Chapter 3: Ethics, Fraud, And Internal Control Flashcards
Ethics
Pertains to the principles of conduct that individuals use in making choices and guiding their behavior in situations that involve the concept of right and wrong
Business Ethics
Involves finding the answers to 2 questions. How do managers decide what is right in conducting business? And how do they achieve what is right?
Computer Ethics
Is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology
Privacy
People desire to be in full control of what and how much information about themselves is available to others
Security
Is an attempt to avoid such undesirable events as a loss of confidentiality or data integrity
Fraud
Denotes a false representation of a material fact made by one party to another party with the intent to deceive the other party to justifiably rely on the fact
False Representation
There must be a false statement or a non disclosure
Material Fact
A fact must be a substantial factor in inducing someone to act
Intent
There must be the intent to deceive or the knowledge that one’s statement is false
Justifiable Reliance
The misrepresentation must have been a substantial fact on which the injured party relied
Injury or Loss
The deception must have caused injury or loss to the victim of the fraud
Employee Fraud
Is generally designed to directly convert cash or other assets to the employee’s personal benefit
Management Fraud
Usually does not involve the direct theft of assets. Is usually done by top management where internal controls can’t detect
Fraud Triangle
Consists of situational pressure, opportunity, and ethics
Fraudulent Statements
Are associated with management fraud. The financial statement misrepresentation must bring direct or indirect financial benefit to the perpetrator
Corruption
Involves an executive, manager or employee of the organization in collusion with an outsider. 10% of occupational fraud cases
Bribery
Involves giving, offering, or soliciting things of value to influence an official in the performance of their lawful duties
Illegal Gratuity
Involves giving or receiving something of value because of an official act that has been taken
Conflict of Interest
Occurs when an employee acts on behalf of a third party during the discharge of their duties or has self interest in the activity
Economic Extortion
Is the use of force by an individual or organization to obtain something of value
Skimming
Involves stealing cash from an organization before it is recorded on the organization’s books and records
Cash Larceny
Involves schemes in which cash receipts are stolen from an organization after they have been recorded in the organization’s books and records
Lapping
In which the cash receipts clerk first steals and cashes a check from customer A and makes up the difference from customer B
Vendor Fraud
Are perpetrated by employees who cause their employer to issue a payment to a false supplier by submitting invoices for goods and services
Shell Company
First requires that the perpetrator establish a false supplier in the books of the victim company. Them by issuing false invoices creates payments to this false supplier
Pass Through Fraud
Is similar to a shell company fraud with the exception that a transaction has taken place. Inventory is purchased from a legitimate supplier then the place is inflated by a fake supplier before being sold to the victim company
Pay and Return
Involves a clerk with check writing authority who intentionally pays a vendor twice for the same invoice. The supplier reimburses one of the checks and the employee takes the cash
Check Tampering
Involves forging or changing in some material way a check that the organization has written to a legitimate payee.
Payroll Fraud
Is the distribution of fraudulent paychecks
Expense Reimbursement Fraud
Involves false or inflated expense reimbursements
Non Cash Misappropriations
Involve the theft of non cash assets like inventory or information
Internal Control System
Consists of policies, practices, and procedures to achieve objectives
Management Responsibility
The establishment and maintenance of a system of internal control is the responsibility of management
Reasonable Assurance
Cost of achieving objectives should not outweigh the benefits
Methods of Processing
Control techniques vary with different types of technology
Limitations of Internal Control
Possibility of error, circumvention, management override, and changing conditions
Exposure
The absence or weakness of a control
Preventive Controls
Are passive techniques designed to reduce undesirable events by forcing compliance with prescribed or desired actions
Detective Controls
Are designed to identify undesirable events that elude preventive controls
Corrective Controls
Are actions taken to reserve the effects of errors detected
Sox Section 302
Requires management to certify organization’s internal on a quarterly and annual basis
Sox Section 404
Requires management to assess internal control effectiveness
Control Environment
Set the tone for the organization and influences control awareness
Risk Assessment
To identify, analyze, and manage financial reporting risks
Monitoring
Is the process by which the quality of internal control design and operations can be assessed
Control Activities
Are policies and procedures to ensure appropriate actions are taken to deal with identified risks
Transaction Authorization
Is to ensure all material transactions processes are valid
Segregation of Duties
Designed to minimize incompatible functions including separating transaction authorization and asset custody and record keeping
Supervision
Is a compensating control in organizations too small for sufficient segregation of duties
Accounting Records
Consist of source documents, journals, and ledgers which provide an audit trial
Access Controls
Ensure that only authorized personnel have access to firm assets
Independent Verification Procedures
Are checks to identify errors and misrepresentations
Check Digit
Is a control digit that is added to the data code when originally assigned
Missing Data Check
Identifies blank or incomplete input fields
Numeric Alphabetic Check
Indemnified data in the wrong form
Limit checks
Identify fields that exceed authorized limits
Range Checks
Verify that all amours fall within an acceptable range
Reasonableness Checks
Verify that amounts that have based limit and range checks are reasonable
Validity Checks
Compares actual fields against acceptable values
Processing Controls
Are programmed procedures to ensure an applications logic is functioning properly
Batch Controls
Manage the flow of high volume transactions and reconcile system output with original input
Audit Trail Controls
Ensure every transaction can be traced through each stage to processing from source to financial statements
Grandfather Father Son Backup
Used with systems that use sequential master files
Destructive Update
Approach leaves no backup copy and requires a special recovery program if data is destroyed or corrupted
Output Controls
Are procedures to ensure output is not lost, misdirected or corrupted and that privacy is not violated
