What are the main computer ethicsissues?

Chapter 5 ▪ Privacy
▪
Ethics, Fraud,and ▪
Security—accuracy andconfidentiality
Ownership of property
▪ Equity in access
Internal Control ▪
▪
Environmental issues
Artificial intelligence
▪ Unemployment and displacement
ETHICALISSUESINBUSINESS ▪ Misuse of computer
Business Ethics
Why should we be concerned about ethics in the FRAUDANDACCOUNTANTS
business world?
Legal Definition of Fraud
▪ Ethics are needed when conflicts arise—the ▪ False representation - false statement or
need to choose disclosure
▪ In business, conflicts may arise between: ▪ Material fact - a factmust be substantial in
o employees inducing someone to act
o management ▪ Intent to deceive must exist
o stakeholders ▪ The misrepresentation must have resultedin
▪ Litigation justifiable reliance upon information, which
caused someone to act
Business ethics involves finding the answers totwo
▪ The misrepresentation must have caused injury
questions:
or loss
▪ How do managers decide on what is rightin
conducting their business? Financial Losses from Fraud
▪ Once managers have recognized what isright, 2008 ACFEStudy of Fraud
how do they achieveit? ▪ Loss due to fraud equal to 7%ofrevenues—

Four Main Areas of Business Ethics Position %of Frauds Loss$

Owner/Executive 23% $834,000

Manager 37% 150,000

Employee 40% 70,000

approximately $994 billion

▪ Loss by position within the company:
▪ Other results: higher losses due to men,
employees acting in collusion, andemployees
with advance degrees

Enron, WorldCom, Adelphia

Underlying Problems
▪ Lack of Auditor Independence: auditing firms
Computer Ethics… also engaged by their clients to perform
nonaccounting activities

Computer ethics concerns the social impact of computer ▪ Lack of Director Independence: directors who
technology (hardware, software, and also serve on the boards of other companies,
telecommunications). have abusiness trading relationship, have a
 financial relationship as stockholders or have
received personal loans, or have an operational
relationship asemployees
▪ Questionable Executive Compensation Schemes:
short-term stock options as compensation result
in short-term strategies aimed at drivingup
stock prices at the expense of the firm’s long-
term health
▪ Inappropriate Accounting Practices: a
characteristic common to manyfinancial
statement fraud schemes
o Enron made elaborate use of special
purpose entities.
o WorldCom transferred transmission line
costs from current expense accounts to
capital accounts.
Sarbanes-Oxley Act of 2002
Its principal reforms pertainto:
▪ Creation of thePublic Company Accounting
Oversight Board (PCAOB)
▪ Auditor independence—more separation
between a firm’s attestation andnon-auditing
activities
▪ Corporate governance and responsibility—audit
committee members must be independent and
the audit committee must oversee the external
auditors
▪ Disclosure requirements—increase issuer and
management disclosure
▪ New federal crimes for the destruction of or
tampering with documents, securities fraud,and
actions against whistleblowers
The Perpetrators of Frauds
Employee Fraud
▪ Committed by non-managementpersonnel
▪ Usually consists of: an employee taking cashor
other assets for personal gain bycircumventing
a company’s system of internal controls
Management Fraud
▪ Perpetrated at levels of managementabove the
one towhich internal control structure relates
▪ Frequently involves using financial statementsto
create an illusion that an entity is healthier and
more prosperous than it actually is
▪ Involves misappropriation of assets, it frequently
is shrouded in a maze of complex business
transactions
Fraud Schemes
Three categories of fraud schemes according to the
Association of Certified FraudExaminers:
A. fraudulent statements
B. corruption
C. asset misappropriation
A. Fraudulent Statements
▪ Misstating the financial statements to make the
copy appear better than it is
▪ Usually occurs as management fraud
▪ May be tied to focus on short-termfinancial
measures for success
▪ May also be related to management bonus
packages being tied to financialstatements
B. Corruption
▪ Examples:
o bribery
o illegal gratuities
o conflicts of interest
o economicextortion
▪ Foreign Corrupt Practice Act of 1977:
o indicative of corruption inbusiness
world
o impacted accounting by requiring
accurate records and internal controls
C.Asset Misappropriation
▪ Most common type of fraud and oftenoccurs as
employee fraud
▪ Examples:
o making charges to expense accountsto
cover theft of asset (especiallycash)
o lapping: using customer’s check from
one account to cover theftfrom a
different account
o transaction fraud: deleting, altering, or
adding false transactions to stealassets
INTERNALCONTROLCONCEPTSAND The Internal Controls Shield
TECHNIQUES
Internal Control Objectives According to AICPA
SAS
1. Safeguard assets of the firm
2. Ensure accuracy and reliability of accounting
records and information
3. Promote efficiency of thefirm’s operations
4. Measure compliance with management’s
prescribed policies and procedures

Modifying Assumptions to the Internal Control

Objectives
▪ Management Responsibility
The establishment and maintenance of a system of
internal control is the responsibility ofmanagement.
Preventive, Detective, and Corrective Controls
▪ Reasonable Assurance
The cost of achieving the objectives of internal control
should not outweigh itsbenefits.

