Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Similar presentations


Presentation on theme: "Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1."— Presentation transcript:

1 Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1

2 Learning Objectives  Explain basic control concepts and explain why computer control and security are important.  Compare and contrast the COBIT, COSO, and ERM control frameworks.  Describe the major elements in the internal environment of a company  Describe the four types of control objectives that companies need to set.  Describe the events that affect uncertainty and the techniques used to identify them.  Explain how to assess and respond to risk using the Enterprise Risk Management (ERM) model.  Describe control activities commonly used in companies.  Describe how to communicate information and monitor control processes in organizations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-2

3 Internal Control  System to provide reasonable assurance that objectives are met such as:  Safeguard assets.  Maintain records in sufficient detail to report company assets accurately and fairly.  Provide accurate and reliable information.  Prepare financial reports in accordance with established criteria.  Promote and improve operational efficiency.  Encourage adherence to prescribed managerial policies.  Comply with applicable laws and regulations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-3

4 Internal Control Functions  Preventive  Deter problems  Detective  Discover problems  Corrective  Correct problems Categories  General  Overall IC system and processes  Application  Transactions are processed correctly Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-4

5 Sarbanes Oxley (2002)  Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud  Public Company Accounting Oversight Board (PCAOB)  Oversight of auditing profession  New Auditing Rules  Partners must rotate periodically  Prohibited from performing certain non-audit services Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-5

6 Sarbanes Oxley (2002)  New Roles for Audit Committee  Be part of board of directors and be independent  One member must be a financial expert  Oversees external auditors  New Rules for Management  Financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading.  The auditors were told about all material internal control weak- nesses and fraud.  New Internal Control Requirements  Management is responsible for establishing and maintaining an adequate internal control system. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-6

7 SOX Management Rules  Base evaluation of internal control on a recognized framework.  Disclose all material internal control weaknesses.  Conclude a company does not have effective financial reporting internal controls of material weaknesses. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-7

8 Internal Control Frameworks  Control Objectives for Information and Related Technology (COBIT)  Business objectives  IT resources  IT processes  Committee of Sponsoring Organizations (COSO)  Internal control—integrated framework  Control environment  Control activities  Risk assessment  Information and communication  Monitoring Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-8

9 Internal Control  Enterprise Risk Management Model  Risk-based vs. control-based  COSO elements +  Setting objectives  Event identification  Risk assessment  Can be controlled but also  Accepted  Diversified  Shared  Transferred Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-9

10 Control Environment  Management’s philosophy, operating style, and risk appetite  The board of directors  Commitment to integrity, ethical values, and competence  Organizational structure  Methods of assigning authority and responsibility  Human resource standards  External influences Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-10

11 ERM—Objective Setting  Strategic  High-level goals aligned with corporate mission  Operational  Effectiveness and efficiency of operations  Reporting  Complete and reliable  Improve decision making  Compliance  Laws and regulations are followed Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-11

12 ERM—Event Identification  “…an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.”  Positive or negative impacts (or both)  Events may trigger other events  All events should be anticipated Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-12

13 Risk Assessment  Identify Risk  Identify likelihood of risk  Identify positive or negative impact  Types of Risk  Inherent  Risk that exists before any plans are made to control it  Residual  Remaining risk after controls are in place to reduce it Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-13

14 ERM—Risk Response  Reduce  Implement effective internal control  Accept  Do nothing, accept likelihood of risk  Share  Buy insurance, outsource, hedge  Avoid  Do not engage in activity that produces risk Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-14

15 Event/Risk/Response Model Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-15

16 Control Activities  Policies and procedures to provide reasonable assurance that control objectives are met:  Proper authorization of transactions and activities  Signature or code on document to signal authority over a process  Segregation of duties  Project development and acquisition controls  Change management controls  Design and use of documents and records  Safeguarding assets, records, and data  Independent checks on performance Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-16

17 Segregation of Accounting Duties  No one employee should be given too much responsibility  Separate:  Authorization  Approving transactions and decisions  Recording  Preparing source documents  Entering data into an AIS  Maintaining accounting records  Custody  Handling cash, inventory, fixed assets  Receiving incoming checks  Writing checks Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-17

18 Information and Communication  Primary purpose of an AIS  Gather  Record  Process  Summarize  Communicate Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-18

19 Monitoring  Evaluate internal control framework.  Effective supervision.  Responsibility accounting system.  Monitor system activities.  Track purchased software and mobile devices.  Conduct periodic audits.  Employ a security officer and compliance officer.  Engage forensic specialists.  Install fraud detection software.  Implement a fraud hotline. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-19

20 Segregation of System Duties  Like accounting system duties should also be separated  These duties include:  System administration  Network management  Security management  Change management  Users  Systems analysts  Programmers  Computer operators  Information system librarian  Data control Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-20


Download ppt "Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1."

Similar presentations


Ads by Google