Internal Controls – Basics & Computer Controls PDF

Chat with Document
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...

Document Details

Tags

internal controls accounting information systems computer controls business management

Related

Summary

This document discusses internal controls and computer controls for organizations and accounting information systems. It covers topics including the definition and components of internal control systems. The document also includes information about the COSO internal control framework and its components.

Full Transcript

9/20/2024 Internal Controls – Basics & Computer Controls for Organizations and Accounting Information Systems 1 Internal Control Systems Definition Policies, plans, and procedures Implemented by management to protect a firm’...

9/20/2024 Internal Controls – Basics & Computer Controls for Organizations and Accounting Information Systems 1 Internal Control Systems Definition Policies, plans, and procedures Implemented by management to protect a firm’s assets People Involved Board of Directors Management Other key personnel 2 2 1 9/20/2024 Internal Control Systems Provides reasonable assurance Effectiveness and efficiency of operations Reliability of reporting Protection of assets Compliance with applicable laws and regulations Important Guidance Statement on Auditing Standard No. 94 Sarbanes-Oxley Act of 2002 3 3 Internal Control System Objectives Safeguard assets Check the accuracy and reliability of accounting data Promote operational efficiency Enforce prescribed managerial policies 4 4 2 9/20/2024 Background Information on Internal Controls COSO Internal Control 1992, 2013 COSO – ERM 2004, 2017 COBIT 1992, 2012 Sarbanes-Oxley Act 2002 5 5 COSO’s Internal Control Framework: Components and Principles Control Activities Selects and develops control activities Selects and develops general controls over technology 6 6 3 9/20/2024 COSO’s Internal Control Framework: Components and Principles Risk Assessment Specifies relevant objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant change 7 7 COSO’s Internal Control Framework: Components and Principles Information & Communication Uses relevant information Communicates internally Communicates externally Monitoring Activities Conducts ongoing and/or separate evaluations Evaluates and communicates deficiencies 8 8 4 9/20/2024 COSO’s Internal Control Framework: Components and Principles Control Environment Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability 9 9 2004 COSO Enterprise Risk Management Framework Emphasizes enterprise risk management Includes COSO (1992) control components Three new components Objective setting Event identification Risk response 10 10 5 9/20/2024 2004 COSO Enterprise Risk Management Framework 11 11 2004 COSO Enterprise Risk Management Framework Objective Setting Strategic – high level goals and mission Operations – day-to-day efficiency, performance, and profitability Reporting – internal and external Compliance – laws and regulations 12 12 6 9/20/2024 2004 COSO Enterprise Risk Management Framework Event Identification and Risk Response Identify threats Analyze risks Implement cost-effective countermeasures Additional considerations Risk tolerance Cost-benefit trade-offs 13 13 Examples of Control Activities Good Audit Trail Sound Personnel Policies and Practices Separation of Duties Physical Protection of Assets Reviews of Operating Performance Timely Performance Reports 14 14 7 9/20/2024 Good Audit Trail Use of Audit Trail Follow path of data recorded in transaction Initial source documents to final disposition of data Data on reports back to source documents Purpose of Audit Trail Verify accuracy of recorded transactions Detect errors and irregularities 15 15 Sound Personnel Policies 16 16 8 9/20/2024 Separation of Duties Purpose Structure of work assignments One employee’s work checks the work of another Separate Related Activities Authorizing transactions Recording transactions Maintaining custody of assets 17 17 Physical Protection of Assets Inventory Controls Stored in safe location with limited access Utilization of Receiving Report Document Controls Protecting valuable organizational documents Corporate charter, major contracts, blank checks, and SEC registration statements 18 18 9 9/20/2024 Receiving Report 19 19 Physical Protection of Assets Cash Control Most susceptible to theft and human error Fidelity bond coverage Use checks for cash disbursements Deposit the daily cash receipts intact 20 20 10 9/20/2024 Disbursement Voucher 21 21 Reviews of Operating Performance Internal Audit Function Reports