pertains to the principles of conduct that individuals use in making choices and guiding their...
TRANSCRIPT
Pertains to the principles of conduct that individuals use in making choices and guiding their behavior in situations that involve the concepts of right and wrong.
IT Auditing & Assurance, 2e, Hall & Singleton
Business EthicsHow do managers decide on what is right
in conducting business?Once managers have recognized what is
right, how to they achieve it?
The necessity to have an articulate foundation for ethics and a consistent application of the ethical standards.
Role of Management
IT Auditing & Assurance, 2e, Hall & Singleton
Create and maintain appropriate ethical atmosphere Limit the opportunity and temptation for unethical
behavior Management needs a methodology for including
lower-level managers and employees in the ethics schema Many times, lower-level managers responsible to uphold
ethical standards Poor ethical standards among employees are a root cause of
employee fraud and abuses
Managers and employees both should be made aware of firm’s code of ethics
What if management is unethical? e.g., Enron
Reported Abuses
IT Auditing & Assurance, 2e, Hall & Singleton
Typically junior employees (Wall Street Journal) Half of American workers believe the best way
to get ahead is politics and cheating One-third of a group of 9,175 surveyed had
stolen property and supplies from employers Ethics Resource Center: 1994 study
41% falsified reports 35% committed theft
Ethical Development Most people develop a personal code of ethics from
family, formal education, and personal experience Go through stages of moral evolution [Figure 11-2]
Making Ethical Decisions
IT Auditing & Assurance, 2e, Hall & Singleton
Business schools can and should be involved in ethical development of future managers
Business programs can teach students analytical techniques to use in trying to understand and properly handle a firm’s conflicting responsibilities to its employees, shareholders, customers, and the public
Every ethical decision has risks and benefits. Balancing them is the manager’s ethical responsibility:
Ethical Principles Proportionality: Benefits of a decision must outweigh the
risks. Choose least risky option. Justice: Distribute benefits of decision fairly to those who
share risks. Those who do not benefit should not carry any risk
Minimize Risk: Minimize all risks.
IT Auditing & Assurance, 2e, Hall & Singleton
A new problem or just a new twist to an old problem?
Although computer programs are a new type of asset, many believe that they should not be considered as different form other forms of
property; i.e., intellectual property is the same as real property and the rights associated with real
property.
IT Auditing & Assurance, 2e, Hall & Singleton
The lack of ethical standards* is fundamental to the occurrence of business fraud.
No major aspect of the independent auditor’s role has caused more difficulty for public accounting than the responsibility for detection of fraud during an audit. [article]
This issue has gathered momentum outside the accounting profession to the point where the profession faces a crisis in public confidence in its ability to perform independent attest functions. [SAS 82]
Fraud denotes a false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to
justifiably rely on the fact to his/her detriment, i.e., his/her injury or loss.
Synonyms: White-collar crime, defalcation, embezzlement, irregularities.
IT Auditing & Assurance, 2e, Hall & Singleton
A fraudulent act must meet the following 5 conditions:
1. False representation2. Material fact3. Intent4. Justifiable reliance5. Injury or loss
IT Auditing & Assurance, 2e, Hall & Singleton
Asset misappropriation fraud1. Stealing something of value – usually cash or inventory (i.e.,
asset theft)2. Converting asset to usable form3. Concealing the crime to avoid detection4. Usually, perpetrator is an employee
Financial fraud1. Does not involve direct theft of assets2. Often objective is to obtain higher stock price (i.e., financial fraud) 3. Typically involves misstating financial data to gain additional
compensation, promotion, or escape penalty for poor performance
4. Often escapes detection until irreparable harm has been done 5. Usually, perpetrator is executive management
Corruption fraud1. Bribery, etc.
IT Auditing & Assurance, 2e, Hall & Singleton
Fraudulent financial statements {5%} Corruption {10%}
Bribery Illegal gratuities Conflicts of interest Economic extortion
Asset misappropriation {85%} Charges to expense accounts Lapping Kiting Transaction fraud
IT Auditing & Assurance, 2e, Hall & Singleton
Employee Theft
1) Theft of asset2) Conversion of asset (to cash, to
fraudster)3) Concealment of fraud
IT Auditing & Assurance, 2e, Hall & Singleton
Special Characteristics:
1. Perpetrated at levels of management above the one where internal controls relate
2. Frequently involves using the financial statements to create false image of corporate financial health
3. If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties. [e.g., ZZZZ Best fraud]
IT Auditing & Assurance, 2e, Hall & Singleton
People engage in fraudulent activities as a result of forces within the individual (their ethical system) and without (from temptation and/or stress from the external environment)1. Situational Pressures2. Opportunity3. Rationalization
A person with a high level of personal ethics and limited pressure and opportunity to commit fraud is most likely to behave honestly [Figure 11-2]
A person with low level of integrity, and moderate to high pressures, and moderate to high opportunity is most likely to commit fraud
Auditors can develop a “red flag” checklist to detect possible fraudulent activity
A questionnaire approach could be used to help auditors uncover motivations for fraud
IT Auditing & Assurance, 2e, Hall & Singleton
Do key executives have unusually high personal debt?
