Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009.

Published byLeslie Benson Modified over 8 years ago

Similar presentations

Presentation on theme: "Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009."— Presentation transcript:

1 Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009

2 announcements –Assignment 3 Game plan –Identify potential misclassified minutes –Calculate rates by first identifying most recent contracts (i.e. max(Startdate) –Separate into flexible and fixed plans –Calculate minutes –Calculate charges per flexible –Calculate charges per fixed –Combine calculated charges per flexible and fixed (UNION) –Compare calculated to InvoiceLine charges

3 announcements –Assignment 4 Merger/acquisition due diligence – significantly shorter time frame What are the due diligence / audit objectives? Some of the due diligence work is already done –Identified due diligence objectives (See Figure 3) –Started with prior audit procedures (see Figure 3) No manufacturing costs since Threadchic is a retailer

4 announcements –Assignment 4 Existence procedure –Verify Threadchic paid for all purchases in a timely manner »join invoice and payment table using outer join to identify any invoices that were not paid yet –Verify inventory consistent with sales »For all items, sales price is 100 percent markup over cost except for marked down items with no sale in the last 21 days. List cost, lastSalesPrice, and calculate salesToCost to determine if each item markup is 100 percent

5 announcements –Assignment 4 Completeness procedure –Verify inclusion of all purchases in inventory »Match purchases to inventory on SKU to find purchases with no entry in inventoryMaster.QOH »Match purchases to counted inventory on SKU to find purchases with no entry in inventoryCount.obsvQOH »Remember – inventoryMaster is Threadchic’s records »inventoryCount – contains number counted by the auditors

6 Objectives Understand risks faced by information assets Comprehend relationship between risk and asset vulnerabilities Understand nature and types of threats faced by the asset Understand objectives of control and security of information assets and how these objectives are interrelated Understand the building blocks of control (and security) frameworks for information systems Apply a controls framework to a financial accounting system

7 Hot Dog Cart Case What business objectives do you expect your new employee to achieve? What operational and financial risks do you face with allowing an employee to run your hot dog cart?

8 Hot Dog Cart Case How can the problem of lack of segregation of duties be addressed when you are away from the business?

9 Hot Dog Cart Case What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?

10 Hot Dog Cart Case How can we organize the controls identified above to ensure that our business objective is achieved?

11 Questions for Wednesday Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business

12 Purpose of internal control framework

13 Information Assets

14

15 Threat Probability of an attack on an information asset

16 Countermeasures Designed to minimize or eliminate the risks stemming from vulnerabilities To design countermeasures

17 Definition of internal control Procedures designed by management to provide reasonable assurance regarding achievement of specific objectives Classification of internal controls –General vs application –Detective, preventive, or corrective

18 Definition of Information Security Protection from harm Being able to depend on the information system Two categories –Physical security –Logical security

19 Four objectives of internal controls

20 Information Security Objectives

21 Frameworks for control and security

22 COBIT control objectives Acquire and develop applications and system software Acquire technology infrastructure Develop and maintain policies and procedures Install and test application software and technology infrastructure Manage change Define and manage service levels Manage third-party services Ensure systems security Manage the configuration Manage problems and incidents Manage data Manage operations

23 ISO 17799 Ten categories or sections –Security policy –Security organization –Asset classification and control –Personnel security –Physical and environmental security –Computer and operations management –System access control –System development and maintenance –Compliance

24 COSO Control environment Risk assessment Control activities Information and communication Monitoring

25 Questions for Friday / Monday Identify at least one difference between systems availability and business continuity Why is disaster recovery planning important? Is disaster recovery planning cost beneficial?

Download ppt "Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009."

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.

MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google