de la presente normativa

3. Internet orders

S O L U T I O N S TO C O N C E P T C H E C K

1. (SO 1) Which of the following statements is not true? d. Business processes

categorized as expenditure processes are not intended to be processes that serve customers is not a true statement. All business processes either

directly or indirectly serve customers. For example, the process to purchase inventory is necessary for stocking inventory to sell to customers.

2. (SO 2) In a manual system, an adjusting entry would most likely be ini- tially recorded in a c. general journal. The general journal is the book of original entry for nonroutine transactions, closing entries, and adjusting entries.

3. (SO 2) The choice that is not a disadvantage of maintaining legacy systems is b. they contain invaluable historical data that may be difficult to integrate

into newer systems. Since legacy systems may have a large amount of his-

torical data that is difficult to integrate into newer systems, it may be an advantage to keep the legacy system and not lose access to the historical data. 4. Which of the following is not an advantage of cloud computing when com- pared to client-server computing? a. It increases the amount of computer

infrastructure in a company. Cloud computing reduces, not increases, the

amount of computer infrastructure.

5. (SO 2) The choice that is not an advantage of purchased accounting soft- ware, compared with software developed in-house, is a. It is custom-

designed for that company. Purchased software is developed to suit the

needs of a broad range of customers. Often, companies will purchase and then modify accounting software to meet their specific needs, but the soft- ware is not purchased already customized.

6. (SO 5) The choice that is not a method of updating legacy systems is

b. backoffice ware. Screen scrapers, EAIs, and replacement are all methods

to update a legacy system. Backoffice ware is not.

7. (SO 5) When categorizing the accounting software market, a company with revenue of $8 million would most likely purchase software from the

b. midmarket. Of the four market segments, midmarket is generally con-

sidered to comprise companies ranging from $250,000 to $10 million in revenue.

8. (SO 6) An IT system that uses touch-screen cash registers as an input method is called a c. point of sale system. Point of sale systems are pop- ularly used at retail stores and fast food restaurants. In retail locations,

Solutions to Concept Check 81

POS systems use bar code readers; but in fast food and casual eating establishments’ POS systems, the server enters customer orders on a touch screen.

9. (SO 7) When similar transactions are grouped together for a specified time for processing, it is called c. Batch processing.

10. (CMA Adapted) (SO 7) The choice that is not true regarding the differences in the ways that real-time systems differ from batch systems is

Real-time Systems Batch Systems

c. False: Processing choices are False: Processing is

menu-driven. interactive.

11. (SO 9) In documenting systems, the pictorial method described as a method that diagrams the actual flow and sequence of events is a b. process

map.

12. (CMA Adapted) (SO 9) In the classroom flight training program example, the entities that should be included in the entity-relationship diagram are

C H A P T E R

3

Fraud, Ethics, and

Internal Control

S

T U D Y

O

B J E C T I V E S

This chapter will help you gain an understanding of the following concepts:

1 An introduction to the need for a code of ethics and internal controls

2 The accounting-related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

3 The nature of management fraud

4 The nature of employee fraud

5 The nature of customer fraud

6 The nature of vendor fraud

7 The nature of computer fraud

8 The policies that assist in the avoidance of fraud and errors

9 The maintenance of a code of ethics

10 The maintenance of accounting internal controls

11 The maintenance of information technology controls

Appendix A: The recent history of internal control standards Appendix B: Control objectives for information technology (CobIT)

During the early 2000s, a wave of information appeared in the news regarding company after company named in fraudulent financial reporting. Among the names were Enron Corp., Global Crossing USA, Inc., Adelphia Communications Corp., WorldCom Inc., and Xerox Corporation. In the case of Enron alone, fraud- ulent financial reporting led to the loss of billions of dollars for investors, job and retirement-fund losses for employees, the collapse of the Arthur Andersen LLP audit firm, and a further depressing of an already weak stock market. There are many other examples of such problems. An infamous example of fraud and bankruptcy is Phar-Mor, Inc. An examination of the Phar-Mor case illustrates the linkages among ethics, fraud, and internal control.

