1. Distinguish between ethical issues and legal issues.

An ethical issue is rooted in morals that call for an individual or a company to choose
between alternatives that can be evaluated as wrong (unethical) or right (ethical). It is based
upon the perception of the rightness or the wrongness of an act or a situation and thereby
affects the society or other individuals. An ethical issue also raises questions of virtue and is
often guided by one’s sense of the right and the wrong.
Legal issues have a set of rules on which they are based and are punishable by law if those
rules are not adhered by. Legal issues arise due to the in-adherence or the noncompliance
with the principles of law which can be considered as an offence against the law. Such issues
are usually punishable by law and harbor consequences that are imposed upon by the
governing law of a country.
2. When a company has a strong internal control structure, stockholders can expect the
elimination of fraud. Comment on the soundness of this statement.

A strong internal control structure provides a very good shield against fraud. However, these shields are
not 100 percent bulletproof, especially when employees collude and/or top management is involved. A
strong internal control structure coupled with good employee morals and ethics is the best deterrence
against fraud.

3. Distinguish between employee fraud and management fraud.

Employee Fraud is committed by non-management employees and is generally designed to

4. Discuss the Sarbanes-Oxley Act.

Public outcry surrounding ethical misconduct and fraudulent acts by executives of Enron, Global Crossing,
Tyco, Adelphia, WorldCom, and other spurred Congress into passing the American Competitiveness and
Corporate Accountability Act of 2002. This wide-sweeping legislation, more commonly known as the
Sarbanes Oxley Act (SOX), is the most significant securities law since the Securities and Exchange
Commission (SEC) Acts of 1993 and 1934. SOX has many provisions designed to deal with specific
problems relating to capital markets, corporate governance, and the auditing profession.

5. If detective controls signal error flags, why shouldn’t these types of controls automatically make
a correction in the identified error? Why are corrective controls necessary?

A strong internal control structure provides a very good shield against fraud. However, these shields are
not 100 percent bulletproof, especially when employees collude and/or top management is involved. A
strong internal control structure coupled with good employee morals and ethics is the best deterrence
against fraud.

6. Discuss the nonaccounting services that external auditors are no longer permitted to render to
audit clients.
The Act addresses auditor independence by creating more separation between a firm's attestation and
non-auditing activities. This is intended to specify categories of services that a public accounting firm
cannot perform for its client. These include the following nine functions: • Bookkeeping or other services
related to the accounting records or financial statements; • Financial information systems design and
implementation; • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports; •
Actuarial services; • Internal audit outsourcing services; • Management functions or human resources; •
Broker or dealer, investment adviser, or investment banking services; • Legal services and expert services
unrelated to the audit; and • Any other service that the PCAOB determines is impermissible. While the
Sarbanes-Oxley Act prohibits auditors from providing the above services to their audit clients, they are
not prohibited from performing such services for non-audit clients or privately held companies.

7. Discuss whether a firm with fewer employees than there are incompatible tasks should rely more
heavily on general authority than specific authority.

Small firms with fewer employees than there are incompatible tasks should rely more heavily on specific
authorizations. More approvals of decision by management and increased supervision should be imposed
in order to somewhat compensate for the lack of separation of duties.

8. According to SAS 78/COSO, the proper segregation of functions is an effective internal control
procedure. Please Discuss

If a payroll employee were to prepare a paycheck for a nonexistent employee (perhaps under an alias, or
in the name of a relative), and this employee also has the task of distributing the checks, then no one
would be the wiser. On the other hand, if the checks go directly to another person, who then distributes
the paychecks, then the extra check should be discovered.

9. Distinguish between exposure and risk.

Exposure is the absence or weakness of a control

Risk is the possibility of loss or injury that can reduce or eliminate an organization’s ability to achieve its
objectives. In terms of electronic commerce, risk relates to the loss, theft, or destruction of data as well as
the use of computer programs that financially or physically harm an organization.

10. Explain the characteristics of management fraud.

The fraud is perpetrated at levels of management above the one to which internal control
structures generally relate.
The fraud frequently involves using the financial statements to create an illusion that an entity is
healthier and more prosperous than, in fact , it is.
If the fraud involves misappropriation of assets, it frequently is shrouded in a maze of complex
business transactions, often involving related third parties.

11. Why are the computer ethics issues of privacy, security, and property ownership of interest to
accountants?

Privacy is a concern because the nature of computer data files makes it possible for unauthorized
individuals to obtain information without it being recognized as "missing" from its original location.
12. Explain why collusion between employees and management in the commission of a fraud is
difficult to both prevent and detect.

Collusion among employees in the commission of a fraud is difficult to both prevent and detect. This is
particularly true when the collusion is between managers and their subordinate employees. Management
plays a key role in the internal control structure of an organization. They are relied upon to prevent and
detect fraud among their subordinates. When they participate in fraud with the employees over whom
they are supposed to provide oversight, the organization's control structure is weakened, or completely
circumvented, and the company becomes more vulnerable to losses.

13. Because all fraud involves some form of financial misstatement, how is fraudulent statement
fraud different?

Fraudulent statements are associated with management fraud. While all fraud involves some form of
financial misstatement, to meet the definition under this class of fraud scheme, the statement itself must
bring direct or indirect financial benefit to the perpetrator. In other words, the statement is not simply a
vehicle for obscuring or covering a fraudulent act. For example, misstating the cash account balance to
cover the theft of cash does not fall under this class of fraud scheme. On the other hand, understating
liabilities to present a more favorable financial picture of the organization to drive up stock prices does
qualify.

14. Explain the problems associated with lack of auditor independence.

Auditing firms who are also engaged by their clients to perform non-accounting activities such as
actuarial services, internal audit outsourcing services, and consulting lack independence. They are
essentially auditing their own work. This risk is that as auditors they will not bring to management's
attention detected problems that may adversely affect their consulting fees. For example, Enron's auditors
- Arthur Andersen - were also their internal auditor's and their management consultants.

15. Why is an independent audit committee important to a company?

The audit committee is responsible for selecting and engaging an independent auditor, for ensuring that
an annual audit is conducted, for reviewing the audit report, and for ensuring that an annual audit is
conducted, for reviewing the audit report , and for ensuring that deficiencies are addressed. Large
organizations with complex accounting practices may need to create audit subcommittees that specialize
in specific activities.

16. In this age of high technology and computer-based information systems, why are accountants
concerned about physical (human) controls?

Virtually all systems, regardless of their sophistication, employ human activities that need to be controlled.
This class of controls relates primarily to the human activities employed in accounting systems. These
activities may be purely manual, such as the physical custody of assets, or they may involve the use of
computers to record transactions or update accounts. Physical controls do not relate to the computer
logic that actually performs these accounting tasks. Rather, they relate to the human activities that initiate
such computer logic. In other words, physical controls do not suggest an environment in which clerks
update paper accounts with pen and ink.