Do key executives appear to be living beyond their means?
Do key executives engage in habitual gambling?
Do key executives appear to abuse alcohol or drugs?
Do key executives appear to lack personal codes of ethics?
Do key executives appear to be unstable (e.g., frequent job or residence changes, mental or emotional problems)?
Are economic conditions unfavorable within the company’s industry?
Does the company use several different banks, none of which sees the company’s entire financial picture?
Do key executives have close associations with suppliers?
Do key executives have close associations with members of the Audit Committee or Board?
Is the company experiencing a rapid turnover of key employees, either through quitting or being fired?
Do one or two individuals dominate the company?
Does anyone never take a vacation?
IT Auditing & Assurance, 2e, Hall & Singleton
Lack of auditor independence Lack of director independence Questionable executive
compensation schemes Inappropriate accounting practices
IT Auditing & Assurance, 2e, Hall & Singleton
PCAOB Auditor independence
List of services considered non-independent
Corporate governance Issuer and management disclosure Fraud and criminal penalties
Forensic Accounting
IT Auditing & Assurance, 2e, Hall & Singleton
Fraud auditors Forensic accountants Association of Certified Fraud Examiners
Certified Fraud Examiner certification – http://www.acfe.org
Investigation Evidence for court Litigation CFE – Association of Certified Fraud
Examiners See newsletter sample at ACFE web site
IT Auditing & Assurance, 2e, Hall & Singleton
Professor’s Note:I have incorporated material from other sources into this presentation to include ethical issues.
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 19
Culture Helps Determine Culture Helps Determine Laws and Ethical Laws and Ethical StandardsStandards
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 20
Ethical PrinciplesEthical Principles
• Golden rule:Golden rule: Do unto others as you would Do unto others as you would have them do unto youhave them do unto you
• Immanuel Kant’s categorical imperative:Immanuel Kant’s categorical imperative: If an action is not right for everyone to take, If an action is not right for everyone to take, then it is not right for anyonethen it is not right for anyone
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 21
Ethical PrinciplesEthical Principles
• Descartes’ rule of change:Descartes’ rule of change: If an action If an action cannot be taken repeatedly, then it is not right cannot be taken repeatedly, then it is not right to be taken at any timeto be taken at any time
• Utilitarian principle: Utilitarian principle: Put values in rank Put values in rank order and understand consequences of various order and understand consequences of various courses of actioncourses of action
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 22
Ethical PrinciplesEthical Principles
• Risk aversion principle: Risk aversion principle: Take the action Take the action that produces the least harm or incurs the least that produces the least harm or incurs the least costcost
• Ethical “no free lunch” rule: Ethical “no free lunch” rule: All tangible All tangible and intangible objects are owned by creator and intangible objects are owned by creator who wants compensation for the workwho wants compensation for the work
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 23
Information Rights: Privacy Information Rights: Privacy and Freedom in the Internet and Freedom in the Internet AgeAge• Privacy:Privacy: Claim of individuals to be left alone, Claim of individuals to be left alone,
free from surveillance or interference from free from surveillance or interference from other individuals, organizations, or the stateother individuals, organizations, or the state
• Fair information practices:Fair information practices: Set of Set of principles governing the collection and use of principles governing the collection and use of information on the basis of U.S. and European information on the basis of U.S. and European privacy lawsprivacy laws
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 24
U.S. Federal Privacy LawsU.S. Federal Privacy Laws
General Federal Privacy LawsGeneral Federal Privacy Laws• Freedom of Information Act of 1968 Freedom of Information Act of 1968 • Privacy Act of 1974Privacy Act of 1974• Electronic Communications Privacy Act of 1986Electronic Communications Privacy Act of 1986• Computer Matching and Privacy Protection Act Computer Matching and Privacy Protection Act
of 1988of 1988• Children’s Online Privacy Protection Act of 1998Children’s Online Privacy Protection Act of 1998• Federal Managers Financial Integrity Act of 1982Federal Managers Financial Integrity Act of 1982
Allows public to obtain information regarding the activities of Federal agencies
Restrictions: Records classified national defense or foreign
policy materials Trade secrets and commercial or financial
information obtained from a person and privileged or confidential
Personnel, medical and similar files Records compiled for law enforcement
purposes
extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer.
protects wire, oral, and electronic communications while in transit. It sets down requirements for search warrants that are more stringent than in other settings.
protects communication held in electronic storage even during transit.
