Ethics, Fraud Schemes, and Fraud Detection: IT Auditing, Hall, 3e

Chapter 12:
Ethics, Fraud Schemes,

and Fraud Detection
IT Auditing, Hall, 3e
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Ethics
Pertains to the principles of conduct that
individuals use in making choices and guiding
their behavior in situations that involve the
concepts of right and wrong.
Business Ethics
How do managers decide on what is right

in conducting business?
Once managers have recognized what is
right, how to they achieve it?
The necessity to have an articulate
foundation for ethics and a consistent
application of the ethical standards.
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
Business Ethics
Basis of Ethical Standards
Religious
Philosophical
Historical
IBM combination of all three
Ethical Issues in Business [Table 12-1]

Equity
Exec. salaries
Pricing
Rights
Health (screening)
Privacy
Sexual harassment
Equal opportunity
Whistle-blowing
Honesty
Conflicts of interest
Security of data & records
Foreign practices [FCPA]
Accurate F/S reporting
Exercise of Corp. Power

PAC, and politics
Workplace safety
Downsizing, closures

scanned,
3e
Implementing Business Ethics

Making Ethical Decisions
Business schools can and should be involved in ethical
development of future managers

Business programs can teach students analytical techniques to
use in trying to understand and properly handle a firms conflicting
responsibilities to its employees, shareholders, customers, and
the public
Every ethical decision has risks and benefits. Balancing them is
the managers ethical responsibility:
Ethical Principles
Proportionality: Benefits of a decision must outweigh the
risks. Choose least risky option.
Justice: Distribute benefits of decision fairly to those who
share risks. Those who do not benefit should not carry any
risk
Minimize Risk: Minimize all risks.
scanned,
3e
Computer Ethics
The analysis of the nature and social impact
of computer technology and the
corresponding formulation and justification
of policies for the ethical use of such
technology.
Levels of Computer Ethics
POP: the exposure to stories and reports in popular media
PARA: taking a real interest in computer ethics cases and
acquiring some level of skill and knowledge

THEORETICAL: multi-disciplinary researchers who apply the
theories of philosophy, sociology, and psychology to computer
science, intending to bring some new understanding to the field.
That is, ethics research.
scanned,
3e
Computer Ethics
A new problem or just a new twist to an old
problem?
Although computer programs are a new type of
asset, many believe that they should not be
considered as different form other forms of
property; i.e., intellectual property is the same as
real property and the rights associated with real
property.

scanned,
3e
Computer Ethical Issues

1. Privacy:
Ownership of personal information

Policies
2. Security:
Systems attempt to prevent fraud and abuse of

computer systems, furthering the legitimate
interests of firm
Shared databases have potential to disseminate
inaccurate info to authorized users
3. Ownership of Property:
Federal copyright laws
4. Race:
African-Americans and Hispanics constitute 20%

of population but 7% of MIS professionals

scanned,
3e

5. Equity in Access:
Some barriers are avoidable, some are not

Factors: economic status, affluence of firm,
documentation language, cultural limitations
6. Environmental Issues:
Should firms limit non-essential hard copies?

What is non-essential?
Disposal of equipment and supplies (toner)
7. Artificial Intelligence:
Who is responsible for faulty decisions from

an Expert System?
What is the extent of AI/ES in decision-making
processes?

scanned,
3e

8. Unemployment & Displacement:
Computers and technology sometimes replace jobs

(catch-22, productivity)
Some people unable to change with IT, get displaced
and find it difficult to obtain new job
9. Misuse of Computer:
Copying proprietary software

Using a firms computers for personal benefit
Snooping through firms files
10. Internal Control Responsibility:
Unreliable information leads to bad decision, possible

financial distress
Management must establish and maintain a system of
appropriate internal controls to ensure integrity and
reliability of data (antithetical)
IS professionals and accountants are central to
adequate internal controls

scanned,
3e
Sarbanes-Oxley Act and Ethical Issues

Section 406 requires written disclosure of
code of ethics pertaining to:
Full and fair disclosures
Legal compliance
Internal reporting of code violations
Accountability
Hall, 3e
10
Fraud and Accountants

