Chapter 10 Accounting Information Systems and Internal Controls

Slides:



Advertisements
Similar presentations
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Advertisements

Control and Accounting Information Systems
Control and Accounting Information Systems
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Control environment and control activities. Day II Session III and IV.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Chicagoland IASA Spring Conference
Internal Auditing and Outsourcing
Control and Accounting Information Systems
Auditing Internal Control over Financial Reporting
Chapter 8 Introduction to Internal Control Systems
Chapter 9: Introduction to Internal Control Systems
Chapter 3 Internal Controls.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems
INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
IRS Enterprise Risk Management (ERM)
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Evaluation of Internal Control System
5-1 McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Chapter 7 Control and AIS (sistem pengendalian intern) Copyright © 2012 Pearson Education 7-1.
Chapter 9: Introduction to Internal Control Systems
Indiana Regional Sewer District Association October 26, 2015.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Governance & Control in ERP Systems
Internal control objectives
COSO Internal Control s Framework
Internal control - the IA perspective
Control and Accounting Information Systems
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Chapter 10 Accounting Information Systems and Internal Controls Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Learning Objectives LO#1 Explain essential control concepts and why a code of ethics and internal controls are important. LO#2 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework. LO#3 Describe the overall COBIT framework and its implications for IT governance. LO#4 Describe other governance frameworks related to information systems management and security.

Ethics, Sarbanes Oxley Act 2002 and Corporate Governance LO# 1 Ethics, Sarbanes Oxley Act 2002 and Corporate Governance The Need for a Code of Ethics Ethical behavior prompted by a code of ethics can be considered a form of internal control. Employees with different culture backgrounds are likely to have different values Many professional associations have developed codes of ethics to assist professionals in selecting among decisions that are not clearly right or wrong.

LO# 1 Sarbanes Oxley Act 2002 SOX requires public companies registered with the SEC and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting. Established the Public Company Accounting Oversight Board (PCAOB) to provide independent oversight of public accounting firms. PCAOB Auditing Standard No. 5 (AS 5) encourages auditors to use a risk-based, top-down approach to identify the key controls.

LO# 1 Corporate Governance A set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders. Promotes accountability, fairness, and transparency in the organization’s relationship with its stakeholders.

Overview of Control Concepts LO# 1 Overview of Control Concepts Three main functions of internal control: Preventive controls deter problems before they arise. (Authorization) Detective controls find problems when they arise. (Bank reconciliations and monthly trial balances) Corrective controls fix problems that have been identified. (Backup files to recover corrupted data) Computerized environment: General controls pertain to enterprise-wide issues such as controls over accessing the network, developing and maintaining applications, documenting changes of programs, etc. Application controls are specific to a subsystem or an application to ensure the validity, completeness and accuracy of the transactions.

Commonly used Internal Control Frameworks LO# 2 Commonly used Internal Control Frameworks The SEC requires management to evaluate internal controls based on a recognized control framework COSO Internal Control framework -COSO-Committee of Sponsoring Organizations of the Treadway Commission. -AAA, AICPA, FEI, IIA, and IMA -The COSO Internal Control framework is one of the most widely accepted authority on internal control, providing a baseline for evaluating, reporting, and improving internal control.

Commonly used Internal Control Frameworks LO# 2 Commonly used Internal Control Frameworks COSO 2.0 COSO ERM framework: focuses on the strategic alignment of the firm’s mission with its risk appetite. Control Objectives for Information and related Technology (COBIT): a control framework for the governance and management of enterprise IT. Information Technology Infrastructure Library (ITIL): a set of concepts and practices for IT service management. International Organization for Standardization (ISO) 27000 Series: address information security issues.

COSO Internal Control Framework (COSO 2.0) LO# 2 COSO Internal Control Framework (COSO 2.0) Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself. Internal control is affected by people. It is not merely about policy manuals, systems and forms. Rather, it is about people at every level of a firm that impact internal control. Internal control can provide reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories. Internal control is adaptable to the entity structure.

