Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the.

Published byDerek Pierce Modified over 9 years ago

Similar presentations

Presentation on theme: "INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the."— Presentation transcript:

1 INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the firm’s… internal control structure, auditor’s assessment of risk, and the planning of audit procedures How do these three interrelate? The weaker the internal control structure, the higher the assessed level of risk; the higher the risk, the more auditor procedures applied in the audit. 6-1

2 Five Internal Control Components: SAS 78 / COSO 1. Control environment 2. Risk assessment 3. Information and communication 4. Monitoring 5. Control activities 6-2

3 1: The Control Environment Integrity and ethics of management Organizational structure Role of the board of directors and the audit committee Management’s policies and philosophy Delegation of responsibility and authority Performance evaluation measures External influences—regulatory agencies Policies and practices managing human resources 6-3

4 2: Risk Assessment Identify, analyze and manage risks relevant to financial reporting: – changes in external environment – risky foreign markets – significant and rapid growth that strain internal controls – new product lines – restructuring, downsizing – changes in accounting policies 6-4

5 3: Information and Communication The AIS should produce high quality information which: – identifies and records all valid transactions – provides timely information in appropriate detail to permit proper classification and financial reporting – accurately measures the financial value of transactions – accurately records transactions in the time period in which they occurred 6-5

6 4: Monitoring The process for assessing the quality of internal control design and operation [This is feedback in the general AIS model.] Separate procedures—test of controls by internal auditors Ongoing monitoring: – computer modules integrated into routine operations – management reports which highlight trends and exceptions from normal performance 6-6

7 5: Control Activities Policies and procedures to ensure that the appropriate actions are taken in response to identified risks Fall into two distinct categories: – IT controls—relate specifically to the computer environment – Physical controls—primarily pertain to human activities 6-7

8 Two Types of IT Controls General controls—pertain to the entitywide computer environment – Examples: controls over the data center, organization databases, systems development, and program maintenance Application controls—ensure the integrity of specific systems – Examples: controls over sales order processing, accounts payable, and payroll applications 6-8

9 Six Types of Physical Controls Transaction Authorization Segregation of Duties Supervision Accounting Records Access Control Independent Verification 6-9

10 Physical Controls Transaction Authorization used to ensure that employees are carrying out only authorized transactions general (everyday procedures) or specific (non-routine transactions) authorizations Supervision a compensation for lack of segregation; some may be built into computer systems A ccounting Records provide an audit trail 6-10

11 Segregation of Duties In manual systems, separation between: – authorizing and processing a transaction – custody and recordkeeping of the asset – subtasks In computerized systems, separation between: – program coding – program processing – program maintenance 6-11

12 Access Controls help to safeguard assets by restricting physical access to them Independent Verification reviewing batch totals or reconciling subsidiary accounts with control accounts 6-12

13 Authorization Custody Recording Task 1Task 2 Task 1 Nested Control Objectives for Transactions Control Objective 1 Control Objective 2 Control Objective 3 Custody Recording 6-13 Custody Recording Processing

14 Physical Controls in IT Contexts Transaction Authorization The rules are often embedded within computer programs. – EDI/JIT: automated re-ordering of inventory without human intervention Segregation of Duties A computer program may perform many tasks that are deemed incompatible. Thus the crucial need to separate program development, program operations, and program maintenance. 6-14

15 Supervision The ability to assess competent employees becomes more challenging due to the greater technical knowledge required. Accounting Records ledger accounts and sometimes source documents are kept magnetically – no audit trail is readily apparent Access Control Data consolidation exposes the organization to computer fraud and excessive losses from disaster. 6-15

16 Independent Verification When tasks are performed by the computer rather than manually, the need for an independent check is not necessary. However, the programs themselves are checked. =============== thank for your attention =============== 6-16

Download ppt "INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the."

Similar presentations

An Internal Control Overview

An Internal Control Overview
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Chapter 3 Ethics, Fraud, and Internal Control

Chapter 3 Ethics, Fraud, and Internal Control
The Internal Control Structure. The Relationship between Risks, Opportunities, and Controls Risks –A risk is any exposure to the chance of injury or loss.

The Internal Control Structure. The Relationship between Risks, Opportunities, and Controls Risks –A risk is any exposure to the chance of injury or loss.
Internal Control.

Internal Control.
Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.

Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.

Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
1 Chapter 3 Ethics, Fraud, and Internal Control COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and.

1 Chapter 3 Ethics, Fraud, and Internal Control COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and.
The Islamic University of Gaza

The Islamic University of Gaza
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.

Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google