Activity 1 – Ethics, Fraud and Internal Control

1. Circle to indicate whether each procedure is a preventive or detective control.

a) Authorizing a credit sale Preventive Detective

Answer. Preventive
b) Preparing a bank reconciliation Preventive Detective
Answer, Detective
c) Locking the warehouse Preventive Detective
Answer. Preventive
d) Preparing a trial balance Preventive Detective
Answer. Detective
e) Counting inventory Preventive Detective
Answer. Detective

2. A purchasing agent for a home improvement center is also part owner in a wholesale lumber
company. The agent has sole discretion in selecting vendors for the lumber sold through the
center company. The agent directs a disproportionate number of purchase orders to his
company, which charges above market prices for its products. The agent’s financial interest in
the supplier is unknown to his employer.

What type of fraud does the problem describe and give at least two controls that can be
implemented to prevent or detect the fraud?

3. A procurement agent for a large metropolitan building authority threatens to blacklist a building
contractor if he does not make a financial payment to the agent. If the contractor does not
cooperate, the contractor will be denied future work. Faced with a threat of economic loss, the
contractor makes the payment.

What type of fraud is this and what controls can be implemented to prevent or detect
the fraud?
4. The kickback is a form of fraud often associated with purchasing. Most organizations expect
their purchasing agents to select the vendor that provides the best products at the lowest price.
To influence the purchasing agent in his or her decision, vendors may grant the agent financial
favors (cash, presents, airline tickets, and so on). This activity can result in orders being placed
with vendors that supply inferior products or charge excessive prices.

Describe the controls that an organization can employ to deal with kickbacks. Classify
each control as preventive, detective, or corrective.
Controls Classification

5. Sassy Ko is the loading dock supervisor for a dry cement packaging company. His work crew
is comprised of unskilled workers who load large transport trucks with bags of cement, gravel
and sand. The work is hard and the employee turnover rate is high. Employees record their
attendance on separate timecards. Sassy Ko authorizes payroll payments each week by
signing the timecards and submitting them to the payroll department. The paychecks are then
prepared by payroll and distributed to Sassy KO, who distributes them to his work crew.

a) Identify any control problems in the system.

b) What sorts of frauds are possible in this system?

Control Problems Possible Fraud

6. Although top management’s attitude toward ethics sets the tone for business practice,
sometimes it is up to lower-level managers to uphold a firm’s ethical standards. Jove, an
operations-level manager, discovers that the company is illegally dumping toxic materials and
is in violation of environmental regulations. Jove’s immediate supervisor is involved in the
dumping. What actions should John take?
7. Do you agree that the most effective method of obtaining adequate system security is to rely
on the integrity of company employees? Why or why not?

8. Effective segregation of duties is sometimes not economically feasible in a small business.

What internal control elements do you think can help compensate for this threat?
Answer. As a small business owner, you know that implementing properly designed controls with limited
resources can be challenging. However, not addressing deficiencies can expose your business to operational
and financial risks and losses. Fortunately, there are steps you can take to help prevent and detect fraud at your
company. The most common types of internal control weaknesses detected in small businesses can often be

mitigated through implementing a combination of anti-fraud controls and/or slightly modifying existing processes.

The following five internal control challenges are some of the most common found in small businesses.
1. Separation of duties
In larger organizations, the performance of critical functions is typically divided among different employees. In
small businesses with limited human resources, it’s not uncommon for a single employee to be solely responsible
for completing multiple tasks in a critical process. However, failing to properly segregate duties can result in a
greater risk of errors or fraud.
Generally, assigning different people the responsibilities of authorizing transactions, recording transactions,
maintaining custody of related assets, and reconciling accounts provides for more effective internal controls.
Each employee should have specific job responsibilities, preferably defined in writing. Reassignment of specific
duties within a process to other appropriate individuals can significantly help to mitigate risks in many cases.
2. Policies and procedures
Effective policies and procedures can help you to align your business objectives and help establish best
practice operating procedures – and they are also one of the most underused control tools. Even if you
think your business processes are uncomplicated and well known by management and employees,
there is value in creating written policies and procedures.

