Ethics, Fraud, and

Internal Control
Noserale, Nelsie Marie M.
Group 2: Ga-as, Denn Marcelle B.
Rito, Hermie Fate S.
Tirado, Maedelle Anne J.
 Objectives
● Broad issues pertaining to business ethics

● Ethical issues related to the use of information technology

● Distinguish between management fraud and employee

fraud

● Common types of fraud schemes

● Key features of SAS 78 / COSCO internal control

framework

● Objectives and application of physical controls

 Business Ethics

WHY SHOULD WE BE CONCERNED

ABOUT ETHICS IN THE BUSINESS WORLD?
• Ethics are needed when conflicts arise – the need to choose
• In business, conflicts may arise between
a. Employees
b. Management
c. Stake holders
• Litigation
 Business Ethics

BUSINESS ETHICS involves finding the

answers to two questions:

• How do managers decide on what is right in conducting their

business?
• Once managers have recognized what is right. How do they
achieve it?
FOUR MAIN AREAS OF BUSINESS ETHICS
ETHICAL ISSUES IN BUSINESS

• Executive Salaries
EQUITY • Comparable Worth
• Product Pricing

• Corporate Due Process

• Employee Health Screening
RIGHTS • Employee Privacy
• Sexual Harassment
• Diversity
• Equal Employment Opportunity
• Whistle-Blowing
FOUR MAIN AREAS OF BUSINESS ETHICS
ETHICAL ISSUES IN BUSINESS
• Employee and Management Conflicts of Interest
• Security of Organization Data and Records
HONESTY • Misleading Advertisement
• Questionable Business Practices in Foreign Countries
• Accurate Reporting of Shareholder Interest

• Political Action Committees

EXERCISE OF • Workplace Safety
CORPORATE • Product Safety
• Environmental Issues
POWER • Divestment of Interest
• Corporate Political Contributions
• Downsizing and Plant Closures
 Computer Ethics
• Privacy
Concerns the social
• Security – accuracy and
impact of computer confidentiality
technology (hardware, • Ownership of property
software, and
• Equity in access
telecommunications)
• Environmental issues
WHAT ARE THE MAIN • Artificial intelligence
COMPUTER ETHICS
• Unemployment and displacement
ISSUES?
• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality

• Ownership of property
Full control of what and how much
• Equity in access information about an individual is
• Environmental issues available to others and to whom it is
available.
• Artificial intelligence

• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality

• Ownership of property
Attempt to avoid such undesirable
events as a loss of confidentiality or • Equity in access

data integrity • Environmental issues

• Artificial intelligence

• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality

• Ownership of property State or fact of exclusive rights and

control over property, which may be
• Equity in access
an object, land/real estate,
• Environmental issues intellectual property, or some other
• Artificial intelligence kind of property.
• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality

Some barriers to access are intrinsic • Ownership of property

to the technology of information • Equity in access
systems, but some are avoidable
• Environmental issues
through careful system design.
• Artificial intelligence

• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality Computers with high-speed printers
• Ownership of property allow for the production of printed
• Equity in access
documents faster than ever before.
However, paper comes from trees, a
• Environmental issues
precious natural resource, and ends
• Artificial intelligence up in landfills if not properly
• Unemployment and displacement recycled.
• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality
A new set of social and • Ownership of property
ethical issues has arisen • Equity in access
out of the popularity of • Environmental issues
expert systems. • Artificial intelligence

• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality

• Ownership of property Many jobs have been and

• Equity in access are being changed as a
• Environmental issues result of the availability of
• Artificial intelligence computer technology.
• Unemployment and displacement

• Misuse of computer
 Main Computer Ethics Issues
• Privacy

• Security – accuracy and

confidentiality
Copying proprietary software, • Ownership of property
using a company’s computer for • Equity in access
personal benefit, and snooping • Environmental issues
through other people’s files
• Artificial intelligence

• Unemployment and displacement

• Misuse of computer
 Sarbanes-Oxley Act of 2002
Its principal reforms pertain to:

• Creation of the Public Company Accounting Oversight Board

(PCAOB)

• Auditor independence—more separation between an firm’s

attestation and non-auditing activities

• Corporate governance and responsibility—audit committee members

must be independent and the audit committee muist oversee the
external auditors
• Disclosure requirements increase issuer and management disclosure

• New federal crimes for the destruction of or tampering with documents, securities fraud, and
actions against whistleblowers.
 Legal Definition of Fraud

False representation – there must be a false statement or a nondisclosure.

