Control & AIS Overview

Questions and Answers

What is referred to as a threat in an accounting information system?

An unforeseen opportunity for revenue increase

Any adverse occurrence that can injure the system or organization (correct)

Any positive occurrence that benefits the system

A potential source of financial gain

What does the term 'exposure' or 'impact' refer to?

The effectiveness of existing controls

The total money spent on implementing controls

The likelihood of a threat occurring

The potential dollar loss if a threat becomes a reality (correct)

Which of the following is NOT a primary objective of an accounting information system?

Creating unrestricted revenue streams (correct)

Controlling the organization to achieve intended objectives

Taking a proactive approach to eliminating threats

Detecting and recovering from system threats

What type of control is designed to deter problems from occurring?

Preventive control

Which of the following objectives is associated with safeguarding assets?

Maintaining sufficient records

Why is it important for management to comply with laws and regulations?

To avoid potential legal issues and penalties

What is the main focus of detective controls in an internal control system?

To discover problems that were not prevented

What role does management expect accountants to play concerning system threats?

Detecting, correcting, and recovering from threats

What is one of the first steps in monitoring internal controls?

Performing internal control evaluations

Which of the following is a method for communicating internal control matters to external parties?

Annual reports

How can a company effectively track software and mobile devices?

Monitoring system activities

Which action is NOT a part of internal monitoring of controls?

Internal communication of objectives

What is the primary purpose of fraud detection software?

To automatically flag suspicious transactions

Which of the following best describes responsibility accounting systems?

They help in budgeting and tracking financial performance.

What action should be taken when an employee's laptop containing sensitive information is stolen?

Implement corrective controls such as data encryption.

What is a significant risk if a store manager purchases installation of wireless access points without notifying IT?

Potential for unauthorized network access

What is the primary purpose of the Foreign Corrupt Practices Act (FCPA)?

To prevent companies from bribing foreign officials

Which act was introduced to enhance the transparency of financial statements?

Sarbanes-Oxley Act

Which of the following is NOT a component of the COSO Internal Control – Integrated Framework?

Performance evaluation

What is the main focus of the COBIT framework?

IT governance and management

What are the two perspectives of risk assessment?

Likelihood and impact

What is the correct response if a company decides to buy insurance to handle a risk?

Share/transfer

What role does the Control Environment play in internal controls?

It establishes the foundation for internal control.

Which of the following is a principle of effective information and communication?

High-quality information should support internal control.

Separation of duties is primarily aimed at which of the following?

Preventing fraud and errors

The Sarbanes-Oxley Act punishes executives who do what?

Perpetrate fraud

What does the COBIT 2019 framework emphasize regarding governance and management?

Separation of governance from management

What type of risk exists before any plans are made to control it?

Inherent risk

What is a significant advantage of implementing internal controls?

They facilitate compliance with regulatory requirements.

Which of the following is an example of a control activity?

Proper authorization of transactions

Study Notes

Control & AIS - Overview

• A threat is any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization.
• Exposure, or impact, refers to the potential dollar loss should a particular threat become a reality.
• Likelihood is the probability that a specific threat will occur.

Primary Objective of an AIS

• The primary objective of an AIS is to control the organization so that it can achieve its intended objectives.
• Management expects accountants to take a proactive approach to eliminating system threats and to detect, correct, and recover from threats when they occur.

Internal Control

• Internal control processes are implemented to achieve the following:
  • Safeguard assets
  • Maintain sufficient records
  • Provide accurate and reliable information
  • Prepare financial reports according to established criteria
  • Promote and improve operational efficiency
  • Encourage adherence to management policies
  • Comply with laws and regulations

Functions of Internal Control

• Preventive Controls: Deter problems from occurring.
• Detective Controls: Discover problems that are not prevented.
• Corrective Controls: Identify and correct problems; correct and recover from the problems.

Legislations

• Foreign Corrupt Practices Act (FCPA) (1977): Passed to prevent companies from bribing foreign officials to obtain business and requires all publicly owned corporations to maintain a system of internal accounting controls.
• Sarbanes–Oxley Act (SOX) (2002): Applies to publicly held companies and their auditors to prevent financial statement fraud, make financial reports transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud.

Control Frameworks

• COBIT: Framework for IT control.
• COSO: Framework for enterprise internal controls (control-based approach).
• COSO-ERM: Expands the COSO framework taking a risk-based approach.

COBIT Framework

• The current framework version is COBIT 2019.
• COBIT 2019 is based on the following principles:
  • Meeting stakeholder needs
  • Covering the enterprise end-to-end
  • Applying a single, integrated framework
  • Enabling a holistic approach
  • Separating governance from management

Components of COSO Internal Control Integrated Framework

• The COSO Internal Control–Integrated Framework outlines five components:
  • Control environment
  • Risk assessment
  • Control activities
  • Information and communication
  • Monitoring

Control Environment

• The control environment encompasses:
  • Management’s philosophy, operating style, and risk appetite
  • Commitment to integrity, ethical values, and competence
  • Internal control oversight by the Board of Directors
  • Organizing structure
  • Methods of assigning authority and responsibility
  • Human resource standards

Risk Assessment

• Two Perspectives:
  • Likelihood: Probability that the event will occur.
  • Impact: Estimated potential loss if the event occurs.
• Types of risk:
  • Inherent risk: Risk that exists before plans are made to control it.
  • Residual risk: Risk that is left over after you control it.

Risk Response

• Reduce/Mitigate: Implement effective internal control.
• Accept: Do nothing; accept the likelihood and impact of the risk.
• Share/Transfer: Buy insurance, outsource, or hedge.
• Avoid: Do not engage in the activity.

Control Activities

• Control activities include:
  • Proper authorization of transactions and activities
  • Segregation of duties
  • Project development and acquisition controls
  • Change management controls
  • Design and use of documents and records
  • Safeguarding assets, records, and data
  • Independent checks on performance

Information & Communication

• Three principles apply to the information and communication process:
  • Obtain or generate relevant, high-quality information to support internal control.
  • Internally communicate information, including objectives and responsibilities, necessary to support the other components of internal control.
  • Communicate relevant internal control matters to external parties.

Monitoring

• Monitoring encompasses:
  • Performing internal control evaluations (e.g., internal audit)
  • Implementing effective supervision
  • Using responsibility accounting systems (e.g., budgets)
  • Monitoring system activities
  • Tracking purchased software and mobile devices
  • Conducting periodic audits (e.g., external, internal, network security)
  • Employing a computer security officer
  • Engaging forensic specialists
  • Installing fraud detection software
  • Implementing a fraud hotline

Description

This quiz covers the fundamental concepts of Control and Accounting Information Systems (AIS). It explores threats, exposure, likelihood, and the primary objectives of AIS, emphasizing the importance of internal control processes in safeguarding assets and ensuring operational efficiency.