Presentation is loading. Please wait.

Presentation is loading. Please wait.

Corporate Governance and Entity-Level Controls. Escalating Role of Board Members Corporate Fraud Qualifications of directors and management Governance-2.

Published byJayson Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "Corporate Governance and Entity-Level Controls. Escalating Role of Board Members Corporate Fraud Qualifications of directors and management Governance-2."— Presentation transcript:

1 Corporate Governance and Entity-Level Controls

2 Escalating Role of Board Members Corporate Fraud Qualifications of directors and management Governance-2

3 Board Member Sample Tasks and Expertise Sample TaskExpected Expertise Approve hiring of chief executive officerHuman resources, personnel evaluation Approve risk assessment framework and monitor risk evaluation Industry expertise, strategic planning, awareness of potential risks, risk assessment methodologies Review and approve organizational and business strategies and changes thereto Long-term planning, strategic planning, industry-specific expertise Review and approve information systems strategy and changes thereto Ability to link information systems strategy to business strategy; understand information systems terminology, impact, and alternatives; industry-specific expertise Approve information systems acquisitions, business acquisitions, or contracts over specified dollar limits Understand information systems terminology, impact, and alternatives; industry-specific expertise Approve auditors and financial statementsFinancial or accounting competence; understand complex accounting terminology and be able to ask the right questions Oversee the work of internal auditorsUnderstand risks that the organization is exposed to and alternative ways of addressing those risks Governance-3

4 Organizational Structure and Corporate Governance What has an effect on corporate governance? For example, an entrepreneurial structure What type of structure would a public company probably have? Governance-4

5 Enterprise Risk Management (ERM) What is ERM Risk management framework Governance-5

6 Auditor Evaluation of Corporate Governance What is the auditor’s goal? Typical tools used to understand the components of corporate governance Governance-6

7 IT Governance IT governance is crucial to the evaluation of corporate governance Definition of IT governance IT governance is a crucial subset of Governance-7

8 Evaluation of IT Governance by the Auditor Evaluation of IT governance What does the auditor look at next? Governance-8

9 Continuous assessment Value Management methodologies Governance-9

10 Impact of General Information Systems Controls on the Audit There are three general control categories: 1.organization and management controls 2.systems acquisition, development, and maintenance controls 3.operations and information systems support. Governance-10

11 Organization and Management Controls Auditors consider Key question - Who are the super-users? Governance-11

12 Systems Acquisition, Development, and Maintenance Controls Auditors focus Typical types of software Providing user interfaces Providing security Managing hardware and software Information communication Governance-12

13 Operations and Information Systems Support A number of things canb affect the types of controls 1.Hardware confirguration Auditor needs to determine 2.Operating system Governance-13

14 3.Internal vs outsourced support What is outsourcing? Internal Governance-14

15 Advanced Information Systems Advanced IS results in high complexity. Such systems have one or more of the following characteristics: 1.Strategic information systems 2.Custom software 3.Multiple information processing locations 4.Database management systems 5.Paperless systems 6.Integrated computing Governance-15

16 1.Strategic Information Systems Such systems provide a competitive advantage or improve efficiency within an entity. The problems? Such systems can be extremely strategic Governance-16

17 2.Custom Software Custom software is unique software designed for the entity. How can it be developed? The key reasons why such software is chosen by entities Governance-17

18 Risks Associated with Custom Software Such systems are usually very costly Rigorous testing is required Governance-18

19 Audit Impact of Custom Software Systems development process Risk of errors or unauthorized programs Governance-19

20 3.Multiple Information Processing Locations Problems with data processed in multiple locations Programs could be inaccurate or unauthorized Access to programs and data Data sent from one location to another Governance-20

21 4.Databases and Database Management Systems (DBMS) Many software packages use a database as an underlying file structure. Key concept of a DBMS The DBMS Governance-21

22 Effects of a DBMS on Internal Controls Existence of a DBMS Typical general controls that are affected a)Organization and management controls b)Systems acquisition, development, and maintenance controls c)Operations and information systems support Governance-22

23 a)Organization and Management Controls The database administrator Auditor documentation Governance-23

24 b)Systems Acquisition, Development and Maintenance Added controls should exist to ensure that: Database development Programs Governance-24