▪ Methods of DataProcessing
The techniques of achieving the objectives will vary with
different types of technology.

Limitations of Internal Controls

▪ Possibility of honest errors
▪ Circumvention via collusion
▪ Management override
▪ Changing conditions--especially in companies
with high growth
Exposures of Weak Internal Controls (Risk)
▪ Destruction of anasset
▪ Theft of anasset
▪ Corruption of information
▪ Disruption ofthe information system
SAS78 / COSO
Describes the relationship between the firm’s…
• internal control structure,
• auditor’s assessment of risk,and
• the planning ofaudit procedures
How do these threeinterrelate?
The weaker the internal control structure, thehigher the
assessed level of risk; the higher the risk, the more
auditor procedures applied in theaudit.

Five Internal Control Components: SAS 78 / COSO

1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment
▪ Integrity and ethics of management
▪ Organizational structure
▪ Role of the board of directors and the audit
committee
▪ Management’s policies and philosophy
▪ Delegation of responsibility andauthority
▪ Performance evaluation measures
▪ External influences—regulatory agencies
▪ Policies and practices managing human
resources
2: RiskAssessment
▪ Identify, analyze and manage risks relevant to
financial reporting:
o changes in external environment
o risky foreign markets
o significant and rapid growth thatstrain
internal controls
o new product lines
o restructuring, downsizing
o changes in accounting policies
3: Information and Communication
▪ The AISshould produce high quality information
which:
o identifies and records all valid
transactions
o provides timely information in
appropriate detail to permit proper
classification and financial reporting
o accurately measures the financialvalue
of transactions
o accurately records transactions in the
time period in which they occurred
▪ Auditors must obtain sufficient knowledge of the
ISto understand:
o the classes of transactions thatare
material
o how these transactions areinitiated
[input]
o the associated accounting recordsand
accounts used in processing[input]
o the transaction processingsteps
involved from the initiation of a
transaction to its inclusion inthe
financial statements [process]
o the financial reporting process usedto
compile financial statements,
disclosures, and estimates[output]
4: Monitoring
The process for assessing the quality ofinternal control
design and operation
[This is feedback in the general AISmodel.]
▪ Separate procedures—test of controls by
internal auditors
▪ Ongoingmonitoring:
o computer modules integrated into
routine operations
o management reports which highlight
trends and exceptions from normal
performance
5: ControlActivities
▪ Policies and procedures to ensure that the
appropriate actions are taken in responseto
identified risks
▪ Fall into two distinctcategories:
o IT controls—relate specifically to the
computer environment
o Physical controls—primarily pertain to
human activities
Two Types of ITControls
▪ General controls—pertain to the entitywide
computer environment
o Examples: controls over the datacenter,
organization databases, systems
development, and program
maintenance
▪ Application controls—ensure the integrity of
specific systems
o Examples: controls over sales order
processing, accounts payable, and
payroll applications
Physical Controls
Six Types of Physical Controls
▪ Transaction Authorization
▪ Segregation of Duties
▪ Supervision
▪ Accounting Records
▪ Access Control
▪ Independent Verification
Transaction Authorization
▪ used to ensure that employees arecarrying
out only authorizedtransactions
 ▪ general (everyday procedures) or specific
(non-routine transactions) authorizations
Segregation of Duties
▪ In manual systems, separation between:
o authorizing and processing a transaction
o custody and recordkeeping of theasset
o subtasks
▪ In computerized systems, separationbetween:
o program coding
o program processing
o program maintenance
AccessControl
▪ Data consolidation exposes the organization to
computer fraud and excessive losses from
disaster.
Independent Verification
▪ When tasks are performed by the computer
rather than manually, the need for an
independent check is not necessary.
▪ However, the programs themselves arechecked.

Supervision
▪ a compensation for lack of segregation;some
may be built into computersystems

Accounting Records
▪ provide an audit trail

Access Controls
▪ help to safeguard assets by restricting physical
access to them

Independent Verification
▪ reviewing batch totals or reconciling subsidiary
accounts with control accounts

Physical Controls in ITContexts

Transaction Authorization
▪ The rules are often embedded within computer
programs.
o EDI/JIT: automated re-ordering of
inventory without humanintervention

Segregation of Duties
▪ A computer program may perform many tasks
that are deemedincompatible.
▪ Thus the crucial need to separateprogram
development, program operations, andprogram
maintenance.

Supervision
▪ The ability to assess competent employees
becomes more challenging due to thegreater
technical knowledge required.

Accounting Records
▪ ledger accounts and sometimes source
documents are kept magnetically
o no audit trail is readilyapparent