Material Fact – a fact must be substantial factor in inducing someone to act.

Intent – there must be the intent to deceive or the knowledge that one’s
statement is false.
Justifiable reliance – the misrepresentation must have been a substantial
factor on which the injured party relied.
Injury or loss - the misrepresentation must have caused injury or loss to the victim
of the fraud.
 Employee Management
Fraud Fraud
•Perpetrated at levels of management
•Committed by non-management above the one to which internal
personnel control structure relates Frequently
•Usually consists of: an employee involves using financial statements to
create an illusion that an entity is
taking cash or other assets for
more healthy and prosperous than it
personal gain by circumventing a
actually is.
company’s system of internal
controls • Involves misappropriation of assets,
it frequently is shrouded in a maze of
complex business transactions
 Factors that Contribute to Fraud

1 Situational Pressures;

2 Opportunities; and

3 Personal Characteristics (ethics)

 2008 ACFE Study of Fraud

• Loss due to fraud equal to 7% of revenues – approximately $994 billion

• Loss by position within the company
POSITION % OF FRAUD LOSS $
Owner/Executive 23 % $834,000
Manager 37% $150,000
Employee 40% $70,000
• Other results: higher losses due to men, employees acting in collusion, and employees with
advance degrees.
 The Perpretrators of Frauds
POSITION IN COLLUSION

THE COMPANY WITH OTHERS

GENDER AGE EDUCATION

 Fraud Schemes

Three broad categories of fraud schemes are defined:

A. FRAUDULENT C. ASSET
B. CORRUPTION
STATEMENT MISAPPROPRIATION
 Fraudulent Statements

❑ Usually associated with management fraud.

❑ Thefinancial statements are misinterpreted to make the copy look better

than it is.

❑ Success is linked to a concentration on short-term profitability measures.

❑ Management bonus packages are linked to financial reporting.

 Corruption
❑ Involves organization’s executive, management, or employee colluding with
an outsider.
❑ Occupational fraud including corruption account for around 10%.

TYPES OF CORRUPTION:
➢ BRIBERY— involves giving, offering, soliciting, or receiving things of value to influence an official
in the performance of his or her lawful duties.
➢ ILLEGAL GRATUITIES—involves giving, receiving, offering, or soliciting something of value
because of an official act that has been taken.
➢ CONFLICTS OF INTEREST—Every employer should expect that his or her employees will
conduct their duties in a way that serves the interests of the employer.
➢ ECONOMIC EXTORTION—the use (or threat) of force (including economic sanctions) by an
individual or organization to obtain something of value.
 Asset Misappropriation
❑ The most common kind of fraud, which frequently arises as a result of
employee fraud.

ASSET
ASSET MISAPPROPRIATION
MISAPPROPRIATION SCHEMES:
SCHEMES:
SKIMMING
➢ ➢ SKIMMING
CASH
➢ ➢ CASH LARCENY
LARCENY
BILLING
➢ ➢ BILLING
CHECK
➢ ➢ CHECK TAMPERING
TAMPERING
PAYROLL
➢ ➢ PAYROLL
EXPENSE
➢ ➢ EXPENSE REIMBURSEMENT
REIMBURSEMENT
THEFT
➢ ➢ THEFT OFOF CASH
CASH
NON-CASH
➢ ➢ NON-CASH MISAPPROPRIATIONS
MISAPPROPRIATIONS
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
 Asset Misappropriation Schemes
➢ SKIMMING Involves stealing cash from an organization
Involves schemes in which cash receipts are stolen from
➢ CASH LARCENY an organization
Perpetrated by employees who causes their employer to
➢ BILLING issue a payment to a false supplier
➢ CHECK TAMPERING Involves forging or changing in some material way a check
Distribution of fraudulent paychecks to existent and/or
➢ PAYROLL nonexistent employees
➢ EXPENSE
Employee makes a claim for reimbursement of fictitious
REIMBURSEMENT
Involve the direct theft of cash on hand in the
➢ THEFT OF CASH
organization
➢ NON-CASH Involve the theft or misuse of the victim
MISAPPROPRIATIONS organization’s non-cash assets.
Internal Control Concepts and Techniques