The lack of ethical standards* is fundamental to the occurrence of
business fraud.
No major aspect of the independent auditors role has caused more
difficulty for public accounting than the responsibility for detection of
fraud during an audit. [article]
This issue has gathered momentum outside the accounting profession to
the point where the profession faces a crisis in public confidence in
its ability to perform independent attest functions. [SAS 82]
Fraud denotes a false representation of a material

fact made by one party to another party with the
intent to deceive and induce the other party to
justifiably rely on the fact to his/her detriment, i.e.,
his/her injury or loss.
Synonyms: White-collar crime, defalcation,
embezzlement, irregularities.
scanned,
3e
11
Fraud
A fraudulent act must meet the following
5 conditions:
1.
2.
3.
4.
5.
False representation
Material fact
Intent
Justifiable reliance
Injury or loss

scanned,
3e
12
Employee Fraud
Employee Theft
1) Theft of asset
2) Conversion of asset (to cash, to
fraudster)
3) Concealment of fraud

scanned,
3e
13
Management Fraud
Special Characteristics:
1. Perpetrated at levels of management above the
one where internal controls relate

2. Frequently involves using the financial statements
to create false image of corporate financial health

3. If fraud involves misappropriation of assets, it
frequently is shrouded in a complex maze of

business transactions, and often involves third
parties. [e.g., ZZZZ Best fraud]

scanned,
3e
14
Fraud Triangle
People engage in fraudulent activities as a result of forces
within the individual (their ethical system) and without (from
temptation and/or stress from the external environment)
1. Situational Pressures
2. Opportunity
3. Rationalization
A person with a high level of personal ethics and limited
pressure and opportunity to commit fraud is most likely to
behave honestly [Figure 12-1]
A person with low level of integrity, and moderate to high
pressures, and moderate to high opportunity is most likely
to commit fraud
Auditors can develop a red flag checklist to detect
possible fraudulent activity
A questionnaire approach could be used to help auditors
uncover motivations for fraud
scanned,
3e
15
Possible Questionnaire
Do key executives have unusually high personal debt?
Do key executives appear to be living beyond their means?
Do key executives engage in habitual gambling?
Do key executives appear to abuse alcohol or drugs?
Do key executives appear to lack personal codes of ethics?
Do key executives appear to be unstable (e.g., frequent job or
residence changes, mental or emotional problems)?

scanned,
3e
16
Possible Questionnaire
(cont.)
Are economic conditions unfavorable within the

companys industry?
Does the company use several different banks, none of
which sees the companys entire financial picture?
Do key executives have close associations with
suppliers?
Do key executives have close associations with
members of the Audit Committee or Board?
Is the company experiencing a rapid turnover of key
employees, either through quitting or being fired?
Do one or two individuals dominate the company?
Does anyone never take a vacation?
scanned,
3e
17
Financial Losses from Fraud
1996, 2002, and 2004 study by Association of CFE (Report to the

Nation) estimated losses from fraud and abuse at 6% of annual
revenues! Based on GDP in 2002, that would be $600B, and in
2004 $660B in losses.
Actual cost is difficult to quantify because:

1. All fraud is not detected
2. Of ones detected, not all are reported
3. In many cases, incomplete information is gathered
4. Information is not properly distributed to management or law
enforcement authorities
5. Too often, business organizations decide to take no civil or
criminal action against the perpetrator of fraud
Organizations with 100 or fewer employees were the most

vulnerable to fraud
. SEC fraud violations reported in COSO Landmark Study
1998

scanned,
3e
18
Financial Losses from Fraud

Profile of perpetrator (Summarized in Tables 12-
3 to 12-7)
By position
By gender
By age
By Education
Collusion
1. Significant reason to adhere to segregation of
duties
2. Risks associated with a key position held by a
trusted employee who unknowingly has weak
ethics
scanned,
3e
19
Fraud Schemes
Fraudulent financial statements {5%}
Corruption {10%}
Bribery
Illegal gratuities
Economic extortion
Asset misappropriation {85%}
Charges to expense accounts
Lapping
Kiting
Transaction fraud
scanned,
3e
20
Underlying Problems
Lack of auditor independence
Lack of director independence
Questionable executive
compensation schemes
Inappropriate accounting practices

