This Lecture Covers IT Control Frameworks. Liberating Control from Fin Reptg ITCG COBIT New frameworks such as AICPA/CICA SysTrust Principles and Criteria.

Slides:



Advertisements
Similar presentations
An Internal Control Overview
Advertisements

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems
Control and Accounting Information Systems
Auditing Concepts.
Internal Control.
Internal Control Chapter 7 covers two distinct, but related topics:
The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
9 - 1 What is the purpose of an ICS? l First, what is it?? Policies and procedures established to provide reasonable assurance that the entities specific.
Chapter 9 The Study of Internal Control and Assessment of Control Risk
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Prepared by: Angela Davis CA, CFE, MSc Booth University College
Internal Control in a Financial Statement Audit
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Control and Accounting Information Systems
Central Piedmont Community College Internal Audit.
Chapter 8 Introduction to Internal Control Systems
Chapter 9: Introduction to Internal Control Systems
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems
This Lecture Covers Review of Internal Control Definitions.
Chapter Three IT Risks and Controls.
Internal Control in a Financial Statement Audit
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Evaluation of Internal Control System
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Chapter 9: Introduction to Internal Control Systems
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Assessing Financial Statement Risks and Internal Controls
Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY.
RTI, Nagpur1 Day 2- Session III Internal controls and risk assessment.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Auditing Concepts.
Internal Control Evaluation: Assessing Control Risk
Defining Internal Control
Tim Grow, CPA Charleston Office Managing Shareholder
The Elements of appropriate Internal Controls
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

This Lecture Covers IT Control Frameworks

Liberating Control from Fin Reptg ITCG COBIT New frameworks such as AICPA/CICA SysTrust Principles and Criteria for Systems Reliability

Control Frameworks

CICA

ISACA Introduced CoBIT, CoBIT2, CoBIT3 (2000) Emphasized IT controls Identifies 34 high level control objectives Has 302 recommended detail control objectives Complex to use Becoming widely accepted

ISACA

Comparison of Control Models

Control environment Management philosophy and operating style - attitudes toward financial reporting. risk taking, meeting budgets etc. - these have a significant impact on the control structure Organizational structure - consider form and nature of org. units and assign authority and responsibility appropriately Audit committee - should have an active one

Control environment (cont’d) Effective methods to communicate and assign responsibility Effective management control methods Proper system development methodology - for developing and modifying systems and procedures, including programs Effective personnel methods - hiring, firing, evaluating, promoting and compensating External controls - such as regulatory agencies

Risk Assessment

Categories of exposures - (1) potential disasters such as interruption, loss of data, material inaccuracies, manipulation, and (2) competitive disadvantage - loss of position, inefficient use of IT, excessive technology expenditures, etc. Exposure weights - distinguish the severity of different types of consequences - frauds vs. errors - one may be more significant than other at any time (frauds due to mgmt. override are severe or continuing error because of control weakness may be worse at times) Risk and magnitude must be assessed before preventive/detective controls introduced Risk Assessment

Identify Sources of Exposures and Degrees of Risk

Risk Assessment Warning signs in systems that problems exist include recurring system outages constant redoing of apps repeated requests for hardware replacements recurring system conversions rapidly growing budget excessive reliance on outsiders high staff turnover no long term plans continual dissatisfaction with info persistent errors hard to communicate with IT personnel

Risk Assessment Strategies for Dealing with Risks need to reduce risk to acceptable level - never achieve 0 - comparing costs/benefits use of deterrent, directive, preventive controls assess probability of loss occurring from exposure prob. of control system failure - can’t prevent all errors determine potential size of loss consequences use weighted exposure - assess prob * loss * importance use of detective controls - maximize chance at detection

Control Activities Performance reviews - comparison of actual versus budget, analyses and follow-ups; corrective action Information processing - general and application controls Physical controls - asset safeguarding, access controls, periodic counts and reconciliations of assets/records Segregation of duties - -authorizing -recording -custody

Information & Communication Information - methods and records to: -identify and record all valid transactions -properly classify transactions -measure value -record in proper time period -present/disclose in f/s Communication - roles and responsibilities

Monitoring and Learning Monitoring - by management is critical Internal and external monitoring (customers, suppliers, etc.) CIO, CTO Steering committee to represent all key areas Internal audit, external audit External intelligence gathering firms such as Gartner, Forrester, Jupiter, etc.

Limitations of Internal Control Circumvention by collusion or management override Cost/benefit trade-offs: operating efficiency vs. complex controls Changing conditions that may cause deterioration Materiality limits Reliance on human judgement in design and implementation of controls