ACCOUNTING INFORMATION SYSTEM

CHAPTER 3:
INTRODUCTION TO THE NEEED FOR A
CODE OF ETHICS AND INTERNAL CONTROL

GROUP 3
 WHAT IS
STEWARDSHIP?
- Is the careful and responsible oversight and use of
the assets entrusted to management. This requires
that management maintain systems which allow it
to demonstrate that it has appropriately used these
funds and assets.
ACCOUNTING-RELATED FRAUD

can be defined as the theft, concealment, and

FRAUD conversion to personal gain of another’s
money, physical assets, or information.

In fraud, there is a distinction between misappropriation

of assets and misstatement of financial records.
1. Misappropriation of assets involves theft of any item of value. It is
1.
sometimes referred to as a defalcation, or internal theft, and the most
common examples are theft of cash or inventory. 
2. Misstatement of n financial records involves the falsification of
2.
accounting reports. This is often referred to as earnings management,
or fraudulent financial reporting.
 ACCOUNTING-RELATED FRAUD
FRAUD TRIANGLE Incentive to commit the fraud. Some kind of incentive
or pressure typically leads fraudsters to their deceptive
acts. Financial pressures, market pressures, job‐related
INCENTIVE failures, or addictive behaviors may create the
(PRESSURE) incentive to commit fraud. 
r Opportunity to commit the fraud. Circumstances may
provide access to the assets or records that are the
objects of fraudulent activity. Only those persons
having access can pull off the fraud. Ineffective
oversight is often a contributing factor. 

Rationalization of the fraudulent action. Fraudsters

typically justify their actions because of their lack of
moral character. They may intend to repay or make up
for their dishonest actions in the future, or they may
believe that the company owes them as a result of
unfair expectations or an inadequate pay raise.
OPPORTUNITY RATIONALIZATION
(ATTITUDE)
THE NATURE OF MANAGEMENT FRAUD

Management
Fraud
conducted by one or more top‐level managers within
the company, is usually in the form of fraudulent
financial reporting. Oftentimes, the chief executive
officer (CEO) or chief financial officer (CFO) conducts
fraud by misstating the financial statements through
elaborate schemes or complex transactions.
 THE NATURE OF MANAGEMENT FRAUD

Managers misstate financial statements in order to

receive such indirect benefits as the following:
1. Increased stock price
2. Improved financial statements.
3. Enhanced chances of promotion, or avoidance of
firing or demotion.
4. Increased incentive‐based compensation.
5. Delayed cash flow problems or bankruptcy.
THE NATURE OF EMPLOYEE FRAUD

Employee
Fraud
Is conducted by non management
employees. This usually means that an
employee steals cash or assets for
personal gain.
 THE NATURE OF EMPLOYEE FRAUD

KINDS OF EMPLOYEE FRAUD

Inventory theft. Inventory can be stolen or misdirected. This could
be merchandise, raw materials, supplies, or finished goods
inventory.

Cash receipts theft. This occurs when an employee steals cash from
the company. An example would be the theft of checks collected
from customers.
 THE NATURE OF EMPLOYEE FRAUD

KINDS OF EMPLOYEE FRAUD

Accounts payable fraud. Here, the employee may submit a false invoice, create a
fictitious vendor, or collect kickbacks from a vendor. A kickback is a cash payment that
the vendor gives the employee in exchange for the sale; it is like a business bribe.

Payroll fraud. This occurs when an employee submits a false or inflated timecard.

Expense account fraud. This occurs when an employee submits false travel or
entertainment expenses or charges an expense account to cover the theft of cash.
 THE NATURE OF EMPLOYEE FRAUD
SKIMMING LARCENY COLLUSION
where the organization’s cash Stealing the company’s cash occurs when two or more
is stolen before it is entered after it has been recorded in people work together to
into the accounting records. the accounting records. commit a fraud.
THE NATURE OF CUSTOMER FRAUD

Customer
Fraud
Customer fraud occurs when a customer improperly
obtains cash or property from a company or avoids a
liability through deception. Although customer fraud
may affect any company, it is an especially common
problem for retail firms and companies that sell goods
through Internet‐based commerce.
 THE NATURE OF CUSTOMER FRAUD
EXAMPLES OF CUSTOMER FRAUD
Credit card fraud and check fraud involve the customer’s use of
stolen or fraudulent credit cards and checks.

