Beruflich Dokumente
Kultur Dokumente
Documentation
Techniques
REVIEW
Batch Processing
Real Time Processing
Source Documents
Turnaround documents
general ledger
Subsidiary ledger
Practice : System Documentation
Document Flowcharts
To demonstrate the preparation of a document flowchart, let’s
assume that an auditor needs to flowchart a sales order system
to evaluate its internal controls and procedures. The auditor will
begin by interviewing individuals involved in the sales order
process to determine what they do. This information will be
captured in a set of facts similar to those below. Keep in mind
that the purpose here is to demonstrate flowcharting. Thus, for
clarity, the system facts are intentionally simplistic.
Sales Department Credit Department Warehouse Department Shipping Department
Customer Sales Sales
Order 2
A
Order 1
Customer Sales
Order Order 3
Credit
Check Pick Stock
record Sales
Credit Goods record Order 4
Prepare
Sales
Order Signed
Sales Sales
Pick
Order 1 Order 2
Goods
SO4
Sales
SO3 Order 3
SO2 Sales
Order 4
Sales Sales
Order 1 Order 2
Signed
N Sales
Order 1 N
Distribute SO Customer
and File
A
Customer
Order
Signed SO4
Sales SO3
Order 1
Sales
N Order 2
Sales Department Computer Operations Dept Warehouse Department Shipping Department
System Flowchart
Customer Edit and
Credit
Sales Order
1
A
Credit
Check
History
Customer
Order Sales
Order 3
AR File Pick Stock Sales
Sales Goods record Order 2
Order
Inventory
Input Sales Pick
Order Order 2
Update Goods
Program
Sales
Order 3
Sales
Customer Order 2
Order Sales
Order 1
A
Sales
Order 3
Sales Customer
Order 2
Sales
Order 1
What are the documents that will be used by this cycle?
For each document stated above, is this a source, product, or
turnaround document?
What are the journals that will be used in this cycle?
For each journal stated, is this a general or special journal?
What are the ledgers that will be used in this cycle?
For each ledger stated, is this a subsidiary or general ledger?
System Documentation—Payroll
The following describes the payroll procedures for a hypothetical company.
Every Thursday, the timekeeping clerk sends employee time cards to the payroll
department for processing. Based on the hours worked reflected on the time cards, the
employee pay rate and withholding information in the employee file, and the tax rate
reference file, the payroll clerk calculates gross pay, withholdings, and net pay for each
employee. The clerk then prepares paychecks for each employee, files copies of the
paychecks in the payroll department, and posts the earnings to the employee records.
Finally, the clerk prepares a payroll summary and sends it and the paychecks to the
cash disbursements (CD) department.
The CD clerk reconciles the payroll summary with the paychecks and records the trans-
action in the cash disbursements journal. The clerk then files the payroll summary and
sends the paychecks to the treasurer for signing.
The signed checks are then sent to the pay- master, who distributes them to the
employees on Friday morning.
Required:
Prepare a data flow diagram and a flowchart of the payroll procedures previously
described.
System Flowchart
Using the diagram on the following
page, answer the following
questions:
a. What do Symbols 1 and 2
represent?
b. What does the operation
involving Symbols
3 and 4 depict?
c. What does the operation
involving Symbols
4 and 5 depict?
d. What does the operation
involving Symbols 6, 8, and 9
depict?
TECHNIQUES
incorrect correct
Report Report Report
Report Process
Report Computer
Report Input Process
Store Store
Report Computer
Process
Report
Store Store
Forwarding to another column
Customer Credit
Check
Credit
record Customer Sales
Order 1
Customer
Order Customer
Signed Order
Sales Credit
Check
Order 1 record
Credit
Prepare
Sales Prepare
Order Sales
Order Signed
Sales
Order 1
SO4
SO4
SO3
SO3
SO2
SO2
Sales
Order 1 Sales
Order 1
Exemption
Customer Customer
Customer Customer Order
Order Order
Order
Process
Process
Customer
Customer
Relational
Database
LECTURE 4 – SELF PHASE REVIEW
Ethics, Fraud, and
Internal Control
LECTURE 5,6,7
BUSINESS ETHICS
Ethics pertains to the principles of conduct that individuals use in making
choices and guiding their behavior in situations that involve the concepts of
right and wrong. More specifically, business ethics involves finding the
answers to two questions:
(1) How do managers decide what is right in conducting their business? and
(2) Once managers have recognized what is right, how do they achieve it?
Some of the business practices and decisions in each of these areas that
have ethical implication
Equity
Rights
Honesty
Exercise of Corporate Power
Making Ethical Decisions
Ethical Principles
Proportionality. The benefit from a decision must outweigh the risks.
Furthermore, there must be no alternative decision that provides the same or
greater benefit with less risk.
Justice. The benefits of the decision should be distributed fairly to those
who share the risks.
Minimize risk. Even if judged acceptable by the principles, the
decision should be implemented so as to minimize all of the risks and
avoid any unnecessary risks.
