We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byElle Nelms
Modified about 1 year ago
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1
Learning Objectives Explain basic control concepts and explain why computer control and security are important. Compare and contrast the COBIT, COSO, and ERM control frameworks. Describe the major elements in the internal environment of a company Describe the four types of control objectives that companies need to set. Describe the events that affect uncertainty and the techniques used to identify them. Explain how to assess and respond to risk using the Enterprise Risk Management (ERM) model. Describe control activities commonly used in companies. Describe how to communicate information and monitor control processes in organizations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-2
Internal Control System to provide reasonable assurance that objectives are met such as: Safeguard assets. Maintain records in sufficient detail to report company assets accurately and fairly. Provide accurate and reliable information. Prepare financial reports in accordance with established criteria. Promote and improve operational efficiency. Encourage adherence to prescribed managerial policies. Comply with applicable laws and regulations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-3
Internal Control Functions Preventive Deter problems Detective Discover problems Corrective Correct problems Categories General Overall IC system and processes Application Transactions are processed correctly Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-4
Sarbanes Oxley (2002) Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud Public Company Accounting Oversight Board (PCAOB) Oversight of auditing profession New Auditing Rules Partners must rotate periodically Prohibited from performing certain non-audit services Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-5
Sarbanes Oxley (2002) New Roles for Audit Committee Be part of board of directors and be independent One member must be a financial expert Oversees external auditors New Rules for Management Financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading. The auditors were told about all material internal control weak- nesses and fraud. New Internal Control Requirements Management is responsible for establishing and maintaining an adequate internal control system. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-6
SOX Management Rules Base evaluation of internal control on a recognized framework. Disclose all material internal control weaknesses. Conclude a company does not have effective financial reporting internal controls of material weaknesses. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-7
Internal Control Frameworks Control Objectives for Information and Related Technology (COBIT) Business objectives IT resources IT processes Committee of Sponsoring Organizations (COSO) Internal control—integrated framework Control environment Control activities Risk assessment Information and communication Monitoring Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-8
Internal Control Enterprise Risk Management Model Risk-based vs. control-based COSO elements + Setting objectives Event identification Risk assessment Can be controlled but also Accepted Diversified Shared Transferred Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-9
Control Environment Management’s philosophy, operating style, and risk appetite The board of directors Commitment to integrity, ethical values, and competence Organizational structure Methods of assigning authority and responsibility Human resource standards External influences Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-10
ERM—Objective Setting Strategic High-level goals aligned with corporate mission Operational Effectiveness and efficiency of operations Reporting Complete and reliable Improve decision making Compliance Laws and regulations are followed Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-11
ERM—Event Identification “…an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.” Positive or negative impacts (or both) Events may trigger other events All events should be anticipated Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-12
Risk Assessment Identify Risk Identify likelihood of risk Identify positive or negative impact Types of Risk Inherent Risk that exists before any plans are made to control it Residual Remaining risk after controls are in place to reduce it Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-13
ERM—Risk Response Reduce Implement effective internal control Accept Do nothing, accept likelihood of risk Share Buy insurance, outsource, hedge Avoid Do not engage in activity that produces risk Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-14
Event/Risk/Response Model Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-15
Control Activities Policies and procedures to provide reasonable assurance that control objectives are met: Proper authorization of transactions and activities Signature or code on document to signal authority over a process Segregation of duties Project development and acquisition controls Change management controls Design and use of documents and records Safeguarding assets, records, and data Independent checks on performance Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-16
Segregation of Accounting Duties No one employee should be given too much responsibility Separate: Authorization Approving transactions and decisions Recording Preparing source documents Entering data into an AIS Maintaining accounting records Custody Handling cash, inventory, fixed assets Receiving incoming checks Writing checks Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-17
Information and Communication Primary purpose of an AIS Gather Record Process Summarize Communicate Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-18
Monitoring Evaluate internal control framework. Effective supervision. Responsibility accounting system. Monitor system activities. Track purchased software and mobile devices. Conduct periodic audits. Employ a security officer and compliance officer. Engage forensic specialists. Install fraud detection software. Implement a fraud hotline. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-19
Segregation of System Duties Like accounting system duties should also be separated These duties include: System administration Network management Security management Change management Users Systems analysts Programmers Computer operators Information system librarian Data control Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-20
Internal Controls 101 and ARMICS An Auditor’s Perspective Deane Hennett Director of Internal Audit, Old Dominion University.
Audit Planning With Analytical Procedures, Risk, and Materiality Edward A. Dion County Auditor's Office.
Internal Control Chapter 7 McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
March 2011 Created by: Margie Harvey & Dorraine Teitsch.
An overview of COSOs 2013 update to the Internal Control – Integrated Framework COSO changes coming in 2014 January 7, 2014.
Internal Controls… They Are Not For Wimps Presented by: Billy Morehead, Ph.D., CPA, CGFM, CPM AGA Past National President and Associate Professor of Accountancy.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
Organizational Governance Embracing Internal Audits Role.
Department of Internal Audit An Internal Control Overview By ETSU Department of Internal Audit.
INTERNAL CONTROL BASED ON THE COSO REPORT. Objective COSO C OBI T To use COSO, the Corporate Governance model, and C OBI T, the Information Technology.
0 May 2013 Internal Control–Integrated Framework.
A Framework for Control COSOs five components of internal control and questions too important to ignore.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Auditing 101 Bill Harrison Chief Internal Auditor October 10, 2012.
1 Implications of the Sarbanes-Oxley Act on the Public Sector 2005 NASACT Annual Conference August 15, 2005 Gail Flister Vallieres U.S. Government Accountability.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
FINANCIAL & BUSINESS SERVICES Welcome & Thank you for Attending Financial and Business Services Internal Controls Workshop.
DEFINITION OF CORPORATE GOVERNANCE CODE OF PRACTICE BY WHICH A FIRMS MANAGEMENT IS HELD ACCOUNTABLE TO STAKEHOLDERS FOR THE EFFICIENT AND HONEST USE OF.
1 Are You Ready for IT Control Identification & Testing? The Institute of Internal Auditors February 10, 2004 Moderator: Xenia Ley Parker, CIA, CISA, CFSA.
Internal Control Workshop Kenneth Wilson, Associate Comptroller Deb Martin, Internal Auditor.
Best Practices for In House Counsel Andrea C. Okun General Counsel Merit Management Group LP.
Managing Your Audit Function Webinar Series October 6th – 10:00 to 12:00 CST Presented by Del Rush ABA: Managing Your Audit Function Webinar: October 6,
Basel Committee Guidance on Corporate Governance for Banks Eurasian Corporate Governance Roundtable Task Force on Corporate Governance of Banks in Eurasia.
© John Beveridge CobiT Update NSAA IT Conference Richmond, VA John W. Beveridge September 27, 2007.
Code of Corporate Governance Securities and Exchange Commission Insurance Commission Reported by: Alvin B. Cabrera.
1 1 Financial Literacy Corland E. Forrester
Lori A. Brown, Seton Hall University Nikita Williams, TCS Education System Christopher Myers, Holland & Knight Compliance 101: A Guide to Building Effective.
Health & Safety Management Health & Safety Management for Quarries Topic Four.
Electronic Presentations in Microsoft ® PowerPoint ® Prepared by Brad MacDonald SIAST © 2003 McGraw-Hill Ryerson Limited.
© 2016 SlidePlayer.com Inc. All rights reserved.