We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHassan Gaither
Modified about 1 year ago
Copyright © 2015 Pearson Education, Inc. Control and Accounting Information Systems Chapter 7 7-1
Copyright © 2015 Pearson Education, Inc. Learning Objectives Explain basic control concepts and why computer control and security are important. Compare and contrast the COBIT, COSO, and ERM control frameworks. Describe the major elements in the internal environment of a company. Describe the four types of control objectives that companies need to set. Describe the events that affect uncertainty and the techniques used to identify them. Explain how to assess and respond to risk using the Enterprise Risk Management model. Describe control activities commonly used in companies. Describe how to communicate information and monitor control processes in organizations. 7-2
Copyright © 2015 Pearson Education, Inc. Why Is Control Needed? Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a threat or an event. The potential dollar loss should a particular threat become a reality is referred to as the exposure or impact of the threat. The probability that the threat will happen is the likelihood associated with the threat 7-3
Copyright © 2015 Pearson Education, Inc. A Primary Objective of an AIS Is to control the organization so the organization can achieve its objectives Management expects accountants to: ▫Take a proactive approach to eliminating system threats. ▫Detect, correct, and recover from threats when they occur. 7-4
Copyright © 2015 Pearson Education, Inc. Internal Controls Processes implemented to provide assurance that the following objectives are achieved: ▫Safeguard assets ▫Maintain sufficient records ▫Provide accurate and reliable information ▫Prepare financial reports according to established criteria ▫Promote and improve operational efficiency ▫Encourage adherence with management policies ▫Comply with laws and regulations 7-5
Copyright © 2015 Pearson Education, Inc. Functions of Internal Controls Preventive controls ▫Deter problems from occurring Detective controls ▫Discover problems that are not prevented Corrective controls ▫Identify and correct problems; correct and recover from the problems 7-6
Copyright © 2015 Pearson Education, Inc. Control Frameworks COBIT ▫Framework for IT control COSO ▫Framework for enterprise internal controls (control-based approach) COSO-ERM ▫Expands COSO framework taking a risk-based approach 7-7
Copyright © 2015 Pearson Education, Inc. COBIT Framework Current framework version is COBIT5 Based on the following principles: ▫Meeting stakeholder needs ▫Covering the enterprise end-to-end ▫Applying a single, integrated framework ▫Enabling a holistic approach ▫Separating governance from management 7-8
Copyright © 2015 Pearson Education, Inc. COBIT5 Separates Governance from Management 7-9
Copyright © 2015 Pearson Education, Inc. Components of COSO Frameworks COSOCOSO-ERM Control (internal) environment Risk assessment Control activities Information and communication Monitoring Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring 7-10
Copyright © 2015 Pearson Education, Inc. Internal Environment Management’s philosophy, operating style, and risk appetite Commitment to integrity, ethical values, and competence Internal control oversight by Board of Directors Organizing structure Methods of assigning authority and responsibility Human resource standards 7-11
Copyright © 2015 Pearson Education, Inc. Objective Setting Strategic objectives ▫High-level goals Operations objectives ▫Effectiveness and efficiency of operations Reporting objectives ▫Improve decision making and monitor performance Compliance objectives ▫Compliance with applicable laws and regulations 7-12
Copyright © 2015 Pearson Education, Inc. Event Identification Identifying incidents both external and internal to the organization that could affect the achievement of the organizations objectives Key Management Questions: What could go wrong? How can it go wrong? What is the potential harm? What can be done about it? 7-13
Copyright © 2015 Pearson Education, Inc. Risk Assessment Risk is assessed from two perspectives: Likelihood ▫Probability that the event will occur Impact ▫Estimate potential loss if event occurs Types of risk Inherent ▫Risk that exists before plans are made to control it Residual ▫Risk that is left over after you control it 7-14
Copyright © 2015 Pearson Education, Inc. Risk Response Reduce ▫Implement effective internal control Accept ▫Do nothing, accept likelihood and impact of risk Share ▫Buy insurance, outsource, or hedge Avoid ▫Do not engage in the activity 7-15
Copyright © 2015 Pearson Education, Inc. Control Activities Proper authorization of transactions and activities Segregation of duties Project development and acquisition controls Change management controls Design and use of documents and records Safeguarding assets, records, and data Independent checks on performance 7-16