to Audit Committee of Board of Directors Independent of other subsystems Enhances objectivity Duties of Internal Auditors Operational audits Regular reviews of internal control systems 22 22 11 9/20/2024 COBIT 5 23 23 Types of Controls Preventive Detective Corrective 24 24 12 9/20/2024 Cost-Benefit Analysis 25 25 A Risk Matrix 26 26 13 9/20/2024 Learning Objectives – IT Controls Identify control objectives related to IT and explain how these objectives are achieved. Describe enterprise-level controls for an organization and explain why they are essential for corporate governance Discuss the importance of general controls for information technology in the design and implementation of accounting information systems. Distinguish between input controls, processing controls, and output controls and select specific examples of control procedures for each of these categories 27 27 Topics Introduction Enterprise Level Controls General Controls for Information Technology Application Controls for Transaction Processing 28 28 14 9/20/2024 Classification of IT Controls Implementation Manual, Automated Function PREVENTIVE Preventive, Detective, Corrective DETECTIVE Scope Enterprise level, General, Application CORRECTIVE 29 29 Enterprise Level Controls Consistent policies and procedures Management’s risk assessment process Centralized processing and controls Controls to monitor results of operations 30 30 15 9/20/2024 Enterprise Level Controls Effective internal audit function, audit committee, and self-assessment programs Period-end financial reporting process Board-approved policies that address significant business control and risk management practices 31 31 Risk Assessment and Security Policies 32 32 16 9/20/2024 Integrated Security for the Organization Physical Security Measures used to protect its facilities, resources, or proprietary data stored on physical media Logical Security Limit access to system and information to authorized individuals Integrated Security Combines physical and logical elements Supported by comprehensive security policy 33 33 Physical and Logical Security 34 34 17 9/20/2024 General Controls for Information Technology Access to Data, Hardware, and Software Security for Mobile Devices Security for Wireless Technology 35 35 Application Controls for Transaction Processing Purpose Embedded in business process applications Prevent, detect, and correct errors and irregularities Application Controls Input Controls Processing Controls Output Controls 36 36 18 9/20/2024 Application Controls for Transaction Processing 37 37 Input Controls Purpose Ensure validity Ensure accuracy Ensure completeness Categories 1. Observation, recording, and transcription of data 2. Edit tests 3. Additional input controls 38 38 19 9/20/2024 1) Observation, Recording, and Transcription of Data Confirmation mechanism Dual observation Point-of-sale devices (POS) Preprinted recording forms 39 39 2) Edit Tests Input Validation Routines (Edit Programs) Programs or subroutines Check validity and accuracy of input data Edit Tests Examine selected fields of input data Rejects data not meeting pre-established standards of quality 40 40 20 9/20/2024 Edit Tests 41 41 Edit Tests 42 42 21 9/20/2024 3) Additional Input Controls Validity Test Transactions matched with master data files Transactions lacking a match are rejected Check-Digit Control Procedure Account number 58154 (summed up would be 5+8+1+5+4=23) Take the “low-order digit”- the 3 in the “ones” place New account number for a validity check would be 581543 43 43 Processing Controls Purpose Focus on manipulation of accounting data Contribute to a good audit trail Two Types Control totals Data manipulation controls 44 44 22 9/20/2024 Audit Trail 45 45 Control Totals Common Processing Control Procedures Batch control total Financial control total Nonfinancial control total Record count Hash total 46 46 23 9/20/2024 Data Manipulation Controls Data Processing Following validation of input data Data manipulated to produce decision-useful information Processing Control Procedures Software Documentation Error-Testing Compiler Utilization of Test Data 47 47 Output Controls Purpose Ensure validity Ensure accuracy Ensure completeness Major Types Validating Processing Results Regulating Distribution and Use of Printed Output 48 48 24 9/20/2024 Output Controls Validating Processing Results Preparation of activity listings Provide detailed listings of changes to master files Regulating Distribution and Use of Printed Outputs Forms control Pre-numbered forms Authorized distribution list 49 49 25

Use Quizgecko on...
Browser
Open
Browser
Browser