Chapt

erThr
ee:
Ethi
cs,
Fraud,
andI
nter
nalCont
rol

Thischapt
erexami
nesthreeclosel
yrel
atedareasofconcern,whi
charespeci
fi
cal
l
yimpor
tantt
o
account
antsandmanagement.Thesear
eethics,f
raud,
andinter
nalcont
rol
.

3.1. EthicalIssuesi nBusi ness

Ethi
calstandardsar eder iv
edf rom societalmoresanddeep- rootedpersonalbeli
efsaboutissues
ofri
ghtandwr ongt hatarenotuni ver
sallyagreedupon.Wehav ebeenov erwhel
medwi thscandals
i
nt hest ockmar ket,stori
esofcomput ercrimesandv i
ruses,andal mostobscenechar gesof
i
mpr opri
etyand i ll
egalit
iesbycor porateexecutives.Forinstance,usingcov ertcompensation
schemes,Enr on’sCFOAndyFast ow managedt oimprovehi spersonalwealthbyappr oxi
mat el
y
$40mi l
li
on.Simi l
arly,DennisKozowskiofTy co,Ri
chardScrushyofHeal t
hSouth,andBernieEbbers
ofWor l
dCom al lbecameweal thybeyondi maginat
ionwhiledri
vingthei
rcompani esint
otheground.

3.1.
1.BusinessEt hi cs
Ethi
cspertai
nst ot hepr inci
plesofconductt
hatindivi
dual
susei nmakingchoi
cesandgui di
ngt hei
r
behavi
orinsi tuati
onst hatinvol
vet heconcept
sofr i
ghtandwr ong.Morespecif
icall
y,business
ethi
csinvolv
esf indingt heanswer stotwoquestions:(
1)Howdomanager sdeci
dewhati srightin
conducti
ngt heirbusi ness?and( 2)Oncemanager shaver ecogni
zedwhatisright,how dot hey
achi
eveit?

Ethicalissuesi
nbusinesscanbedi vi
dedint
of ourareas: equi ty,
right s,
honest y
,andt heexerci
seof
corpor atepower.Table1ident
if
iessomeoft hebusi nesspr acti
cesanddeci si
onsi neachoft hese
areast hathaveethi
cal i
mpli
cat
ions.
Equi ty  Execut iveSal ari
es
 Compar abl
eWor th
 ProductPr i
cing
Ri ghts  Corpor ateDuePr ocess
 Empl oy eeHeal t
hScr eening
 Empl oy eePr i
v acy
 Sexual Harassment
 Diversi ty
 Equal Employ mentOppor tunity
 Whi stleblowing
Honest y  Empl oy eeandManagementConf l
i
ctsofI nterest
 Secur ityofOr gani zat i
onDat aandRecor ds
 Misleadi ngAdv ertising
 Quest ionableBusi nessPr act i
cesinFor eignCount r
ies
 Accur at eRepor tingofShar eholderInt
erests
Exer ciseofCorporatePower  Politi
cal ActionCommi ttees
 ProductSaf ety
 Environment al I
ssues
 Divest mentofI nter ests
Page1of1
  Cor
porat
ePol
it
icalCont
ri
but
ions
 Downsi
zi
ngandPlantCl
osur
es
Tabl
e1:Et
hicali
ssuesi
nbusi
ness
3.
1.1.
1. Maki
ngEt
hicalDeci
sions

Business or ganizations have confli

ct i
ng responsibil
it
ies tot heir employees,shar ehol
ders,
customer s,andthepubl i
c.Forexampl e,implementi
nganewcomput erinfor
mationsystem withi
n
anor ganizati
onmaycausesomeempl oyeestoloset hei
rjobs,whilethosewhor emainenjoythe
benefitofi mprovedwor kingconditi
ons.Seekingabal ancebet weent heseconsequencesi sthe
manager s’ethicalr esponsibi
li
ty.Thef oll
owingethicalpr i
nci
plespr ovidesomegui dancei nthe
dischargeoft hi
sr esponsibil
it
y.

 Propor ti
onal
ity
:Thebenef
itf
rom adecisi
onmustoutweightherisks.
 Justice:Thebenefit
softhedecisionshouldbedistr
ibutedfair
lytothosewhoshar ethe
ri
sks.
 Minimi ze ri
sk:Even i
fjudged acceptabl
e by t
he pr i
nci
ples,the deci
sion shoul
d be
i
mpl ement edsoastominimi
zealloftheri
sksandavoi
danyunnecessar yri
sks.

3.1.2.Comput erEthics
Theuseofi nformationt echnologyinbusinesshashadamaj orimpactonsoci et
yandt husraises
signif
icantet hicalissues regar di
ng comput ercrime,wor king conditi
ons,pr i
vacy,and mor e.
Comput eret hicsis“theanal y
sisoft henat ur
eandsoci alimpactofcomput ertechnol
ogyandt he
correspondi ngf ormul ati
onandj ustif
icati
onofpol i
ciesfortheet hicaluseofsucht echnology....
[Thisi ncludes]concer nsaboutsof twareaswel lashar dwar eandconcer nsaboutnet wor ks
connect ing comput ersaswel lascomput ersthemsel ves.”Sev eralissuesofconcer n about
comput erethicsaredi scussedint hefoll
owingli
sts:

Pri
vacy:Thecreati
onandmaintenanceofhuge,shareddatabasesmakei
tnecessar
ytopr
otect
peopl
ef r
om thepot ent
ialmi
suseofdata.Thisraisestheissueofowner
shi
pi ntheper
sonal
i
nformati
ondi
ligence.

