it auditing & assurance, 2e, hall & singleton chapter 11: introduction to business ethics...

IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 11:Introduction to Business

Ethics and Fraud



Pertains to the principles of conduct that individuals use in making choices and guiding their behavior in situations that involve the concepts of right and wrong.

ETHICS

Business EthicsHow do managers decide on what is right

in conducting business?Once managers have recognized what is

right, how to they achieve it?

The necessity to have an articulate foundation for ethics and a consistent application of the ethical standards.


BUSINESS ETHICSBasis of Ethical Standards

Ethical Issues in Business [Table 11-1]

Religious Philosophical Historical IBM combination of all three

Equity Exec. salaries Pricing

Rights Health (screening) Privacy Sexual harassment Equal opportunity Whistleblowing

Honesty Conflicts of interest Security of data & records Foreign practices [FCPA] Accurate F/S reporting

Exercise of Corp. Power PAC, and politics Workplace safety Downsizing, closures


IMPLEMENTING BUSINESS ETHICS1990 Business Roundtable

Greater commitment of top management Written codes (policy) that clearly

communicate standards and expectations Programs to implement ethical guidelines Techniques to monitor compliance

Boeing Uses line managers to lead ethics training Toll-free number to report violations

General Mills Published guidelines with vendors, competitors, customers

Johnson & Johnson Creed integral to its culture Uses surveys to ascertain compliance

SAIC Toll-free number, required training, separate dept.


IMPLEMENTING BUSINESS ETHICS

Role of Management Create and maintain appropriate ethical atmosphere Limit the opportunity and temptation for unethical

behavior Management needs a methodology for including

lower-level managers and employees in the ethics schema Many times, lower-level managers responsible to uphold

ethical standards Poor ethical standards among employees are a root cause of

employee fraud and abuses

Managers and employees both should be made aware of firm’s code of ethics

What if management is unethical? e.g., Enron


IMPLEMENTING BUSINESS ETHICSReported Abuses

Typically junior employees (Wall Street Journal) Half of American workers believe the best way

to get ahead is politics and cheating One-third of a group of 9,175 surveyed had

stolen property and supplies from employers Ethics Resource Center: 1994 study

41% falsified reports 35% committed theft

Ethical Development Most people develop a personal code of ethics from

family, formal education, and personal experience Go through stages of moral evolution [Figure 11-2]


IMPLEMENTING BUSINESS ETHICSMaking Ethical Decisions

Business schools can and should be involved in ethical development of future managers

Business programs can teach students analytical techniques to use in trying to understand and properly handle a firm’s conflicting responsibilities to its employees, shareholders, customers, and the public

Every ethical decision has risks and benefits. Balancing them is the manager’s ethical responsibility:

Ethical Principles Proportionality: Benefits of a decision must outweigh the

risks. Choose least risky option. Justice: Distribute benefits of decision fairly to those who

share risks. Those who do not benefit should not carry any risk

Minimize Risk: Minimize all risks.


COMPUTER ETHICS

Levels of Computer Ethics POP: the exposure to stories and reports in popular media PARA: taking a real interest in computer ethics cases and

acquiring some level of skill and knowledge THEORETICAL: multi-disciplinary researchers who apply the

theories of philosophy, sociology, and psychology to computer science, intending to bring some new understanding to the field. That is, ethics research.

The analysis of the nature and social impact of computer technology and the

corresponding formulation and justification of policies for the ethical use of such

technology.


COMPUTER ETHICS

A new problem or just a new twist to an old problem?

Although computer programs are a new type of asset, many believe that they should not be considered as different form other forms of

property; i.e., intellectual property is the same as real property and the rights associated with real

property.


COMPUTER ETHICAL ISSUES1. Privacy:

Ownership of personal information Policies

2. Security: Systems attempt to prevent fraud and abuse of

computer systems, furthering the legitimate interests of firm

Shared databases have potential to disseminate inaccurate info to authorized users

3. Ownership of Property: Federal copyright laws

4. Race: African-Americans and Hispanics constitute 20%

of population but 7% of MIS professionals


COMPUTER ETHICAL ISSUES5. Equity in Access:

Some barriers are avoidable, some are not Factors: economic status, affluence of firm,

documentation language, cultural limitations

6. Environmental Issues: Should firms limit non-essential hard copies? What is non-essential? Disposal of equipment and supplies (toner)

7. Artificial Intelligence: Who is responsible for faulty decisions from

an Expert System? What is the extent of AI/ES in decision-making

processes?


COMPUTER ETHICAL ISSUES8. Unemployment & Displacement:

Computers and technology sometimes replace jobs (catch-22, productivity)

Some people unable to change with IT, get displaced and find it difficult to obtain new job

9. Misuse of Computer: Copying proprietary software Using a firm’s computers for personal benefit Snooping through firm’s files

10. Internal Control Responsibility: Unreliable information leads to bad decision, possible

financial distress Management must establish and maintain a system of

appropriate internal controls to ensure integrity and reliability of data (antithetical)

IS professionals and accountants are central to adequate internal controls


FRAUD & ACCOUNTANTSThe lack of ethical standards* is fundamental to the occurrence of

business fraud.No major aspect of the independent auditor’s role has caused more

difficulty for public accounting than the responsibility for detection of fraud during an audit. [article]

This issue has gathered momentum outside the accounting profession to the point where the profession faces a crisis in public confidence in its ability to perform independent attest functions. [SAS 82]

Fraud denotes a false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to

justifiably rely on the fact to his/her detriment, i.e., his/her injury or loss.

