BUSINESS ETHICS BUSINESS ETHICS,, FRAUD AND FRAUD DETECTION CHAPTER 12
ETHICAL ISSUES IN BUSINESS •
Ethical standards are derived from societal mores and deep-rooted personal beliefs about issues of right and wrong that are not universally agreed upon
•
•
Ethics pertains to the principles of conduct that individuals use in maing choices and guiding their behavior in situations that involve the concepts of right and wrong! business ethics involves "nding the answers to two #uestions$ %1& How do managers decide what is right in conducting their business' business' and %2& (nce managers have recogni)ed what is right* how do the+ achieve it'
•
Ethical issues in business can be divided into four areas$ %table 12!1& –
–
–
–
e#uit+* rights* Honest+* the e,ercise of corporate power
Ethical guidance •
•
•
Proportionality. The beneft rom a decision must outweigh the risks. Furthermore, there must be no alternative decision that provides the same or greater bene"t with less ris! Justice. The benefts o the decision should be distributed airly to those who share the riss! Those who do not bene"t should not carr+ the burden of ris! Minimize risk. Even i judged acceptable by the principles, the decision should be implemented so as to minimi)e all of the riss and avoid an+ unnecessar+ riss
•
Computer ethics is the anal+sis of the nature and social impact of computer technolog+ and the corresponding formulation and .usti"cation of policies for the ethical use of such technolog+/! 0This includes concerns about software as well as hardware and concerns about networs connecting computers as well as computers themselves
•
three levels of computer ethics$ pop* para* and theoretical! –
–
–
Pop computer ethics is simpl+ the e,posure to stories and reports found in the popular media regarding the good or bad rami"cations of computer technolog+ Para computer ethics involves taing a real interest in computer ethics cases and ac#uiring some level of sill and nowledge in the "eld theoretical computer ethics* is of interest to multidisciplinar+ researchers who appl+ the theories of philosoph+* sociolog+* and ps+cholog+ to computer science with the goal of bringing some new understanding to the "eld
A ew Problem or 3ust a ew Twist on an (ld Problem' •
•
•
•
•
•
•
•
Privac+ 4ecurit+ %Accurac+ and Con"dentialit+& (wnership of Propert+ E#uit+ in Access Environmental 5ssues Arti"cial 5ntelligence 6nemplo+ment and 7isplacement 8isuse of Computers
4ection 9:;cers •
4ection 9:; of 4(? re#uires public companies to disclose to the 4EC whether the+ have adopted a code of ethics that applies to the organi)ation@s CE(* C=(* controller* or persons performing similar functions
•
•
Conficts o Interest . The company’s code o ethics should outline procedures or dealing with actual or apparent conicts of interest between personal and professional relationships Full and Fair Disclosures. This provision states that the organiation should provide full* fair* accurate* timel+* and understandable disclosures in the documents* reports* and "nancial statements that it submits to the 4EC and to the public
•
•
Legal Compliance. !odes o ethics should re"uire employees to ollow applicable governmental laws* rules* and regulations Internal Reporting o Code iolations. The code o ethics must provide a mechanism to permit prompt internal reporting of ethics violations to encourage and protect whistleblowers
•
!ccounta"ility. #n e$ective ethics program must take appropriate action when code violations occur
FRAUD AND ACCOUNTANTS •
The passage of 4(? has had a tremendous impact on the e,ternal auditor@s responsibilities for fraud detection during a "nancial audit! 5t re#uires the auditor to test controls speci"call+ intended to prevent or detect fraud liel+ to result in a material misstatement of the "nancial statements
•
Frau denotes a false representation of a material fact made b+ one part+ to another part+ with the intent to deceive and induce the other part+ to .usti"abl+ rel+ on the fact to his or her detriment
•
•
•
•
•
!" Fa#se representation" There must be a false statement or a nondisclosure! $" %ateria# &act" A fact must be a substantial factor in inducing someone to act! '" Intent" There must be the intent to deceive or the nowledge that one@s statement is false! (" )usti*ab#e re#iance" The misrepresentation must have been a substantial factor on which the in.ured part+ relied! +" Inur- or #oss" The deception must have caused in.ur+ or loss to the victim of the fraud
•
•
Emp#o-ee &rau, or &rau b- non mana.ement emp#o-ees, is generall+ designed to directl+ convert cash or other assets to the emplo+ee@s personal bene"t Emplo+ee fraud usuall+ involves three steps$ %1& stealing something of value %an asset&* %2& converting the asset to a usable form %cash&* and %B& concealing the crime to avoid detection
•
•
•
•
%ana.ement &rau is more insidious than emplo+ee fraud because it often escapes detection until the organi)ation has suered irreparable damage or loss The fraud is perpetrated at levels of management above the one to which internal control structures generall+ relate! The fraud fre#uentl+ involves using the "nancial statements to create an illusion that an entit+ is healthier and more prosperous than* in fact* it is! 5f the fraud involves misappropriation of assets* it fre#uentl+ is shrouded in a ma)e of comple, business transactions* often involving related third parties
The Frau Trian.#e •
•
•
%&' situational pressure, which includes personal or job(related stresses that could coerce an individual to act dishonestl+D %2& opportunity, which involves direct access to assets and)or access to inormation that controls assets* andD %B& ethics, which pertains to one’s character and degree o moral opposition to acts o dishonest+
Financia# Losses &rom Frau •
•
•
•
•
•
•
Association o& Certi*e Frau E/aminers 0ACFE1 in 2:: estimates losses from fraud and abuse to be F percent of annual revenues The actual cost of fraud is* however* di>cult to #uantif+ for a number of reasons$ %1& not all fraud is detectedD %2& of that detected* not all is reportedD %B& in man+ fraud cases* incomplete information is gatheredD %9& information is not properl+ distributed to management or law enforcement authoritiesD and %G& too often* business organi)ations decide to tae no civil or criminal action against the perpetrator%s& of fraud!
The 2erpetrators o& Fraus •
•
•
•
•
=raud osses (rgani)ation =raud osses =raud osses =raud osses =raud osses
b+ Position within the and the Collusion Eect b+ Iender b+ Age b+ Education
Frau Schemes •
•
•
=raudulent 4tatements Corruption Asset misappropriation
•
#$e %nderlying Pro"lems o Fraudulent &tatement' –
–
–
–
*ack o auditor independence *ack o director independence +uestionable eecutive compensation schemes -nappropriate accounting practices
&ar"anes()*ley !ct and Fraud •
•
•
•
•
%1& the creation of an accounting oversight board* %2& auditor independence* %B& corporate governance and responsibilit+* %9& disclosure re#uirements* and %G& penalties for fraud and other violations
Corruption •
•
Briber- in3o#3es giving* oering* soliciting* or receiving things of value to inuence an o>cial in the performance of his or her lawful duties i##e.a# .ratuit- involves giving* receiving* oering* or soliciting something of value because of an o>cial act that has been taen
•
•
con4ict o& interest occurs when an emplo+ee acts on behalf of a third part+ during the discharge of his or her duties or has self-interest in the activit+ being performed Economic e/tortion is the use %or threat& of force %including economic sanctions& b+ an individual or organi)ation to obtain something of value!
Asset 8isappropriation •
S5immin. involves stealing cash from an organi)ation before it is recorded on the organi)ation@s boos and records –
•
mai#room &rau, where an emplo+ee opening the mail steals a customer@s chec and destro+s the associated remittance advice
Cash #arcen- involves schemes where cash receipts are stolen from an organi)ation after the+ have been recorded in the organi)ation@s boos and records
•
Bi##in. schemes, a#so 5no6n as 3enor &rau, are perpetrated b+ emplo+ees who cause their emplo+er to issue a pa+ment to a false supplier or vendor b+ submitting invoices for "ctitious goods or services* inated invoices* or invoices for personal purchases
•
•
•
Chec5 tamperin. involves forging or changing in some material wa+ a chec that the organi)ation has written to a legitimate pa+ee 2a-ro## &rau is the distribution of fraudulent pa+checs to e,istent andJor none,istent emplo+ees E/pense reimbursement &raus are schemes in which an emplo+ee maes a claim for reimbursement of "ctitious or inated business e,penses
•
•
The&ts o& cash are schemes that involve the direct theft of cash on hand in the organi)ation Non cash &rau schemes involve the theft or misuse of the victim organi)ation@s non cash assets
Computer =raud •
•
•
•
•
The theft* misuse* or misappropriation of assets b+ altering computer-readable records and "les! The theft* misuse* or misappropriation of assets b+ altering the logic of computer software! The theft or illegal use of computer-readable information! The theft* corruption* illegal cop+ing* or intentional destruction of computer software! The theft* misuse* or misappropriation of computer hardware!
=raud techni#ues •
•
•
%as7uerain. involves a perpetrator gaining access to the s+stem from a remote site b+ pretending to be an authori)ed user! This usuall+ re#uires "rst gaining authori)ed access to a password! 2i..-bac5in. is a techni#ue in which the perpetrator at a remote site taps into the telecommunications lines and latches onto an authori)ed user who is logging into the s+stem! (nce in the s+stem* the perpetrator can mas#uerade as the authori)ed user! Hacing ma+ involve pigg+bacing or mas#uerading techni#ues! Hac5ers are distinguished from other computer criminals because their motives are not usuall+ to defraud for "nancial gain
•
2ro.ram &rau inc#ues the &o##o6in. techni7ues8 %1& creating illegal programs that can access data "les to alter* delete* or insert values into accounting recordsD %2& destro+ing or corrupting a program@s logic using a computer virusD or %B& altering program logic to cause the application to process data incorrectl+
•
•
Operations &rau i s the misuse or theft of the "rm@s computer resources! This often involves using the computer to conduct personal business Database mana.ement &rau includes altering* deleting* corrupting* destro+ing* or stealing an organi)ation@s data
•
Regardless of ph+sical form* useful information has the following characteristics$ –
–
–
–
–
re#e3ance, time#iness, accurac-, comp#eteness, an summari9ation"
•
•
sca3en.in. involves searching through the trash cans of the computer center for discarded output ea3esroppin. involves listening to output transmissions over telecommunications lines
•
4A4 o! KK* !onsideration o Fraud in a Financial tatement #udit, which pertains to the ollowing areas of a "nancial audit$ !" Description an characteristics o& &rau $" 2ro&essiona# s5epticism '" En.a.ement personne# iscussion (" Obtainin. auit e3ience an in&ormation +" Ienti&-in. ris5s :" Assessin. the ienti*e ris5s ;" Responin. to the assessment <" E3a#uatin. auit e3ience an in&ormation =" Communicatin. possib#e &rau !>" Documentin. consieration o& &rau
Frauu#ent Financia# Reportin. •
•
•
/anagement’s characteristics and in0uence over the control environment -ndustry conditions 1perating characteristics and fnancial stability.
•
5n the case of "nancial fraud %management fraud&* e,ternal auditors should loo for the following inds of common schemes$ L 5mproper revenue recognition L 5mproper treatment of sales L 5mproper asset valuation L 5mproper deferral of costs and e,penses L 5mproper recording of liabilities L 5nade#uate disclosures
%isappropriation o& Assets •
•
•
usceptibility o assets to misappropriation. !ontrols E,amples of common schemes related to emplo+ee theft %asset misappropriation& include the following$ L Personal purchases L Ihost emplo+ees L =ictitious e,penses L Altered pa+ee L Theft of cash %or inventor+& L apping
Auitor?s Response to Ris5 Assessment •
•
•
Engagement sta2ng and etent o supervision. The nowledge* sill* and abilit+ of personnel assigned to the engagement should be commensurate with the assessment of the level of ris of the engagement! 3roessional skepticism. E,ercising professional septicism involves maintaining an attitude that includes a #uestioning mind and critical assessment of audit evidence! 4ature, timing, and etent o procedures perormed. =raud ris factors that have control implications ma+ limit the auditor@s abilit+ to assess control ris below the ma,imum and thus reduce substantive testing
Response to Detecte %isstatements Due to Frau •
Mhen the auditor has determined that fraud e,ists but has had no material eect on the "nancial statements* the auditor should –
–
Refer the matter to an appropriate level of management at least one level above those involved! Ne satis"ed that implications for other aspects of the audit have been ade#uatel+ considered!
•
Mhen the fraud has had a material eect on the "nancial statements or the auditor is unable to evaluate its degree of materialit+* the auditor should –
–
–
–
Consider the implications for other aspects of the audit! 7iscuss the matter with senior management and with a board of director@s audit committee! Attempt to determine whether the fraud is material! 4uggest that the client consult with legal counsel* if appropriate
Documentation Re7uirements •
Mhere ris factors are identi"ed* the documentation should include %1& those ris factors identi"ed and %2& the auditor@s response to them