I N T R O D U C T I O N TO T H E N E E D F O R A C O D E O F E T H I C S

A N D I N T E R N A L C O N T R O L S ( S T U DY O B J E C T I V E 1 )

The drugstore chain Phar-Mor is a classic example of fraud leading to a bankruptcy and many other problems for investors and auditors. At the time Phar-Mor filed bankruptcy, it represented one of the largest cases of fraud in U.S. history. In that bankruptcy, investors lost nearly 1 billion dollars, and Phar-Mor closed many stores and dismissed thousands of workers. The fraud began when top management attempted to make its earnings match the budgeted amounts. Management, des- perately trying to overstate revenues or understate expenses to meet expected earnings targets, used illegal accounting tricks such as falsifying inventory. Phar- Mor’s top management behaved unethically and fraudulently in an attempt to achieve a desired result.

T

H E

R

E A L

W

O R L D

© Jacob Hamblin/iStockphoto

Although the Phar-Mor fraud scheme is an older example, it is important to study it as a classic case of the wrong approach to concepts in this chapter and the four that follow. Phar-Mor had unethical leaders, shoddy ethics enforcement, poor internal controls, relaxed corporate governance, weak IT systems, and faulty audits. It represents the poster child of a poor control environment.

When management is unethical, as in the Phar-Mor case, fraud is likely to occur. On the other hand, if the top management of a company emphasizes eth- ical behavior, models ethical behavior, and hires ethical employees, the chance of fraud or ethical lapses can be reduced. In the case of a company such as Phar- Mor, management did not act ethically and did not encourage ethical behavior. Although the company had written and adopted a code of ethics, most of the officers in the company were not aware that it existed.1This is an indication that ethics were merely “window dressing” and that management did not wish to emphasize and model ethical behavior.

Another way that the Phar-Mor fraud could have been avoided or detected was through the proper operation of the accounting system and internal con- trols. For example, a good accounting system will process all checks through a bank account that is part of the normal payment approval process. In the case of Phar-Mor, management maintained a separate bank account and used it for fraudulent purposes. Checks drawn on this account did not go through a regu- lar approval process. In summary, maintaining high ethics and following proper procedures can help prevent or detect many kinds of fraud.

Introduction to the Need for a Code of Ethics and Internal Controls (Study Objective 1) 85

In addition to acting ethically, the management of any organization has an obligation to maintain a set of processes and procedures that assure accurate and complete records and protection of assets. This obligation arises because many groups have expectations of management. First, management has a stew- ardship obligation to those who provide funds to, or invest in, the company.

Stewardship is the careful and responsible oversight and use of the assets

entrusted to management. This requires that management maintain systems which allow it to demonstrate that it has appropriately used these funds and assets. Investors, lenders, and funding agencies must be able to examine reports showing the appropriate use of funds or assets provided to management. Man- agement must maintain accurate and complete accounting records and reports with full disclosure. Second, management has an obligation to provide accurate reports to those who are not owners or investors, such as business organizations with whom the company interacts and governmental units like the Internal Rev- enue Service (IRS) and the Securities and Exchange Commission (SEC).

Finally, to efficiently and effectively manage an organization, management and the board of directors must have access to accurate and timely feedback regard- ing the results of operations. An organization cannot determine whether it is meeting objectives unless it continuously monitors operations by examining reports that summarize the results of operations. In many cases, these reports are outputs of the computerized system. Therefore, IT systems must provide accu- rate and timely information in reports. When a vice president at Phar-Mor became concerned about the adequacy of the IT system and the resulting reports, he formed a committee to address the problems; however, the committee was squelched by members of senior management who were involved in the fraud.

The management obligations of stewardship and reporting point to the need to maintain accurate and complete accounting systems and to protect assets. To fulfill these obligations, management must maintain internal controls and enforce a code of ethics. If these two items are operating effectively, many types of fraud can be avoided or detected. Internal controls have been defined by several bod- ies, but perhaps the most encompassing description of accounting internal con- trols is contained in the Committee of Sponsoring Organizations’2 (COSO’s) report on internal control.3The COSO report defines internal control as follows:

a process, affected by an entity’s board of directors, management, and other per- sonnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

effectiveness and efficiency of operations reliability of financial reporting

compliance with applicable laws and regulations.

