AUDIT IN

CIS ENVIRONMENT
Week 3
Ethics, Fraud and Internal Control in CIS Environment
PRAYER
Lord, thank you for this
precious time that you
have given us. Send us
your Holy Spirit to be our
guide and give us the
wisdom to understand
every topic that we are
going to discuss. Enlighten
our minds and let your love
be upon us.
Amen.
 At the end of this session,
students should be able to
comprehend and demonstrated
knowledge on the following:
Understanding of ethical
issues related to the CIS
Learning environment
Objectives
Distinguish computer
and management fraud.

Understand the different internal

control concepts and techniques.
What is Ethics?
What is ETHICS?
Ethics pertains to the principles of
conduct that individuals use in
making choices and guiding their
behavior in situations that involve
the concepts of right and wrong.
 Two types:
1. Business Ethics
2. Computer Ethics
Business Ethics
It is the moral principles that act as
guidelines for the way a business
conducts itself and its transactions.
Business ethics involves finding the
answers to two questions:
1. How do managers decide what is
right in conducting their business?
2. Once managers have recognized
what is right, how do they achieve
it?
Computer Ethics
Is the analysis of the nature and
social impact of computer technology
and the corresponding formulation
and justification of policies for the
ethical use of such technology
concerns about software as well as
hardware and concerns about
networks connecting computers as
well as computers themselves.
What is FRAUD?
Fraud denotes a false representation of a
material fact made by one party to another
party with the intent to deceive and induce
the other party to justifiably rely on the fact
to his or her detriment.
It is an intentional deception,
misappropriation of a company’s assets, or
manipulation of its financial data to the
advantage of the perpetrator.
Fraud is also commonly known as white-
collar crime, defalcation, embezzlement,
and irregularities.
ERROR VS FRAUD?
Unintentional Intentional
• Overlook • Theft
• Misjudgement • Corruption
• Miscalculation • Manipulation
• Misapplication • Misrepresentation
Five Elements of Fraud:
1. False representation
2. Material fact
3. Intent
4. Justifiable reliance
5. Injury or loss
Types of Fraud:
1 Employee Fraud
• Fraud by non-management employees, is generally
designed to directly convert cash or other
assets to the employee’s personal benefit.
Typically, the employee circumvents the
company’s internal control system for personal
gain.

• Employee fraud usually involves three steps:

(1) stealing something of value (an asset), (2)
converting the asset to a usable form (cash),
and (3) concealing the crime to avoid detection.
Types of Fraud:
2 Management Fraud
Fraud committed by a firm or company’s
management that injures investors and
creditors through materially misleading
financial statements, or intentional or
egregious conduct whether by act or
omission that leads to a material
misstatement of financial statements.
Characteristics of
Management Fraud:
1. The fraud is perpetrated at levels of
management above the one to which
internal control structures generally relate.
2. The fraud frequently involves using the
financial statements to create an illusion
that an entity is healthier and more
prosperous than, in fact, it is not.
3. If the fraud involves misappropriation of
assets, it frequently is shrouded in a maze
of complex business transactions, often
involving related third parties.
Fraud Related to Audit
1. Misappropriation of Assets
• Theft or misuse of an organization’s
assets
• Employee Fraud

2. Fraudulent Financial Reporting

• Manipulation of financial statement
• Management Fraud
Fraud Related to Audit
Misappropriation of Assets Fraudulent Financial
Reporting
Embezzling receipts Fictitious journal entries
Stealing physical assets Inappropriate adjustments
Disbursements for un- Omitting, advancing, or
received goods or services delaying recognition
Using resources for personal Concealing facts; alternation
use of records
Fraud Triangle
It is a framework commonly
used in auditing to explain
the reason behind an
individual’s decision to
commit fraud. The fraud
triangle consists of three
factors that contribute to
or/are associated with
management and
employee fraud.
Fraud Triangle
1. Incentive to commit the fraud
Some kind of incentive or pressure
typically leads fraudsters to their
deceptive acts. It includes personal or
job-related stresses or failures,
financial pressures, market pressures,
and addictive behaviors that could
coerce an individual to act dishonestly,
thus may create the incentive to
commit fraud.
Fraud Triangle
2. Opportunity to commit the fraud.
Circumstances may provide access to
the assets or records that are the
objects of fraudulent activity. It involves
direct access to assets and/or access
to information that controls assets Only
those persons having access can pull
off the fraud. Ineffective oversight is
often A contributing factor.
Fraud Triangle
3. Rationalization of the fraudulent
action.
It pertains to one’s character and degree
of moral opposition to acts of dishonesty.
Fraudsters typically justify their actions
because of their lack of moral character.
They may intend to repay or make up for
their dishonest actions in the future, or
they may believe that the company owes
them as a result of unfair expectations or
an inadequate pay raise.
Auditor’s Responsibility
The auditor is responsible for
obtaining reasonable assurance
that the financial statements as a
whole are free from material
misstatements, whether due to
fraud or error.
Management’s
Responsibility
The management and
those charged with
governance are
responsible for prevention
and detection of fraud
What is Internal
Control?
Internal control describes the
policies, plans, and procedures
implemented by the management of
an organization to protect its assets,
to ensure accuracy and
completeness of its financial
information, and to meet its
business objectives.
Objectives of IC
To safeguard assets of the firm.
To ensure the accuracy and reliability
of accounting records and information.
To promote efficiency in the firm’s
operations.
To measure compliance with
management’s prescribed policies
and procedures.
The PDC Model