Securi
ty(AccuracyandConf i
denti
ali
ty):Secur i
tysy st
emsat t
emptt opreventfraudandot her
misuseofcomput ersyst
ems;theyactt o pr otectandf urtherthelegi
ti
mat einter
estsoft he
syst
em’sconstituenci
es.However
,increasi
ngsecur itycanact ual
lycauseot herprobl
ems.For
example,secur
itycanbeusedbot htopr otectper sonalpropertyandtounder minefreedom of
accesstodata,
whi chmayhaveaninj
uri
ousef fectonsomei ndivi
dual
s.

OwnershipofPropert
y:Lawsdesi gnedtopreser
ver ealpropert
yright
shav ebeenext
endedto
coverwhatisref
err
edt oasintel
lect
ualpr
opert
y,thatis,soft
ware.Unquesti
onabl
y,t
hehundr
eds
andthousandsofpr
ogram devel
opmenthoursshouldbepr ot
ectedfr
om pir
acy.

EquityinAccess:Severalfact
ors,someofwhicharenotuni
quetoinfor
mationsy st
ems,canl imit
accesst ocomputingtechnology.Theeconomicstatusoftheindi
vi
dualort heaffluenceofan
organizat
ionwil
ldeter
mi netheabili
tyt
oobt
aininf
ormati
ontechnol
ogy.Cul
turealsolimitsaccess,
Page2of2
f
orexampl
e,wher
edocument
ati
oni
spr
epar
edi
nonl
yonel
anguageori
spoor
lyt
ransl
ated.

Envi
ronmentalIssues:Comput erswi thhigh-speedpr int
ersallow fortheproducti
onofpr i
nted
documentsfasterthaneverbefore.Itisprobablyeasierjusttoprintadocumentthant oconsider
whetheri
tshouldbepr i
ntedandhowmanycopi esr
eallyneedtobemade.I tmaybemor eef f
ici
ent
ormor ecomfor t
ingtohav eahar dcopyi naddit
iont ot heelectr
onicversi
on.Howev er,paper
comesf r
om tr
ees, apr
eciousnaturalresource,andendsupi nl
andfil
lsi
fnotproper
lyrecy
cled.

Arti
ficialInt
ell
igence:Anew setofsoci alandethicalissueshasar i
senoutoft hepopul ari
tyof
expertsy stems.Becauseoft hewayt hesesy stemshav ebeenmar keted,thatis,asdeci si
on
maker sorr epl
acement sforexperts,somepeopl er el
yont hem signifi
cantly.Therefore,both
knowl edgeengi neers(thosewhowr i
tethepr ogr
ams)anddomai nexperts(thosewhopr ovidethe
knowl edgeaboutt het askbeingautomated)mustbeconcer nedaboutt hei
rr esponsi
bil
i
t yforfault
y
decisions,incompl eteori naccur
ateknowl edgebases,andt her ol
egi vent ocomput ersi nthe
decision-makingpr ocess.

Unempl
oymentandDisplacement
:Manyjobshavebeenandarebei
ngchangedasar esul
toft
he
avai
l
abi
l
ityofcomput
ertechnol
ogy
.Peopl
eunableorunpr
epar
edtochangear
edispl
aced.

MisuseofComputer
s:Computerscanbemi susedinmanyways.Copyi
ngsoft
ware,usi
nga
company’
scomput
erforper
sonalbenef
it
,andsnoopi
ngthr
oughot
herpeopl
e’
sfi
l
esarejustafew
obvi
ousexampl
es.

3.
2. Fr audandAccount ant
s
Fr
audmeansaf al
serepresentat
ionofamat er
ialfactmadebyonepartytoanotherpar
tywit
hthe
i
ntenttodecei
veandi nducetheot herpart
ytojusti
fiabl
yrel
yonthefacttohi
sorherdet r
iment
.
Accordi
ngtocommonl aw, afr
audulentactmustmeett hefol
l
owi
ngfiv
econditi
ons:

1.Falserepresentati
on.Ther
emustbeaf alsestat
ementoranondi scl
osure.
2.Mat er
ialf
act.Af actmustbeasubstantialfact
orininducingsomeonet oact.
3.I
ntent.Theremustbet hei
ntentt
odecei veortheknowledget hatone’
sst at
ementisfal
se.
4.Justif
iabl
er el
iance.Themi sr
epr
esentationmusthav ebeenasubst anti
alfact
oronwhich
theinj
uredpar tyrel
ied.
5.I
njuryorloss.Thedecept i
onmusthavecausedi nj
uryorlosstothev i
cti
m ofthefraud.

Fraudinthebusinessenv i
ronmenthasamor especiali
zedmeani ng.Itisani ntent
ionaldecept i
on,
misappropri
ati
onofacompany ’sassets,ormani pul
ati
onofi tsfi
nanci aldatatotheadv antageof
theperpetr
ator.Inaccount i
nglit
eratur
e,fraudi salsocommonl yknownaswhi te-collarcrime
(i
ll
egalacts commi tt
ed bymi ddle orupper -
class persons in conjuncti
on wi t
ht heiror dinary
occupati
onalpursui
ts),def
alcat
ion,embezzlement ,andirregul
ari
ties.Auditorsencount erfraudat
twolevel
s:employeefraudandmanagementf raud.