These internal control processes and procedures will assist in protecting assets and ensuring accurate records. In addition to the accounting internal controls, an organization should also have internal controls covering its IT 2_{The Committee of Sponsoring Organizations includes the following organizations: AICPA, AAA,} FEI, IIA, and IMA. The purpose of COSO is to improve the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The COSO website is www.coso.org.

3_{Committee of Sponsoring Organizations of the Treadway Commission (CSOTC), Internal Control-}

systems. If not properly controlled, IT systems may become exposed to the risks of unauthorized access, erroneous or incomplete processing, and inter- ruption of service. Guidelines for IT controls are provided by the AICPA and are discussed later.

To help ensure accurate and complete accounting systems and reports, an organization should have good accounting internal controls, good IT controls, and an enforced code of ethics. A code of ethics is a set of documented guide- lines for moral and ethical behavior within the organization. It is management’s responsibility to establish, enforce, and exemplify the principles of ethical con- duct valued in the organization. The importance of an ethics code is perhaps easier to see by looking at it from the opposite perspective. As has become obvi- ous with the flood of accounting fraud scandals within the past decade at com- panies such as Enron, Worldcom, Global Crossing, and others, top management does not always exhibit ethical behavior. If management does not demonstrate ethical behavior, employees at all levels are much more likely to follow suit in their disregard for ethical guidelines. Of course, the opposite should also be true. Management that emphasizes and models ethical behavior is more likely to encourage ethical behavior in employees.

A C C O U N T I N G - R E L AT E D F R A U D ( S T U DY O B J E C T I V E 2 )

Fraud can be defined as the theft, concealment, and conversion to personal

gain of another’s money, physical assets, or information. Notice that this def- inition includes theft and concealment. In most cases, a fraud includes

Even companies that have good ethics codes and enforcement must guard against fraud. Johnson & Johnson has always been known as a model of good corporate ethics. However, in 2007 an internal investigation revealed that certain sales units within the company were paying bribes to gain sales of medical devices in foreign countries. Johnson & Johnson vol- untarily turned this information over to the U.S. Department of Justice, because such bribes are a violation of the Foreign Corrupt Practices Act. On April 8, 2011, Johnson & Johnson announced it had reached a negotiated settlement with the Department of Jus- tice that avoided prosecution, yet the company did pay fines exceeding $70 million to the United States and Germany. The company’s self-disclosure, full cooperation, and improved controls probably significantly reduced the punishment. This is an example of how fraud should be handled when discovered within a company’s management. Strong attention to ethics and controls may not always prevent fraud, but it usually helps uncover fraud and lessen the effects.

T

H E

R

E A L

W

O R L D

In summary, a company that maintains a good system of accounting and IT internal controls and values ethical behavior will be more likely to avoid fraud, other ethical problems, and errors in accounting records. This chapter describes some types of fraud that can occur and provides details of internal control sys- tems and ethics codes. It is not possible for a single chapter to include all poten- tial types of fraud or the controls to prevent them. The purpose of this chapter is to explain some of these fraud schemes to help you see the nature of the risks involved. With an understanding of the risks, you will find it easier to learn the nature of accounting and IT internal control systems intended to prevent or detect errors and fraud.

Accounting-Related Fraud (Study Objective 2) 87

altering accounting records to conceal the fact that a theft occurred. For example, an employee who steals cash from his employer is likely to alter the cash records to cover up the theft. An example of conversion would be sell- ing a piece of inventory that has been stolen. The definition of fraud also includes theft, not only of money and assets, but also of information. Much of the information that a company maintains can be valuable to others. For example, customer credit card numbers can be stolen. An understanding of the nature of fraud is important, since one of the purposes of an accounting information system is to help prevent fraud.