Preventive
Controls

Detective
Controls

Corrective
Controls
Preventive Controls

Are passive techniques

designed to reduce the
frequency of occurrence of
undesirable events. This is
the first line of defense in
the control structure.
Detective Controls

These are devices,

techniques, and procedures
designed to identify and
expose undesirable events
that elude preventive
controls. They are second
line of defense.
Corrective Controls
Corrective controls are procedures a
company uses to solve, correct or
reverse the effects of errors detected in
the previous step. A company
establishes corrective controls to
remedy problems it discovers by the
detective controls. identify anomalies
and draw attention to them; corrective
controls actually fix the problem.
Exercise: Identify the kind
of controls applied
1. Approvals, authorizations, and
verifications  Preventive
2. Reconciliations  Detective
3. Review of Performance 
Detective
4. Segregation of Duties
Preventive
5. Controls over Information
System Preventive and
Detective
COSO Internal Control
Framework
In 1992, the Committee of Sponsoring
Organizations of the Treadway
Commission (COSO) developed a
COSO Framework for evaluating
internal controls. This model has been
adopted as the generally accepted
framework for internal control and is
widely recognized as the definitive
standard against which organizations
measure the effectiveness of their
Image Source:
systems of internal control. https://info.knowledgeleader.com/bid/161685/what
-are-the-five-components-of-the-coso-framework
Components of IC
1. Control Environment
2. Risks Assessment
3. Control Activities
IT Controls
a. General Controls
b. Application Controls
Physical Controls
4. Information and Communications
5. Monitoring
Control Environment
It is foundation for the other four control components. It sets
the tone for the organization and influences the control
awareness of its management and employees.

Exercise integrity and ethical values.

Make a commitment to competence.
Use the board of directors and audit committee.
Facilitate management’s philosophy and operating
style.
Create organizational structure.
Issue assignment of authority and responsibility.
Utilize human resources policies and procedures.
Risk Assessment
identify, analyze, and manage risks relevant to
financial reporting.

Create companywide objectives.

Incorporate process-level objectives.
Perform risk identification and
analysis.
Manage change.
Control Activities
are the policies and procedures used to
ensure that appropriate actions are
taken to deal with the organization’s
identified risks.
Follow policies and procedures.
Improve security (application and network).
Conduct application change management.
Plan business continuity/backups.
Perform outsourcing.
IT CONTROLS:
Information technology drives financial
reporting processes of modern organization
a. Application controls ensure the validity,
completeness, and accuracy of financial
transactions.
b. General controls include controls over IT
governance, IT infrastructure, security
and access to operating systems and
databases, application acquisition and
development, and program change
procedures
PHYSICAL CONTROLS:
This class of controls relates primarily to the
human activities employed in accounting
systems.
 Transaction Authorization - to ensure that all
material transactions processed by the
information system are valid and in
accordance with management’s objectives.
 Segregation of Duties - one of the most
important control activities is the segregation
of employee duties to minimize incompatible
functions.
Supervision - in small organizations or in
functional areas that lack sufficient personnel,
management must compensate for the absence
of segregation controls with close supervision.
Accounting Records - consist of source
documents, journals, and ledgers.
Access Control - to ensure that only authorized
personnel have access to the firm’s assets.
Independent Verification. verification procedures
are independent checks of the accounting
system to identify errors and
misrepresentations.
Information and
Communications
Measure quality of information.
Measure effectiveness of
communication.
Monitoring
Perform ongoing monitoring.
Conduct separate evaluations.
Report deficiencies.
Tough times don’t last.
Tough people do.

END