Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.
Presented by YOUR NAME THE DATE
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
CBIZ Risk & Advisory Services, LLC 1 Quality Assessments Lessons Learned/Best Practices Thomas A. Johnson, CIA November 13, 2007.
Forensic and Investigative Accounting
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit
The Information Systems Audit Process
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Purpose of the Standards
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-
Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing
Internal Control and Control Self-Assessment
Auditing Internal Control over Financial Reporting
5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Everyone’s Been Hacked Now What?. OakRidge What happened?
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Everyone’s Been Hacked Now What?. OakRidge What happened?
Casualty Loss Reserve Seminar General Session II September 9, 2003 Section 302/404 of Sarbanes-Oxley Act What Actuaries Need to Know Jan A. Lommele, FCAS,
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Chapter 9: Introduction to Internal Control Systems
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Case 6.2 Waste Management Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Chapter Two The CPA Profession
A Framework for Control
COSO Internal Control s Framework
Internal control - the IA perspective
Alignment of COBIT to Botswana IT Audit Methodology
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss

Why IT Fraud? Businesses are becoming more and more technologically dependant As auditors, it is our job to monitor, identify and control material weaknesses. Cybercrimes was already taken.

3 Focuses What are auditors required to know about IT? How do proper controls lead to fraud prevention? What are the effects of fraud on financial reporting?

Auditor Knowledge Second standard of Fieldwork As businesses become more and more computer driven, IT knowledge is essential Audit quality depends upon the auditor’s ability to detect errors.

External Auditors Generally have higher knowledge expectations than Internal Auditors Why? Larger client base, diverse information systems IT Knowledge should include “knowledge of IT systems for financial accounting and reporting, including relevant current issues and developments, as well as detailed knowledge of various frameworks for evaluating controls and assessing risks in accounting and reporting systems as appropriate for the audit of historical financial information” ---IES8

GMQ Study 2008 study, attempt to determine how self-efficacy impacts perception of new technology and implementation 36 questions across a broad spectrum of IT topics 25% rated “Less than Adequate” overall Self-assessment leads to improvement

Internal Auditors Due to in-house nature, internal auditors tend to focus on business controls, and leave IT controls to IT staff. When it exists, IT knowledge is more focused than External Auditors, but less broad. Integrated audits- Business and IT aspects being audited separately but simultaneously, and reports joined in the reporting stage.

Flaws to Integrated Auditing Inadequate scoping and execution Misunderstandings in accountability Poor identification and testing of automated controls $$$

Integrated Auditors Internal auditors who expand their IT knowledge Able to understand and properly monitor automated controls Fully understand how data flows through their organizations information systems Failure to understand these things could lead to material oversights during audits.

Fraud and IT Controls IT Controls provide and limit access to business critical information Authorization & authentication provide ways of limiting this access Design of the system, which includes critical financial and business information should not rest solely on IT.

SAS 99 & AU 314

Opportunity The ability or access to commit fraud IT controls offer an excellent line of defense Access controls Authentication Authorization

Perceived Pressure The reasons behind the commission of fraud Mostly external Internal pressures can be countered Separation of duties Logs of overrides

Rationalization The reasoning why the fraud is committed Most difficult to detect and counter due to the personal natures a persons moral and ethical code Company wide emphasis on the existence and importance of access controls Ethics training and policy

Importance of IT controls to accurate financial reporting Internal & external stakeholders require reliable financial information PCAOB definition of internal controls over financial performance: “a process…to provide reasonable assurance regarding the reliability of financial reporting.” IT controls must maintain integrity while remaining sufficiently flexible

Internal & External Uses for Financial Information Executive management Craft strategies Evaluate current strategies Make corrective adjustments Operational management Problem solving Cost management Employee evaluations BOD Existing shareholders, potential shareholders & creditors Relevant & reliable financial statements Rationally allocate capital

Ramifications of Insufficient IT-Related Internal Controls IT control material weaknesses (MWs) threaten the information value chain IT MWs lead to more IT MWs according to a study by Klamm & Watson (2011) Larger audit fees Weaker overall Control Environment Sarbanes-Oxley Act noncompliance Required to select framework to assess internal control structure COSO (too broad), CobIT, ISO

Effect on Stakeholders Shareholders Loss of representational faithfulness Biased accruals/earnings management Increased fraud risk Management Less reliable financial and operational reports Unreliable cost management information Precludes: ABC, TQM, Continuous Improvement, Six Sigma, etc.

Future Considerations IT controls will only become more paramount to success XBRL & Continuous Auditing (CA) 2006 PwC survey found 50% of U.S. companies use CA techniques and another 31% are implementing Enterprise Risk Management (ERM) Cloud Computing & Integrated Supply Chains

Computer Economics Survey 2011 to 2012 IT spending moves out of recession, but weakly 60% of companies increased their IT budgets 25% IT executives expect operational spending cuts Half of IT executives believe that budget is inadequate IT operational spending per user is at lowest in six years SOURCE: for-2011-to-2012http:// for-2011-to-2012

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.