1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

Slides:



Advertisements
Similar presentations
Internal Control in a Financial Statement Audit
Advertisements

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Auditing Concepts.
Internal Control.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Operational Auditing---Spring 2000 (2/3) 1 Accounting Business Skills “The What” 4 Business perspective 4 Organizational focus 4 Bias for action 4 Communication.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Control environment and control activities. Day II Session III and IV.
Central Piedmont Community College Internal Audit.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Evaluation of Internal Control System
Conducting an Information Systems Audit
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Everyone’s Been Hacked Now What?. OakRidge What happened?
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Management Advisory and Compliance Services Towson University Management Advisory and Compliance Services Internal Controls.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Auditing Concepts.
Internal Control Evaluation: Assessing Control Risk
Internal Control in a Financial Statement Audit
Internal Controls Towson University
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous Assurance Symposium, November 22&23, 2002

2 Overview Current methods of control Are there systems of control? Current frameworks of internal control eCommerce impacts on the current frameworks Are the current frameworks sufficient? Research agenda for systems of internal control

3 Current Methods of Control Methods of Management Control Methods of Internal Control Methods of Assurance

4 Methods of Management Control Planning, organizing, staffing, leading, controlling Internal audit definition Insure reliability and integrity of information Compliance with policies, plans, procedures, laws, and regulations Safeguarding of assets Economical and efficient use of resources Accomplishment of established objectives and goals for operations or programs Theory X, Theory Y Charisma Organizational design Process re-engineering

5 Methods of Internal Control Pervasive controls Control environment Plan of the organization General scheme of authorization General physical security Personnel policies Application controls Preventative: Separation of duties, specific authorization, validation, verification, specific physical controls Detective: Pre-numbered documents, registers and logs, reconciliation, review procedures

6 Methods of Assurance External audits Internal control evaluation Prospective financial information Compliance with laws and regulation Other WebTrust SysTrust

7 Systems of Control Appeal to auditor judgement What risks are pervasive controls actually lowering? When and how do pervasive control activities reduce application cycle risks? Under what conditions are multiple control activities likely to actually reduce risk? How are compensating controls justified with respect to risk?

8 eCommerce Impacts on the Current Frameworks Electronic transactions inputs processes outputs Continuous monitoring Continuous reporting Continuous assurance

9 Electronic Transactions Inputs No “inside source,” entry by the customer on the web Blanket authorizations Processes Transaction stream is continuously automated: points of control must be designed Outputs Effortless duplication, no natural tracing

10 Continuous Auditing Monitoring Points of control “disappear” into the processing system Measures, recording and reporting media, and measurement tools all change Assurance Decision cycle time decreases Decision based more on electronic measures Reporting On demand, 24/7, web-based Must reflect the shorter cycle times

11 Sufficiency of Current Frameworks COSO COBIT SAS 55, 78 IIA Guidelines 300 (C), 520 (Risk)

12 COSO Control Environment Risk Assessment Control Activities Information and Communication Monitoring

13 COBIT Information Technology Resources Information Planning and Organizing Acquisition and Implementation Delivery and Support Monitoring

14 SAS 55, 78 Obtain a sufficient understanding of IC to plan the audit Assess control risks for F/S assertions Additional tests of controls Determine the nature, timing, and extent of substantive tests COSO framework

15 IIA Guidelines 300 (C), (Risk) Management controls Insure reliability and integrity of information Compliance with policies, plans, procedures, laws, and regulations Safeguarding of assets Economical and efficient use of resources Accomplishment of established objectives and goals for operations or programs Risk Assessment Identification of auditable activities Identification of relevant risk factors Assessment of the relative significance of the factors

16 Researching Systems of Internal Control Heuristics on combining risk effects of IC activities Risk implications of emerging IT technologies Identification and evaluation of points and bands of control Further (better) articulation of control goals and operational and control activities

17 Heuristics on Combining Risk Effects Use of non-classical mathematics: modal logics, fuzzy sets Data mining with pattern recognition Knowledge elicitation from the experts Analysis of known systemic risk and know subsystem risk A metaphor: what we use now is “payback” vs. NPV

18 Risk Implications of Emerging IT Technologies Increased and new risks Decreased and eliminated risks All “technologies” SW: OSs, applications, IDEs HW: servers, communications, clients Administrative: network monitoring, SAD methodologies, programming methodologies

19 Identification and Evaluation of Points and Bands of Control Rethink our traditional measure points (registers, logs) and convert to eCommerce settings Determine how to evaluate the placement of points wrt value added and C/B Develop systems of activities (bands of control) which can be evaluated for efficiency and effectiveness

20 Better Articulation of Control Goals and Operational/Control Activities Lining up qualitative dimensions of activities with the goals they are achieving Researching the relationships between activities and goals: linear, non-linear, etc. Tighter linkage of activities and goals to the different aspects of “control” Classification of control needs, the inventory of activities available to meet those needs, and “missing” control classes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.