Empl oy
eef r
aud,orfr
audbynon-managementempl oyees,i
sgeneral
lydesi
gnedtodi
rect
lyconvert
cashorot herasset
st otheemployee’
spersonalbenefit
.Employeefraudusual
lyi
nvol
vest hr
ee
steps:(
1)steal
ingsomethingofv
alue(anasset)
,(2)convert
ingtheassett
oausablefor
m( cash),
Page3of3
and(
3)conceal
ingt
hecr
imet
oav
oiddet
ect
ion.

Managementf raudismor edev i

oust hanempl oy eefraudbecausei toftenescapesdet ectionunti
l
theor gani
zati
onhassuf fer
edi r
reversi
bledamageorl oss.Usuall
ymanagementf rauddoesnot
i
nvol vethedir
ecttheftofasset s.Topmanagementmayengagei nfraudulentacti
vit
iestodr i
veup
themar ketpriceofthecompany ’sstock.Thisf raudof teninvol
vesdecept ivepract
icest oinfl
ate
earningsort oforest
al ltherecogniti
onofei theri nsolvencyoradecl ineinear ni
ngs.Lower -l
evel
managementf r
audty picall
yinvolvesmat er
iallymi sstati
ngf i
nanci
aldat aandi nter
nalr eport
st o
gain additi
onalcompensat i
on,t o garnera pr omot ion,ort o escape t he penaltyf orpoor
performance.Managementf r
audt ypi
call
ycont ainsthreespecialcharacter
isti
cs:

1.Thef r
audisper petr
atedatl ev elsofmanagementabov etheonet owhichinter
nalcont
rol
str
ucturesgeneral
lyrel
ate.
2.Thef r
audf r
equentlyinvolv
esusi ngt hef i
nanci
alstatement stocreat
eani l
lusi
onthatan
enti
tyisheal
thierandmor epr osper ousthan,i
nfact,i
tis.
3.Ifthefraudinv ol
vesmi sappr opriati
onofasset s,i
tf requentl
yisshroudedinamazeof
complexbusinesst r
ansacti
ons, ofteninv
olvi
ngrelat
edt hi
rdparti
es.

3.2.1.FactorsthatCont ri
butetoFr aud
People engage inf raudulentact ivi
tyasa r esultofan i nteracti
on off or
cesbot h within an
i
ndi vi
dual
’spersonalityandt heext ernalenvir
onment .Thesef orcesareclassif
iedintothreemaj or
categori
es:(1)situati
onalpr essures,(2)oppor tuni
ti
es,and( 3)personalcharacteri
sti
cs( ethics).
Figure1gr aphicall
ydi spl
ayst hei nt
erplayoft heset hreefraud-motivat
ingforces.Ast hef i
gur e
shows,aper sonwi thahi ghl evelofper sonalethicsandl imitedpressureandoppor tunit
yt o
commi tfr
audi smostl ikel
yt obehav ehonestly.Simil
arly
, ani
ndividualwit
hloweret hi
calstandar ds,
whenpl acedi nsituati
onswi t
hi ncreasingpressureandgi vent heoppor t
unit
y ,i
smostl ikel
yt o
commi tfr
aud.

Fi
gur
e1:
Fraud-
Mot
ivat
ingFor
ces

3.2.
2.ThePer petr
atorsofFrauds
Factor
st hatcharacter
izedtheperpetr
ator
soff
raudsar
eposi
ti
onwi
thi
ntheor
gani
zat
ion,
col
l
usi
on
withothers,gender,
age, andeducati
on.

a.Fr
audLossesbyPosi
ti
onwi
thi
ntheOr
gani
zat
ion
Page4of4
Fraudcommi ttedbynon-manager i
alemployees,managers,andexecut
ivesorowners.Asstudi
es
shows, t
henumberofr eport
edf r
audincident
sperpet
ratedbyemployeesistwi
cethatofmanagers
andf i
vetimest hatofexecut
ives;whereastheamount soflosses(dol
larval
ue)percategor
yare
i
nv er
selyrel
ated.

b.FraudLossesandtheColl
usi
onEffect
Coll
usionamongemployeestocommitfraudisdi
ff
icultt
opreventanddet
ect.Thisi
sparti
cul
arly
tr
uewhent hecoll
usi
onisbetweenmanager sandt hei
rsubordi
nateemployees.Bot
hi nt
ernal
coll
usi
onandschemesi nwhichanempl oy
eeormanagercol l
udeswithanout si
dersuchasa
vendororacust
omertocommi tafr
aud.

c.FraudLossesbyGender
Asstudi
esshow,themedi
anlosspercasecausedbymal
eswasal
mostt
hreet
imest
hatcaused
byf
emales.

d.FraudLossesbyAge
Asst udi
esshow,perpetr
ator
swhower e25y ear
sofageory oungercausedt
helowestmedian
l
ossesof ,whi
leper
petrat
orswhowere60y earsofageandol
dercommi tt
edfr
audsthatwer
eon
average29ti
meslargercomparedt
oyoungeraged.

e.FraudLossesbyEducati
on
Asst udi
esshow,fraudscommitt
edbyhi ghschoolgraduat
esrankedatthebott
om,thosewi
th
bachelor
’sdegreesrankedatthemi ddl
e,whereas,perpet
rat
orswithadvanceddegr
eeswere
rankedatthet
opbasedont heamountofmoneystolen.

