SUMMARY OF STUDY OBJECTIVES

An introduction to the need for a code of ethics and internal controls. Managers of organizations are entrusted with the assets and funds of their organizations; therefore, they have an ethical duty to appropriately protect and use those assets and funds. As stewards of assets and funds, managers must ensure that policies and procedures are in place to provide protection and to accurately record and report the flow and use of assets and funds. Codes of ethics and strong systems of internal control are important parts of these policies and procedures. Properly enforced codes of ethics and internal controls can establish an operating environment that discourages fraud and errors.

The accounting-related fraud that can occur when ethics codes and internal controls are weak or not correctly applied. In organizations where codes of ethics are not enforced or when proper controls are not correctly applied, fraud and errors are much more likely to occur. There are many kinds of fraud that can occur, including management fraud, employee fraud, customer fraud, and vendor fraud.

The nature of management fraud. Management fraud is conducted by upper-level managers and usually involves fraudulent financial statements. Managers are above the level of most internal controls; therefore, internal controls are usually not effective in preventing or detecting management fraud.

The nature of employee fraud. Employee fraud is conducted by non-management employees and usually involves theft or misuse of assets. Internal accounting controls such as the five components of internal control in COSO are intended to assist in the prevention or detection of employee fraud.

The nature of customer fraud. Customer fraud occurs when customers engage in credit card fraud, check fraud, or refund fraud. Internal controls can assist in the prevention or detection of some customer fraud.

The nature of vendor fraud. Vendor fraud is usually conducted by vendors requesting fictitious or duplicate payments. Internal controls can assist in the prevention or detection of some vendor fraud.

The nature of computer fraud. Computers can be used internally or by those outside the organization as a tool to conduct such fraud as manipulating transactions or data, and hacking or other network break-ins. Internal controls and IT controls can assist in the prevention or detection of computer fraud.

The policies that assist in the avoidance of fraud and errors. There are three sets of policies that an organization can institute to help prevent or detect fraud, errors, and ethical violations: implementation and maintenance of a code of ethics, accounting internal controls, and IT controls.

The maintenance of a code of ethics. When management is unethical, fraud is likely to occur. On the other hand, if the top management of a company emphasizes ethical behavior, models ethical behavior, and hires ethical employees, the chance of fraud or ethical lapses can be reduced. Maintaining and enforcing a code of ethics helps reduce unethical behavior in an organization.

The maintenance of accounting internal controls. The components of accounting internal controls are defined by the COSO report as the control environment, risk assessment, control activities, information and communication, and monitoring. Control activities include authorization, segregation of duties, adequate record keeping, security over assets and records, and independent verifications.

The maintenance of information technology controls. IT controls can be categorized as designated within the AICPA's Trust Services Principles. The risk categories are security, availability, processing integrity, online privacy, and confidentiality.

KEY TERMS