CHAPTER 8: ETHICS, COMPUTER CRIME, AND INTERNAL CONTROL

1
CHAPTER 8 ETHICS, COMPUTER CRIME, AND
INTERNAL CONTROL

• I. Introduction
• II. Ethics in business and society
• A. The role of educational institutions and
• professional organizations (Exhibit 8.1)
• B. Can one person make a difference?

2

• III. Computer crime
• A. What is a computer virus? (Exhibit 8.2)
• B. Virus incidents
• 1. The Manawella virus
• 2. The Macintosh virus
• 3. The IBM Christmas Tree
• 4. The New Zealand Marijuana virus
• C. Antiviral techniques
• D. Legal consequences

3

• IV. Internal control structure
• A. Types of controls
• 1. Preventive controls
• 2. Feedback controls
• B. The role of the auditor

4

• V. Components of control structure
• A. The control environment
• 1. Management philosophy
• 2. Organizational structure
• 3. Audit committee
• 4. Authority and responsibility
• 5. Management control methods
• 6. Internal audit function
• 7. Personnel policies and procedures
• 8. External influences

5

• V. Components of control structure (continued)
• B. The accounting system (Exhibit 8.3)
• C. The control procedures (Exhibit 8.4)
• D. Foreign corrupt practices act
• E. The COSO report

6

• VI. Computer controls (Exhibit 8.5)
• VII. General controls
• A. Organization of the computer
  department (Exhibit 8.6)
• B. Application development and
  maintenance

7

• VII. General controls (continued)
• C. Hardware controls
• 1. Parity check
• 2. Dual-read and read-after-write
• 3. Validity check
• 4. Echo check
• D. Access controls
• E. Data or procedural controls (Exhibit 8.7)

8

• IIX. Application controls
• A. Input controls
• B. Processing controls
• C. Output controls
• D. Master file controls

9

• IX. Computer security (Exhibit 8.8)
• A. Calculation of security benefits
• B. Passwords
• C. Firewalls
• D. Data Encryption
• E. Employees
• F. Web assurance services
• G. Computer contingency planning
• H. Disaster recovery planning