25 c)Operations and Information Systems Support Data security Each application cycle needs to be examined for controls over: Governance-25

26 5.Paperless Systems A wide variety of paperless systems exist. Typical business data communications –EDI (electronic data interchange) –EFT (electronic funds transfer) Governance-26

27 Impact of Paperless Systems on the Audit Engagement Where there is no paper trail Without a paper trail Governance-27

28 6.Integrated Computing Increased leve of complexity Typical examples –Enterprise Resource Planning (ERP) –Relational databases –The objective of such systems Governance-28

29 Some Common Entity-Level Controls Controls related to the control environment Controls over management override The company's risk assessment process Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs Controls over the period-end financial reporting process Policies that address significant business control and risk management practices Whistle-blower hotline Code of conduct IT environment and organizations Self-assessment Oversight by the Board of Senior Management Policies & procedures manual Variance analysis reporting Management triggers embedded within IT systems Internal communication and performance reporting Tone setting Board/audit committee reporting External communication Segregation of duties Accounts reconciliations System balancing and exception reporting Governance Assignment of authority and responsibility Hiring and retention practices Fraud prevention/detection controls and analytical procedures Governance-29

30 The Effects of Entity-Level Controls What can be affected? Any one of the control levels being absent or not properly implemented Governance-30

31 Relationship between Entity-Level Controls and Specific Audit Objectives Entity-level controls can affect Governance-31

32 Problem 10-21, Canadian 11th. Edition, Page 342 Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase equipment or property and manages apartments and condominium properties. The company decided that it was time to upgrade its local area network. It decided to also purchase new accounting software but wanted to retain its old unit maintenance software, which, although 10 years old, had an easy-to-use interface that allowed maintenance personnel to track the maintenance work that they did in each unit. The controller, Joe, decided that the company should purchase the software from Midland Computers, which was owned by his brother-in-law, Tom. The prices were comparable with those of other computer networks that he priced, and Midland happened to be close by. Using materials from industry magazines, Joe decided that the best property management software to buy would be from Quebec; the software had received rave reviews about being easy to use. The implementation was scheduled for the weekend after the June month-end close so that systems could be up and running by the following Monday. To Joe’s horror, when he arrived at work on Monday, computers were still being unpacked and installed. Tom had difficulty following the installation instructions for the accounting software, which was not up and running until the end of the week. General ledger details had to be manually entered, since the software could not handle the structure of the old accounts. At the end of two weeks, Joe had the old system put back up so that Friggle could catch up on transactions and get some work out the door. It took three months of 12-hour days for all accounting staff to get the new system operational. Unfortunately, the old maintenance systems would not work with the new operating system, and a new maintenance system had to be evaluated and purchased. Required Assess the IT governance at Friggle Corp. For weaknesses that you identify, provide recommendations for improvement. Governance-32

33 Problem 10-22, Canadian 11th. Edition. Page 342 Turner Valley Hospital plans to install a database management system, Hosp Info, that will maintain patient histories, including tests performed and their results, vital statistics, and medical diagnoses. The system will also manage personnel and payroll, medical and non-medical supplies, and patient and provincial health-care billings. The decision was taken by the board of the hospital on the advice of a consultant who was a former employee of Medical Data Services Inc., the developer of Hosp Info. Turner Valley Hospital’s chief information officer has come to your accounting firm to ask for advice on what general controls she should ask Medical Data Services Inc. to install to preserve the integrity of the information in the system and to deal with privacy issues. The system would permit data about patients to be entered by doctors, nurses, and medical technologists. Required a)Describe in general terms the controls you would suggest for the system as a whole. b)Considering the nature of Turner Valley Hospital, describe the potential risks the hospital should be concerned about with respect to Hosp Info. c)What are the advantages of such a database management system? d)How would the quality of general controls at the hospital affect your audit? Governance-33

Download ppt "Corporate Governance and Entity-Level Controls. Escalating Role of Board Members Corporate Fraud Qualifications of directors and management Governance-2."

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Problem 10-21 Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.

Problem Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.

CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.

1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.
Chapter 1 Assuming the Role of the Systems Analyst

Chapter 1 Assuming the Role of the Systems Analyst

Similar presentations

Ads by Google