Legal and Ethical Issues

for IT Auditors

ETHICS
principles of conduct that is

used in making choices and

guiding behavior in situations
that distinguishes
right from wrong

Ethical Responsibility
Every major decision has

consequences that potentially harm

or benefit employees, shareholders,
customers &the public
Managers must achieve balance
between these consequences.

Computer Ethics
Analysis of nature and social

impact of computer technology &

the corresponding formulation
and justification of policies for the
ethical use of such technology

Are there no more good people

in this world ?!?
Not ALL people will act ethically.
Social, Economic,
Political and other
pressures can drive
good people to do
bad things.
5

ETHICAL SYSTEM
Describes the duties

and behaviors
commonly considered
correct for a given
circumstance

Codes of Ethical
Conduct

Formal documentation of the

values of an enterprise or
organization
Can be:
a) Normative
b) Descriptive
7

Reasons for developing

Codes of Conduct:
1)
2)
3)

Define acceptable behaviors for

relevant parties
Promote high standards of practice
throughout the organization
Provide a benchmark for
organizational members to use for
self-evaluation
8

Reasons for developing

Codes of Conduct:
4)

5)
6)

Establish a framework for

professional behavior, obligations
and responsibilities
Offer a vehicle for occupational
identity
Reflect a mark of occupational
maturity
Adapted from Life Skills Coaches of British Columbia

MORALS

ETHICS

LEGAL

10

Irregular and Illegal Acts

Irregular Acts
reflect either an
intentional
violation of
corporate policies
or regulatory
requirements; or
an unintentional
breach of law

Illegal Acts
willful

violation of
the law

11

FRAUD
According

to law, must meet the ff:

1. False representation
2. Material Fact
3. Intent
4. Justifiable reliance
5. Injury or loss
aka white-collar crime, defalcation,
embezzlement, irregularities
12

FRAUD Levels
Employee Fraud

Management Fraud

Stealing of asset
Conversion to usable
form
Concealment of
crime

Management level
Involves the financial
statements
Involvement of related
3rd parties

13

Fraud Triangle
Situational
Pressure

Opportunity
Ethics

14

ISACA Guideline
auditors are not qualified to determine
whether an irregular, illegal or simply
erroneous act has occurred. Instead, it
should be made by a qualified expert (i.e.
lawyer, judge).
the extent to which the observed
unusual act if material to the financial
statements taken as a whole is outside
15

Regulatory and Legal Issues

Legal Contracts
A contract is an agreement between
or among 2 or more persons or
entities to do, or abstain from doing,
something in return for an exchange
of consideration.

16

Elements in a Contract
OFFER
CONSIDERATION

ACCEPTANCE

17

What to check
IT Auditors typically will examine
written contracts dealing with
the purchase and sale of goods
and services.

18

Employment Contracts

19

Confidentiality Agreements
Describe the nature of information
protected by the agreement
List permissible uses of such information
Affirm a duty of confidentiality
Identify remedies for noncompliance
Qualify the term of the agreement

20

Trade Secret Agreements

Trade secrets are the lifeblood of many

successful organization. Hence,
protecting such secrets from disclosure
is essential to the continued economic
viability of the company.

21

Discovery Agreements

Unless employees are specifically hired

to develop certain ideas or inventions,
they might own the intellectual rights to
such discoveries, depending on the state
and circumstance.

22

Noncompete Agreements
Has the following elements:
a) Offer
b) Consideration
c) Agreement
d) Period of time
e) Geographic radius

23

Computer Crime or
Cybercrime
Direct

or indirect use of computer

and communication technologies to
perpetrate a criminal act

24

Examples of Computer Crime

Examples:
hacking into an entitys network
stealing intellectual property
sabotaging a companys database
denial of service attack
harassing or blackmailing someone
pirating computer software
violating privacy rights
25

Intellectual Property

Refers to valuable creations of human

mind, such as inventions, literary and
artistic works, symbols, images and
designs.

The use of computer and communication

technologies in violating intellectual
property rights constitutes cybercrime.
26

A. Industrial Property
Patents
grant an inventor the right to exclude
others from producing or using the
inventors discovery or invention for a
limited period of time.
to be patented it must be:
a) Novel
b) Useful
c) Not of an obvious nature

27

A. Industrial Property
Patents

a)
b)
c)
d)

general types of intellectual discoveries:

Machines
Human-made products
Compositions of matter
Processing methods

nonrenewable period of 20 years from

the date of application

28

A. Industrial Property
Trademarks
reflect distinctive images or words
that sellers affix to distinguish the
origin of their products.

29

B. Individual Property
Copyright
protects creative works from being
reproduced, performed or
disseminated by others without
permission.
life of copyright begins the moment
the work is created and lasts for the
life of the creator plus and additional
fifty years.

30

Cyber Information
Crimes
When

electric information is
compromised, the ramifications fall
into 3 categories:

Confidentiality

Integrity
Availability
31

Privacy Issues
The

rights and obligations of

individuals and organizations with
respect to the collection, use,
disclosure and retention of
personally identifiable information

Can be:
a) Factual
b) Subjective

32

How its all related

Individual
Privacy Rights

Organizations

Accounting
Profession
33