01 03
To promote efficiency
To safeguard assets of in the firm’s
the firm. operations.
FOUR BROAD
OBJECTIVES:
02
To ensure the accuracy
04
To measure compliance
and reliability of with management’s
accounting records and prescribed policies and
information. procedures.
Modifying Assumptions
• MANAGEMENT RESPONSIBILITY
– Concept under which the responsibility for the establishment and maintenance
of a system of internal control falls to management.

• REASONABLE ASSURANCE
– Assurance provided by the internal control system that the four broad objectives
of internal control are met in a cost-effective manner.

• METHODS OF DATA PROCESSING

– With different forms of technology, the methods for achieving the goals will
differ.
Limitations of Internal Control

• POSSIBILITY OF ERRORS—no system is perfect

• CIRCUMVENTION
• MANAGEMENT OVERRIDE
• CHANGING CONDITIONS—especially in organizations with
high growth
Exposure
- absence or weakness of a control
- increase the firm’s risk to financial loss or injury from undesirable events
- a software error that allows hackers to break into a system

Types of Risks
• Destruction of an asset
• Theft of an asset
• Corruption information
• Disruption of the information system
Internal Control Shield Three levels of control:
PREVENTIVE CONTROLS

- passive techniques designed to reduce the frequency of occurrence of undesirable events

- aim to decrease the chance of errors and fraud before they occur, and often revolve around
the concept of separation of duties
- proactive and focused on quality
Examples:
• Separation of Duties
• Pre-approval of actions and transactions
• Access controls
• Physical control over assets
• Employee screening and training
Internal Control Shield three levels of control:

DETECTIVE CONTROLS CORRECTIVE CONTROLS

- devices, techniques, and - actions taken to reverse the
procedures designed to identify effects of errors detected in
and expose undesirable events
the previous step
that elude preventive controls
- designed to correct errors or
- reveal specific types of errors by
irregularities that have been
comparing actual occurrences to
pre-established standards
detected
 SAS 78 / COSO
DESCRIBES THE RELATIONSHIP BETWEEN THE
FIRM’S

Internal control structure,

Phase 2
Auditor’s assessment of risk, and

The planning of audit procedures.

Five Internal Control Components: SAS78 / COSO
01 05
Control Environment INTERNAL Monitoring
CONTROL
COMPONENTS

02
04
Risk Asessment Control Activities
03
Information and
Communication
1. Control Environment
- sets the tone for the organization and influences the control
awareness of its management and employees
IMPORTANT ELEMENTS:
• The integrity and ethical values of management.
• The structure of the organization.
• The participation of the organization’s board of directors and the audit committee, if one exists.
• Management’s philosophy and operating style.
• The procedures for delegating responsibility and authority.
• Management’s methods for assessing performance.
• External influences, such as examinations by regulatory agencies.
• The organization’s policies and practices for managing its human resources.
2. Risk Asessment
- identify, analyze, and manage risks relevant to financial reporting:
• Changes in the operating environment
• New personnel who have a different or inadequate understanding of internal control.
• New or reengineered information systems
• Significant and rapid growth that strains existing internal controls.
• The implementation of new technology into the production process or information system that
impacts transaction processing.
• The introduction of new product lines or activities
• Organizational restructuring
• Entering into foreign markets that may impact operations.
• Adoption of a new accounting principle
3. Information and Communication
- the accounting information system consists of the records and methods used to
initiate, identify, analyze, classify, and record the organization’s transactions and to
account for the related assets and liabilities.