3.
2.3.FraudSy st
ems
Thethreebroadcategor
iesoff
raudsy
stemsar
e:f
raudul
entst
atement
s,cor
rupt
ion,andasset
misappropr
iat
ion.

a.Fr audulentStat
ements
Fraudulentstatementsareassociat
edwi t
hmanagementf r
aud.Thisfr
audinvol
v essomeform of
fi
nancialmi sst
atement.Forexample,underst
atingl
iabi
l
iti
estopresentamor efavor
ablef
inanci
al
pi
ctureoft heorgani
zati
ontodr i
veupstockpricesdoesfal
lunderthi
sclassi
fi
cat
ion.

b.Cor r
uption
Corr
upti
oninvolv
esanexecuti
ve,manager
,oremployeeoftheor gani
zat
ionincol
lusi
onwithan
out
sider
.Ther
ear ef
ourpr
inci
palt
ypesofcorr
upt
ion:
briber
y,i
ll
egalgrat
uit
ies,
conf
li
ctsofi
nter
est
,
andeconomicextor
ti
on.

Br
ibery
:Briber
yinvol
vesgiv
ing,off
eri
ng,sol
ici
ti
ng,orr
ecei
vi
ngt
hingsofv
aluet
oinf
luencean
of
fi
ciali
ntheperf
ormanceofhisorherl
awful
duties.

I
ll
egalGr
atui
ti
es:Ani
l
legalgr
atui
tyi
nvol
vesgi
vi
ng,r
ecei
vi
ng,of
fer
ing,orsol
i
cit
ingsomet
hingof
Page5of5
val
uebecauseofanoff
ici
alactt
hathasbeent
aken.Thi
sissi
mil
art
oabr
ibe,butt
het
ransact
ion
occur
saft
erthef
act.

Confl
ict
sofInt
erest:Aconf
li
ctofint
erestoccur
swhenanempl oy
eeactsonbehal
fofathi
rdpart
y
dur
ingthedi
schargeofhisorherdut
iesorhasself-
int
eresti
ntheact
ivi
tybei
ngperf
ormed.Br
iber
y
andil
l
egalgr
atui
ti
esalsoconsti
tut
econfli
ctsofi
nter
est.

EconomicExtor
tion:Economi cextort
ion(Pr
essure)istheuse( orthr
eat
)off or
ce(i
ncludi
ng
economicsanct
ions)byani ndivi
dualoror
ganizat
iontoobtai
nsomet hi
ngofval
ue.Thei
tem of
val
uecouldbeaf i
nancialoreconomicasset
,informat
ion,orcooper
ati
ontoobtai
nafavorabl
e
deci
siononsomemat terunderrevi
ew.

c.AssetMisappropri
ati
on
Assetscanbemi sappr
opriatedei
therdirectl
yorindi
rect
lyfortheperpetr
ator’
sbenefi
t.Cash,
checki
ngaccounts,i
nventor
y ,
suppl
i
es, equi
pment,andi
nformati
onarethemostv ul
ner
ableasset
s
toabuse.Ex
amplesoff r
audschemesi nvolvi
ngassetmi
sappropr
iat
ionaredescri
bedasfol
lows:

ChargestoExpenseAccount s:Thetheftofanassetcr
eatesanimbalanceint
hebasi
caccount i
ng
equati
on( asset
s=equiti
es),whicht hecri
minalmustadjusti
fthethefti
stogoundetected.The
mostcommonwayt oconcealt heimbalanceistochargetheassettoanexpenseaccountand
reduceequitybythesameamount .Forexample,t
hetheftof$20,
000cashcouldbechargedtoa
miscell
aneousoperat
ingexpenseaccount.

Lapping:Lappi ngi nvol

vestheuseofcust omerchecks,r ecei
vedi npaymentofthei raccounts,to
concealcashpr eviousl
ystolenbyanempl oyee.Forexampl e,
theempl oy
eefir
ststealsandcashes
CustomerA’ scheckf or$500.Toconcealt heaccount ingi mbalancecausedbyt helossoft he
asset,CustomerA’ saccountisnotcr edi
ted.Lat er(thenextbi lli
ngperi
od),t
heempl oyeeusesa
$500checkr eceivedf r
om Cust omerBandappl iest hi
st oCust omerA’saccount
.Fundsr eceived
i
nt henextper iodf rom CustomerCar ethenappl i
edt ot heaccountofCust omerB,andsoon.
Employeesi nvol v
edi nthissortoffraudof t
enr ationali
zet hattheyaresimplyborrowingt hecash
andplantor epayi tatsomef ut
uredate.

Transacti
onFraud:Tr ansacti
onf raudi nvolvesdel
eti
ng,alteri
ng,oraddingfal
setransact i
onst o
di
v er
tassetstotheper petr
ator.Thistechni quemaybeusedt oshi
pinventor
iestot
heper petr
ator
i
nr esponsetoaf r
audul entsalestransactionortodisbursecashinpaymentofaf alseliabil
it
y.A
common t y
pe oft ransact i
on fraud i nvolves t
he distr
ibuti
on off r
audulentpay checks t o
nonexist
entemployees.

Comput erFraudSchemes:Comput erfraudincl

udes:thet hef
t,mi suse,ormisappr
opri
ati
onof
assetsbyal t
eri
ngt helogi
cofcomput ersoft
war e;t
het heftoril
legaluseofcomput er
-r
eadabl
e
i
nformation;t
het heft
,corr
uption,i
l
legalcopyi
ng,orintenti
onaldestructi
onofcomputersoft
ware;
thethef
t,misuse,ormisappropri
ati
onofcomput erhardwareandsoon.

