system. Achieved by falsifying instructions to the
computer at the input stage.
E.g.Encoding falsified information on the back of
bank cards & credit cards.
Salami Technique
-
8/6/2019 Ethics Fraud
24/49
Date: College of Agricultural Banking, RBI , PUNE
Information Generation FraudInformation Generation Fraud
Stealing, misdirecting, or misusing computer output
Scavenging searching through the trash cans on the
computer center for discarded output (the outputshould be shredded, but frequently is not)
-
8/6/2019 Ethics Fraud
25/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Control Objectives According to SASInternal Control Objectives According to SASNo. 78No. 78
1. Safeguard assets of the firm2. Ensure accuracy and reliability of accountingrecords and information
3. Promote efficiency of the firms operations
4. Measure compliance with managementsprescribed policies and procedures
-
8/6/2019 Ethics Fraud
26/49
Date: College of Agricultural Banking, RBI , PUNE
Modifying Assumptions to the Internal ControlModifying Assumptions to the Internal Control
ObjectivesObjectives
Management Responsibility
The establishment and maintenance of a system of internal control is theresponsibility of management.
Reasonable Assurance
The cost of achieving the objectives of internal control should notoutweigh its benefits.
Methods of Data Processing
The techniques of achieving the objectives will vary with different typesof technology.
-
8/6/2019 Ethics Fraud
27/49
Date: College of Agricultural Banking, RBI , PUNE
Limitations of Internal ControlsLimitations of Internal Controls
Possibility of honest errors
Circumvention via collusion Management override
Changing conditions--especially in companies
with high growth
-
8/6/2019 Ethics Fraud
28/49
Date: College of Agricultural Banking, RBI , PUNE
Exposures of Weak Internal Controls (Risk)Exposures of Weak Internal Controls (Risk)
Destruction of an asset
Theft of an asset
Corruption of information
Disruption of the information system
-
8/6/2019 Ethics Fraud
29/49
Date: College of Agricultural Banking, RBI , PUNE
The Internal Controls ShieldThe Internal Controls Shield
-
8/6/2019 Ethics Fraud
30/49
Date: College of Agricultural Banking, RBI , PUNE
Preventive, Detective, and Corrective ControlsPreventive, Detective, and Corrective Controls
Undesirable Events
Levels
of
Control
Corrective
Preventive Preventive Preventive Preventive
Corrective Corrective
Detective Detective Detective
-
8/6/2019 Ethics Fraud
31/49
Date: College of Agricultural Banking, RBI , PUNE
Auditing StandardsAuditing Standards
Auditors are guided by GAAS(Generally Accepted AuditingStandards)
3 classes of standards
general qualification standards
field work standards
reporting standards
For specific guidance, auditors use the AICPAs SASs(Statements on Auditing Standards)
-
8/6/2019 Ethics Fraud
32/49
Date: College of Agricultural Banking, RBI , PUNE
SAS No. 78SAS No. 78
Describes the relationship between the firms
internal control structure, auditors assessment of risk, and
the planning of audit procedures
How do these three interrelate?
The weaker the internal control structure, the higher theassessed level of risk; the higher the risk, the more auditorprocedures applied in the audit. AIS is particularly concerned
with the internal control structure.
-
8/6/2019 Ethics Fraud
33/49
Date: College of Agricultural Banking, RBI , PUNE
Five Internal Control Components: SAS No.Five Internal Control Components: SAS No.7878
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
-
8/6/2019 Ethics Fraud
34/49
Date: College of Agricultural Banking, RBI , PUNE
1: The Control Environment1: The Control Environment
Integrity and ethics of management
Organizational structure
Role of the board of directors and the audit committee
Managements policies and philosophy
Delegation of responsibility and authority
Performance evaluation measures
External influences--regulatory agencies
Policies and practices managing human resources
-
8/6/2019 Ethics Fraud
35/49
Date: College of Agricultural Banking, RBI , PUNE
2: Risk Assessment2: Risk Assessment
Identify, analyze and manage risks relevant tofinancial reporting: changes in external environment
risky foreign markets
significant and rapid growth that strain internalcontrols
new product lines
restructuring, downsizing
changes in accounting policies
-
8/6/2019 Ethics Fraud
36/49
Date: College of Agricultural Banking, RBI , PUNE
3: Information and Communication3: Information and Communication
The AIS should produce high quality informationwhich: identifies and records all va l id transactions
provides t i m e l y information in appropriate detail topermit proper classification and financial reporting
accura te ly measures the financial value of transactions,
and accurately records transactions i n t h e t i m e p er i o d i n
w h i ch t h e y o ccu r r e d
-
8/6/2019 Ethics Fraud
37/49
Date: College of Agricultural Banking, RBI , PUNE
Information and CommunicationInformation and Communication
Auditors must obtain sufficient knowledge of the IS to understand:
the classes of transactions that are material
how these transactions are initiated [input]
the associated accounting records and accounts used inprocessing [input]
the transaction processing steps involved from the initiation ofa transaction to its inclusion in the financial statements[process]
the financial reporting process used to compile financialstatements, disclosures, and estimates [output]
[red shows relationship to the AIS model]
-
8/6/2019 Ethics Fraud
38/49
Date: College of Agricultural Banking, RBI , PUNE
4: Monitoring4: Monitoring
The process for assessing the quality of internal
control design and operation[This is feedback in the general AIS model.] Separate procedures--test of controls by internal auditors
Ongoing monitoring:
Computer modules integrated into routine operations Management reports which highlight trends and exceptions
from normal performance
-
8/6/2019 Ethics Fraud
39/49
-
8/6/2019 Ethics Fraud
40/49
Date: College of Agricultural Banking, RBI , PUNE
In manual system, separation between:
authorizing and processing a transaction custody and recordkeeping of the asset
subtasks
In computerized system, segregation should
exist between: program coding
program processing
program maintenance
Segregation of DutiesSegregation of Duties
-
8/6/2019 Ethics Fraud
41/49
Date: College of Agricultural Banking, RBI , PUNE
Authorization
Authorization
Authorization
Processing
Custody Recording
Task 1 Task 2 Task 2Task 1
Nested Control Objectives forNested Control Objectives for
TransactionsTransactions
Control
Objective 1
ControlObjective 2
ControlObjective 3
Custody Recording
-
8/6/2019 Ethics Fraud
42/49
Date: College of Agricultural Banking, RBI , PUNE
Physical ControlsPhysical Controls
Authorization
used to ensure that employees are carrying out onlyauthorized transactions
general (everyday procedures) or specific (non-routinetransactions) authorizations
Supervision a compensation for lack of segregation; some may be
built into computer systems
-
8/6/2019 Ethics Fraud
43/49
Date: College of Agricultural Banking, RBI , PUNE
Accounting Records
provide an audit trailAccess Controls
help to safeguard assets by restricting physical accessto them
Independent Verification reviewing batch totals or reconciling subsidiary accounts
with control accounts
Physical ControlsPhysical Controls
-
8/6/2019 Ethics Fraud
44/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Transaction Authorization
The rules are often embedded within computerprograms.
EDI/JIT: automated re-ordering of inventory without
human intervention
-
8/6/2019 Ethics Fraud
45/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Segregation of Duties
A computer program may perform many tasks thatare deemed incompatible.
Thus the crucial need to separate program
development, program operations, and programmaintenance.
-
8/6/2019 Ethics Fraud
46/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Supervision
The ability to assess competent employeesbecomes more challenging due to the greatertechnical knowledge required.
-
8/6/2019 Ethics Fraud
47/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Accounting Records
ledger accounts and sometimes source documentsare kept magnetically
no audit trail is readily apparent
-
8/6/2019 Ethics Fraud
48/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Access Control
Data consolidation exposes the organization tocomputer fraud and excessive losses from disaster.
-
8/6/2019 Ethics Fraud
49/49
Date: College of Agricultural Banking, RBI , PUNE
Internal Controls inInternal Controls in CBISsCBISs
Independent Verification
When tasks are performed by the computer ratherthan manually, the need for an independent check isnot necessary.
However, the programs themselves are checked.