Information Systems Controls for System Reliability -Information Security-

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Internal Control–Integrated Framework
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
The Islamic University of Gaza
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Accounting Information Systems 7e
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Accounting Information Systems Chapter Outlines
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS FL Jones and DV Rama.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Chapter 4 Internal Controls McGraw-Hill/Irwin
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Auditing Internal Control over Financial Reporting
Chapter 9: Introduction to Internal Control Systems
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
Everyone’s Been Hacked Now What?. OakRidge What happened?
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Everyone’s Been Hacked Now What?. OakRidge What happened?
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Chapter 9: Introduction to Internal Control Systems
Internal Control Systems
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Service Organization Control (SOC)
Fraud & Internal Control
Fraud & Internal Control
Fraud & Internal Control
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Information Systems Controls for System Reliability -Information Security-

Accounting Information System Control  COSO’s Enterprise Risk Management – Integrated Framework  COBIT

Information for management  Effectiveness  Information must be relevant and timely.  Efficiency  Information must be produced in a cost- effective manner.  Confidentiality  Sensitive information must be protected from unauthorized disclosure.  Integrity  Information must be accurate, complete, and valid.  Availability  Information must be available whenever needed.  Compliance  Controls must ensure compliance with internal policies and with external legal and regulatory requirements.  Reliability  Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities.

COSO’s Enterprise Risk Management – Integrated Framework

Components of COSO’s ERM Internal Environment Encompasses the tone of an organization. Includes risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. Objective Setting Objectives must exist before management can identify potential events affecting their achievement. Event Identification Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Risk Assessment Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.

Components of COSO’s ERM Risk Response Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. Control Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information and Communication Relevant information is identified, captured, and communicated to enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across and up the entity. Monitoring Enterprise risk management is monitored and modifications are made as necessary.

COBIT Framework – Control Objectives

Plan & Organise Acquire & implement Deliver & Support Monitor & Evaluate Management develops plans to organize information resources to provide the information it needs. Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. Management ensures that the resulting system actually delivers the desired information. Management monitors and evaluates system performance against the established criteria. Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new developments in information technology.

Trust Service Framework Security Access to the system and its data is controlled and restricted to legitimate users. Confidentiality Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability The system and its information are available to meet operational and contractual obligations.

Trust Service Framework

Security – Systems Reliability Foundation of the Trust Service Framework :  Management Issue, not a technology issue  SOX Section 302—CEOs and CFOs must certify quarterly and annual financial statements.  Defense-in-depth and the time-based model of information security  Have multiple layers of control

Management’s Role  Create security aware culture  Inventory and value company information resources  Assess risk, select risk response  Develop and communicate security:  Plans, policies, and procedures  Acquire and deploy IT security resources  Monitor and evaluate effectiveness

Control Plans Preventive Controls: stop problems from occurring. Ex. Programmed edits reject incorrect data as it is entered. Detective Controls: discover that problems have occurred. Ex. Review and compare totals to determine if processing was carried out correctly. Corrective Controls: rectify problems that have occurred. Ex. Erroneous data is entered in the system and reported on an error and summary report; a clerk re-enters the data.

Other Control Plans Pervasive control plans relate to a multitude of goals and processes, They are broad in scope and apply equally to all business processes. General controls (also known as IT general controls) applied to all IT service activities. Business process control plans applied to a particular business process, such as billing or cash receipts. Application controls automated business process controls contained within IT application systems (i.e., computer programs).

 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall  Copyright © 2011 Cengage Learning. All Rights Reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.