Thegeneralmodelf
oraccounti
nginf
ormati
onsystemsshowni nFi
gur
e4ofchapt eroneinyour
handout(
gobackandr ef
er)concept
ual
lyport
ray
st hekeyst
agesofaninf
ormat
ionsystem.Each
Page6of6
stageint hemodel
—datacoll
ect
ion, dat
aprocessi
ng,dat
abasemanagement
,andi
nfor
mat
ion
generat
ion—isapot
ent
ial
areaofriskf
orcert
aint
ypesofcomputerf
raud.

 Thesi mpl estwayt oper pet rateacomput erf raudi satt hedat acol lect ionordat aent r
y
stage.Theper petratorneedonl yunder standhowt hesy stem wor kst oent erdat at hati twill
process.Thef raudul entacti nv olvesf alsi f
yingdat aasi tentersi nt hesy st em.Thi scanbet o
delet
e,alter ,oraddat r ansact i
on.Forexampl e, tocommi tpay rollfraud, theper pet ratormay
i
nsertaf raudul entpay r ol
l transact i
onal ongwi thot herl egit
imat et ransact ions.
 Datapr ocessi ngfr audsf allintot wocl asses: pr ogr am f raudandoper ationsf raud.
o Pr ogr am f raudi ncludest hef ol l
owi ngt echni ques:(1)cr eat i
ngi llegalpr ogr amst hat
canaccessdat af i
lest oal ter,del ete,ori nser tv al
uesi ntoaccount ingr ecor ds;( 2)
dest roy ingorcor rupt ingapr ogr am’ sl ogi cusi ngacomput erv irus;or( 3)al tering
progr am l ogi ctocauset heappl icationt opr ocessdat ai ncor rectl
y .
o Oper ationsf raud i st he mi suse ort hef toft he firm’ scomput err esour ces.For
exampl e,anaccount anti nt hef inancedepar tmentofof fi
ceoft hecompanymayuse
thecompany ’scomput ert opr epar et axr etur nsandf inanci alstat ement sf orhi s/her
privat ecl i
ent s.
 Databasemanagementf r
audi ncl udesal tering,del eting,cor rupt i
ng,dest roying,orst ealing
anor ganizat ion’sdat a.Themostcommont echni quei stoaccesst hedat abasef r
om a
remotesi teandbr owset hef i
lesf orusef uli nf ormat i
ont hatcanbecopi edandsol dt o
compet it
or s.
 A commonf or m off r audatt hei nf ormat i
ongener at i
onst agei st ost eal,mi sdi r
ect ,or
misusecomput erout put .Technol ogiesar er eadi lyav ail
ablet hatenabl eper pet rat
or st o
i
nterceptmessagesbei ngsentov erunpr otect edt el ephonel inesandi nter net

3.3. Int
ernalContr
olConceptsandTechniques
Theinter
nalcontrolsystem oforgani
zati
oncompr
isespol
ici
es,pr
act
ices,andpr
ocedur
est
o
achi
evethefoll
owingfourbroadobj
ecti
ves:

1.Tosafeguardassetsofthefi
rm.
2.Toensuretheaccuracyandreli
abil
i
tyofaccount
ingrecor
dsandi nf
ormati
on.
3.Topromoteeffi
ciencyinthefi
rm’soper
ati
ons.
4.Tomeasur ecompliancewit
hmanagement ’
sprescri
bedpoli
ciesandprocedur
es.

I
nherentinthesecont
rolobj
ect
ives,t
her
ear
efourassumpt
ionst
hatgui
dedesi
gner
sandaudi
tor
s
ofi
nternalcont
rol
s.

1.ManagementResponsi bil
it
y:Thisconcepthol dsthattheestabl
ishmentandmai nt
enanceof
asy stem ofi
nternalcontrolisamanagementr esponsibil
i
ty.
2.Reasonabl eAssur ance:Thei nternalcontr
olsystem shouldprov i
dereasonableassurance
thatthef ourbroadobj ecti
vesofi nt
ernalcontr
olaremeti nacost -
effect
ivemanner.This
meanst hatnosy stem ofi nternalcontrolisperfectandt hecostofachi evingimproved
controlshouldnotout weighitsbenef i
ts.
3.MethodsofDat aPr ocessing:Internalcontr
olsshoul dachiev
et hef ourbroadobjecti
ves

Page7of7
 regardlessoft hedatapr ocessingmet hodused.Thecont r
olt echniquesusedt oachi eve
theseobj ecti
v eswil
l,
howev er,varywithdi f
fer entt
ypesoftechnol ogy.
4.Limi t
ations:Ev erysystem ofi nter
nalcont rolhasl i
mit
ationsoni tseffect
iveness.These
i
ncl ude( 1)thepossibili
tyoferror—nosy stem i sperf
ect
,(2)circumv enti
on—per sonnelmay
circumv entt he syst
em t hrough collusion orot hermeans,( 3)managementov erri
de—
managementi sin a position to ov erri
de cont rolpr
ocedur es byper sonall
ydi storti
ng
transactionsorbydi recti
ngasubor dinat etodoso, and(4)changi ngconditi
ons—condi t
ions
maychangeov ert
imesot hatexisti
ngcont rolsmaybecomei neffect
ual.

Theabsenceorweaknessofacont roli
scalledanexposure.Exposur
esincreasethefirm’sri
skt o
fi
nanci
all
ossorinjur
yfrom undesir
ableevents.Aweaknessininter
nalcont
rolmayexposet hefi
rm
tooneormoreoft hefoll
owingtypesofrisks:(1)Dest
ruct
ionofassets(bothphysicalassetsand
i
nformati
on),
(2)Theftofassets,(3)Corrupti
onofinformati
onortheinfor
mat i
onsy stem,and( 4)
Disr
upti
onoftheinformati
onsy st
em.

