Presentation is loading. Please wait.

Presentation is loading. Please wait.

Control and Accounting Information Systems

Published byHassan Gaither Modified over 9 years ago

Similar presentations

Presentation on theme: "Control and Accounting Information Systems"— Presentation transcript:

1 Control and Accounting Information Systems
Chapter 7

2 Learning Objectives Explain basic control concepts and why computer control and security are important. Compare and contrast the COBIT, COSO, and ERM control frameworks. Describe the major elements in the internal environment of a company. Describe the four types of control objectives that companies need to set. Describe the events that affect uncertainty and the techniques used to identify them. Explain how to assess and respond to risk using the Enterprise Risk Management model. Describe control activities commonly used in companies. Describe how to communicate information and monitor control processes in organizations.

3 Why Is Control Needed? Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a threat or an event. The potential dollar loss should a particular threat become a reality is referred to as the exposure or impact of the threat. The probability that the threat will happen is the likelihood associated with the threat

4 A Primary Objective of an AIS
Is to control the organization so the organization can achieve its objectives Management expects accountants to: Take a proactive approach to eliminating system threats. Detect, correct, and recover from threats when they occur.

5 Internal Controls Processes implemented to provide assurance that the following objectives are achieved: Safeguard assets Maintain sufficient records Provide accurate and reliable information Prepare financial reports according to established criteria Promote and improve operational efficiency Encourage adherence with management policies Comply with laws and regulations

6 Functions of Internal Controls
Preventive controls Deter problems from occurring Detective controls Discover problems that are not prevented Corrective controls Identify and correct problems; correct and recover from the problems

7 Control Frameworks COBIT COSO COSO-ERM Framework for IT control
Framework for enterprise internal controls (control-based approach) COSO-ERM Expands COSO framework taking a risk-based approach

8 COBIT Framework Current framework version is COBIT5
Based on the following principles: Meeting stakeholder needs Covering the enterprise end-to-end Applying a single, integrated framework Enabling a holistic approach Separating governance from management

9 COBIT5 Separates Governance from Management

10 Components of COSO Frameworks
COSO-ERM Control (internal) environment Risk assessment Control activities Information and communication Monitoring Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring

11 Internal Environment Management’s philosophy, operating style, and risk appetite Commitment to integrity, ethical values, and competence Internal control oversight by Board of Directors Organizing structure Methods of assigning authority and responsibility Human resource standards

12 Objective Setting Strategic objectives Operations objectives
High-level goals Operations objectives Effectiveness and efficiency of operations Reporting objectives Improve decision making and monitor performance Compliance objectives Compliance with applicable laws and regulations

13 Event Identification Identifying incidents both external and internal to the organization that could affect the achievement of the organizations objectives Key Management Questions: What could go wrong? How can it go wrong? What is the potential harm? What can be done about it?

14 Risk Assessment Risk is assessed from two perspectives: Likelihood
Probability that the event will occur Impact Estimate potential loss if event occurs Types of risk Inherent Risk that exists before plans are made to control it Residual Risk that is left over after you control it

15 Risk Response Reduce Accept Share Avoid
Implement effective internal control Accept Do nothing, accept likelihood and impact of risk Share Buy insurance, outsource, or hedge Avoid Do not engage in the activity

16 Control Activities Proper authorization of transactions and activities
Segregation of duties Project development and acquisition controls Change management controls Design and use of documents and records Safeguarding assets, records, and data Independent checks on performance

17 Segregation of Duties

18 Monitoring Perform internal control evaluations (e.g., internal audit)
Implement effective supervision Use responsibility accounting systems (e.g., budgets) Monitor system activities Track purchased software and mobile devices Conduct periodic audits (e.g., external, internal, network security) Employ computer security officer Engage forensic specialists Install fraud detection software Implement fraud hotline

19 Key Terms Threat or Event Exposure or impact Likelihood
Internal controls Preventive controls Detective controls Corrective controls General controls Application controls Belief system Boundary system Diagnostic control system Interactive control system Audit committee Foreign Corrupt Practices Act (FCPA) Sarbanes-Oxley Act (SOX) Public Company Accounting Oversight Board (PCAOB) Control Objectives for Information and Related Technology (COBIT) Committee of Sponsoring Organizations (COSO) Internal control-integrated framework (IC) Enterprise Risk Management Integrated Framework (ERM) Internal environment

20 Key Terms (continued) Risk appetite Policy and procedures manual
Background check Strategic objectives Operations objectives Reporting objectives Compliance objectives Event Inherent risk Residual risk Expected loss Control activities Authorization Digital signature Specific authorization General authorization Segregation of accounting duties Collusion Segregation of systems duties Systems administrator Network manager Security management Change management Users Systems analysts Programmers Computer operators Information system library

21 Key Terms (continued) Postimplementation review Data control group
Systems integrator Analytical review Audit trail Computer security officer (CSO) Chief compliance officer (CCO) Forensic investigators Computer forensics specialists Neural networks Fraud hotline Data control group Steering committee Strategic master plan Project development plan Project milestones Data processing schedule System performance measurements Throughput Utilization Response time

Download ppt "Control and Accounting Information Systems"

Similar presentations

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Internal Control.

Internal Control.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 4 Internal Control Bus 319 Accounting Information Systems.

Chapter 4 Internal Control Bus 319 Accounting Information Systems.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company:  Erroneous Financial.

Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company:  Erroneous Financial.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-

Similar presentations

Ads by Google