scanned,
3e
21
Sarbanes-Oxley Act and Fraud

PCAOB
Auditor independence
List of services considered non-
independent
Corporate governance
Issuer and management disclosure
Fraud and criminal penalties
scanned,
3e
22
Corruption
Examples:
bribery
illegal gratuities
conflicts of interest
economic extortion
Foreign Corrupt Practice Act of 1977:

indicative of corruption in business world
impacted accounting by requiring accurate
records and internal controls
Hall, 3e
23
Asset Misappropriation
Most common type of fraud and often
occurs as employee fraud
Examples:
making charges to expense accounts to cover

theft of asset (especially cash)
lapping: using customers check from one
account to cover theft from a different account
transaction fraud: deleting, altering, or adding
false transactions to steal assets
Hall, 3e
24
Computer Fraud Schemes

Theft, misuse, or misappropriation of
assets by altering computer-readable
records and files
assets by altering logic of computer
software
Theft or illegal use of computer-readable
information
Theft, corruption, illegal copying or
intentional destruction of software
computer hardware
Hall, 3e
25
Using the general IS model, explain how fraud can occur

at the different stages of information processing?
Hall, 3e
26
Data Collection Fraud

This aspect of the system is the most
vulnerable because it is relatively easy to
change data as it is being entered into the
system.
Also, the GIGO (garbage in, garbage out)
principle reminds us that if the input data
is inaccurate, processing will result in
inaccurate output.
Hall, 3e
27
Data Processing Fraud

Program Frauds
altering programs to allow illegal access to
and/or manipulation of data files
destroying programs with a virus
Operations Frauds
misuse of company computer resources,
such as using the computer for personal
business
Hall, 3e
28
Database Management
Fraud
Altering, deleting, corrupting, destroying, or
stealing an organizations data
Oftentimes conducted by disgruntled or exemployee
Hall, 3e
29
Information Generation
Fraud
Stealing, misdirecting, or misusing computer
output
Scavenging
searching through the trash cans on the
computer center for discarded output (the
output should be shredded, but frequently is
not)
Hall, 3e
30
Auditors Responsibility for Detecting

FruadSAS No. 99
Sarbanes-Oxley Act 2002
SAS No. 99 Consideration of Fraud in a
Financial Statement Audit
1. Description and characteristics of fraud
2. Professional skepticism
3. Engagement personnel discussion
4. Obtaining audit evidence and information
5. Identifying risks
6. Assessing the identified risks
7. Responding to the assessment
8. Evaluating audit evidence and information
9. Communicating possible fraud
10. Documenting consideration of fraud
scanned,
3e
31
Fraudulent Financial Reporting

Risk factors:
1. Managements characteristics and
influence over the control environment

2. Industry conditions
3. Operating characteristics and financial
stability

scanned,
3e
32
Fraudulent Financial Reporting

Common schemes:
Improper revenue recognition
Improper treatment of sales
Improper asset valuation
Improper deferral of costs and
expenses
Improper recording of liabilities
Inadequate disclosures
scanned,
3e
33
Misappropriation of Assets
Risk factors:
1. Susceptibility of assets to
misappropriation
2. Controls

scanned,
3e
34
Misappropriation of Assets
Common schemes:
Personal purchases
Ghost employees
Fictitious expenses
Altered payee
Pass-through vendors
Theft of cash (or inventory)
Lapping

scanned,
3e
35
Auditors Response to Risk

Assessment
Engagement staffing and extent of
supervision
Professional skepticism
Nature, timing, extent of procedures
performed

scanned,
3e
36
Auditors Response to Detected

Misstatements Due to Fraud
If no material effect:
Refer matter to appropriate level of management
Ensure implications to other aspects of the audit
have been adequately addressed
If effect is material or undeterminable:

