Professional Documents
Culture Documents
IT Auditing, Hall, 3e
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Ethics
Pertains to the principles of conduct that
individuals use in making choices and guiding
their behavior in situations that involve the
concepts of right and wrong.
Business Ethics
Business Ethics
Basis of Ethical Standards
Religious
Philosophical
Historical
IBM combination of all three
Exec. salaries
Pricing
Rights
Health (screening)
Privacy
Sexual harassment
Equal opportunity
Whistle-blowing
Honesty
Conflicts of interest
Security of data & records
Foreign practices [FCPA]
Accurate F/S reporting
Ethical Principles
Proportionality: Benefits of a decision must outweigh the
risks. Choose least risky option.
Justice: Distribute benefits of decision fairly to those who
share risks. Those who do not benefit should not carry any
risk
Minimize Risk: Minimize all risks.
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
or posted to a publicly accessible website, in whole or in part.
Computer Ethics
The analysis of the nature and social impact
of computer technology and the
corresponding formulation and justification
of policies for the ethical use of such
technology.
Levels of Computer Ethics
POP: the exposure to stories and reports in popular media
PARA: taking a real interest in computer ethics cases and
Computer Ethics
A new problem or just a new twist to an old
problem?
Although computer programs are a new type of
asset, many believe that they should not be
considered as different form other forms of
property; i.e., intellectual property is the same as
real property and the rights associated with real
property.
2. Security:
3. Ownership of Property:
4. Race:
6. Environmental Issues:
7. Artificial Intelligence:
9. Misuse of Computer:
Conflicts of interest
Full and fair disclosures
Legal compliance
Internal reporting of code violations
Accountability
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
10
11
Fraud
A fraudulent act must meet the following
5 conditions:
1.
2.
3.
4.
5.
False representation
Material fact
Intent
Justifiable reliance
Injury or loss
12
Employee Fraud
Employee Theft
1) Theft of asset
2) Conversion of asset (to cash, to
fraudster)
3) Concealment of fraud
13
Management Fraud
Special Characteristics:
1. Perpetrated at levels of management above the
14
Fraud Triangle
People engage in fraudulent activities as a result of forces
within the individual (their ethical system) and without (from
temptation and/or stress from the external environment)
1. Situational Pressures
2. Opportunity
3. Rationalization
A person with a high level of personal ethics and limited
pressure and opportunity to commit fraud is most likely to
behave honestly [Figure 12-1]
A person with low level of integrity, and moderate to high
pressures, and moderate to high opportunity is most likely
to commit fraud
Auditors can develop a red flag checklist to detect
possible fraudulent activity
A questionnaire approach could be used to help auditors
uncover motivations for fraud
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
or posted to a publicly accessible website, in whole or in part.
15
Possible Questionnaire
Do key executives have unusually high personal debt?
Do key executives appear to be living beyond their means?
Do key executives engage in habitual gambling?
Do key executives appear to abuse alcohol or drugs?
Do key executives appear to lack personal codes of ethics?
Do key executives appear to be unstable (e.g., frequent job or
residence changes, mental or emotional problems)?
16
Possible Questionnaire
(cont.)
17
18
3 to 12-7)
By position
By gender
By age
By Education
Collusion
1. Significant reason to adhere to segregation of
duties
2. Risks associated with a key position held by a
trusted employee who unknowingly has weak
ethics
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
or posted to a publicly accessible website, in whole or in part.
19
Fraud Schemes
Fraudulent financial statements {5%}
Corruption {10%}
Bribery
Illegal gratuities
Conflicts of interest
Economic extortion
Asset misappropriation {85%}
Charges to expense accounts
Lapping
Kiting
Transaction fraud
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
or posted to a publicly accessible website, in whole or in part.
20
Underlying Problems
Lack of auditor independence
Lack of director independence
Questionable executive
compensation schemes
Inappropriate accounting practices
21
independent
Corporate governance
Issuer and management disclosure
Fraud and criminal penalties
2011 Cengage Learning. All Rights Reserved. May not beHall,
scanned,
copied or duplicated,
3e
or posted to a publicly accessible website, in whole or in part.
22
Corruption
Examples:
bribery
illegal gratuities
conflicts of interest
economic extortion
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
23
Asset Misappropriation
Most common type of fraud and often
occurs as employee fraud
Examples:
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
24
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
25
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
26
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
27
Hall, 3e
28
Database Management
Fraud
Altering, deleting, corrupting, destroying, or
stealing an organizations data
Oftentimes conducted by disgruntled or exemployee
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
29
Information Generation
Fraud
Stealing, misdirecting, or misusing computer
output
Scavenging
searching through the trash cans on the
computer center for discarded output (the
output should be shredded, but frequently is
not)
2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
Hall, 3e
30
31
stability
32
33
Misappropriation of Assets
Risk factors:
1. Susceptibility of assets to
misappropriation
2. Controls
34
Misappropriation of Assets
Common schemes:
Personal purchases
Ghost employees
Fictitious expenses
Altered payee
Pass-through vendors
Theft of cash (or inventory)
Lapping
35
36
37
Auditors Documentation
Document in the working papers
criteria used for assessing fraud risk
factors:
1. Those risk factors identified
2. Auditors response to them
38
39
40
41