Synonyms: White-collar crime, defalcation, embezzlement, irregularities.


FRAUD

A fraudulent act must meet the following 5 conditions:

1. False representation2. Material fact3. Intent4. Justifiable reliance5. Injury or loss


FRAUD TREE Asset misappropriation fraud

1. Stealing something of value – usually cash or inventory (i.e., asset theft)

2. Converting asset to usable form3. Concealing the crime to avoid detection4. Usually, perpetrator is an employee

Financial fraud1. Does not involve direct theft of assets2. Often objective is to obtain higher stock price (i.e., financial fraud) 3. Typically involves misstating financial data to gain additional

compensation, promotion, or escape penalty for poor performance

4. Often escapes detection until irreparable harm has been done 5. Usually, perpetrator is executive management

Corruption fraud1. Bribery, etc.


FRAUD SCHEMES Fraudulent financial statements {5%} Corruption {10%}

Bribery Illegal gratuities Conflicts of interest Economic extortion

Asset misappropriation {85%} Charges to expense accounts Lapping Kiting Transaction fraud


EMPLOYEE FRAUD

Employee Theft

1) Theft of asset2) Conversion of asset (to cash, to

fraudster)3) Concealment of fraud


MANAGEMENT FRAUD

Special Characteristics:

1. Perpetrated at levels of management above the one where internal controls relate

2. Frequently involves using the financial statements to create false image of corporate financial health

3. If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties. [e.g., ZZZZ Best fraud]


FRAUD TRIANGLE People engage in fraudulent activities as a result of forces

within the individual (their ethical system) and without (from temptation and/or stress from the external environment)1. Situational Pressures2. Opportunity3. Rationalization

A person with a high level of personal ethics and limited pressure and opportunity to commit fraud is most likely to behave honestly [Figure 11-2]

A person with low level of integrity, and moderate to high pressures, and moderate to high opportunity is most likely to commit fraud

Auditors can develop a “red flag” checklist to detect possible fraudulent activity

A questionnaire approach could be used to help auditors uncover motivations for fraud


POSSIBLE QUESTIONNAIREDo key executives have unusually high personal debt?

Do key executives appear to be living beyond their means?

Do key executives engage in habitual gambling?

Do key executives appear to abuse alcohol or drugs?

Do key executives appear to lack personal codes of ethics?

Do key executives appear to be unstable (e.g., frequent job or residence changes, mental or emotional problems)?

Are economic conditions unfavorable within the company’s industry?

Does the company use several different banks, none of which sees the company’s entire financial picture?

Do key executives have close associations with suppliers?

Do key executives have close associations with members of the Audit Committee or Board?

Is the company experiencing a rapid turnover of key employees, either through quitting or being fired?

Do one or two individuals dominate the company?

Does anyone never take a vacation?


FINANCIAL LOSSES FROM FRAUD

1996, 2002, and 2004 study by Association of CFE (“Report to the Nation”) estimated losses from fraud and abuse at 6% of annual revenues! Based on GDP in 2002, that would be $600B, and in 2004 $660B in losses.

Actual cost is difficult to quantify because:1. All fraud is not detected2. Of ones detected, not all are reported3. In many cases, incomplete information is gathered4. Information is not properly distributed to management or law

enforcement authorities5. Too often, business organizations decide to take no civil or

criminal action against the perpetrator of fraud

Organizations with 100 or fewer employees were the most vulnerable to fraud SEC fraud violations reported in COSO “Landmark Study”

1998


FINANCIAL LOSSES FROM FRAUD

Profile of perpetrator: By position – Table 11-3 By gender – Table 11-5 By age – Table 11-6 By Education – Table 11-7 Conclusions about profile?

Fraudsters do not look like crooks!

Collusion – Table 11-4

1. Significant reason to adhere to segregation of duties

2. Risks associated with a key position held by a trusted employee who unknowingly has weak ethics


UNDERLYING PROBLEMS

Lack of auditor independence Lack of director independence Questionable executive

compensation schemes Inappropriate accounting practices


SARBANES-OXLEY ACT PCAOB Auditor independence

List of services considered non-independent

Corporate governance Issuer and management disclosure Fraud and criminal penalties


ANTI-FRAUD PROFESSION Fraud auditors Forensic accountants Association of Certified Fraud Examiners

Certified Fraud Examiner certification – http://www.acfe.org

Forensic Accounting Investigation Evidence for court Litigation CFE – Association of Certified Fraud

Examiners See newsletter sample at ACFE web site

http://www.acfe.org/


Chapter 11:Introduction to Business

Ethics and Fraud


it auditing & assurance, 2e, hall & singleton chapter 11: introduction to business ethics...

Documents