Podcast Beta
Questions and Answers
What is referred to as a threat in an accounting information system?
What does the term 'exposure' or 'impact' refer to?
Which of the following is NOT a primary objective of an accounting information system?
What type of control is designed to deter problems from occurring?
Signup and view all the answers
Which of the following objectives is associated with safeguarding assets?
Signup and view all the answers
Why is it important for management to comply with laws and regulations?
Signup and view all the answers
What is the main focus of detective controls in an internal control system?
Signup and view all the answers
What role does management expect accountants to play concerning system threats?
Signup and view all the answers
What is one of the first steps in monitoring internal controls?
Signup and view all the answers
Which of the following is a method for communicating internal control matters to external parties?
Signup and view all the answers
How can a company effectively track software and mobile devices?
Signup and view all the answers
Which action is NOT a part of internal monitoring of controls?
Signup and view all the answers
What is the primary purpose of fraud detection software?
Signup and view all the answers
Which of the following best describes responsibility accounting systems?
Signup and view all the answers
What action should be taken when an employee's laptop containing sensitive information is stolen?
Signup and view all the answers
What is a significant risk if a store manager purchases installation of wireless access points without notifying IT?
Signup and view all the answers
What is the primary purpose of the Foreign Corrupt Practices Act (FCPA)?
Signup and view all the answers
Which act was introduced to enhance the transparency of financial statements?
Signup and view all the answers
Which of the following is NOT a component of the COSO Internal Control – Integrated Framework?
Signup and view all the answers
What is the main focus of the COBIT framework?
Signup and view all the answers
What are the two perspectives of risk assessment?
Signup and view all the answers
What is the correct response if a company decides to buy insurance to handle a risk?
Signup and view all the answers
What role does the Control Environment play in internal controls?
Signup and view all the answers
Which of the following is a principle of effective information and communication?
Signup and view all the answers
Separation of duties is primarily aimed at which of the following?
Signup and view all the answers
The Sarbanes-Oxley Act punishes executives who do what?
Signup and view all the answers
What does the COBIT 2019 framework emphasize regarding governance and management?
Signup and view all the answers
What type of risk exists before any plans are made to control it?
Signup and view all the answers
What is a significant advantage of implementing internal controls?
Signup and view all the answers
Which of the following is an example of a control activity?
Signup and view all the answers
Study Notes
Control & AIS - Overview
- A threat is any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization.
- Exposure, or impact, refers to the potential dollar loss should a particular threat become a reality.
- Likelihood is the probability that a specific threat will occur.
Primary Objective of an AIS
- The primary objective of an AIS is to control the organization so that it can achieve its intended objectives.
- Management expects accountants to take a proactive approach to eliminating system threats and to detect, correct, and recover from threats when they occur.
Internal Control
- Internal control processes are implemented to achieve the following:
- Safeguard assets
- Maintain sufficient records
- Provide accurate and reliable information
- Prepare financial reports according to established criteria
- Promote and improve operational efficiency
- Encourage adherence to management policies
- Comply with laws and regulations
Functions of Internal Control
- Preventive Controls: Deter problems from occurring.
- Detective Controls: Discover problems that are not prevented.
- Corrective Controls: Identify and correct problems; correct and recover from the problems.
Legislations
- Foreign Corrupt Practices Act (FCPA) (1977): Passed to prevent companies from bribing foreign officials to obtain business and requires all publicly owned corporations to maintain a system of internal accounting controls.
- Sarbanes–Oxley Act (SOX) (2002): Applies to publicly held companies and their auditors to prevent financial statement fraud, make financial reports transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud.
Control Frameworks
- COBIT: Framework for IT control.
- COSO: Framework for enterprise internal controls (control-based approach).
- COSO-ERM: Expands the COSO framework taking a risk-based approach.
COBIT Framework
- The current framework version is COBIT 2019.
- COBIT 2019 is based on the following principles:
- Meeting stakeholder needs
- Covering the enterprise end-to-end
- Applying a single, integrated framework
- Enabling a holistic approach
- Separating governance from management
Components of COSO Internal Control Integrated Framework
- The COSO Internal Control–Integrated Framework outlines five components:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
Control Environment
- The control environment encompasses:
- Management’s philosophy, operating style, and risk appetite
- Commitment to integrity, ethical values, and competence
- Internal control oversight by the Board of Directors
- Organizing structure
- Methods of assigning authority and responsibility
- Human resource standards
Risk Assessment
-
Two Perspectives:
- Likelihood: Probability that the event will occur.
- Impact: Estimated potential loss if the event occurs.
-
Types of risk:
- Inherent risk: Risk that exists before plans are made to control it.
- Residual risk: Risk that is left over after you control it.
Risk Response
- Reduce/Mitigate: Implement effective internal control.
- Accept: Do nothing; accept the likelihood and impact of the risk.
- Share/Transfer: Buy insurance, outsource, or hedge.
- Avoid: Do not engage in the activity.
Control Activities
- Control activities include:
- Proper authorization of transactions and activities
- Segregation of duties
- Project development and acquisition controls
- Change management controls
- Design and use of documents and records
- Safeguarding assets, records, and data
- Independent checks on performance
Information & Communication
- Three principles apply to the information and communication process:
- Obtain or generate relevant, high-quality information to support internal control.
- Internally communicate information, including objectives and responsibilities, necessary to support the other components of internal control.
- Communicate relevant internal control matters to external parties.
Monitoring
- Monitoring encompasses:
- Performing internal control evaluations (e.g., internal audit)
- Implementing effective supervision
- Using responsibility accounting systems (e.g., budgets)
- Monitoring system activities
- Tracking purchased software and mobile devices
- Conducting periodic audits (e.g., external, internal, network security)
- Employing a computer security officer
- Engaging forensic specialists
- Installing fraud detection software
- Implementing a fraud hotline
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the fundamental concepts of Control and Accounting Information Systems (AIS). It explores threats, exposure, likelihood, and the primary objectives of AIS, emphasizing the importance of internal control processes in safeguarding assets and ensuring operational efficiency.