An effective accounting information system will:

▪ Identify and record all valid financial transactions.
▪ Provide timely information about transactions in sufficient detail to permit proper classification
and financial reporting.
▪ Accurately measure the financial value of transactions so their effects can be recorded in financial
statements.
▪ Accurately record transactions in the time period in which they occurred.
3. Information and Communication
- SAS 78/COSO requires that auditors obtain sufficient knowledge of the
organization’s information system to understand:
An effective accounting information system will:
▪ The classes of transactions that are material to the financial statements and how those
transactions are initiated.
▪ The accounting records and accounts that are used in the processing of material transactions.
▪ The transaction processing steps involved from the initiation of a transaction to its inclusion in the
financial statements.
▪ The financial reporting process used to prepare financial statements, disclosures, and accounting
estimates.
4. Monitoring
- A process by which the quality of internal control design and operation can
be assessed.
• Separate procedures – internal auditors
• Ongoing monitoring - integrating special computer modules into the
information system that capture key data and/or permit tests of controls to
be conducted as part of routine operations.
- judicious use of management reports;
- summarizing activities, highlighting trends, and identifying
exceptions from normal performance
5. Control Activities
- Policies and procedures used to ensure that appropriate actions are taken
to deal with the identified risks.

Fall into two distinct categories:

• Information technology (IT) controls- relate specifically to the computer
environment
• Physical controls- relates primarily to the human activities
Icons
 Two Types of IT Controls

GENERAL CONTROLS APPLICATION CONTROLS

- Entity-wide concerns - Ensure the integrity of
specific systems
EXAMPLES:
-Controls over the data center, EXAMPLES:
organization databases -Sales order processing
-Systems development -Accounts payable
-Program maintenance -Payroll applications
 Physical Controls

• These activities may be purely manual, such as the physical custody of

assets, or they may involve the physical use of computers to record
transactions or update accounts.
• Physical controls do not relate to the computer logic that actually
performs accounting tasks.
 Six Types of Physical Controls
Transaction Authorization
Segregation of Duties

Supervision

Accounting Records

Access Control

Independent Verification
 Transaction Authorization

🔵 Used to ensure that all material transactions processed by the

information system are valid and in accordance with management’s
objectives
🔵 General (day-to-day operations) or specific (non-routine
transactions)
 Segregation of Duties

Objective 01 Objective 02 Objective 03

The segregation of Responsibility for the The organization should be

duties should be such custody of assets structured so that a
that the authorization for should be separate from successful fraud requires
a transaction is separate collusion between two or
the record-keeping
more individuals with
from the processing of responsibility. incompatible responsibilities.
the transaction.
 Supervision

🔵 In functional areas that lack sufficient personnel, management must

compensate for the absence of segregation controls with close supervision.

🔵 Compensating control
 Accounting Records

🔵 Consist of sources documents, journals, and ledgers

🔵 Provide and audit trail of economic events
- needed for conduction day-to-day operations
- plays an essential role in the financial audit

Business organizations must maintain sufficient accounting records to

preserve their audit trails.
 Access Control

🔵 Help safeguard asset by ensuring that ensure that only authorized

personnel have access to the firm’s assets

🔵 Direct or indirect access

 Independent Verification
🔵 independent checks of the accounting system to identify errors and
misrepresentations
🔵 Access: the performance of individuals, the integrity of the transaction
processing system, and the correctness of data contained in accounting records.

Examples of independent verifications include:

- Reconciling batch totals at points during transaction processing.
- Comparing physical assets with accounting records.
- Reconciling subsidiary accounts with control accounts.
- Reviewing management reports (both computer and manually generated)
that summarize business activity.
 Thanks!
Do you have any questions?

[email protected] CREDITS: This presentation template was created by

+91 620 421 838 Slidesgo, including icons by Flaticon and
yourcompany.com infographics & images by Freepik

Please keep this slide for attribution