Consider implications for other aspects of the audit
Discuss the matter with senior management and
audit committee
Attempt to determine if material effect
Suggest client consult with legal counsel
scanned,
3e
37
Auditors Documentation
Document in the working papers
criteria used for assessing fraud risk
factors:
1. Those risk factors identified
2. Auditors response to them

scanned,
3e
38
Fraud Detection Techniques Using

ACL
Payments to fictitious vendors
Sequential invoice numbers

Vendors with P.O. boxes
Vendors with employee address
Multiple company with same address
Invoice amounts slightly below review
threshold

scanned,
3e
39
Fraud Detection Techniques Using

ACL
Payroll fraud
Test for excessive hours worked
Test for duplicate payments
Tests for non-existent employee

scanned,
3e
40
Fraud Detection Techniques

Using ACL
Lapping A.R.
Balance forward method
Open invoice method

scanned,
3e
41

Ethics, Fraud Schemes, and Fraud Detection: IT Auditing, Hall, 3e

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ethics, Fraud Schemes, and Fraud Detection: IT Auditing, Hall, 3e

Uploaded by

Copyright:

Available Formats

Chapter 12:

Ethics, Fraud Schemes,

How do managers decide on what is right

Ethical Issues in Business [Table 12-1]

Exercise of Corp. Power

2011 Cengage Learning. All Rights Reserved. May not beHall,

Implementing Business Ethics

development of future managers

acquiring some level of skill and knowledge

2011 Cengage Learning. All Rights Reserved. May not beHall,

Computer Ethical Issues

Ownership of personal information

Systems attempt to prevent fraud and abuse of

Federal copyright laws

African-Americans and Hispanics constitute 20%

2011 Cengage Learning. All Rights Reserved. May not beHall,

Computer Ethical Issues

Some barriers are avoidable, some are not

Should firms limit non-essential hard copies?

Who is responsible for faulty decisions from

2011 Cengage Learning. All Rights Reserved. May not beHall,

Computer Ethical Issues

Computers and technology sometimes replace jobs

Copying proprietary software

10. Internal Control Responsibility:

Unreliable information leads to bad decision, possible

2011 Cengage Learning. All Rights Reserved. May not beHall,

Sarbanes-Oxley Act and Ethical Issues

Fraud and Accountants

Fraud denotes a false representation of a material

2011 Cengage Learning. All Rights Reserved. May not beHall,

2011 Cengage Learning. All Rights Reserved. May not beHall,

one where internal controls relate

to create false image of corporate financial health

frequently is shrouded in a complex maze of

2011 Cengage Learning. All Rights Reserved. May not beHall,

2011 Cengage Learning. All Rights Reserved. May not beHall,

Are economic conditions unfavorable within the

Financial Losses from Fraud

1996, 2002, and 2004 study by Association of CFE (Report to the

Actual cost is difficult to quantify because:

Organizations with 100 or fewer employees were the most

2011 Cengage Learning. All Rights Reserved. May not beHall,

Financial Losses from Fraud

2011 Cengage Learning. All Rights Reserved. May not beHall,

Sarbanes-Oxley Act and Fraud

Foreign Corrupt Practice Act of 1977:

making charges to expense accounts to cover

Computer Fraud Schemes

Using the general IS model, explain how fraud can occur

Data Collection Fraud

Data Processing Fraud

Auditors Responsibility for Detecting

Fraudulent Financial Reporting

influence over the control environment

2011 Cengage Learning. All Rights Reserved. May not beHall,

Fraudulent Financial Reporting

2011 Cengage Learning. All Rights Reserved. May not beHall,

2011 Cengage Learning. All Rights Reserved. May not beHall,

Auditors Response to Risk

2011 Cengage Learning. All Rights Reserved. May not beHall,

Auditors Response to Detected

If effect is material or undeterminable: