Business Ethics, Fraud and Fraud Detection

BUSINESS ETHICS BUSINESS ETHICS,, FRAUD AND FRAUD DETECTION CHAPTER 12

ETHICAL ISSUES IN BUSINESS •

Ethical standards are derived from societal mores and deep-rooted personal beliefs about issues of right and wrong that are not universally agreed upon

•

•

Ethics pertains to the principles of conduct that individuals use in maing choices and guiding their behavior in situations that involve the concepts of right and wrong! business ethics involves "nding the answers to two #uestions$ %1& How do managers decide what is right in conducting their business' business' and %2& (nce managers have recogni)ed what is right* how do the+ achieve it'

•

Ethical issues in business can be divided into four areas$ %table 12!1&  –

 –

 –

 –

e#uit+* rights* Honest+* the e,ercise of corporate power

Ethical guidance •

•

•

Proportionality. The beneft rom a decision must outweigh the risks. Furthermore, there must be no alternative decision that provides the same or greater bene"t with less ris!  Justice. The benefts o the decision should be distributed airly to those who share the riss!  Those who do not bene"t should not carr+ the burden of ris! Minimize risk. Even i judged acceptable by the  principles, the decision should be implemented so as to minimi)e all of the riss and avoid an+ unnecessar+ riss

•

Computer ethics is the anal+sis of the nature and social impact of computer technolog+ and the corresponding formulation and  .usti"cation of policies for the ethical use of such technolog+/! 0This includes concerns about software as well as hardware and concerns about networs connecting computers as well as computers themselves

•

three levels of computer ethics$ pop* para* and theoretical!  –

 –

 –

Pop computer ethics is simpl+ the e,posure to stories and reports found in the popular media regarding the good or bad rami"cations of computer technolog+ Para computer ethics involves taing a real interest in computer ethics cases and ac#uiring some level of sill and nowledge in the "eld theoretical computer ethics* is of interest to multidisciplinar+ researchers who appl+ the theories of philosoph+* sociolog+* and ps+cholog+ to computer science with the goal of bringing some new understanding to the "eld

A ew Problem or 3ust a ew Twist on an (ld Problem' •

•

•

•

•

•

•

•

Privac+ 4ecurit+ %Accurac+ and Con"dentialit+& (wnership of Propert+ E#uit+ in Access Environmental 5ssues Arti"cial 5ntelligence 6nemplo+ment and 7isplacement 8isuse of Computers

4ection 9:;cers •

4ection 9:; of 4(? re#uires public companies to disclose to the 4EC whether the+ have adopted a code of ethics that applies to the organi)ation@s CE(* C=(* controller* or persons performing similar functions

•

•

Conficts o Interest . The company’s code o ethics should outline procedures or dealing with actual or apparent conicts of interest between personal and professional relationships Full and Fair Disclosures. This provision states that the organiation should provide full* fair* accurate* timel+* and understandable disclosures in the documents* reports* and "nancial statements that it submits to the 4EC and to the public

•

•

Legal Compliance. !odes o ethics should re"uire employees to ollow applicable governmental laws* rules* and regulations Internal Reporting o Code iolations. The code o ethics must  provide a mechanism to permit prompt internal reporting of ethics violations  to encourage and protect whistleblowers 

•

 !ccounta"ility.  #n e$ective ethics  program must take appropriate action when code violations occur

FRAUD AND ACCOUNTANTS •

 The passage of 4(? has had a tremendous impact on the e,ternal auditor@s responsibilities for fraud detection during a "nancial audit! 5t re#uires the auditor to test controls speci"call+ intended to prevent or detect fraud liel+ to result in a material misstatement of the "nancial statements

•

Frau denotes a false representation of a material fact made b+ one part+ to another part+ with the intent to deceive and induce the other part+ to .usti"abl+ rel+ on the fact to his or her detriment

•

•

•

•

•

!" Fa#se representation"  There must be a false statement or a nondisclosure! $" %ateria# &act" A fact must be a substantial factor in inducing someone to act! '" Intent" There must be the intent to deceive or the nowledge that one@s statement is false! (" )usti*ab#e re#iance"  The misrepresentation must have been a substantial factor on which the in.ured part+ relied! +" Inur- or #oss"  The deception must have caused in.ur+ or loss to the victim of the fraud

•

•

Emp#o-ee &rau, or &rau b- non mana.ement emp#o-ees, is generall+ designed to directl+ convert cash or other assets to the emplo+ee@s personal bene"t Emplo+ee fraud usuall+ involves three steps$ %1& stealing something of value %an asset&* %2& converting the asset to a usable form %cash&* and %B& concealing the crime to avoid detection

•

•

•

•

%ana.ement &rau is more insidious than emplo+ee fraud because it often escapes detection until the organi)ation has suered irreparable damage or loss  The fraud is perpetrated at levels of management above the one to which internal control structures generall+ relate!  The fraud fre#uentl+ involves using the "nancial statements to create an illusion that an entit+ is healthier and more prosperous than* in fact* it is! 5f the fraud involves misappropriation of assets* it fre#uentl+ is shrouded in a ma)e of comple, business transactions* often involving related third parties

The Frau Trian.#e •

•

•

%&' situational pressure, which includes  personal or job(related stresses that could coerce an individual to act dishonestl+D %2& opportunity, which involves direct access to assets and)or access to inormation that controls assets* andD %B& ethics, which pertains to one’s character and degree o moral opposition to acts o dishonest+

Financia# Losses &rom Frau •

•

•

•

•

•

•

Association o& Certi*e Frau E/aminers 0ACFE1 in 2:: estimates losses from fraud and abuse to be F percent of annual revenues  The actual cost of fraud is* however* di>cult to #uantif+ for a number of reasons$ %1& not all fraud is detectedD %2& of that detected* not all is reportedD %B& in man+ fraud cases* incomplete information is gatheredD %9& information is not properl+ distributed to management or law enforcement authoritiesD and %G& too often* business organi)ations decide to tae no civil or criminal action against the perpetrator%s& of fraud!

The 2erpetrators o& Fraus •

•

•

•

•

=raud osses (rgani)ation =raud osses =raud osses =raud osses =raud osses

b+ Position within the and the Collusion Eect b+ Iender b+ Age b+ Education

Frau Schemes •

•

•

=raudulent 4tatements Corruption Asset misappropriation

•

#$e %nderlying Pro"lems o Fraudulent &tatement'  –

 –

 –

 –

*ack o auditor independence *ack o director independence +uestionable eecutive compensation schemes -nappropriate accounting practices

&ar"anes()*ley !ct and Fraud  •

•

•

•

•

%1& the creation of an accounting oversight board* %2& auditor independence* %B& corporate governance and responsibilit+* %9& disclosure re#uirements* and %G& penalties for fraud and other violations

Corruption •

•

Briber- in3o#3es giving* oering* soliciting* or receiving things of value to inuence an o>cial in the performance of his or her lawful duties i##e.a# .ratuit- involves giving* receiving* oering* or soliciting something of value because of an o>cial act that has been taen

•

•

con4ict o& interest occurs when an emplo+ee acts on behalf of a third part+ during the discharge of his or her duties or has self-interest in the activit+ being performed Economic e/tortion is the use %or threat& of force %including economic sanctions& b+ an individual or organi)ation to obtain something of value!

Asset 8isappropriation •

S5immin. involves stealing cash from an organi)ation before it is recorded on the organi)ation@s boos and records  –

•

mai#room &rau,  where an emplo+ee opening the mail steals a customer@s chec and destro+s the associated remittance advice

Cash #arcen- involves schemes where cash receipts are stolen from an organi)ation after the+ have been recorded in the organi)ation@s boos and records

•

Bi##in. schemes, a#so 5no6n as 3enor &rau, are perpetrated b+ emplo+ees who cause their emplo+er to issue a pa+ment to a false supplier or vendor b+ submitting invoices for "ctitious goods or services* inated invoices* or invoices for personal purchases

•

•

•

Chec5 tamperin. involves forging or changing in some material wa+ a chec that the organi)ation has written to a legitimate pa+ee 2a-ro## &rau is the distribution of fraudulent pa+checs to e,istent andJor none,istent emplo+ees E/pense reimbursement &raus are schemes in which an emplo+ee maes a claim for reimbursement of "ctitious or inated business e,penses

•

•

The&ts o& cash are schemes that involve the direct theft of cash on hand in the organi)ation Non cash &rau schemes  involve the theft or misuse of the victim organi)ation@s non cash assets

Computer =raud •

•

•

•

•

 The theft* misuse* or misappropriation of assets b+ altering computer-readable records and "les!  The theft* misuse* or misappropriation of assets b+ altering the logic of computer software!  The theft or illegal use of computer-readable information!  The theft* corruption* illegal cop+ing* or intentional destruction of computer software!  The theft* misuse* or misappropriation of computer hardware!

=raud techni#ues •

•

•

%as7uerain. involves a perpetrator gaining access to the s+stem from a remote site b+ pretending to be an authori)ed user! This usuall+ re#uires "rst gaining authori)ed access to a password! 2i..-bac5in. is a techni#ue in which the perpetrator at a remote site taps into the telecommunications lines and latches onto an authori)ed user who is logging into the s+stem! (nce in the s+stem* the perpetrator can mas#uerade as the authori)ed user! Hacing ma+ involve pigg+bacing or mas#uerading techni#ues! Hac5ers are distinguished from other computer criminals because their motives are not usuall+ to defraud for "nancial gain

•

2ro.ram &rau inc#ues the &o##o6in. techni7ues8 %1& creating illegal programs that can access data "les to alter* delete* or insert values into accounting recordsD %2& destro+ing or corrupting a program@s logic using a computer virusD or %B& altering program logic to cause the application to process data incorrectl+

•

•

Operations &rau i s the misuse or theft of the "rm@s computer resources! This often involves using the computer to conduct personal business Database mana.ement &rau includes altering* deleting* corrupting* destro+ing* or stealing an organi)ation@s data

•

Regardless of ph+sical form* useful information has the following characteristics$  –

 –

 –

 –

 –

re#e3ance, time#iness, accurac-, comp#eteness, an summari9ation"

•

•

sca3en.in. involves searching through the trash cans of the computer center for discarded output ea3esroppin. involves listening to output transmissions over telecommunications lines

•

4A4 o! KK* !onsideration o Fraud in a Financial tatement  #udit, which pertains to the ollowing areas of a "nancial audit$ !" Description an characteristics o& &rau $" 2ro&essiona# s5epticism '" En.a.ement personne# iscussion (" Obtainin. auit e3ience an in&ormation +" Ienti&-in. ris5s :" Assessin. the ienti*e ris5s ;" Responin. to the assessment " Documentin. consieration o& &rau

Frauu#ent Financia# Reportin. •

•

•

/anagement’s characteristics and in0uence over the control environment  -ndustry conditions 1perating characteristics and fnancial stability.

•

5n the case of "nancial fraud %management fraud&* e,ternal auditors should loo for the following inds of common schemes$ L 5mproper revenue recognition L 5mproper treatment of sales L 5mproper asset valuation L 5mproper deferral of costs and e,penses L 5mproper recording of liabilities L 5nade#uate disclosures

%isappropriation o& Assets •

•

•

usceptibility o assets to misappropriation. !ontrols E,amples of common schemes related to emplo+ee theft %asset misappropriation& include the following$ L Personal purchases L Ihost emplo+ees L =ictitious e,penses L Altered pa+ee L Theft of cash %or inventor+& L apping

Auitor?s Response to Ris5 Assessment •

•

•

Engagement sta2ng and etent o supervision. The nowledge* sill* and abilit+ of personnel assigned to the engagement should be commensurate with the assessment of the level of ris of the engagement! 3roessional skepticism. E,ercising professional septicism involves maintaining an attitude that includes a #uestioning mind and critical assessment of audit evidence! 4ature, timing, and etent o procedures perormed. =raud ris factors that have control implications ma+ limit the auditor@s abilit+ to assess control ris below the ma,imum and thus reduce substantive testing

Response to Detecte %isstatements Due to Frau •

Mhen the auditor has determined that fraud e,ists but has had no material eect on the "nancial statements* the auditor should  –

 –

Refer the matter to an appropriate level of management at least one level above those involved! Ne satis"ed that implications for other aspects of the audit have been ade#uatel+ considered!

•

Mhen the fraud has had a material eect on the "nancial statements or the auditor is unable to evaluate its degree of materialit+* the auditor should  –

 –

 –

 –

Consider the implications for other aspects of the audit! 7iscuss the matter with senior management and with a board of director@s audit committee! Attempt to determine whether the fraud is material! 4uggest that the client consult with legal counsel* if appropriate

Documentation Re7uirements •

Mhere ris factors are identi"ed* the documentation should include %1& those ris factors identi"ed and %2& the auditor@s response to them