COSO Internal Control Framework (COSO 2.0) LO# 2 COSO Internal Control Framework (COSO 2.0) Three categories of objectives: Operations Objectives – effectiveness and efficiency of a firm’s operations on financial performance goals and safeguarding assets Reporting Objectives – reliability of reporting, including internal and external financial and non-financial reporting Compliance Objectives – adherence to applicable laws and regulations

COSO 2.0 Five components of internal control: Control Environment LO# 2 COSO 2.0 Five components of internal control: Control Environment Risk Assessment  Control Activities  Information and Communication  Monitoring Activities 

COSO Enterprise Risk Management—Integrated Framework LO# 2 COSO Enterprise Risk Management—Integrated Framework

COSO Enterprise Risk Management—Integrated Framework LO# 2 COSO Enterprise Risk Management—Integrated Framework Four categories of objectives: Strategic — high-level goals, aligned with and supporting the firm’s mission and vision Operations — effectiveness and efficiency of operations Reporting — reliability of internal and external reporting Compliance — compliance with applicable laws and regulations

COSO Enterprise Risk Management—Integrated Framework LO# 2 COSO Enterprise Risk Management—Integrated Framework Eight components of internal control: Internal Environment  Objective Setting  Event Identification  Risk Assessment  Risk Response  Control Activities  Information and Communication  Monitoring

Risk Assessment and Risk Response LO# 2 Risk Assessment and Risk Response Inherent risk : It exists already before management takes any actions to address it. Control risk : the threat that errors or irregularities in the underlying transactions will not be prevented, detected and corrected by the internal control system. Residual risk: the product of inherent risk and control risk (1) Reduce risks by designing effective business processes and implementing internal controls. (2) Share risks by outsourcing business processes, buying insurance, or entering into hedging transactions. (3) Avoid risks by not engaging in the activities that would produce the risk. (4) Accept risk by relying on natural offsets of the risk within a portfolio, or allowing the likelihood and impact of the risk.

Risk Assessment and Risk Response LO# 2 Risk Assessment and Risk Response Cost and benefit analysis is important in determining whether to implement an internal control. The benefits of an internal control should exceed its costs. One way to measure the benefits of a control is using the estimated impact of a risk times the decreased likelihood if the control is implemented. Expected benefit of an internal control = Impact X Decreased Likelihood

LO# 2 Control Activities Physical Controls: mainly manual but could involve the physical use of computing technology. IT controls: processes that provide assurance for information and help to mitigate risks associated with the use of technology. -- IT general controls (ITGC) -- IT application controls

LO# 3 COBIT Framework COBIT (Control Objectives for Information and related Technology) is a generally accepted framework for IT governance and management. Governance: firm objectives: evaluating stakeholder needs setting direction through decision making monitoring performance, compliance and progress Management: activities: planning, building, running and monitoring

LO# 3 COBIT Framework Provides a business focus to align business and IT objectives; Defines the scope and ownership of IT process and control; Is consistent with accepted IT good practices and standards; Provides a common language with a set of terms and definitions that are generally understandable by all stakeholders; and Meets regulatory requirements by being consistent with generally accepted corporate governance standards (e.g., COSO) and IT controls expected by regulators and auditors.

Information Technology Infrastructure Library (ITIL) A de facto standard in Europe for the best practices in IT infrastructure management and service delivery. ITIL’s value proposition centers on providing IT service with an understanding the business objectives and priorities, and the role that IT services has in achieving the objectives. ITIL adopts a lifecycle approach to IT services, and organizes IT service management into five high-level categories.

International Organization for Standardization (ISO) 27000 Series The ISO 27000 series of standards are designed to address information security issues. ISO 27000 series, particularly ISO 27001 and ISO 27002, have become the most recognized and generally accepted sets of information security framework and guidelines. The main objective of the ISO 27000 series is to provide a model for establishing, implementing, operating, monitoring, maintaining, and improving an Information Security Management System (ISMS).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.