Scribd
Upload
5 views

AIS CH-5

Uploaded by

makising13
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

AIS CH-5

Uploaded by

makising13
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Chapter Five

Control and Accounting


Information Systems

Compiled By: Benol.M

Copyright © 2015 Pearson Education, Inc.


Learning Objectives

• Explain basic control concepts and why computer control and security are important.

• Compare and contrast the COBIT, COSO, and ERM control frameworks.

• Describe the major elements in the internal environment of a company.

• Describe the four types of control objectives that companies need to set.

• Describe the events that affect uncertainty and the techniques used to identify them.

• Explain how to assess and respond to risk using the Enterprise Risk Management model.

• Describe control activities commonly used in companies.

• Describe how to communicate information and monitor control processes in organizations.

Copyright © 2015 Pearson Education, Inc.


7-2
Why Is Control Needed?
• Any potential adverse occurrence or unwanted event
that could be injurious to either the accounting
information system or the organization is referred to
as a threat or an event.

• The potential dollar loss should a particular threat


become a reality is referred to as the exposure or
impact of the threat.

• The probability that the threat will happen is the


likelihood associated with the threat
Copyright © 2015 Pearson Education, Inc.
7-3
A Primary Objective of an AIS

• Is to control the organization so the organization


can achieve its objectives

• Management expects accountants to:


▫ Take a proactive approach to eliminating system
threats.
▫ Detect, correct, and recover from threats when
they occur.

Copyright © 2015 Pearson Education, Inc.


7-4
Internal Controls
• Processes implemented to provide assurance
that the following objectives are achieved:
▫ Safeguard assets
▫ Maintain sufficient records
▫ Provide accurate and reliable information
▫ Prepare financial reports according to established
criteria
▫ Promote and improve operational efficiency
▫ Encourage adherence with management policies
▫ Comply with laws and regulations
Copyright © 2015 Pearson Education, Inc.
7-5
Functions of Internal Controls

• Preventive controls
▫ Deter problems from occurring
• Detective controls
▫ Discover problems that are not prevented
• Corrective controls
▫ Identify and correct problems; correct and recover
from the problems

Copyright © 2015 Pearson Education, Inc.


7-6
Control Frameworks
• COBIT
▫ Framework for IT control
• COSO
▫ Framework for enterprise internal controls
(control-based approach)
• COSO-ERM
▫ Expands COSO framework taking a risk-based
approach

Copyright © 2015 Pearson Education, Inc.


7-7
COBIT Framework

• Current framework version is COBIT5


• Based on the following principles:
▫ Meeting stakeholder needs
▫ Covering the enterprise end-to-end
▫ Applying a single, integrated framework
▫ Enabling a holistic approach
▫ Separating governance from management

Copyright © 2015 Pearson Education, Inc.


7-8
COBIT5 Separates Governance from
Management

Copyright © 2015 Pearson Education, Inc.


7-9
Components of COSO Frameworks

COSO COSO-ERM

• Control (internal) • Internal environment


environment • Objective setting
• Risk assessment • Event identification
• Control activities • Risk assessment
• Information and • Risk response
communication • Control activities
• Monitoring • Information and
communication
• Monitoring
Copyright © 2015 Pearson Education, Inc.
7-10
Internal Environment
• Management’s philosophy, operating style, and
risk appetite
• Commitment to integrity, ethical values, and
competence
• Internal control oversight by Board of Directors
• Organizing structure
• Methods of assigning authority and
responsibility
• Human resource standards

Copyright © 2015 Pearson Education, Inc.


7-11
Objective Setting

• Strategic objectives
▫ High-level goals
• Operations objectives
▫ Effectiveness and efficiency of operations
• Reporting objectives
▫ Improve decision making and monitor
performance
• Compliance objectives
▫ Compliance with applicable laws and regulations
Copyright © 2015 Pearson Education, Inc.
7-12
Event Identification
Identifying incidents both external and internal to
the organization that could affect the achievement
of the organizations objectives
Key Management Questions:
• What could go wrong?
• How can it go wrong?
• What is the potential harm?
• What can be done about it?

Copyright © 2015 Pearson Education, Inc.


7-13
Risk Assessment
Risk is assessed from two perspectives:
• Likelihood
▫ Probability that the event will occur
• Impact
▫ Estimate potential loss if event occurs

Types of risk
• Inherent
▫ Risk that exists before plans are made to control it
• Residual
▫ Risk that is left over after you control it
Copyright © 2015 Pearson Education, Inc.
7-14
Risk Response

• Reduce
▫ Implement effective internal control
• Accept
▫ Do nothing, accept likelihood and impact of risk
• Share
▫ Buy insurance, outsource, or hedge
• Avoid
▫ Do not engage in the activity

Copyright © 2015 Pearson Education, Inc.


7-15
Control Activities

• Proper authorization of transactions and


activities
• Segregation of duties
• Project development and acquisition controls
• Change management controls
• Design and use of documents and records
• Safeguarding assets, records, and data
• Independent checks on performance

Copyright © 2015 Pearson Education, Inc.


7-16
Segregation of Duties

Copyright © 2015 Pearson Education, Inc.


7-17
Monitoring
• Perform internal control evaluations (e.g., internal
audit)
• Implement effective supervision
• Use responsibility accounting systems (e.g.,
budgets)
• Monitor system activities
• Track purchased software and mobile devices
• Conduct periodic audits (e.g., external, internal,
network security)
• Employ computer security officer
• Engage forensic specialists
• Install fraud detection software
• Implement fraud hotline
Copyright © 2015 Pearson Education, Inc.
7-18
THANK YOU

Copyright © 2015 Pearson Education, Inc. 19

You might also like