Page 166 - Accounting Information Systems
P. 166

CHAPTE R 3         Ethics, Fraud, and Internal Control  137

                       controls needed to protect accounting records will depend on the technological characteristics of the
                       accounting system. Indirect access control is accomplished by controlling the use of documents and
                       records and by segregating the duties of those who must access and process these records.

                       INDEPENDENT VERIFICATION. Verification procedures are independent checks of the account-
                       ing system to identify errors and misrepresentations. Verification differs from supervision because it takes
                       place after the fact, by an individual who is not directly involved with the transaction or task being veri-
                       fied. Supervision takes place while the activity is being performed, by a supervisor with direct responsi-
                       bility for the task. Through independent verification procedures, management can assess (1) the
                       performance of individuals, (2) the integrity of the transaction processing system, and (3) the correctness
                       of data contained in accounting records. Examples of independent verifications include:
                         Reconciling batch totals at points during transaction processing.
                         Comparing physical assets with accounting records.
                         Reconciling subsidiary accounts with control accounts.
                         Reviewing management reports (both computer and manually generated) that summarize business
                         activity.

                         The timing of verification depends on the technology employed in the accounting system and the task
                       under review. Verifications may occur several times an hour or several times a day. In some cases, a veri-
                       fication may occur daily, weekly, monthly, or annually.



                       Summary

                       This chapter began by examining ethical issues that societies  often do so by overriding the internal control structure. The
                       have pondered for centuries. It is increasingly apparent that  underlying problems that permit and aid these frauds are fre-
                       good ethics is a necessary condition for the long-term profit-  quently associated with inadequate corporate governance. In
                       ability of a business. This requires that ethical issues be under-  this section we examined some prominent corporate gover-
                       stood at all levels of the firm, from top management to line  nance failures and outlined the key elements of SOX, which
                       workers. In this section, we identified several ethical issues of  was legislated to remedy them. Finally, several well-docu-
                       direct concern to accountants and managers. SOX legislation  mented fraud techniques were reviewed.
                       has directly addressed these issues.              The third section examined the subject of internal control.
                         The next section examined fraud and its relationship to  The adequacy of the internal control structure is an issue of
                       auditing. Fraud falls into two general categories: employee  great importance to both management and accountants. Inter-
                       fraud and management fraud. Employee fraud is generally  nal control was examined first using the PDC control model
                       designed to convert cash or other assets directly to the  that classifies controls as preventive, detective, and corrective.
                       employee’s personal benefit. Typically, the employee circum-  Next, the SAS 78/COSO framework recommended for
                       vents the company’s internal control structure for personal  compliance with SOX was examined. This consists of five lev-
                       gain. However, if a company has an effective system of internal  els: control environment, risk assessment, information and
                       control, defalcations or embezzlements can usually be pre-  communication, monitoring, and control activities. In this sec-
                       vented or detected. Management fraud typically involves the  tion, we focused on physical control activities including trans-
                       material misstatement of financial data and reports to attain  action authorization, segregation of duties, supervision,
                       additional compensation or promotion or to escape the pen-  adequate accounting records, access control, and independent
                       alty for poor performance. Managers that perpetrate fraud  verification.



                       Key Terms

                       access controls (136)                          bribery (125)
                       accounting records (136)                       business ethics (112)
                       application controls (134)                     cash larceny (126)
                       billing schemes (126)                          check tampering (127)
   161   162   163   164   165   166   167   168   169   170   171