Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009.

Published byLynn Price Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009."— Presentation transcript:

1 Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009

2 announcements –Careers in accounting/IT –Quiz 4 –Graduate student paper

3 announcements –Assignment 3 Scoring –Night vs day – 12 points –Recalculate charges – 12 points –Problem found – 3 points –Action plan – 3 points Game plan –Identify potential misclassified minutes –Calculate rates by first identifying most recent contracts (i.e. max(Startdate) –Separate into flexible and fixed plans –Calculate minutes –Calculate charges per flexible –Calculate charges per fixed –Combine calculated charges per flexible and fixed (UNION) –Compare calculated to InvoiceLine charges

4 announcements –Assignment 4 Merger/acquisition due diligence – significantly shorter time frame What are the due diligence / audit objectives? Some of the due diligence work is already done –Identified due diligence objectives (See Figure 3) –Started with prior audit procedures (see Figure 3) No manufacturing costs since Threadchic is a retailer

5 announcements –Assignment 4 Existence procedure –Verify Threadchic paid for all purchases in a timely manner »join invoice and payment table using outer join to identify any invoices that were not paid yet –Verify inventory consistent with sales »For all items, sales price is 100 percent markup over cost except for marked down items with no sale in the last 21 days. List cost, lastSalesPrice, and calculate salesToCost to determine if each item markup is 100 percent

6 announcements –Assignment 4 Completeness procedure –Verify inclusion of all purchases in inventory »Match purchases to inventory on SKU to find purchases with no entry in inventoryMaster.QOH »Match purchases to counted inventory on SKU to find purchases with no entry in inventoryCount.obsvQOH »Remember – inventoryMaster is Threadchic’s records »inventoryCount – contains number counted by the auditors

7 Objectives Understand risks faced by information assets Comprehend relationship between risk and asset vulnerabilities Understand nature and types of threats faced by the asset Understand objectives of control and security of information assets and how these objectives are interrelated Understand the building blocks of control (and security) frameworks for information systems Apply a controls framework to a financial accounting system

8 Purpose of internal control framework

9 Information Assets

10

11 Threat Probability of an attack on an information asset

12 Countermeasures Designed to minimize or eliminate the risks stemming from vulnerabilities To design countermeasures

13 Definition of internal control Procedures designed by management to provide reasonable assurance regarding achievement of specific objectives Classification of internal controls –General vs application –Detective, preventive, or corrective

14 Definition of Information Security Protection from harm Being able to depend on the information system Two categories –Physical security –Logical security

15 Four objectives of internal controls

16 Information Security Objectives

17 Frameworks for control and security

18 COBIT control objectives Acquire and develop applications and system software Acquire technology infrastructure Develop and maintain policies and procedures Install and test application software and technology infrastructure Manage change Define and manage service levels Manage third-party services Ensure systems security Manage the configuration Manage problems and incidents Manage data Manage operations

19 ISO 17799 Ten categories or sections –Security policy –Security organization –Asset classification and control –Personnel security –Physical and environmental security –Computer and operations management –System access control –System development and maintenance –Compliance

20 COSO Control environment Risk assessment Control activities Information and communication Monitoring

21 Steps in Implementing a control framework

22 Questions for Monday Identify at least one difference between systems availability and business continuity Why is disaster recovery planning important? Is disaster recovery planning cost beneficial?

Download ppt "Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works

Security Controls – What Works
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit

Similar presentations

Ads by Google