3.3.1.ThePrevent
ive–Detecti
ve–Corr
ecti
veInter
nalContr
olModel
I
nt heprev
enti
ve–det ect
ive-cor
rect
ive(PDC)controlmodel,t
heinter
nalcont
rolcomposedof
threelev
elsofcont
rol:prev
enti
vecontr
ols,
detecti
vecont
rol
s,andcor
recti
vecontr
ols.

PreventiveCont rols:Prev entionisthef ir

stlineofdef enseint hecont r
olst r
uctur
e.Preventive
controlsar epassi vet echni quesdesignedt or educethef r
equencyofoccur renceofundesirable
events.Pr eventi
v econt rolsf orcecompl iancewi thprescribedordesiredact i
onsandt husscreen
outabnor malev ent s.Prev entingerr
or sandf raudisf armor ecost-eff
ectivethandetecti
ngand
corr
ect i
ngpr oblemsaf t
ert heyoccur .Thev astmaj ori
tyofundesi r
ableev entscanbebl ockedat
thi
sfirstlevel.Forexampl e, awell-
designedsour cedocumenti sanexampl eofapr event
ivecontrol
.
Howev er,notal lproblemscanbeant icipatedandpr evented.

Detective Contr
ols:Det ecti
ve cont r
olsform t he second l
ine ofdef
ense.These are devices,
techniques,and pr ocedures designed toi denti
fyand expose undesir
able event
st hatelude
preventi
ve controls.Detecti
ve cont rol
sr evealspeci f
ictypes oferr
ors by comparing actual
occurrencestopr e-est
abli
shedst andards.Whent hedetect
ivecontr
oli
denti
fi
esadepar tur
ef rom
standard,itsoundsanal armt oat tr
actattenti
ont ot heprobl
em.Forexampl e,assumeacl erk
enteredthefoll
owingdat aonacust omersalesor der
:
Quant
it
y Pr
ice Tot
al
10 $10
$1,
000
Befor
e processi
ng t
histransacti
on and post
ing t
othe accounts,a det
ecti
ve contr
olshoul
d
recal
cul
atethetot
alval
ueusingthepri
ceandquantit
y(i
.e.$100)
.Thust
heerrori
ntotalpri
cewoul
d
bedetect
ed.

Correcti
veCont rols:Cor
rect
ivecontr
olsareact i
onstakentoreversetheef fect
sofer r
or sdetected
i
nt hepr evi
ousst ep.Thereisanimpor t
antdi st
inct
ionbetweendet ecti
vecont rolsandcor r
ective
control
s.Det ecti
vecont r
olsident
if
yanomal iesanddr aw attent
iont ot hem;cor rectivecont r
ols
actuall
yf i
xthepr oblem.Foranydet ect
eder ror,however,t
heremaybemor et hanonef easible
correct
iveaction,butthebestcour
seofact i
onmaynotal waysbeobv ious.Forexampl e,invi
ewi ng
Page8of8
theerr
orabove,
yourfi
rstincli
nati
onmayhav ebeentochanget
hetot
alval
uef
rom $1,
000t
o$100
tocorr
ecttheprobl
em.Thi spresumesthatthequanti
tyandpri
ceval
uesonthedocumentar
e
corr
ect;t
heymaynotbef orinst
ancethequanti
tycoul
dbe100unit
s.

3.3.
2.SASI nter
nalControlFramework
Thecurrentauthori
tati
vedocumentf orspeci
fyi
ngi nt
ernalcont
rolobject
ivesandt echni
quesi s
Stat
ementon Audi ting Standards (
SAS)No.78.The SAS 78 f r
amewor k consists offiv
e
components:t he controlenv ir
onment
,risk assessment,infor
mation and communi cat
ion,
monitor
ing,andcontrolacti
vit
ies.

a.TheControlEnvi
ronment
Thecontr
olenv i
ronmentist hefoundat
ionf
ort
heot
herf
ourcont
rolcomponent
s.I
mpor
tant
el
ementsoft
hecont r
olenv
ironmentare:

 Theint
egr i
tyandet hical v
al uesofmanagement .
 Thestructureoft heorgani zati
on.
 Thepar t
icipationoft heor ganization’sboardofdirectorsandtheaudi
tcommi
tt
ee,i
fone
exi
sts.
 Management ’sphil
osophyandoper atingstyl
e.
 Theprocedur esfordel egatingresponsi bi
li
tyandauthori
ty.
 Management ’smethodsf orassessi ngperfor
mance.
 Ext
ernalinfluences,suchasexami nationsbyregul
atoryagenci
es.
 Theorganizat i
on’spolici
esandpr act i
cesformanagingitshumanresour
ces.

b.RiskAssessment
Organi
zat
ionsmustperfor
m ariskassessmenttoidenti
fy,anal
yze,andmanager
isksr
elev
antt
o
fi
nanci
alr
eport
ing.Ri
skscanar
iseorchangefrom ci
rcumstancessuchas:

