FAR EASTERN UNIVERSITY

Ethics, Fraud and Internal Control

ETHICS
- Pertains to the principle of conduct that individuals use in making choices and guiding their behavior in
situations that involve the concepts of right or wrong.
- Business ethics involves finding the answers to:
o How do managers decided what is right in conducting their business?
o Once managers have recognized what is right, how do they achieve it?

FRAUD
- Denotes a false representation of a material fact made by one party to another party with the intent to deceive
and induce the other party to justifiably rely on the fact to his or her detriment.
o False representation
o Material fact
o Intent
o Justifiable reliance
o Injury or loss
- Auditors encounter fraud in business at two levels:
o Employee Fraud
Generally designed to directly convert cash or other assets to the employees personal
benefit.
Typically, the employee circumvents the companys internal control system for personal
gain.
Employee fraud usually involves three steps:
Stealing something of value
Converting the asset to a usable form
Concealing the crime to avoid detection
o Management Fraud
More insidious than employee fraud because it often escapes detection until the organization
suffered irreparable damage or loss.
It can often perpetrate irregularities by overriding an otherwise effective internal control
structure that would prevent similar irregularities by lower level employees.
- Fraud Triangle:
o A model for explaining the factors that caused someone to commit occupational fraud.
Pressure
Opportunity
Rationalization
o How does fraud occur?
Poor Internal Controls
Management override of internal controls
Collusion between employees and 3rd parties.
Collusion between employee and management.
Poor or non existence of ethical policies.
- Fraud Schemes
o Fraudulent Financial Statements
Associated with management fraud.
The financial statement misrepresentation itself must bring direct or indirect financial benefit
to the perpetrator.
Basic types of FS fraud:
 Fictitious Sales
Improper Expense Recognition
Incorrect Asset Valuation
Hidden Liabilities
Unsuitable Disclosures
Underlying Problems concerning FS Fraud:
Lack of Auditor Independence
Lack of Director Independence
Questionable Executive Compensation Schemes
Inappropriate Accounting Practices
o Corruption
Involves an executive, manager or employee of the organization in collusion with an
outsider.
Four principal types of corruption:
Bribery
o Involves giving, offering, soliciting or receiving things of value to
influence an official in the performance of his or her lawful duties.
Illegal Gratuities
o Involves giving, receiving, offering or soliciting something of value
because of an official act that has been taken.
Conflicts of Interests
o Occurs when an employee acts on behalf of a third party during the
discharge of his or her duties or has self interest in the activity being
performed.
Economic Extortion
o The use of force by an individual or organization to obtain something of
value.
o Asset Misappropriation
The most common fraud schemes involve some form of asset misappropriation in which
assets are either directly or indirectly diverted to the perpetrators benefit.
Examples of schemes under Misappropriation of Assets:
Skimming
o Stealing cash from an organization before it is recorded.
Cash Larceny
o Cash receipts are stolen from an organization after they have been
recorded in the books.
Billing Schemes
o Also known as vendor fraud
o Perpetrated by employees who cause their employer to issue a payment to
a false supplier.
Check Tampering
o Changing a check that the organization has written to a legitimate payee.
Payroll Fraud
o Distribution of fraudulent paychecks to existent and/ or non- existent
employees.
Expense Reimbursement
o An employee makes a claim for reimbursement of fictitious or inflated
business expenses.
Non- Cash Misappropriations

