Collaboration Process 1. IC Objectives and Risk Tolerances Define, document, and implement top-down internal control objectives and risk tolerances: 

Slides:



Advertisements
Similar presentations
EMS Checklist (ISO model)
Advertisements

Audit of Autonomous District Councils (in an IT environment using FAAM)
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Environmental Management System (EMS)
Understanding & Managing Risk
Auditing Computer Systems
Auditing Computer-Based Information Systems
The Islamic University of Gaza
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Internal Control in a Financial Statement Audit
The Information Systems Audit Process
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Information Technology Audit
Control and Accounting Information Systems
Auditing Internal Control over Financial Reporting
An Educational Computer Based Training Program CBTCBT.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Auditing Internal Control over Financial Reporting
Introduction to Internal Control Systems
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Evaluation of Internal Control System
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S4: Understanding the IT environment of the entity.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Business and Information Process Rules, Risks and Controls.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
IT Controls Global Technology Auditing Guide 1.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
Internal Control Systems
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Purchasing Forum – May The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 3-Auditing Computer-based Information Systems.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Seventeen (17) Principles of Internal Cont New Gov’t Internal Control Standards.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
8 INTERNAL CONTROL. Definition Duty  mgt (CEO)  Board  Internal auditor  Employee  External person.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Governance & Control in ERP Systems
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
Chapter 9 Control, security and audit
Internal Audit’s Role in Preventing Fraud and Corruption
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Collaboration Process 1

IC Objectives and Risk Tolerances Define, document, and implement top-down internal control objectives and risk tolerances:  Define internal control objectives in specific and measurable terms aligned to the Federal Financial Reporting and IT Cybersecurity laws and regulations to ensure compliance and be audit ready. DoD policy is not sufficient for audit readiness  Define levels of risk tolerance or performance variations in relation to the context of the objectives, mission, and applicable laws and regulations (ex. 1% error tolerance) 2

Identify and Assess Risk to IC Objectives Conduct risk assessments to identify and analyze the relevant risks in Operations and IT environments and determine the basis how to manage risks to ensure your objectives are achieved  Identify both inherent and residual risks by considering the type of risks that prevent achievement of objectives, meet the mission, and comply with applicable Federal laws and regulations  Inherent risk is the risk to an organization in the absence of management’s response  Residual risk remains after management has implemented controls in response to inherent risk 3

Analyze and Respond to Risks Analyze the risks by estimating the impact to mission and likelihood of occurrence or level of probability Consider fraud risk factors such as employees’ incentive, pressure, or opportunity to commit fraud Assess significant changes to the internal and external conditions that have already occurred or are expected to occur including changes to external requirements and technology Respond to the risks by designing, implementing, or aligning existing IT automated and Operations manual control activities ensuring risks are within defined risk tolerance or performance variation to the defined IC objectives 4

Knowledge of FISCAM Control Objectives DoD must implement minimal policies and procedures effectively designed and operational for each of the FISCAM control objectives IT controls directly support Operations control effectiveness by providing information assurance the operational data and application processes are effective. Therefore, Operations and IT management must collaborate to ensue mission accomplishment Evidence obtained through evaluations (inspections, assessments, audits, etc.) need to be in enough detail that it persuades a knowledgeable individual that the policy or procedure was effectively designed in accordance with minimal government standards and executed as intended Manual Operations Controls (require frequent testing) Automated IT Controls (annual testing normal) 5

FISCAM Control Considerations Remember, it is your data IT controls provide information assurance on and that it directly impacts Operational control effectiveness! IT General Controls (IS environment) Security Management  Status and effectiveness of DoD Risk Management Framework implementation Access Controls  Effectiveness of general, special, and external threat access controls Segregation of Duties  Effectiveness of SOD policies and enforcement to avoid insider threat Configuration Management  Change mgt methodologies and tools comply with policies and procedures Contingency Planning  Plan and tests confirm critical operations continue and data is recovered 6

FISCAM Control Considerations (cont.) IT Business Process Controls (IS system) Setup  Effectiveness of controls ensure transactions are processed in accordance with Federal Accounting Standards Input  Data interface controls from feeder systems and micro-applications are effectively documented and tested Processing  Data and transaction controls effectively identify exceptions and corresponding manual controls accurately and timely correct the errors Output  Effectiveness of controls ensure output transmitted is properly approved, complete, and accurate 7

UNITED IN SERVICE TO OUR NATION