Jenevieve Limqueco (11117818)

February 5, 2014

ISACA code of professional ethics is a guide to the professional & personal conduct of members of the association and / or its certificate holders. Listed below is the ISACA code of professional ethics: 1001 Audit Charter 1202 Risk Assessment in Planning 1002 Organizational Independence 1203 Performance & Supervision 1003 Professional Independence 1204 Materiality 1004 Reasonable Expectation 1205 Evidence 1005 Due Professional Care 1206 Using the Work of Other Experts 1006 Proficiency 1207 Irregularity & Illegal Acts 1007 Assertions 1401 Reporting 1008 Criteria 1402 Follow-Up Activities 1201 Engagement Planning Failure to comply with the ISACA code of professional ethics would lead to investigation into the CISA holders conduct by the ISACA BOD or appropriate committee & ultimately in disciplinary action. Ethics is the principles of conduct that individuals use in making choices & guiding their behaviour in situations that involve the concept of right & wrong. Ethics are needed when conflicts arise the need to choose. Conflicts may arise between employees, management, & stockholders. Business ethics involves equity, rights, honesty, & exercise of corporate power. Proportionality is the benefit from a decision must outweigh the risk. Justice is the benefits of a decision should be distributed fairly. Main computer ethics issues are privacy, security, ownership of property relating to intangible things, equity in access, environmental issues, artificial intelligence, unemployment & displacement, misuse of computer. Fraud is a false representation of a material fact with the intent of deceiving another person that has caused injury or loss. Due to this, SOX was enacted on 2002. Its principal reforms pertain to: 1) Creation of PCAOB. 2) Auditors independence. 3) Corporate governance & responsibility. 4) Disclosure requirements. There are 2 types of fraud: 1) employee fraud is where the employee would take cash from the company but this fraud could be seen easily. 2) Management fraud is where the management would misappropriate the assets of the company and this fraud could not be seen easily. 3 kinds of fraud schemes: 1) fraudulent statements is the act of misstating the FS of the company, usually a management fraud. 2) Corruption arises through bribery, illegal gratuities, conflict of interest & economic extortion. 3) Assets misappropriation is usually an employee fraud. Computer fraud is a fraud where people would use a computer to change something in the system. Data processing frauds consists of program frauds & operations frauds. Database Management Frauds altering, deleting, corrupting, destroying, or stealing an organizations data. Information generation fraud consists of 1) Scavenging is searching through the trash cans on the computer center for discarded output. & 2) Eavesdropping is listening to output transmissions over communication lines. Limitations of Internal Control are 1) Possibility of honest errors. 2) Circumvention via collusion. 3) Management override. And lastly, 4) Changing conditions. Exposures of weak internal controls are destruction, theft, corruption & disruption.