In fraud, there is a distinction between misappropriation of assets and mis- statement of financial records. Misappropriation of assets involves theft of any item of value. It is sometimes referred to as a defalcation, or internal theft, and the most common examples are theft of cash or inventory. Restaurants and retail stores are especially susceptible to misappropriation of assets because their assets are readily accessible by employees. Misstatement of financial

records involves the falsification of accounting reports. This is often referred to

as earnings management, or fraudulent financial reporting.

In order for a fraud to be perpetrated, three conditions must exist, as shown in Exhibit 3-1. These three conditions, known as the fraud triangle, are as follows:

Incentive to commit the fraud. Some kind of incentive or pressure typically

leads fraudsters to their deceptive acts. Financial pressures, market pres- sures, job-related failures, or addictive behaviors may create the incentive to commit fraud.

Opportunity to commit the fraud. Circumstances may provide access to the

assets or records that are the objects of fraudulent activity. Only those per- sons having access can pull off the fraud. Ineffective oversight is often a contributing factor.

Rationalization of the fraudulent action. Fraudsters typically justify their

actions because of their lack of moral character. They may intend to repay or make up for their dishonest actions in the future, or they may believe that the company owes them as a result of unfair expectations or an inad- equate pay raise.

Understanding these conditions is helpful to accountants as they create effec- tive systems that prevent fraud and fraudulent financial reporting. Fraud pre- vention is an increasingly important role for accounting and IT managers in business organizations, because instances of fraud and its devastating effects appear to be on the rise.

Incentive (Pressure)

Opportunity Rationalization

(Attitude)

Exhibit 3-1

The Association of Certified Fraud Examiners publishes studies of occupational fraud cases. Some statistics from its most recent reports follow:4

• Certified fraud examiners estimate that 5 percent of revenues are lost annually as a re- sult of occupational fraud and abuse. Applied to the World Gross Domestic Product, this translates to losses of approximately $2.9 trillion.

• The median loss due to fraud was $160,000, and one-quarter of the cases of frauds caused losses in excess of $1 million.

• Over 90 percent of occupational frauds involve asset misappropriations, and the median loss was $135,000. Cash is the targeted asset 90 percent of the time.

• Corruption schemes perpetrated by company executives and owners account for slightly less than one-third of all occupational frauds, and they caused a median loss of $250,000.

• Fraudulent financial statements account for less than 5 percent of the cases, but they were the most costly form of occupational fraud, with median losses of over $4 million per scheme.

• The average scheme in this study lasted 18 months before it was detected.

• The most common method for detecting occupational fraud is by a tip from an em- ployee, customer, vendor, or anonymous source. The second most common method is by management review.

• Small businesses (having fewer than 100 employees) are the most vulnerable to occupa- tional fraud and abuse. The average scheme in a small business causes $155,000 in losses, as compared with an average loss in larger companies of $164,000.

T

H E

R

E A L

W

O R L D

4

Report to the Nation on Occupational Fraud and Abuse, Association of Certified Fraud Examiners,

2010, p. 4.

Exhibit 3-2

Categories of Accounting- Related Fraud

Can Internal Control Example of an Internal Be Effective in Preventing Control That Can Be

Fraud Category Example or Detecting? Effective

Management fraud Misstating financial Usually not, because of n/a statements management override

Employee fraud Inflating hours worked Yes Require supervisor to

on time card verify and sign time card

Customer fraud Returning stolen Yes Provide refund only if merchandise for cash proper sales receipt exists Vendor fraud Requesting duplicate Yes Pay only those invoices

payment for one invoice that have a matching purchase order and receiving report, and mark documents as paid or cancelled

As indicated by the fraud report from the Association of Certified Fraud Exam- iners, fraud occurs in many different ways. The general categories of fraud and examples of these are explained in the sections that follow.

The Nature of Management Fraud (Study Objective 3) 89

In document BIZKAIKO ALDIZKARI OFIZIALA BOLETIN OFICIAL DE BIZKAIA (página 31-35)