Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Two Ethical & Legal Issues.

Similar presentations


Presentation on theme: "Chapter Two Ethical & Legal Issues."— Presentation transcript:

1 Chapter Two Ethical & Legal Issues

2 Why a Code of Ethics? Not all people act ethically under all circumstances. Written guidelines are not a guarantee, but ethical codes help keep honest people honest!

3 IRREGULAR AND ILLEGAL ACTS
Irregular act : reflects an intentional violation of corporate policies or regulatory requirements or an unintentional breach of law Illegal act : represents a willful violation of law

4 EXAMPLES Fraud Computer crimes
Nonconformity with agreements & contracts between the organization & third parties Violations of intellectual property rights Noncompliance with other regulations & laws.

5 Unethical and Illegal Behavior
Categories Ignorance Accident Intent Deterrence Feare of penalty Probability of being caught Probably of penalty being administered

6 Overview of Responsibilities
Plan the IT audit engagement based on an assessed level of risk that irregular and illegal acts might occur, and that such acts could be material to the subject matter of the IT auditor’s report. Design audit procedures that consider the assessed risk level for irregular and illegal acts. Review the results of audit procedures for indications of irregular and illegal acts.

7 Report suspected irregular and illegal acts
Assume that the act is not isolated; Determine how the act slipped through the internal control system; Broaden audit procedures to consider the possibility of more acts of this nature; Conduct additional audit procedures; Evaluate the results of expanded audit procedures;

8 Consult with legal counsel and possibly corporate governance bodies to estimate the potential impact of the irregular and illegal acts, taken as a whole, on the subject matter of the engagement, audit report and organization. Report all facts and circumstances of the irregular and illegal acts (whether suspected or confirmed) if the acts have a material effect on the subject matter of the engagement and/or the organization. Distribute the report to appropriate internal parties, such as managers who are at least one level above those who are suspected or confirmed to have committed the acts, and/or corporate governance bodies.

9 Regulatory & Legal Issues
Auditors need a working knowledge of regulations and laws so they at least can determine when to refer matters to legal counsel.

10 Legal Contracts A contract is an agreement between or among two or more persons or entities (businesses, organizations or government agencies) to do, or to abstain from doing, something in return for an exchange of consideration. Law provides remedies, including recuperation of losses or specific performance.

11 Employment Contracts Unilateral Contract – Employee is not bound.
Cannot include that employee must work for stated period of time.

12 Confidentiality Agreements
Employee agrees not to divulge confidential information Should describe nature of protected information List permissible uses of such information Identify remedies for non-compliance State term of agreement

13 Trade Secret Agreements
A trade secret reflects a wide array of information that derives independent economic value from not being widely disclosed or readily ascertainable. Enforceable for indefinite period of time.

14 Discovery Agreements For employees hired to develop ideas and innovations. Agreement transfers ownership of discovery to employer. Prevents employees from claiming the discovery as their own property.

15 Non-Compete Agreements
Employee agrees to not work for competing employer (including self) for Specified time (must be reasonable) Specified geography Prevents employee from working for other companies in connection with the design or sale of a competitive product. Monetary remedy may be awarded to company for violation

16 Trading Partner Contracts
Ratifies agreements between companies & their trading partners with written contracts. IT auditors examine Trading Partner Contracts as to the sale and purchase of goods and services.

17

18 Computer Crime & Intellectual Property
Computer Crime includes any behaviors that are deemed by states or nations to be illegal hacking into an entities network stealing intellectual property sabotaging a company’s database denying service to others who wish to use a Web site harassing or blackmailing someone violating privacy rights engaging in industrial espionage pirating computer software perpetrating fraud and so on.

19 Intellectual Property
Intellectual Property (IP) referst to valuable creations of the mind. Most of computer crime involves the theft or misuse of Intellectual Property (IP). Two Categories of Intellectual Property: Industrial Property Patents, trademarks Individual Property Copyrights of literary and artistic works.

20 Cyber Information Crimes
Three Breaches involving electronic information: Confidentiality – Access without authorization Integrity – Modification of data without authorization Availability – Authorized user denied access

21 Auditors & Cybercrime Auditors need general knowledge of cybercrime law Auditors may run across suspicious activities May help companies ward off potential acts.

22 Privacy Known as a “penumbra right.”
Existing Laws narrow in scope, but expanding in response to the seriousness of the problem. The international community is working to protect privacy rights (e.g., EU “Safe Harbor”)

23 What is protected? Any personally identifiable information, factual or subjective, that is collected by an organization. Information is considered private if it can be specifically tied to or identified with an individual.

24 Subjective Information
Factual Information Age Name Income Ethnicity Blood type Biometric images DNA Credit card numbers Loan information Medical records Opinions Evaluations Comments Disciplinary actions Disputes

25 IT Auditor’s Role in Privacy
To ensure that management develops, implements and operates sound internal controls aimed at the protecting private information it collects and stores during the normal course of business. To assess the strength and effectiveness of controls designed to protect personally identifiable information in organizations.


Download ppt "Chapter Two Ethical & Legal Issues."

Similar presentations


Ads by Google