INTERNAL CONTROL CONCEPTS AND TECHNIQUES

- Internal Control comprises of policies, practice and procedures employed by the organization to achieve these
four broad objectives:
o To safeguard assets of the firm
 o To ensure the accuracy and reliability of accounting records and information
o To promote efficiency in the firms operations
o To measure compliance with managements prescribed policies and procedures
- Inherent in these internal control objectives are four modifying assumptions that guide designers and auditors
of internal controls:
o Management Responsibilities
This concept holds that the establishment and maintenance of a system of internal control is
the responsibility of the management.
o Reasonable Assurance
The internal control system should provide reasonable assurance that the four broad
objectives of internal control are met in a cost- effective manner.
It also means that no system of internal control is perfect and the cost of achieving
improved control should not outweigh its benefits.
o Methods of Data Processing
Internal control should achieve the four broad objectives regardless of the data processing
method used.
The control techniques used to achieve these objectives will, however, vary with different
types of technology.
o Limitations
Every system of internal control has limitations on its effectiveness.
Possibility of error
Personnel circumvention
Management override
Changing conditions
- The Preventive Detective Corrective Internal Control Model
o Preventive Controls
Prevention is the first line of defense in the control structure.
Designed to discourage fraud and error from occurring.
Preventive controls are passive techniques designed to reduce the frequency of occurrence
of undesirable events.
Preventing errors and fraud from happening is far more cost effective than detecting and
correcting problems after they occur.
Some examples of preventive controls:
Locks and Passwords
Well- designed source documents (Official Receipt, Invoice, Purchase Order, etc.)
Authorization and approval
Segregation of duties
o Custody of Assets
o Authorization in using an asset
o Recordkeeping of assets
Asset Management
o Detective Controls
Second line of defense against irregularities.
These are devices, techniques and procedures designed to identify and expose undesirable
events that elude preventive controls.
Some examples of detective controls:
Reviews
Reconciliations
Physical Count
Audits
Security Cameras
o Corrective Control
Actions taken to reverse the effects of errors detected in the previous step.
Corrective controls fix the problem, while detective controls identify anomalies and draw
attention to them.
 For any detected error, there may be more than one feasible corrective action applicable.
Some examples of corrective controls:
Warnings
Terminations
Disaster management plan
- COSO Framework
o Committee of Sponsoring Organizations of the Treadway Commission
Sponsoring Organizations:
American Accounting Association (AAA)
American Institute of Certified Public Accountants (AICPA)
Financial Executives International (FEI)
Institute of Management Accountants (IMA)
The Institute of Internal Auditors (IIA)
Mission
The Committee of Sponsoring Organizations (COSO) mission is to provide
thought leadership through the development of comprehensive frameworks and
guidance on enterprise risk management, internal control and fraud deterrence
designed to improve organizational performance and governance and to reduce the
extent of fraud in organizations.
Vision
COSOs vision is to be a recognized thought leader in the global marketplace on
the development of guidance in the areas of risk and control which enable good
organizational governance and reduction of fraud.
o The COSO Framework consists of five components:
The Control Environment
It is the foundation of the other four control components.
The control environment sets the tone for the organization and influences the
control awareness of its management and employees.
Important elements of the control environment are:
o The integrity and ethical values of management.
o The structure of the organization.
o The participation of the organizations board of directors and the audit
committee, if one exists.
o Managements philosophy and operating style
o The procedures for delegating responsibility and authority
o Managements method for assessing performance
o External influences, such as examinations by regulatory agencies
o The organizations policies and practices for managing its human
resources
Risk Assessment
An organization must perform a risk assessment to identify, analyze and manage
risks relevant to financial reporting.
Risks can arise or change from circumstances such as:
o Changes in operating environment that impose new or changed
competitive pressures on the firm.
o New personnel who have a different or inadequate understanding of
internal control.
o New or reengineered information system that affect transaction
processing.
o Significant and rapid growth that strains existing internal controls.
o The implementation of new technology into the production process or
information system that impacts transaction processing.
o The introduction of new product lines or activities with which the
organization has little experience.
 o Organizational restructuring resulting in the reduction and/ or
reallocation of personnel such that business operations and transaction
processing are affected.
o Entering into foreign markets that may impact operations
o Adoption of a new accounting principle that impacts the preparation of
financial statements.
Information and Communication
The quality of information the accounting information system generates impacts
managements ability to take actions and make decisions in connection with the
organizations operations and to prepare reliable financial statements.
An effective accounting information system will:
o Identify and record all valid financial transactions.
o Provide timely information about transactions in sufficient detail to
permit proper classification and financial reporting.
o Accurately measure the financial value of transactions so their effects can
be recorded in financial statements.
o Accurately record transactions in the time period in which they occurred.
Monitoring
Monitoring is the process by which the quality of internal control design and
operation can be assessed.
Management must determine that internal controls are functioning as intended.
Control Activities
These are the policies and procedures used to ensure that appropriate actions are
taken to deal with the organizations identified risks.
Control activities are grouped into two distinct categories:
o IT Controls
IT controls relate specifically to the computer environment.
General controls pertain to entity wide IT concerns.
Application controls ensure the integrity of specific computer
systems.
o Physical Controls
This relates to the human activities employed in accounting
systems.

END

Source:
- Accounting Information System Ninth Edition by James A. Hall
- www.coso.org
- Various Websites