Although each business is different, the following are examples of common processes that are
important to define and document:

Sales and accounts receivable

Cash management and banking

Purchases and accounts payable

Payroll and human resources

Financial statement closing and reporting

Documenting key controls in each of these cycles can provide transparency and consistency and
allow for specific roles to be easily be assigned to specific individuals. If a key employee
leaves the company, it will be easier to train new and/or temporary employees with thoroughly
outlined and documented procedures already in place. Documenting policies and procedures
can also help to clearly define business operations and confirm alignment with management’s
expectations.

3. Documentation

Maintaining adequate supporting documentation is part of the foundation for developing an

effective internal control framework within an organization. Without it, it can be difficult to
demonstrate existence of transactions completed, procedures performed, and controls in
place. Proper documentation can also make it easier and more efficient to research and
respond to questions from customers, management and auditors.

By emphasizing the importance of maintaining proper evidence, your management team can help
reduce risks to employees and to your business.

4. Oversight and review

Small business owners are often so involved in the strategic and operational goals of their
business that it is difficult to also pay enough attention to basic internal control monitoring
procedures. Proper oversight is essential to the internal control framework and an important
aspect of fraud prevention and detection.

Reviewing certain key metrics, sales, expense accounts, cash reports, variance reports, payroll
summaries, and other data on a monthly basis may help you identify problems that may exist.
Having your finger on the pulse of your business’ performance can also provide valuable
information for key decision making.

5. User access rights for information systems

Employees are often granted more access to information systems than they actually need to
perform their job responsibilities. This may be done for ease of application or because the
person granting access (often the IT administrator) does not fully understand the new
employee’s role. However, providing such access can expose the business to additional risks
that business leaders may not be aware of.

Employees should start with very limited access to information systems with only the rights to
perform functions that are essential to that user’s work. As the employee’s workload expands,
additional access rights may be granted.

All users’ access rights should be reviewed on a periodic basis to ensure that there is a legitimate
business purpose for the access granted to each user. Although this approach requires more
time and effort, it can enhance the system of controls and security in place.
Although small businesses may have more limited resources than larger businesses, there are
several controls that can be implemented and/or enhanced to help prevent and detect fraud
and mitigate operational and financial risk.

9. When you go to a movies theater, you buy a pre-numbered ticket from the cashier. This ticket
is the handed to another person at the entrance to the movie. What kinds of irregularities is the
theater trying to prevent? What controls is it using to prevent these irregularities?

Answer. There are two reasons for using tickets.

1. The theater is trying to prevent cashiers from stealing cash. You cannot get into the theater
without a ticket so you never give cash to a cashier without insisting on a ticket. That makes it
much harder for a cashier to pocket cash.

2. Prenumbered tickets are also used so cashiers cannot give tickets to their friends. The
number of tickets sold at the cashier counter can be reconciled with the number of tickets
taken by the usher letting patrons into the theater.

Reconciling the cash in the register to the tickets sold and then reconciling the number of tickets
sold to the number collected by the usher helps prevent the theft of cash and giving tickets
away to friends.

Despite these controls, the following risks still exist:

• The usher may sell admittances to the theater at the door, pocketing the cash and letting the
patron enter without a ticket.

• The cashier and the usher may collaborate in selling admittances without issuing tickets and
then split the proceeds.

• The usher can let friends into the theater without tickets

10. Discuss how to communicate information and monitor control processes in organizations.

Answer: Companies are now recognizing control risks and taking positive steps to achieve better control,
including security staffs, education, enforcement, secure environments, and building control into the development
process. Accountants must understand how to protect systems from threats, have a good understanding of IT and
its capabilities and risks. Management must make security and control a top priority. Control objectives are the
same regardless of the data processing method, but a computer-based AIS requires different policies and
procedures to achieve that control. In today’s dynamic business environment, companies must balance the need
for innovation and creativity with the need for control systems to avoid excessive risks or harmful behaviors.