Refund fraud occurs when a customer tries to return stolen

goods to collect a cash refund.
THE NATURE OF VENDOR FRAUD

Vendor
Fraud
Vendor fraud occurs when vendors obtain payments to
which they are not entitled. Unethical vendors may
intentionally submit duplicate or incorrect invoices,
send shipments in which the quantities are short, or
send lower‐ quality goods than ordered. Vendor fraud
may also be perpetrated through collusion.
 THE NATURE OF CUSTOMER FRAUD
VENDOR AUDITS
Involve the examination of vendor records in support of
amounts charged to the company.
THE NATURE OF COMPUTER FRAUD

Computer
Fraud
Computer fraud is the use of computers, the
Internet, Internet devices, and Internet services
to defraud people or organizations of resources.
 THE NATURE OF CUSTOMER FRAUD

INDUSTRIAL ESPIONAGE
The theft of proprietary company
information, by digging through the
trash of the intended target
company.
 THE NATURE OF CUSTOMER FRAUD

SOFTWARE PIRACY
The unlawful copying of software
programs.
INTERNAL SOURCES OF INTERNAL FRAUD

INTERNAL SOURCES
OF INTERNAL FRAUD
When an employee of an organization
attempts to conduct fraud through
the misuse of a computer‐ based
system, it is called internal computer
fraud.
INTERNAL SOURCES OF INTERNAL FRAUD

INTERNAL COMPUTER FRAUD CONCERNS EACH OF THE

FOLLOWING ACTIVITIES:
Input manipulation - usually involves altering data that is input into the
computer.

Program manipulation - occurs when a program is altered in some

fashion to commit a fraud.

Output manipulation - if a person alters the system’s checks or reports.

INTERNAL SOURCES OF INTERNAL FRAUD

EXAMPLES OF PROGRAM MANIPULATION

Salami Technique - to alter a program to slice a small amount from several accounts
and then credit those small amounts to the perpetrator’s benefits

Trojan Horse Program - is a small, unauthorized program within a larger, legitimate

program, used to manipulate the computer system to conduct a fraud.

Trap Door Alteration - is a valid programming tool that is misused to commit fraud. As
programmers write software applications, they may allow for unusual or unique ways to
enter the program to test small portions, or modules, of the system.
EXTERNAL SOURCES OF COMPUTER FRAUD

EXTERNAL SOURCES
OF COMPUTER FRAUD
External computer frauds are
conducted by someone outside the
company who has gained
unauthorized access to the computer.
 INTERNAL SOURCES OF INTERNAL FRAUD

TWO COMMON TYPES OF EXTERNAL FRAUD

Hacking is the term commonly used for computer network break‐ins. Hacking may be
undertaken for various reasons, including industrial espionage, credit card theft from
online databases, destruction or alteration of data, or merely thrill‐seeking.

[DOS Attack] A denial of service attack is intended to

overwhelm an intended target computer system with
so much bogus network traffic that the system is
unable to respond to valid network traffic.
 INTERNAL SOURCES OF INTERNAL FRAUD

TWO COMMON TYPES OF EXTERNAL FRAUD

Spoofing occurs when a person, through a
computer system, pretends to be someone else.

Internet Spoofing is the most Email Spoofing is to the direct

dangerous to the accounting and
control systems, because a
spoofer fools a computer into
thinking that the network traffic
arriving is from a trusted source.
financial interests of most
business organizations, it is
nevertheless a source of irritation
and inconvenience at the
workplace.
POLICIES TO ASSIST IN THE AVOIDANCE OF FRAUD AND ERRORS

Concepts in a Code of Ethics

Following are three critical actions that an organization can
undertake to assist in the prevention or detection of fraud and
errors:
1. Maintain and enforce a code of ethics.
2. Maintain a system of accounting internal controls.
3. Maintain a system of information technology controls.
MAINTENANCE OF A CODE OFETHICS

Establishing and maintaining a culture where ethical conduct is

recognized, valued, and exemplified by all employees. This
includes:
Obeying applicable laws and regulations that govern
business. Conducting business in a manner that is honest,
fair, and trustworthy.
Avoiding all conflicts of interest
Creating and maintaining a safe work environment
Protecting the environment
MAINTENANCE OF ACCOUNTING INTERNAL CONTROLS

Attempting to prevent or detect fraud is only one of the

reasons that an organization maintains a system of internal
controls.

