Class 7 Control & AIS PDF

8/14/24 CONTROL & AIS Dr Zubir Azhar CamEd 1 Why Is Control Needed? u Any potential adverse occurrence or unwanted event that could be injurious to either the ac...

8/14/24 CONTROL & AIS Dr Zubir Azhar CamEd 1 Why Is Control Needed? u Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a threat. u The potential dollar loss should a particular threat become a reality is referred to as the exposure or impact of the threat. u The probability that the threat will happen is the likelihood associated with the threat. 2 1 8/14/24 Primary Objective of an AIS u To control the organization so that it can achieve its intended objectives u Management expects accountants to: u Take a proactive approach to eliminating system threats. u Detect, correct, and recover from threats when they occur. 3 Internal Control u Processes implemented to provide assurance that the following objectives are achieved: u Safeguard assets u Maintain sufficient records u Provide accurate and reliable information u Prepare financial reports according to established criteria u Promote and improve operational efficiency u Encourage adherence to management policies u Comply with laws and regulations 4 2 8/14/24 Functions of Internal Control 1. Preventive controls u Deter problems from occurring 2. Detective controls u Discover problems that are not prevented 3. Corrective controls u Identify and correct problems; correct and recover from the problems 5 Foreign Corrupt Practices Act (FCPA) & Sarbanes–Oxley Act (S O X) u FCPA is legislation passed (1977) u To prevent companies from bribing foreign officials to obtain business u Requires all publicly owned corporations to maintain a system of internal accounting controls u SOX is legislation passed (2002) that applies to publicly held companies and their auditors to u Prevent financial statement fraud u Make financial reports transparent u Protect investors u Strengthen internal controls u Punish executives who perpetrate fraud 6 3 8/14/24 Control Frameworks u COBIT u Framework for IT control u CO SO u Framework for enterprise internal controls (control-based approach) u COSO-ERM u Expands COSO framework taking a risk-based approach 7 C O B I T Framework u Current framework version is COBIT 2019 u Based on the following principles: u Meeting stakeholder needs u Covering the enterprise end-to-end u Applying a single, integrated framework u Enabling a holistic approach u Separating governance from management 8 4 8/14/24 C O B I T 2019 Governance and Management Objectives 9 Components of the COSO Internal Control – Integrated Framework u There are five components of the COSO Internal Control – Integrated Framework u Control environment u Risk assessment u Control activities u Information and communication u Monitoring 10 5 8/14/24 The Control Environment u Management’s philosophy, operating style, and risk appetite u Commitment to integrity, ethical values, and competence u Internal control oversight by Board of Directors u Organizing structure u Methods of assigning authority and responsibility u Human resource standards 11 Risk Assessment Two perspectives u Likelihood uProbability that the event will occur u Impact uEstimated potential loss if event occurs Types of risk u Inherent uRisk that exists before plans are made to control it u Residual uRisk that is left over after you control it 12 6 8/14/24 Risk Response u Reduce/mitigate u Implement effective internal control u Accept u Do nothing, accept likelihood, and impact of risk u Share/transfer u Buy insurance, outsource, or hedge u Avoid u Do not engage in the activity 13 Control Activities u Proper authorization of transactions and activities u Segregation of duties u Project development and acquisition controls u Change management controls u Design and use of documents and records u Safeguarding assets, records, and data u Independent checks on performance 14 7 8/14/24 Figure 10.4 Separation of Duties 15 Figure 10.5 Segregation of System Duties 16 8 8/14/24 Information & Communication u There are three principles that apply to the information and communication process: u Obtain or generate relevant, high- quality information to support internal control. u Internally communicate the information, including objectives and responsibilities, necessary to support the other components of internal control. u Communicate relevant internal control matters to external parties. 17 Monitoring u Perform internal control evaluations (e.g., internal audit) u Implement effective supervision u Use responsibility accounting systems (e.g., budgets) u Monitor system activities u Track purchased software and mobile devices u Conduct periodic audits (e.g., external, internal, network security) u Employ computer security officer u Engage forensic specialists u Install fraud detection software u Implement fraud hotline 18 9 8/14/24 Class Activity u Question 1 a. Describe how accounting information security controls (preventive, detective, and/or corrective controls) would best mitigate the following threats. b. An employee’s laptop was stolen at the airport. The laptop contained personally identifying information about the company’s customers that could potentially be used for identity theft. c. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. d. Attackers broke into the company’s information system through a wireless access point located in one of its retail stores. The store manager purchased and installed the wireless access point without informing central IT or security. u Question 2 a. A well-designed AIS should provide adequate controls in the general ledger and reporting system to ensure that control objectives are met. Discuss those control objectives. u Question 3 a. Describe several technologies developed for producing the time and attendance file in a modern business with telecommuting employees working from multiple locations. List, in order, the steps in the Financial Accounting Process. What are the major exposures in the general ledger/financial reporting system? 19 10

Class 7 Control & AIS PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue