Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Slides:



Advertisements
Similar presentations
Chapter 10 Accounting Information Systems and Internal Controls
Advertisements

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Auditing Computer-Based Information Systems
Auditing Computer Systems
Auditing Computer-Based Information Systems
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Accounting Information Systems Chapter Outlines
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Chapter 4 Internal Control Bus 319 Accounting Information Systems.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.
Internal Control in a Financial Statement Audit
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS FL Jones and DV Rama.
Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 4 Internal Controls McGraw-Hill/Irwin
Introduction to IT Auditing
Chapter 8 Introduction to Internal Control Systems
Chapter 9: Introduction to Internal Control Systems
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
Chapter Three IT Risks and Controls.
INTRODUCTION Why AIS threats are increasing
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Internal Controls and Fraud Convery Describe an Internal Controls System and its elements Identify specific Internal Control issues in a NPO Consider.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Chapter 9: Introduction to Internal Control Systems
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8 th Edition Modern Auditing: Assurance Services and the Integrity of Financial.
Deck 8 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Chapter 3-Auditing Computer-based Information Systems.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Electric System Financial Results Financial Planning Budget and Rates Building Community Reliability Standard Advisory Service NERC Onsite Visit, Feb 2013.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Errors, Fraud, Risk Management, and Internal Controls
APPLICATION RISK AND CONTROLS
Defining Internal Control
Internal controls 01-Nov-2017.
Unit 11 October 22, 2017.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Risk Management

IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks 2

3 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor IT Risks and Controls

4 IT and Transaction Processing The IS collects transaction data The IS collects transaction data The IS turns data into information The IS turns data into information Computerized transactions systems increase some risks and decrease others Computerized transactions systems increase some risks and decrease others

5 AIS Threat Examples Fraud Fraud Computer crimes Computer crimes Nonconformity with agreements & contracts between the organization & third parties Nonconformity with agreements & contracts between the organization & third parties Violations of intellectual property rights Violations of intellectual property rights Noncompliance with other regulations & laws. Noncompliance with other regulations & laws.

6 Types of IT Risks Business risk Business risk Audit risk = IR * CR * DR Audit risk = IR * CR * DR –inherent risk (IR) –control risk (CR) –detection risk (DR) Security risk Security risk Continuity risk Continuity risk

7 Valuation of Asset What do we stand to lose? Assets: People, Data, Hardware, Software, Facilities, (Procedures) Assets: People, Data, Hardware, Software, Facilities, (Procedures) Valuation Methods Valuation Methods –Criticallity to the organization’s success –Revenue generated –Profitability –Cost to replace –Cost to protect –Embarrassment/Liability

8

9 IT Controls COSO identifies two groups of IT controls: COSO identifies two groups of IT controls: –Application controls – apply to specific applications and programs, and ensure data validity, completeness and accuracy –General controls – apply to all systems and address IT governance and infrastructure, security of operating systems and databases, and application and program acquisition and development

10 Application Control Goals Input validity Input validity –Input data approved and represent actual economic events and objects Input completeness Input completeness –Requires that all valid events or objects be captured and entered into the system Input Accuracy Input Accuracy –Requires that events be correctly captured and entered into the system

11 Classification of Controls Preventive Controls: Issue is prevented from occurring – cash receipts are immediately deposited to avoid loss Preventive Controls: Issue is prevented from occurring – cash receipts are immediately deposited to avoid loss Detective Controls: Issue is discovered – unauthorized disbursement is discovered during reconciliation Detective Controls: Issue is discovered – unauthorized disbursement is discovered during reconciliation Corrective Controls: issue is corrected – erroneous data is entered in the system and reported on an error and summary report; a clerk re-enters the data Corrective Controls: issue is corrected – erroneous data is entered in the system and reported on an error and summary report; a clerk re-enters the data

12 Segregation of Duties Transaction authorization is separate from transaction processing. Transaction authorization is separate from transaction processing. Asset custody is separate from record-keeping responsibilities. Asset custody is separate from record-keeping responsibilities. The tasks needed to process the transactions are subdivided so that fraud requires collusion. The tasks needed to process the transactions are subdivided so that fraud requires collusion.

13 Separation of Duties within IS

14 Documenting IT Controls Internal control narratives Internal control narratives Flowcharts – internal control flowchart Flowcharts – internal control flowchart IC questionnaires IC questionnaires

15 Risk Control Strategies Avoidance Avoidance –Policy, Training and Education, or Technology Transference – shifting the risk to other assets, processes, or organizations (insurance, outsourcing, etc.) Transference – shifting the risk to other assets, processes, or organizations (insurance, outsourcing, etc.) Mitigation – reducing the impact through planning and preparation Mitigation – reducing the impact through planning and preparation Acceptance – doing nothing if the cost of protection does not justify the expense of the control Acceptance – doing nothing if the cost of protection does not justify the expense of the control

16 Monitoring IT Risks and Controls CobiT control objectives associated with monitoring and evaluation CobiT control objectives associated with monitoring and evaluation Need for independent assurance and audit of IT controls Need for independent assurance and audit of IT controls

17

18 IT Governance …the process for controlling an organization’s IT resources, including information and communication systems, and technology. …using IT to promote an organization’s objectives and enable business processes and to manage and control IT related risks. IT Auditors ensure IT governance by assessing risks and monitoring controls over those risks

19 COSO and Internal Control (IC) COSO – 5 components of IC COSO – 5 components of IC –Control environment –Risk assessment –Control activities –Information and communication –Monitoring International IC Standards International IC Standards –Cadbury –CoCo –Other country standards

20 ISACA’s CobiT Integrates IC with information and IT Integrates IC with information and IT Three dimensions: information criteria, IT processes, and IT resources Three dimensions: information criteria, IT processes, and IT resources Requirements (information criteria) of quality, fiduciary, and security Requirements (information criteria) of quality, fiduciary, and security Organizes IT internal control into domains and processes Organizes IT internal control into domains and processes –Domains: planning and organization, acquisition and implementation, delivery and support, and monitoring –Processes detail steps in each domain

21 IT Control Domains and Processes

22 What do IT auditors do? Ensure IT governance by assessing risks and monitoring controls over those risks Ensure IT governance by assessing risks and monitoring controls over those risks Works as either internal or external auditor Works as either internal or external auditor Works on many kind of audit engagements Works on many kind of audit engagements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.