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 27
Communications with Communications with ChildrenChildren Children’s Online Privacy Protection Act of
1998 (COPPA)
◦ Provides restrictions on data collection that must be followed by electronic commerce sites aimed at children
◦ Requires schools that receive federal funds to install filtering software on computers
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 28
Sanrio’s Approach to Sanrio’s Approach to COPPA ComplianceCOPPA Compliance
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 29
Ethical Issues (continued)Ethical Issues (continued)
Principles for handling customer data◦ Use data collected to provide improved customer
service◦ Do not share customer data with others outside
your company without the customer’s permission ◦ Tell customers what data you are collecting and
what you are doing with it ◦ Give customers the right to have you delete any
of the data you have collected about them
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 30
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 31
Ethical IssuesEthical Issues
Under what conditions should the Under what conditions should the privacy of others be invaded? privacy of others be invaded?
What legitimaizes intruding into What legitimaizes intruding into others’ lives through unobtrusive others’ lives through unobtrusive surveillance, through market research, surveillance, through market research, or by whatever means? or by whatever means?
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 32
Ethical IssuesEthical Issues
Do we have to inform people that we are eavesdropping?
Do we have to inform people that we are using credit history information for employment screening purposes?
Can we review medical records or other personal information with or without consent?
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 33
Property Rights: Intellectual Property Rights: Intellectual PropertyProperty
Intellectual property: Intangible creations protected by law
Trade secret: Intellectual work or product belonging to business, not in public domain
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 34
Property Rights: Intellectual Property Rights: Intellectual PropertyProperty
Copyright: Statutory grant protecting intellectual property from getting copied for 28 years
Patents: Legal document granting the owner an exclusive monopoly on the ideas behind an invention for 20 years
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 35
Web Site Content IssuesWeb Site Content Issues
Fair use of a copyrighted work
◦ Includes copying it for use in criticism, comment, news reporting, teaching, or research
Vicarious copyright infringement
◦ Entity becomes liable if
It is capable of supervising infringing activity
Obtains financial benefit from infringing activity
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 36
DefamationDefamation
Defamatory statement◦ Statement that is false and injures the reputation
of another person or company
Product disparagement◦ If a defamatory statement injures the reputation
of a product or service instead of a person
Per se defamation◦ Court deems some types of statements to be so
negative that injury is assumed
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 37
Deceptive Trade PracticesDeceptive Trade Practices
Federal Trade Commission◦ Regulates advertising in the United States◦ Publishes regulations and investigates claims of
false advertising◦ Provides policy statements ◦ Policies cover specific areas such as
Bait advertising Consumer lending and leasing Endorsements and testimonials
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 38
Federal Statutes Related Federal Statutes Related to Cybercrimesto Cybercrimes
18 U.S.C. 1029 Fraud and Related Activity in Connection with Access Devices
18 U.S.C. 1030 Fraud and Related Activity in Connection with Computers
18 U.S.C. 2701 Unlawful Access to Stored Communications
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 39
USA Patriot Act of 2001USA Patriot Act of 2001
The USA Patriot Act has strengthened U.S. cyber laws and expanded cybercrime definitions.
Under the Act, an activity covered by the law is considered a crime if it causes a loss exceeding $5,000, impairment of medical records, harm to a person, or threat to public safety.
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 40
USA Patriot Act of 2001USA Patriot Act of 2001
Amendments made by the Act make it easier for an Internet service provider (ISP) to make disclosures about unlawful customer actions without the threat of civil liability to the ISP.
Another revision made by the Act provides that victims of hackers can request law enforcement help in monitoring trespassers on their computer systems.
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 41
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 15 Forensic and Investigative Accounting 42
Controlling the Assault of Non-Solicited Pornography and Marketing Act
Establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them.
IT Auditing & Assurance, 2e, Hall & Singleton
It bans false or misleading header information.
It prohibits deceptive subject lines. It requires that your email give recipients an
opt-out method. It requires that commercial email be
identified as an advertisement and include the sender's valid physical postal address.
Report Violations to 1-877-FTC-HELP
IT Auditing & Assurance, 2e, Hall & Singleton
IT Auditing & Assurance, 2e, Hall & Singleton
IT Auditing & Assurance, 2e, Hall & Singleton
Joan works in a large manufacturing plant and handles emergency orders that must be expedited. She frequently places the orders with Goliath Inc. who charges about 5% more than other firms but has a good record for meeting tight deadlines. Joan’s husband is an employee of Goliath.
What if Joan’s husband was the CEO?
Mork works in the mailroom of NeverEver Inc. and opens payment envelopes from customers. About 20% of the payments are in cash. Whenever Mork is short of cash, he writes a check for $100 and cashes it from the customer payments.
Mindy is an 8-5 employee and takes an hour for lunch and two 15 minute breaks. During work hours, she frequently receives and sends personal emails regarding her family. She figures that the time consumes less than ½ hour each day.
Wanda is a clerk at a local supermarket. As a joke, one of the male employees tells her that another male employee (married and 50 years old) is dating Wanda’s daughter who is 25 years of age. The story is not true and Wanda complains to management. Wanda is transferred to another store and is told the male employee will be disciplined. Later, the male employee who told the joke is promoted to management.
IT Auditing & Assurance, 2e, Hall & SingletonIT Auditing & Assurance, 2e, Hall & Singleton