 Changesi ntheoper atingenv i

ronmentt hatimposeneworchangedcompet itiv
epressureson
thefi
rm.
 Newper sonnel whohav eadi f
ferentori nadequat eunder st
andi ngofi nter
nal contr
ol.
 Neworr eengineer edi nf or
mat ionsy stemst hataf f
ectt r
ansact i
onpr ocessi
ng.
 Signi
ficantandr api dgr owtht hatst rainsexi st
inginternalcont r
ol s.
 Thei mpl ement ationofnew t echnol ogyi ntothepr oduct i
onpr ocessori nformationsystem
thati
mpact stransact ionpr ocessi ng.
 Thei ntroducti
onofnew pr oductl i
nesoract i
viti
eswi thwhi cht heor ganizati
onhasl ittl
e
experience.
 Organizat i
onalr estructur i
ngr esul ti
ngi nt hereduct i
onand/ orr eal l
ocati
onofper sonnelsuch
thatbusinessoper ati
onsandt ransact ionpr ocessingareaf fected.
 Enteri
ngi ntofor eignmar ketst hatmayi mpactoper ati
ons( thati s,theri
sksassoci at
edwi th
forei
gncur r
encyt ransact i
ons) .
 Adopt i
onofanewaccount ingpr inciplet hatimpact stheprepar at i
onoff i
nancialstat
ement s.

Page9of9
 c.InformationandCommuni cati
on
Theaccountingi nf
ormationsy
stem (
AIS)consist
softherecor
dsandmet hodsusedtoi
nit
iate,
i
dentif
y,anal
yz e,cl
assi
fy,andr
ecordtheor
ganizati
on’
str
ansact
ionsandt
oaccount.Anef
fecti
ve
accounti
nginformati
onsy st
em wi
ll
:

 Identi
fyandr ecordall
val
idfinanci
alt
ransact
ions.
 Pr ovi
de t i
melyi nf
ormati
on aboutt ransactions i
n suf
fi
cientdet ai
lto per
mitpr oper
classifi
cati
onandf i
nanci
alreporti
ng.
 Accur atel
ymeasur ethefi
nancialval
ueoft ransact
ionssotheiref
fectscanberecor
dedi n
financialst
atements.
 Accur atel
yrecordtr
ansact
ionsinthetimeper i
odinwhicht
heyoccurred.

d.Moni t
ori
ng
Managementmustdet er
minet hatinter
nalcontrol
sarefuncti
oningasint
ended.Monitor
ingisthe
processbywhicht
hequalit
yofi nt
ernalcont
roldesignandoperati
oncanbeassessed.Thismaybe
accompli
shedbyseparateproceduresorbyongoi ngacti
vit
ies.Anorgani
zat
ion’
sinter
nalaudit
ors
maymoni t
ortheent
it
y’sacti
vi
tiesinseparat
epr ocedur
es.

e.ControlActiv
iti
es
Contr
olacti
vi
tiesarethepolici
esandpr oceduresusedtoensuret
hatappr
opri
ateact
ionsar
et aken
todealwit
ht heorganizat
ion’sident
if
iedrisks.Cont
rolact
ivi
ti
escanbegroupedint
ot wodisti
nct
cat
egori
es:ITcontrol
sandphy si
calcontr
ols.

ITCont r
ols:I
Tcont rol
sr el
atespecif
icall
ytot hecomput erenvi
ronment .Theyf al
lint
otwobr oad
groups:generalcontr
olsandapplicat
ioncont r
ols.Generalcont
rolspertaintoentit
y-wi
deconcerns
suchascont r
olsov erthedatacenter
,organizati
ondatabases,systemsdev elopment,andpr
ogram
maintenance.Applicat
ioncont r
olsensuret heintegr
ityofspecifi
csy stemssuchassal esorder
processi
ng,accountspay abl
e,andpay r
ollappli
cati
ons

PhysicalCont rols:Thi
sclassofcont r
olsrelat
esprimar
il
ytothehumanact i
vit
iesempl oyedin
accounti
ngsy stems.Theseact i
vi
tiesmaybepur el
ymanual,suchast hephy sicalcustodyof
assets,ort heymayi nvol
vet hephysicaluseofcomput er
stor ecor
dt r
ansactionsorupdat e
accounts.Ther e are si
x categor
ies ofphy si
calcontr
olacti
vi
ti
es:transacti
on authorizat
ion,
segregation ofdut i
es,supervi
sion,accounting r
ecor
ds,access control
,and i ndependent
veri
fi
cation.

a.Tr ansactionAut horization

Thepur poseoft ransactionauthor izati
oni stoensuret hatallmat er
ialtransacti
onspr ocessedby
theinformationsystem ar evali
dandi naccordancewithmanagement ’
sobj ecti
ves.Authori
zations
maybegener alorspeci f
ic.Gener alaut hori
tyisgrant
edt ooper at
ionsper sonneltoperform day-t
o-
dayoper ati
ons.Anexampl eofgener alaut hor
izati
onisthepr oceduretoaut hori
zet hepurchaseof
i
nvent or
iesfrom adesi gnatedv endoronl ywheni nventoryl
ev elsf
alltotheirpredeterminedreorder
points.Ont heot herhand,speci fi
caut hori
zati
onsdealwi thcase- by-casedeci si
onsassoci ated
withnon- r
outinetransacti
ons.Anexampl eofthisist
hedeci siontoextendapar ti
cularcustomer ’
s

Page10of10
cr
edi
tli
mitbey
ondt
henor
mal
amount
.Speci
fi
caut
hor
it
yisusual
l
yamanagementr
esponsi
bil
i
ty.

b.Segr egationofDut i
es
Oneoft hemosti mpor t
antcontrolact
ivi
ti
esisthesegr
egati
onofempl oyeeduti
estominimize
i
ncompat i
blefuncti
ons.Segr egationofduti
escantakemanyf orms,dependi
ngont hespecifi
c
duti
es to be controll
ed.Howev er,t
he fol
lowi
ng t
hree obj
ect
ives pr
ovi
de generalgui
del
ines
appl
icabl
etomostor ganizat
ions.