Computer Ethics
Privacy
Security, Accuracy and Confidentiality
Ownership of Property
Equity in Access
Environmental Issues
Artificial Intelligence
Unemployment and Displacement
Misuse of Computers
Sarbanes-Oxley Act and Ethical
Issues : Section 406—Code of Ethics
for Senior Financial Officers
Section 406 of SOX requires public companies to disclose
to the SEC whether they have adopted a code of ethics
that applies to the organization’s CEO, CFO, controller,
or per- sons performing similar functions. If the company
has not adopted such a code, it must explain why. A
public company may disclose its code of ethics in
several ways: (1) included as an exhibit to its annual
report, (2) as a posting to its website, or (3) by agreeing
to pro- vide copies of the code upon request.
The SEC has ruled that compliance with Section 406
necessitates a written code of ethics that addresses the
following ethical issues.
Conflicts of Interest.
Full and Fair Disclosures.
Legal Compliance.
Internal Reporting of Code Violations
Accountability.
Fraud and Accountants
Definitions of Fraud
Fraud denotes a false representation of a material fact made by one party
to another party with the intent to deceive and induce the other party to
justifiably rely on the fact to his or her detriment. According to common
law, a fraudulent act must meet the following five conditions:
1. False representation. There must be a false statement or a
nondisclosure.
2. Material fact. A fact must be a substantial factor in inducing someone
to act.
3. Intent. There must be the intent to deceive or the knowledge that
one’s statement is false.
4. Justifiable reliance. The misrepresentation must have been a
substantial factor on which the injured party relied.
5. Injury or loss. The deception must have caused injury or loss to the
victim of the fraud.
Auditors encounter fraud at two levels: employee fraud and
management fraud. Because each form of fraud has different
implications for auditors, we need to distinguish between the
two
Employee fraud, or fraud by non management employees, is generally
designed to directly convert cash or other assets to the employee’s
personal benefit.
Employee fraud usually involves three steps:
(1) stealing something of value (an asset),
(2) converting the asset to a usable form (cash), and
(3) concealing the crime to avoid detection.
Management fraud is more insidious than employee fraud because it
often escapes detection until the organization has suffered irreparable
damage or loss. Usually management fraud does not involve the direct
theft of assets.
Management fraud typically contains three special characteristics:
1. The fraud is perpetrated at levels of management above the one
to which internal control structures generally relate.
2. The fraud frequently involves using the financial statements to
create an illusion that an entity is healthier and more prosperous
than, in fact, it is.
3. If the fraud involves misappropriation of assets, it frequently is
shrouded in a maze of complex business transactions, often
involving related third parties.
The Fraud Triangle ( Factors that
Contribute to Fraud )
The Fraud Triangle consist of three
factors that contribute to or are
associated with the
management and employee
fraud.
1. Situational pressure
2. Opportunity
3. Ethics ( Rationalization)
Public accounting firms have developed checklists to
help uncover fraudulent activity during an audit.
Questions for such a checklist might include
Do key executives have unusually high personal debt?
Do key executives appear to be living beyond their means?
Do key executives engage in habitual gambling?
Do key executives appear to abuse alcohol or drugs?
Do any of the key executives appear to lack personal codes of ethics?
Are economic conditions unfavorable within the company’s industry?
Does the company use several different banks, none of which sees the
company’s entire financial picture?
Do any key executives have close associations with suppliers?
Is the company experiencing a rapid turnover of key employees, either
through resignation or termination?
Do one or two individuals dominate the company?
Financial Losses from Fraud
1. Fraudulent Statements
2. Corruption
3. Asset Misappropriation
Fraud Schemes
1. Fraudulent Statements
The Underlying Problems.
Lack of Auditor Independence.
Lack of Director Independence.
Questionable Executive Compensation Schemes
Inappropriate Accounting Practices
Sarbanes-Oxley Act and Fraud (
SOX)
The act establishes a framework to modernize and reform the oversight
and regulation of public company auditing. Its principal reforms
pertain to
(1) the creation of an accounting oversight board,
(2) auditor independence, (
3) corporate governance and responsibility,
(4) disclosure requirements, and
(5) Issuer and Management Disclosure
(6) Fraud and Criminal Penalties
Corruption
Corruption involves an executive, manager, or employee
of the organization in collusion with an outsider.
Bribery. Bribery involves giving, offering, soliciting, or receiving things of value to
influence an official in the performance of his or her lawful duties.
Illegal Gratuities. An illegal gratuity involves giving, receiving, offering, or soliciting
something of value because of an official act that has been taken.
Conflicts of Interest. Every employer should expect that his or her employees will
conduct their duties in a way that serves the interests of the employer. A conflict
of interest occurs when an employee acts on behalf of a third party during the
discharge of his or her duties or has self-interest in the activity being performed.
Economic Extortion. Economic extortion is the use (or threat) of force (including
economic sanctions) by an individual or organization to obtain something of
value.
Asset Misappropriation
Examples of fraud schemes involving asset misappropriation
are described in the following sections.
Charges to Expense Accounts.
Lapping
Transaction Fraud
Computer Fraud Schemes.
