Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
13
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012
-
Upload
archibald-stanley -
Category
Documents
-
view
228 -
download
0
description
Chapter 7 – Control and Accounting Info. Systems Definitions – Threat or event– a potential adverse occurrence – Exposure or impact – the potential dollar loss from a threat – Likelihood – the probability that it will occur – Intentional acts These are the words and criteria that are used when assessing whether controls are required.
Transcript of Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Deck 5 Accounting Information Systems
Romney and SteinbartLinda BatchFebruary 2012
Contents• Learning Objectives
– Continue with Database design exercise– Start / Stop / Continue exercise– Chapter 7 Course material
Chapter 7 – Control and Accounting Info. Systems
• Definitions– Threat or event– a potential adverse occurrence– Exposure or impact – the potential dollar loss from a
threat– Likelihood – the probability that it will occur– Intentional acts
• These are the words and criteria that are used when assessing whether controls are required.
Chapter 7 – Control Concepts
• Internal Control– Is the process implemented within your organization to
provide reasonable assurance the following control objectives are achieved:
• Safeguard assets• Maintain records with sufficient detail to support assets• Provide accurate and reliable information• Prepare financial reports in accordance with established criteria• Promote and improve operating efficiency• Encourage adherence to prescribed managerial policies• Comply with applicable laws and regulations
Chapter 7 – Internal Controls• Internal controls perform three functions
– Preventive controls deter problems before they arise• Segregating employee duties• Controlling physical access to assets
– Detective controls discover problems that were not prevented
• Preparing bank reconciliations• Preparing monthly trial balances• Duplicate checking of calculations
– Corrective controls correct and recover from the resulting errors
• Maintaining backup copies of files• Correcting data entry errors
Chapter 5 – Review – Fraud Triangle - PressureGeneral Controls make an organization’s control environment stable and well managed•Security•IT infrastructure•Software acquisition•Development•MaintenanceApplication controls make sure transactions are processed correctly•Accuracy•Completeness•Validity•Authorizationof the data captured, entered, processed, stored, and transmitted to other systems and reported.
• Internal controls are often segregated into two categories– General Controls– Application Controls
Chapter 7 – Large Control Breaches
• Enron - $62 billion in assets• WorldCom - > $100 billion in assets• Xerox• Tyco• Many more unfortunately
• In response to frauds – Sarbanes Oxley Act (SOX) was passed– Public company accounting oversight board (PCAOSB)– New rules for auditors– New roles for audit committees– New rules for management– New internal control requirements
Chapter 7 – Control Frameworks
• Three frameworks will be discussed that are used to develop internal control systems– COBIT – Information and Systems Audit and Control Association
developed it for control objectives for Information and related technology
– COSO – Committee of Sponsoring Organizations developed an Internal Control – Integrated Framework (IC)
– COSO – Enterprise Risk Management – Integrated Framework (ERM)
Chapter 7 – Control Frameworks
• COBIT addresses control from three vantage points– Business Objectives
• To satisfy business objectives, information must conform to seven categories of criteria
– IT Resources• Including people, application systems, technology, facilities, and
data– IT Processes
• Broken into four domains; planning and organization, acquisition and implementation, delivery and support, and monitoring and evaluation
Chapter 7 – Control Frameworks
• COSO’s Internal Control Framework– Control Environment – the core of any business is its people– Control Activities – control policies and procedures– Risk Assessment – identify, analyze, and manage risks– Information and Communication – systems capture and exchange the
information needed to conduct, manage, and control the organizations operations
– Monitoring- the entire process must be monitored and evolve as conditions warrant.
• Limitations of this framework– Examines controls without looking at the purpose and risks of
business processes and does not provide context to determine which control process are most important, whether they address the risks, and if controls are missing.
Chapter 7 – Control Frameworks
• COSO’s ERM Framework– Takes a risk based approach rather than a controls based approach– It adds three additional elements to COSO’s IC Framework
• Setting objectives• Identifying events that may affect the company• Developing a response to assessed risk
– Controls become flexible and relevant because they are linked to business objectives
– ERM model also recognizes that in addition to being controlled, risk can be accepted, avoided, diversified, shared or transferred
• Example of a transferred risk?
Chapter 7 – ERM – Internal EnvironmentInternal Environment•A weak or deficient internal environment often results in a breakdown in risk management and control.
Objective Setting•Management sets objectives at the corporate level and these are cascaded down through other subunits•Strategic•Operational•Reporting•Compliance
Event Identification•Management sets objectives at the corporate level and these are cascaded down through other subunits•Strategic•Operational•Reporting•Compliance
Chapter 7 – Control Frameworks– Malware
• Any software that can be used to do harm.• Spread through file sharing (72%), shared access to files (42%),
email attachments (25%), remote access vulnerabilities (24%)
