1 / 37

Control Self-Assessment

Control Self-Assessment. Controls Assessment (Chapter 10) Frameworks Prisoner’s Dilemma Worldcom’s Prisoner’s Dilemma Ethics and IT (in Hong Kong) Practicum: St James Clothiers ( IT-based vs. Manual Accounting Systems). What is ‘Control Self-Assessment’?. DEFINITION

oksana
Download Presentation

Control Self-Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control Self-Assessment Controls Assessment (Chapter 10) Frameworks Prisoner’s Dilemma Worldcom’s Prisoner’s Dilemma Ethics and IT (in Hong Kong) Practicum: St James Clothiers (IT-based vs. Manual Accounting Systems)

  2. What is ‘Control Self-Assessment’? DEFINITION Control Self-assessment (CSA) is a leading edge process in which auditors facilitate a group of staff members who have expertise in a specific process, with the objective of identifying opportunities for internal control enhancement pertaining to critical operating areas designated by management

  3. Nascency • Originally a way of measuring ‘soft controls' which traditional auditing found difficult to measure, e.g. • Management integrity, honesty, trust • Willingness of employees to circumvent controls • Employee morale • The tone and ethics of a firm are set by top management • And this is a way of eliciting these • It’s become especially important post Sarbanes-Oxley

  4. Why is CSA Important? • Without commitment to good internal control • And inherent honest and ethical behavior of employees throughout the organization • Internal control systems (preventive, detective and corrective) • Would quickly become the single most expensive part of the firm’s accounting systems • Internal and external audits would become prohibitively expensive • Financial statements would lose their value to outside investors • Causing stock price to fall • Bank borrowing interest rates to rise • And firm operations to cease being competitive • This happened in some of Arthur Andersen’s clients • Where financial statements came to be known as: • Andersen’s Fairy Tales

  5. COSO Framework • COSO (Committee of Sponsoring Organizations of the Treadway Commission) • Founded in aftermath of the 1977 Lockheed Scandal Internal Control was supposed to insure: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations

  6. COCO Framework • CoCo (Criteria of Control Board) • Founded by Canadian Institute of Chartered Accountants • The world’s premier group in setting internal auditing standards Internal Control was supposed to insure: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations & internal policies

  7. Cadbury Framework • Committee of the Financial Aspects of Corporate Governance of the Institute of Chartered Accountants in England and Wales (Cadbury Committee … you can see why they adopted the latter name) • Contemporaneous with CoCo Internal Control was supposed to insure: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations • Safeguarding of assets against unauthorized use of disposition • Maintenance of proper accounting records and the reliability of financial information used with in the business or for publication

  8. COBIT Framework • COBIT (Control Objectives for Information and Related Technology) • Contemporaneous with CoCo and Cadbury Internal Control was supposed to insure: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations • Safeguarding of assets against unauthorized use of disposition • Maintenance of proper accounting records and the reliability of financial information used with in the business or for publication An important difference as COBIT was directed specifically towards Information Technology

  9. SAC / eSAC Framework • SAC (Systems Auditability and Control report) • Originally published in 1977, but updated in 1991-4 contemporaneous with CoCo and Cadbury Internal Control insure the same things as CoCo and Cadbury • But provide an extensive module-based framework • Audit & control Environment • IT in Auditing • Managing computer resources • Managing Information and Developing System • Business Systems • End user and Departmental Computing • Telecommunications Security • Contingency Planning • Emerging tech An important difference as SAC / eSAC was directed specifically towards Information Technology, and provides more detailed direction for IT audits

  10. SASs 55, 78 & 94 • Extensions to the COSO Framework that are essentially summarized in SAS 94 (2001) • Specific IT related Internal Control risks are targeted: • Reliance on IT that is inaccurately processing data • Unauthorized access to data, destruction, inaccurate recording, privacy breach • Unauthorized changes to systems • Failure to make needed changes to systems • Inappropriate manual intervention • Potential loss of data • SAS 94 also emphasizes the importance of specialized IT Auditing skills (important for this class)