Obj
ecti
ve1.Thesegregat
ionofdut
iesshoul
dsepar
atet
heaut
hor
izat
ionf
orat
ransact
ionf
rom t
he
pr
ocessi
ngofthetr
ansacti
on.

Obj
ecti
ve2.Responsi
bil
i
tyf
ort
hecust
odyofasset
sshoul
dbesepar
atef
rom t
her
ecor
d-keepi
ng
r
esponsi
bil
i
ty.

Obj
ect
ive3.Theor
ganizat
ionshouldbest r
ucturedinor dertoavoi
dormi
nimi
zet
hecol
l
usi
on
bet
weentwoormor
eindivi
dual
swithincompati
bleresponsibi
l
iti
es.

c.Super vi
sion.
I
mplementi
ngadequatesegregat
ionofduti
esrequi
resfi
rmstoempl oyasuffici
entl
yl ar
genumber
ofemployees.In smallorgani
zat
ions orinfuncti
onalareas thatlack suff
icientper
sonnel,
managementmustcompensat efortheabsenceofsegregat
ioncontrol
swithcl osesupervi
sion.
Fort
hisr
eason,super
visioni
soft
encall
edacompensatingcontr
ol.

d.Account i
ngRecor ds
Theaccount ingrecordsofanor gani
zationconsistofsour cedocument s,journal
s,andledger
s.
These records capturethe economi c essence oft r
ansacti
ons and pr ov
ide an audittr
ailof
economicev ents.Theaudittr
ailenabl
est heaudit
ort otraceanytransact
iont hr
oughallphasesof
i
tsprocessingfrom theini
ti
ati
onoft heev entt
othefinancialst
atements.

Or gani
zati
onsmustmai ntainaudi tt r
ail
sf ortwor easons.Fi rst,thisinformati
oni sneededf or
conductingday -t
o-dayoper ations.Theaudi ttrai
lhel psempl oyeesr espondt ocust omeri nquir
ies
byshowi ngthecur rentstat
usoft ransacti
onsi nprocess.Second, t
heaudi ttrai
lplay sanessent ial
roleinthefinancialauditoft hef i
rm.Itenables ext ernal(andinter
nal )audit
orstov er
if
ysel ected
transact
ionsbyt racingthem f rom t hef i
nancialst
atement stotheledgeraccount s,tothej ournals,
tot hesour cedocument s,and backt ot heiroriginalsource.Forr easonsofbot h practi
cal
conv eni
encesandl egalobl i
gat ion,businessor ganizationsmustmai ntai
nsuf f
icientaccount ing
recordstopr eser
v ethei
rauditt rail
s.

e.AccessCont rol.
Thepur poseofaccesscont rol
sistoensur ethatonlyauthorizedpersonnelhaveaccesstot he
fi
rm’s assets.Unauthorized access exposes asset sto mi sappropri
ati
on,damage,and t heft
.
Therefore,accesscont
rolspl ayanimpor t
antr ol
einsafeguardingassets.Accesstoassetscanbe
di
rectori ndirect
.Physicalsecur it
ydev ices,suchasl ocks,saf es,fences,andelectr
onicand
i
nfraredalarm systems,cont rolagainstdirectaccess.Indirectaccesstoassetsisachievedby
gai
ningaccesst otherecor dsanddocument st
hatcontroltheuse,owner shi
p,anddisposi
ti
onof
Page11of11
t
heasset
.

f
.I ndependentVer i
ficati
on
Verifi
cati
onpr oceduresarei ndependentchecksoft heaccounti
ngsy st
em toi denti
fyerrorsand
misrepresent ati
ons.Veri
ficati
ondi f
fer
sf r
om supervi
sionbecauseittakesplaceaf t
erthef act,by
ani ndi
vidualwhoi snotdi rectl
yi nvol
vedwi ththetr
ansacti
onort askbeingv eri
fi
ed.Super vi
sion
takesplacewhi letheactivi
tyisbei ngperformed,byasuper vi
sorwithdir
ectresponsibi
li
tyf orthe
task.Thr oughi ndependentv eri
ficati
onpr ocedur
es,managementcanassess( 1)theperformance
ofindivi
dual s,(2)theintegrit
yoft hetransacti
onprocessi
ngsy st
em,and( 3)t hecorrectnessof
datacont ai
nedi naccountingr ecords.Exampl esofi
ndependentver
ifi
cati
onsinclude:

 Reconci
li
ngbatchtotal
satpointsdur
ingtr
ansact
ionprocessi
ng.
 Comparingphysi
calasset
swi t
haccounti
ngrecords.
 Reconci
li
ngsubsidi
aryaccountswit
hcontrol
accounts.
 Revi
ewingmanagementr epor
ts(bothcomputerandmanual l
ygener
ated)t
hatsummar
ize
busi
nessacti
vi
ty.

Thetimingofveri
fi
cati
ondependsonthetechnol
ogyemployedi
ntheaccount
ingsy st
em andt
he
taskunderrevi
ew.Verif
icat
ionsmayoccursever
alti
mes,insomecases,ver
if
icat
ionmayoccur
dail
y,weekl
y,monthl
y,orannual
ly
.

Page12of12