AIS MIDTERM  Ethical Responsibility

 Ethical issue - is rooted in morals that call for an  Ethical principles

individual or a company to choose between
alternatives that can be evaluated as wrong 1. PROPORTIONALITY - benefit must outweigh the
(unethical) or right (ethical). risks.

- It is based upon the perception of the rightness - no alternative decision that provides the same or
or the wrongness of an act or a situation greater benefit with less risk.

- raises questions of virtue and is often guided  Justice - benefits should be distributed fairly
by one’s sense of the right and the wrong.  Minimize risk.P

2. Computer Ethics - analysis of the nature and

 legal issue - application of principles of law. social impact of computer technology and the
- Such issues are usually punishable by law and corresponding formulation and justification policies
for ethical use of such technology.

 Ethical vs. Legal Issues  Three level of computer ethics:

 Ethical issues are not governed by a set of rules 1. Pop Computer Ethics - exposure to stories and
and thereby are not punishable by law. reports found in the popular media regarding the
 Legal issues have a set of rules on which they good or bad ramifications of computer technology.
are based and are punishable by law
2. Para Computer Ethics - involves taking a real
What is legal can be unethical. interest in computer ethics cases and acquiring
What is ethical can be illegal. some level of skill and knowledge in the field.

- All systems professionals need to reach this level

 Legality - means an act according to the law,
 ethics is about right and wrong behaviour. 3. Theoretical Computer Ethics - interestP
to multidisciplinary researchers who apply
the theories of philosophy, sociology, and
 Ethics - pertains to the principles of conduct psychology to computer science
that individuals use in making choices and
guiding their behavior in situations that involve  Main computer ethics issues
the concepts of right and wrong.

 Code of ethics - in business is a set of

guiding principles intended to ensure a
business and its employees act with honesty
and integrity in all facets of its day-to-day

 Business Ethics

1. Privacy - The right to be free from secret

surveillance and to determine whether, when,
how, and to whom one’s personal or
organizational information is to be revealed.

- fundamental right, essential to autonomy and the

protection of human dignity

- enables us to create barriers and manage

boundaries

- full control of what and how much information about

themselves is available to others
2. Security (Accuracy and Confidentiality)
 Making Ethical Decisions
- attempt to avoid such undesirable events
Business organizations have conflicting
- attempt to prevent fraud
responsibilities to their employees, shareholders,
customers, and the
3. Ownership of Property- designed to preserve
public.
real property rights have been extended to cover
what is referred to as intellectual property, that
is, software.
- what an individual (or organization) can own

4. Equity in Access - Some barriers to access are

intrinsic to the technology of information
systems,

5. Environmental Issues

6. Artificial Intelligence - refers to the simulation of

human intelligence

- any machine that exhibits traits associated with a  FRAUD - refers an intentional act by one or
human mind more individuals among management, those
charged with governance, employees involving the
7. Unemployment and Displacement - due to comp use of deception to obtain an unjust or illegal
tech. advantage.

8. Misuse of Computers - Copying proprietary Types of Fraud:

software etc.
company’s computer for personal benefit, - Fraudulent Financial Reporting
and snooping through other people’s files - Misappropriation of assets
are just a few obvious examples.
PSA240
Although copying proprietary software
(except to make a personal backup copy) is
clearly illegal, it is commonly done.

 Fraud - denotes a false representation of a

material fact made by one party to another
party with the intent to deceive and induce the
other party to justifiably rely on the fact to his or
her detriment.
 Generally designed to directly convert cash or
other assets to the employee’s personal
benefit.

Typically, the employee circumvents the

company’s internal control system for
personal gain.

 Employee Fraud involves three steps:

SOLUTIONS: 1. stealing something of value (an asset),

2. converting the asset to a usable form
(cash)
3. concealing the crime to avoid detection.

 Management Fraud
- Perpetrated at levels of management above the
one to which internal control structure relates

- Frequently involves using financial statements to

create an illusion that an entity is more healthy and
prosperous than it actually is

- Involves misappropriation of assets

 Fraud Schemes

Three categories of fraud schemes according to

the Association of Certified Fraud Examiners:

A. fraudulent statements
B. corruption
C. asset misappropriation

A. Fraudulent Statements
- Misstating the financial statements to make
the copy appear better than it is

B. Corruption
- Corruption involves an executive, manager, or
employee of the organization in collusion with an
outsider.

The ACFE study identifies four principal types of

corruption:

 Bribery
 illegal gratuities
 conflicts of interest
 Sarbanes-Oxley Act of 2002  economic extortion.
- RA 3019-Anti-Graft and Corrupt Practices Act
- Creation of the Public Company Accounting
Oversight Board (PCAOB) B. Corruption

Auditor independence—more separation between a Examples: bribery, illegal gratuities, conflicts of

firm’s attestation and non-auditing activities interest, economic extortion

Corporate governance and responsibility—audit - Foreign Corrupt Practice Act of 1977:

committee members must be independent and the
audit committee must oversee the external auditors  Bribery - involves giving, offering, soliciting, or
receiving things of value to influence an official
Disclosure requirements—increase issuer and in the performance of his or her lawful duties.
management disclosure
 Illegal Gratuities - involves giving, receiving,
 Employee Fraud - Committed by non- offering, or soliciting something of value because
management personnel of an official act that has been taken.
- similar to a bribe, but the transaction occurs after
the fact.
 Conflicts of Interest - Every employer should
expect that his or her employees will conduct
their duties in a way that serves the interests of
the employer.

 conflict of interest occurs when an employee

acts o behalf of a third party during the
discharge of his or her duties or has self-interest
in the activity being performed.

 Economic Extortion - is the use (or threat) of

force (including economic sanctions) by an
individual or organization to obtain something of
value.

C. Asset Misappropriation - which assets  Limitations of Internal Controls

are either directly or indirectly diverted to the - Possibility of honest errors
perpetrator’s benefit. - Circumvention via collusion
- Management override
- Changing conditions--especially in companies
- Most common type of fraud and often occurs as with high growth
employee fraud
 Exposures of Weak Internal Controls (Risk)
- Destruction of an asset
C. Asset Misappropriation - Skimming - Theft of an asset
- Corruption of information
 Skimming involves stealing cash from an
organization before it is recorded on the  Internal controls are usually PREVENTIVE or
organization’s books and records. DETECTIVE

C. Asset Misappropriation - Cash Larceny  Preventive - let’s stop an unwanted outcome

before it happens.
 Cash larceny - involves schemes in which cash
receipts are stolen from an organization after  Detective - let’s find the problem before it grows.
they have been recorded in the organization’s
books and records. ( ex: lapping)
 Who is Responsible for Internal Control?
C. Asset Misappropriation - False Billing EVERYONE
- vendor fraud, are perpetrated by employees who
causes their employer to issue a payment to a false
supplier or

 Internal control - process designed,

implemented and maintained by those charged
with governance, management and other
personnel to provide reasonable assurance
about the achievement of an entity’s objectives
with regard to:

- reliability of financial reporting;

- effectiveness and efficiency of operations;
and Five Internal Control Components:
- compliance with applicable laws and COSO: CRIME
regulations.
1. Control environment
 Internal Control Objectives 2. Risk assessment
- Safeguard assets 3. Information and communication
- Ensure accuracy 4. Monitoring
- Promote efficiency 5. Existing Control activities

 Control environment - Consists of actions,

policies and procedures that reflect the overall
attitudes of top management, directors, and
owners of an entity about internal control and
its importance.