  11. Practicum: Evaluation of Manual & IT-Based Sales Accounting System Risks St. James Clothiers

  12. Prisoner's dilemma • Two suspects A, B are arrested by the police. • The police have insufficient evidence for a conviction, and having separated both prisoners, visit each of them and offer the same deal: • If one testifies for the prosecution (turns King's Evidence) against the other and the other remains silent, the silent accomplice receives the full 10-year sentence and the betrayer goes free. • If both stay silent, the police can only give both prisoners 6 months for a minor charge. • If both betray each other, they receive a 2-year sentence each. • This can be summarized:

  13. The Dilemma • Each prisoner has two options: • to cooperate with his accomplice and stay quiet, • or to betray his accomplice and give evidence. • The outcome of each choice depends on the choice of the accomplice. However, neither prisoner knows the choice of his accomplice. • The optimal solution would be for both prisoners to cooperate with each other, as this would reduce the total jail time served by the group to one year total. • Any other decision would be worse for the two prisoners considered together. However by each following their individual interests, the two prisoners each receive a lengthy sentence.

  14. Prisoner's dilemma(Corporate Setting) • Two officers of the corporation – the CEO and the Comptrollerare arrested for Financial Reporting fraud • The police have insufficient evidence for a conviction (they didn’t take my course) and having separated both prisoners, visit each of them and offer the same deal: • If one testifies for the prosecution against the other and the other remains silent, the silent accomplice receives the full 10-year sentence and the betrayer goes free. • If both stay silent, the police can only give both prisoners 6 months for a minor charge. • If both betray each other, they receive a 2-year sentence each. • This can be summarized:

  15. The Deal (another view) • Or stated differently • Here is how the deal will look to the CEO and the Comptroller

  16. The Deal • Or stated differently • Here is how the deal will look to the CEO and the Comptroller

  17. Why Ethics are Important! • The prisoner's dilemma is a type of non-zero-sum game • it is assumed that each individual player ("prisoner") is trying to maximize his own advantage, without concern for the well-being of the other players. • In Econo-speak: The Nash equilibrium for this type of game does not lead to Pareto optimums (jointly optimum solutions) • Each side has an individual incentive to cheat even after promising to cooperate. This is the heart of the dilemma. • In the iterated prisoner's dilemma the game is played repeatedly. • Thus each player has an opportunity to "punish" the other player for previous non-cooperative play. • Cooperation may then arise as an equilibrium outcome. • The incentive to cheat may then be overcome by the threat of punishment, leading to the possibility of a superior, cooperative outcome. • As the number of iterations approach infinity, the Nash equilibrium tends to the Pareto Optimum, because when you face eternity the threat of grudges is a grave one indeed

  18. Fraud at WorldCom A Corporate IT Auditing Ethical Dilemma

  19. Oops • On June 27, 2002, markets around the world were sent reeling when it was discovered that WorldCom • had overstated the prior 15 months of earnings by US$3.9 billion • to which was later added another US$3.2 billion • for a total of US$7.1 billion in accounting misstatements • Ultimately the overstatement of income totaled $11 billion • For a company that reported US$1.4 billion net income in 2001 • it seems difficult for the auditors to dismiss this as “immaterial.”

  20. Great Auditing, guys • Roman Weil, a professor of accounting at the University of Chicago, noted that WorldCom’s fraudulent accounting • “is so basic that I teach it in the second week of my class.” • Yet the ploy, which misclassified supposedly difficult-to-manipulate cash flows, fooled both Arthur Andersen and KPMG, two of the (at the time) Big 5 accounting firms.

  21. Cash Flow • “How do you fake cash flow? • You simply move the negative things – the cash outflows – out of the operating section and you move it into the investing or financing section.” • What was significant was that few companies used the stratagems that undermined Enron; • but all corporations use cash flow and earnings before interest, taxes depreciation, and amortization (EBITDA) as a measure of value. • And cash flow has been championed by the analysts’ community that claims that it is not subject to the ambiguities of “income.”

  22. Blessed by Accountants • Did generally accepted accounting principles (GAAP) contribute to the fraud? • Yes; indeed, GAAP is a prime enabler of fraud. Without double-entry bookkeeping, frauds such as WorldCom’s could never be perpetrated. • From an accounting standpoint, WorldCom had impeccable financials • Audited by the Big5 • Success solidly founded on inviolable cash flows

  23. Here’s Bernie • Bernie Ebbers, one of its original nine investors in LDDS, was called in to run the company in 1984 • Ebbers was previously employed as a milkman, bartender, bar bouncer, car salesman, truck driver, basketball coach and hotelier. • While he lacked technology experience, Ebbers later joked that his most useful qualification was • being "the meanest SOB they could find." • Ebbers took less than a year to make the company profitable. • Ebbers is now A Prisoner

  24. Corporate Culture (does it matter) • Growth through acquisitions led to a hodgepodge of peoples and cultures • Ebbers called an internal effort to create a corporate code of conduct • a "colossal waste of time" • encouraged "a systemic attitude conveyed from the top down that employees should not question their superiors, but simply do what they were told"

  25. Goals • "Our goal is not to capture market share or be global. Our goal is to be the No. 1 stock on Wall Street.“ • Ebbers, in 1997 • Revenue growth was a key to increasing the company's market value. • the demand for revenue growth was "in every brick in every building,"

  26. Accounting at WorldCom • It all centered on Accruals and Culture • Discuss • Culture • “… you need to book the entry.“ • Myers to David Schneeman, acting CFO of UUNET • When Schneeman refused, • Myers told him "Book it right now, I can't wait another minute" • "Here's your number" • Myers telling Timothy Schneberger, Director of International Fixed Costs to release $370 millions of accruals

  27. The Audit ‘Profession’ • Arthur Andersen, WorldCom's independent external auditor, from 1990 to 2002 called WorldCom its • "flagship" and most "highly coveted" client, the firm's "Crown Jewel" • Andersen wanted to be considered as a committed member of WorldCom's team. • After WorldCom merged with MCI. • Andersen, which had a Mississippi-based team of 10—12 people working full-time on WorldCom's audits, • under-billed the company • and justified the lower charges as a continuing investment in its WorldCom relationship.

  28. The Bottom Line • Who was responsible for WorldCom’s Fraud? • What was responsible for WorldCom’s Fraud? • Why was it responsible for WorldCom’s Fraud? • Discuss

  29. Ethics in ActionTrue stories from Hong Kong

  30. Technology Hype: Pollution Control • A businesswoman with government ties • gets an exclusive contract from the Environmental Protection Department to supply high tech ‘exhaust cleaners’ to clean up the pollution from diesel taxis and buses in the city • These ‘exhaust cleaners’ are later found to be empty tins with a little steel wool thrown into them, • that were sold to the government at 300% markup • The businesswoman uses the proceeds from her scam to promote the IPO of a new company selling her ‘exhaust cleaners’ • And promptly transfers the proceeds of the IPO to another company • Question: • Was the businesswoman (1) clever, (2) working through a tradition of ‘guanxi’, or (3) unethical? • What remedy would you prescribe to compensate residents whose health has deteriorated because of the pollution? To the taxpayers who paid for the scam?

  31. Technology Hype: Pollution Control, part 2 • A financial analyst and a celebrity columnist for the local newspaper • find out about the bogus ‘exhaust cleaner’ scam, • and publish their findings in the newspaper and on the Internet • The businesswoman’s husband (who is owner of the company that was IPO’d) • Posts material to his own Web site impugning the financial analyst’s character • Falsely accusing the analyst of being a ‘porn star’ • Question: • The businesswoman’s husband (1) was justified in venting his personal anger, (2) should adjust his medication, or (3) is unethical? • What remedy would you prescribe to compensate the analyst?

  32. Yes, Virginia, there is a Santa Claus • A businessman runs a successful business selling plastic Christmas trees • He announces plans to sell off this core business (accounting for 99.9% of revenue) • To reposition the firm as a producer of game software • In order to justify this shift, the businessman claimed last year’s reported profits dropped 9.6% in the core business • whereas they actually increased profits 12.5% • Subsequent analysis revealed that the sale of the plastic Christmas tree business would be to a related party at a substantial discount to the value of the business. • The difference would be borne by (expropriated from) the minority shareholders • Question: • Was the businessman (1) ‘clever’, or (2) properly exercising his ‘guanxi’ or (2) unethical? • What remedy would you prescribe to compensate minority shareholders? Would you recommend that next time they should heed the dictum ‘caveat emptor’ – let the buyer beware?

  33. Cyber-sport • A businessman uses his government ties • To coerce the government to subsidize (at taxpayer expense of $10 billion) a large property development on the last developable ocean view property in the city • The businessman promises that the unique design of this property • will make the city a world leader in information technology • The property is 75% residential, with another 15% dedicated to shopping; • The remaining 10% is office space no different than available elsewhere in the city for 50% of the price • Question: • Was the businessman (1) ‘clever’, or (2) properly exercising his ‘guanxi’ or (2) unethical? • What remedy would you prescribe to compensate taxpayers?

  34. Cyber-sport, part 2 • A businessman uses his investment in government subsidized real estate • To promote an IPO in stock • Based on promises of this company becoming a leading global information technology firm • The businessman spent millions on marketing firms, ghost writers and payments to create an image of high technology for himself and his firm • An analysis of the assets of the firm indicates an IPO value of $5 per share, maximum • The local securities firm handling the IPO estimates the share value at $25 per share • Analysts who contradicted the $25 share price were followed by private investigators • The IPO was successful, and the businessman immediately transferred $1 billion from the IPO into one of his other companies • The stock price subsequently collapsed to under $2 per share • Question: • Was the businessman (1) ‘clever’, or (2) unethical? • What remedy would you prescribe to compensate investors, many of whom were pensioners or had placed their life savings in these shares?

  35. Cyber-sport, part 3 • Government bureaucrats, being unwilling to renege on their real estate subsidy • Instead takes an ownership position in the property • And dictate that rental prices will be substantially less than for property owned by rival property developers • This essentially robs paying customers from other property • And further depresses the cities property market • Driving investment overseas • Question: • The bureaucrats (1) were right to save ‘face’, or (2) were doing their civil service by protecting the taxpayers subsidy (i.e., two wrongs might make a right) or (3) unethical? • What remedy would you prescribe to compensate rival property owners, • or are they all just too rich and powerful to deserve helping?

  36. Loose Lips • The chairman of a stock exchange publicly announces that he is considering delisting a technology-heavy class of stocks • The next trading day, prices collapse, and sell-side liquidity drops to zero, resulting in investor losses in the billions • Acquisitive companies purchase the nearly valueless shares, gain control, strip the assets from the firms, and fire management and employees • Question: • Was the stock exchange chairman (1) careless, or (2) unethical? • What remedy would you prescribe to compensate investors, managers and employees who have been wronged, many of whom were pensioners or had placed their life savings in these shares? • Should the exchange chairman be fired?

  37. Accounting for Technology • The President of the Professional Society of Accountants • objects to new accounting rules as ‘invasive’ • These rules would crack down on corporate crooks • who have used ‘technology hype’ and faulty accounting for technology assets to rob investors of trillions of dollars, putting it into their own off-shore bank accounts • there are no other rules or regulations in force which will catch the crooks • Question: Question: • Accountants (1) have no duty to protect investors, only to make sure that accounts satisfy accounting principles, or (2) the President of the Professional Society of Accountants has made an unethical recommendation, or (3) something else? • What remedy would you prescribe to compensate investors, managers and employees who have been wronged by these corporate crooks? Should accountants be sued for their part in helping the crooks?

More Related