The objectives of an internal control system are as follows:

1. Safeguard assets (from fraud or errors).
2. Maintain the accuracy and integrity of the accounting data.
Promote operational efficiency.
3. Ensure compliance with management directives.
CONTROL
ENVIRONMENT
sets the tone of an organization and
influences the control consciousness
of its employees.
RISK
ASSESSMENT
considers existing threats and the
potential for additional risks and
stands ready to respond should
these events occur.
RISK
ASSESSMENT
considers existing threats and the
potential for additional risks and
stands ready to respond should
these events occur.
CONTROL ACTIVITIES
policies and procedures that help ensure that management
directives are carried out and that management objectives are
achieved.

The control activities include a range of actions that should be

deployed through the company’s policies and procedures. These
activities can be divided into the following categories:
1. Authorization of transactions
2. Segregation of duties
3. Adequate records and documents
4. Security of assets and documents
5. Independent checks and reconciliations
CONTROL ACTIVITIES

AUTHORIZATION
refers to an approval, or endorsement,
from a responsible person or
department in the organization that
has been sanctioned by top
management.
 CONTROL ACTIVITIES
AUTHORIZATION

When management delegates authority and develops

guidelines as to the use of that authority, it must assure
that the authorization is separated from other duties.
This separation of related duties is called
SEGREGATION OF DUTIES. SEGREGATION OF DUTIES.
1. AUTHORIZATION
2. RECORDING
3. CUSTODY
CONTROL ACTIVITIES

ADEQUATE RECORDS AND

DOCUMENT
is management is conscientious and
thorough about preparing and
retaining documentation in support of
its accounting transactions, internal
controls are strengthened.
CONTROL ACTIVITIES

SECURITY OF ASSETS AND

DOCUMENTS
Organizations should establish
control activities to safeguard their
assets, documents, and records.
CONTROL ACTIVITIES

INDEPENDENT CHECKS AND

RECONCILIATION
Independent checks on performance are an
important aspect of control activities.
INDEPENDENT CHECKS serve as a method RECONCILIATION is a
to confirm the accuracy and completeness of procedure that compares
data in the accounting system. records from different sources.
CONTROL ACTIVITIES

Monitoring involves the ongoing review and evaluation of

the system.

Reasonable assurance means that the controls achieve a

sensible balance of reducing risk when compared with the
cost of the control
 MAINTENANCE OF A INFORMATION
TECHNOLOGY CONTROLS
Information technology plays such an
important role in organizations that any
failure in these systems can halt such
ongoing operations as sales,
manufacturing, or purchasing. IT systems
have become the lifeblood of operations
for most companies.
 MAINTENANCE OF A INFORMATION
TECHNOLOGY CONTROLS
In response to this need, the Information Systems Audit and
Control Association (ISACA) developed an extensive framework
of information technology controls, entitled COBIT, for Control
Objectives for Information Technology
Trust Service Principles.10 This guidance addresses risks and
opportunities of information technology, and the most recent version
became effective in 2006. The Trust Services Principles set forth
guidance for CPAs who provide assurance services for organizations.
 Trust Services Principles
Risk and controls in IT are divided into five categories in the
Trust Services Principles, as follows:
1. security
2. availability
3. processing integrity
4. online privacy
5. confidentiality
 THE SARBANES–OXLEY ACT OF 2002
The Sarbanes–Oxley Act was signed into law on July 30, 2002,
for the purpose of improving financial reporting and reinforcing
the importance of corporate ethics.
 THE SARBANES–OXLEY ACT OF 2002
SECTION 404—MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS An
internal control report is required to accompany each financial statement filing.
The internal control report must establish management’s responsibility for the
company’s internal controls and related financial reporting systems.

SECTION 406—CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS The Act

requires all public companies to have in place a code of ethics covering its CFO
and other key accounting officers. The code must include principles that
advocate honesty and moral conduct, fairness in financial reporting, and
compliance with applicable governmental rules and regulations.
Thank You
Very Much