Copyright © 2015 Pearson Education, Inc. Segregation of Duties 7-17
Copyright © 2015 Pearson Education, Inc. Monitoring Perform internal control evaluations (e.g., internal audit) Implement effective supervision Use responsibility accounting systems (e.g., budgets) Monitor system activities Track purchased software and mobile devices Conduct periodic audits (e.g., external, internal, network security) Employ computer security officer Engage forensic specialists Install fraud detection software Implement fraud hotline 7-18
Copyright © 2015 Pearson Education, Inc. Key Terms Threat or Event Exposure or impact Likelihood Internal controls Preventive controls Detective controls Corrective controls General controls Application controls Belief system Boundary system Diagnostic control system Interactive control system Audit committee Foreign Corrupt Practices Act (FCPA) Sarbanes-Oxley Act (SOX) Public Company Accounting Oversight Board (PCAOB) Control Objectives for Information and Related Technology (COBIT) Committee of Sponsoring Organizations (COSO) Internal control-integrated framework (IC) Enterprise Risk Management Integrated Framework (ERM) Internal environment 7-19
Copyright © 2015 Pearson Education, Inc. Key Terms (continued) Risk appetite Policy and procedures manual Background check Strategic objectives Operations objectives Reporting objectives Compliance objectives Event Inherent risk Residual risk Expected loss Control activities Authorization Digital signature Specific authorization General authorization Segregation of accounting duties Collusion Segregation of systems duties Systems administrator Network manager Security management Change management Users Systems analysts Programmers Computer operators Information system library 7-20
Copyright © 2015 Pearson Education, Inc. Key Terms (continued) Data control group Steering committee Strategic master plan Project development plan Project milestones Data processing schedule System performance measurements Throughput Utilization Response time Postimplementation review Systems integrator Analytical review Audit trail Computer security officer (CSO) Chief compliance officer (CCO) Forensic investigators Computer forensics specialists Neural networks Fraud hotline 7-21
Copyright © Pearson Education Limited Control and Accounting Information Systems Chapter
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Chapter 7 Control and AIS (sistem pengendalian intern) Copyright © 2012 Pearson Education 7-1.
Copyright © 2015 Pearson Education, Inc. Control and Accounting Information Systems Chapter
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Chapter 10 Accounting Information Systems and Internal Controls Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive, Detective, and Corrective Controls.
Chapter 13 Control and Accounting Information Systems.
Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,
Chapter 9-1 Chapter 9: Introduction to Internal Control Systems Introduction 1992 COSO Report Updates on Risk Assessment Examples of Control Activities.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 4 – 1 Transaction Processing and the Internal Control.
Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Chapter 9-1. Chapter 9-2 Chapter 9: Introduction to Internal Control Systems Introduction 1992 COSO Report Updates on Risk Assessment & 2013 Update Examples.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 5 Internal Control over Financial Reporting Copyright © 2010 South-Western/Cengage Learning.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company: Erroneous Financial.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
INTRODUCTION Why AIS threats are increasing Control risks have increased in the last few years because: There are computers and servers everywhere, and.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Copyright © 2014 Pearson Education Chapter 10 Considering Internal Control.
Chapter 6-1 The Islamic University of Gaza Accounting Information System Internal Control Systems Dr. Hisham Madi.
1 Chapter Three IT Risks and Controls. 2 Lecture Outline Identifying IT Risks Identifying IT Risks Assessing IT Risks Assessing IT Risks Identifying IT.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Chapter 4 Internal Control Bus 319 Accounting Information Systems.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS.
2013 Pearson Education, Inc. Publishing as Prentice Hall, AIS, 11/e, by Bodnar/Hopwood Chapter 4 4 – 1 Transaction Processing and the Internal Control.
Pertemuan 15 Business and Information Process Rules, Risks, and Controls Matakuliah: M0034 /Informasi dan Proses Bisnis Tahun: 2005 Versi: 01/05.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 315 C HAPTER 6 Control and Accounting Information Systems.
Accounting Information Systems Chapter Outlines Romney and Steinbart.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
© 2017 SlidePlayer.com Inc. All rights reserved.