Accounting and Information Systems: a powerful combination.

Slides:



Advertisements
Similar presentations
FINANCIAL AUDIT METHODOLOGY PETER CARLILL UK NATIONAL AUDIT OFFICE.
Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 10 Accounting Information Systems and Internal Controls
IT Governance Infocom India Presentation December 6, 2006.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Auditing Computer Systems
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
COBIT & IT Governance Control Objectives for Information and Related Technology Includes material subject to: Copyright © 2004 and 2005 IT Governance Institute.
1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
The Information Systems Audit Process
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Information Technology Audit
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Internal Auditing and Outsourcing
How Will Continuous Auditing and XBRL-GL Work Together to Provide Improved Business Value? Nigel J. R. Matthews, BASc, CA ACL Services Ltd.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
The purpose and role of an audit committee Neeta Major Chief Internal Auditor.
IT Control Objectives for Sarbanes-Oxley
Auditor's report Document prepared by the auditors appointed to examine and certify the accounting records and financial position of a firm. It must be.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.
GRC - Governance, Risk MANAGEMENT, and Compliance
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
Chapter 5 Internal Control over Financial Reporting
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Internal Control in a Financial Statement Audit
OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Protecting Business Assets While Enabling Performance Addressing Risk Management and Customer Retention.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Indiana Regional Sewer District Association October 26, 2015.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The Demand for Audit and Other Assurance Services Chapter 1.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Documentation Requirements for Hospital Accreditation -By Global Manager Group.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Internal Audit Agency Integrity + Professionalism INTERNAL AUDIT AGENCY ISACA Presentation 15 July, 2013 Alisa Hotel, ACCRA.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
ACCA/PAB/ICAJ/ICAC Practice Monitoring Reviews OVERVIEW OF FINDINGS 19 July 2014.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Government Internal Audit Career
Auditing Concepts.
The Demand for Audit and Other Assurance Services
CPA Gilberto Rivera, VP Compliance and Operational Risk
Identity and Access Management
TRINITY UNIVERSITY HOSPITAL
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Accounting and Information Systems: a powerful combination

2C OBI T – Controlling and Auditing IS Internal Control: A Fundamental Accounting Concept Controls are policies, procedures, and information systems (IS) that protect assets from loss or embezzlement, support regulatory compliance, promote efficiency, and ensure accurate financial data In today’s IS enabled world, controls related to IS are very, very important because of: Increasing regulation Increasing IS risk

3C OBI T – Controlling and Auditing IS One Reason for Internal Control: Laws Require Them Bank scandals in the 80’s and later debacles at WorldCom and Enron brought us the Sarbanes-Oxley Act of 2002 (SOX) –Management is responsible for internal control and financial reporting procedures and –Annual reports must asses internal controls Financial statements are expected to: –Be presented properly AND –Reflect what really happened Under SOX, officers submitting inaccurate certifications are subject to –A fine of up to $1m + 10 yrs –Or if purposeful, up to $5m + 20 years

4C OBI T – Controlling and Auditing IS A More Important Reason: IS Failure = Business Failure 2 out of 5 enterprises that experience a disaster go out of business within 5 yearsgo out of business within 5 years Oregon – Department of Corrections –AFAMIS was still converting to software that was already out of date – no disaster recovery plan – inaccurate data – security issuesAFAMIS 2005 NASDAQ 2006 – Change management –A new piece of equipment caused incorrect data to go out on the busiest trading day everincorrect data Canadian Utility TransAlta lost $24M to copy/paste errors in a spreadsheetCanadian Utility TransAlta lost $24M

5C OBI T – Controlling and Auditing IS Systematically controlled IS functions aim to: –Provide value, –Push the envelope, and –Mitigate risk Business As Usual Management Inattention Information Systems and Risk “We’ll write the documentation later” “We won’t get hacked, we’re too small to be on a hacker’s radar” “Pick the best solution for our department” Scale and cost SOX Compliance Threat vulnerability Increased IS dependence IS’s role in organizational change “There’s no real need for a log file” “It will be plenty fast” “We’ll delete that old user ID later”

6C OBI T – Controlling and Auditing IS Good IT Controls Ensure that an Organization Plans and organizes for effective IS –aim for strategic, sufficient, & secure Acquires new systems thoughtfully –they’ll do the right thing at the right price Delivers IS services effectively –reliable, cost effective, secure Monitors IS processes to make them better –measure your actions: expected cost? expected reliability? expected results?

7C OBI T – Controlling and Auditing IS How Does an IS Auditor Know? Two (of the many) Tools to Help: Control Objectives for Information & Related Technology (C OBI T): –Comprehensive checklists for IT, supports auditing, doesn’t directly address software development or give a roadmap for improvement IT Infrastructure Library (ITIL): –IT service delivery and management best practices

8C OBI T – Controlling and Auditing IS Obtaining an understanding Obtaining an understanding of business requirements-related risks, and relevant control measures Evaluating the appropriateness Evaluating the appropriateness of stated controls Assessing compliance Assessing compliance by testing whether the stated controls are working as prescribed, consistently and continuously Substantiating the risk Substantiating the risk of the control objectives not being met by using analytical techniques and/or consulting alternative sources What Does an Auditor Do?

9C OBI T – Controlling and Auditing IS How Can You Learn More? OSU’s Accounting/IS Program Why would you do the Accounting Information Systems option? –Strong IT skills help all accountants –Every audit has to consider the IS that provides the data –IS auditing is a valuable specialty –Accounting firms also do IS consulting –Certified by ISACA to reduce experience requirements for CISA certification