Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009.

Slides:



Advertisements
Similar presentations
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Advertisements

Presented by YOUR NAME THE DATE
Control and Accounting Information Systems
Control and Accounting Information Systems
Auditing Concepts.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza
MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Advanced Accounting Information Systems
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
SEC835 Database and Web application security Information Security Architecture.
Overview of Systems Audit
Auditing Internal Control over Financial Reporting
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
Auditing Internal Control over Financial Reporting
Introduction to Internal Control Systems
ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services.
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
PASBO Conference 3/14/ School District Business Operations – Efficiencies and Internal Controls Matthew J. Malinowski Business Manager Susquehanna.
Everyone’s Been Hacked Now What?. OakRidge What happened?
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Internal Control in a Financial Statement Audit
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009.
Everyone’s Been Hacked Now What?. OakRidge What happened?
Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009.
IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
ISO RECORDS. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to:  Describe.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Cybersecurity: Risk Management
Auditing Concepts.
Risk management.
Internal Control.
Information Technology Controls
Chapter Three Objectives
Understanding the entity
Internal controls 01-Nov-2017.
Cybersecurity Threat Assessment
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009

announcements –Assignment 3 Game plan –Identify potential misclassified minutes –Calculate rates by first identifying most recent contracts (i.e. max(Startdate) –Separate into flexible and fixed plans –Calculate minutes –Calculate charges per flexible –Calculate charges per fixed –Combine calculated charges per flexible and fixed (UNION) –Compare calculated to InvoiceLine charges

announcements –Assignment 4 Merger/acquisition due diligence – significantly shorter time frame What are the due diligence / audit objectives? Some of the due diligence work is already done –Identified due diligence objectives (See Figure 3) –Started with prior audit procedures (see Figure 3) No manufacturing costs since Threadchic is a retailer

announcements –Assignment 4 Existence procedure –Verify Threadchic paid for all purchases in a timely manner »join invoice and payment table using outer join to identify any invoices that were not paid yet –Verify inventory consistent with sales »For all items, sales price is 100 percent markup over cost except for marked down items with no sale in the last 21 days. List cost, lastSalesPrice, and calculate salesToCost to determine if each item markup is 100 percent

announcements –Assignment 4 Completeness procedure –Verify inclusion of all purchases in inventory »Match purchases to inventory on SKU to find purchases with no entry in inventoryMaster.QOH »Match purchases to counted inventory on SKU to find purchases with no entry in inventoryCount.obsvQOH »Remember – inventoryMaster is Threadchic’s records »inventoryCount – contains number counted by the auditors

Objectives Understand risks faced by information assets Comprehend relationship between risk and asset vulnerabilities Understand nature and types of threats faced by the asset Understand objectives of control and security of information assets and how these objectives are interrelated Understand the building blocks of control (and security) frameworks for information systems Apply a controls framework to a financial accounting system

Hot Dog Cart Case What business objectives do you expect your new employee to achieve? What operational and financial risks do you face with allowing an employee to run your hot dog cart?

Hot Dog Cart Case How can the problem of lack of segregation of duties be addressed when you are away from the business?

Hot Dog Cart Case What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?

Hot Dog Cart Case How can we organize the controls identified above to ensure that our business objective is achieved?

Questions for Wednesday Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business

Purpose of internal control framework

Information Assets

Threat Probability of an attack on an information asset

Countermeasures Designed to minimize or eliminate the risks stemming from vulnerabilities To design countermeasures

Definition of internal control Procedures designed by management to provide reasonable assurance regarding achievement of specific objectives Classification of internal controls –General vs application –Detective, preventive, or corrective

Definition of Information Security Protection from harm Being able to depend on the information system Two categories –Physical security –Logical security

Four objectives of internal controls

Information Security Objectives

Frameworks for control and security

COBIT control objectives Acquire and develop applications and system software Acquire technology infrastructure Develop and maintain policies and procedures Install and test application software and technology infrastructure Manage change Define and manage service levels Manage third-party services Ensure systems security Manage the configuration Manage problems and incidents Manage data Manage operations

ISO Ten categories or sections –Security policy –Security organization –Asset classification and control –Personnel security –Physical and environmental security –Computer and operations management –System access control –System development and maintenance –Compliance

COSO Control environment Risk assessment Control activities Information and communication Monitoring

Questions for Friday / Monday Identify at least one difference between systems availability and business continuity Why is disaster recovery planning important? Is disaster recovery planning cost beneficial?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.