Data Collection.
Program fraud
Operations fraud
Database Management.
Information Generation
Internal Control Concept and
Techniques
The internal control system comprises policies, practices, and
procedures employed by the organization to achieve four broad
objectives:
1. To safeguard assets of the firm.
2. To ensure the accuracy and reliability of accounting records and
information.
3. To promote efficiency in the firm’s operations.
4. To measure compliance with management’s prescribed policies
and procedures.
Inherent in these control objectives are four
Modifying Assumptions that guide designers and
auditors of internal controls
Management Responsibility. This concept holds that the establishment and
maintenance of a system of internal control is a management responsibility.
Reasonable Assurance. The internal control system should provide reasonable
assurance that the four broad objectives of internal control are met in a cost-
effective manner.
Methods of Data Processing. Internal controls should achieve the four broad
objectives regardless of the data processing method used. The control
techniques used to achieve these objectives will, however, vary with different
types of technology.
Limitations. Every system of internal control has limitations on its effectiveness.
These include (1) the possibility of error, (2) circumvention, (3) management
override, (4) changing conditions.
Exposures and
Risk
The absence or weakness of a control is
called an exposure. Exposures, which are
illustrated as holes in the control shield in
Figure 3-3, increase the firm’s risk to
financial loss or injury from undesirable
events. A weakness in internal control
may expose the firm to one or more of
the following types of risks:
Detective
Corrective
Sarbanes-Oxley and Internal
Control
This entails providing an annual report addressing the following points:
1. a statement of management’s responsibility for establishing and maintaining
adequate internal control;
2. an assessment of the effectiveness of the company’s internal controls over
financial reporting;
3. a statement that the organization’s external auditors have issued an
attestation report on management’s assessment of the company’s internal
controls;
4. an explicit written conclusion as to the effectiveness of internal control over
financial reporting; and
5. a statement identifying the framework used in their assessment of internal
controls.
SAS 78/COSO Internal Control
Framework
Committee of Sponsoring Organizations of the Treadway Commission
(COSO). The SAS 78/COSO framework consists of five components:
1. The control environment,
2. Risk assessment,
3. Information and communication,
4. Monitoring, and
5. Control activities
The Control Environment
Important elements of the control environment are:
The integrity and ethical values of management.
The structure of the organization.
The participation of the organization’s board of directors and the audit
committee, if one exists.
Management’s philosophy and operating style.
The procedures for delegating responsibility and authority.
Management’s methods for assessing performance.
External influences, such as examinations by regulatory agencies.
The organization’s policies and practices for managing its human resources.
SAS 78 requires that auditors obtain sufficient knowledge to assess
the attitude and awareness of the organization’s management,
board of directors, and owners regarding internal control. The
following paragraphs provide examples of techniques that may
be used to obtain an understanding of the control environment.
Auditors should assess the integrity of the organization’s
management and may use investigative agencies to report 1. Separate CEO and
on the backgrounds of key managers. chairman.
Auditors should be aware of conditions that would 2. Set ethical standards.
predispose the management of an organization to commit
fraud. 3. Establish an
independent audit
Auditors should understand a client’s business and industry committee.
and should be aware of conditions peculiar to the industry
that may affect the audit. 4. Compensation
committees.
The board of directors should adopt, as a minimum, the
provisions of SOX. In addition, the following guidelines 5. Nominating committees.
represent established best practices. 6. Access to outside
professionals
Risk Assessment
Organizations must perform a risk assessment to identify, analyze, and manage risks
relevant to financial reporting. Risks can arise or change from circumstances such as:
1. Changes in the operating environment that impose new or changed competitive pressures
on the firm.
2. New personnel who have a different or inadequate understanding of internal control.
3. New or reengineered information systems that affect transaction processing.
4. Significant and rapid growth that strains existing internal controls.
5. The implementation of new technology into the production process or information system
that impacts transaction processing.
6. The introduction of new product lines or activities with which the organization has little
experience.
7. Organizational restructuring resulting in the reduction and/or reallocation of personnel such
that business operations and transaction processing are affected.
8. Entering into foreign markets that may impact operations (that is, the risks associated with
foreign currency transactions).
9. Adoption of a new accounting principle that impacts the preparation of financial
statements
Information and Communication
An effective accounting information system will:
Identify and record all valid financial transactions.
Provide timely information about transactions in sufficient detail to permit proper
classification and financial reporting.
Accurately measure the financial value of transactions so their effects can be recorded
in financial statements.
Accurately record transactions in the time period in which they occurred.
The classes of transactions that are material to the financial statements and how those
transactions are initiated.
The accounting records and accounts that are used in the processing of material
transactions.
The transaction processing steps involved from the initiation of a transaction to its
inclusion in the financial statements.
The financial reporting process used to prepare financial statements, disclosures, and
accounting estimates.
Monitoring
Management must determine that internal controls are functioning as intended.
Monitoring is the process by which the quality of internal control design and
operation can be assessed. This may be accomplished by separate procedures or
by ongoing activities.