Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management
Uploaded by quynhptt20406

04 - Control and Accounting Information Systems.pptx

advertisement 
Control and Accounting Information
Systems
Chapter 7
Copyright © Pearson Education Limited 2015.
7-1
Learning Objectives
• Explain basic control concepts and why computer control and security are
important.
• Compare and contrast the COBIT, COSO, and ERM control frameworks.
• Describe the major elements in the internal environment of a company.
• Describe the four types of control objectives that companies need to set.
• Describe the events that affect uncertainty and the techniques used to
identify them.
• Explain how to assess and respond to risk using the Enterprise Risk
Management model.
• Describe control activities commonly used in companies.
• Describe how to communicate information and monitor control processes 7-2
i n o r g a n i z a ti o n s .
Why Accounting Information Systems
Threats Are Increasing ? P.323
1. Increase in number of information
systems means that information is
available to an increasing number of
workers.
2. Distributed computer networks are
harder to control than centralized
mainframe systems.
3. Customers and suppliers have access to
each other's systems and data
Copyright © Pearson Education Limited 2015.
7-3
Why organizations do not adequately
protect their data ? (p324)
1. Some companies view the loss of crucial
information as a distant, unlikely threat.
2. The control implications of moving from
centralized computer systems to Internetbased systems are not fully understood.
3. Many companies do not realize that
information is a strategic resource and that
protecting it must be a strategic requirement.
4. Productivity and cost pressures motivate
management to forgo time-consuming control
Copyright © Pearson Education Limited 2015.
7-4
measures
Threat or Event : any potential adverse
occurrence or unwanted event that could be
injurious to either the AIS or the organization.
Exposure or Impact : The potential dollar
loss should a particular threat
Likelihood of the threat : The probability
that it will happen
Copyright © Pearson Education Limited 2015.
7-5
Overview Internal Controls (p352)
Internal Controls : are the processes
implemented to provide assurance that the
following objectives are achieved :
▫Safeguard assets
▫Maintain sufficient records
▫Provide accurate and reliable information
▫ Prepare financial reports according to established
criteria
▫Promote and improve operational efficiency
▫Encourage adherence with management policies
▫Comply with laws and regulations
Copyright © Pearson Education Limited 2015.
7-6
Why Control and Security
Are Important ? (p324)
▪ One of the primary objectives of an accounting
information system is to control a business organization.
▪ One of management’s basic functions is to ensure that
enterprise objectives are achieved. Thus management’s
decisions pertaining to controls are crucial to the firm’s
success in meeting its objectives.
Accountants and systems developers help management
achieve their control objectives by
1.
2.
Designing effective control systems that take a
proactive approach to eliminating system threats and
that detect, correct, and recover from threats when
they occur;
Making it easier to build controls into a system at the
initial design stage than to add them after the fact
Copyright © Pearson Education Limited 2015.
7-7
Functions of Internal Controls
(p324)
Internal controls perform three
important functions
• Preventive controls
▫Deter problems before they arise
• Detective controls
▫Discover problems that are not prevented
• Corrective controls
▫ Identify and correct problems; correct and recover
from the problems
Copyright © Pearson Education Limited 2015.
7-8
Two categories of Internal Controls
(p190)
General controls : make sure an organization's
control environment is stable and well managed.
Examples include security; IT infrastructure; and
software acquisition, development, and maintenance
controls.
Application controls : prevent, detect, and correct
transaction errors and fraud in application programs.
They are concerned with the accuracy, completeness,
validity, and authorization of the data captured,
entered, processed, stored, transmitted to other
systems, and reported.
Copyright © Pearson Education Limited 2015.
7-9
Levers of Control (p326)
Four levers of control to help management
reconcile the conflict between creativity and controls.
Belief system : communicates company core
values to employees and inspires them to live by them
Boundary system : helps employees act ethically by
setting limits on employee behavior. This means
encouraging employees to solve problems and meet
customer needs within the limits of freedom
Diagnostic control system : measures, monitors,
and compares actual company progress to budgets
and performance goals.
Interactive control system : helps managers to
focus subordinates' attention on key strategic issues
and to be more involved in their decisions.
Copyright © Pearson Education Limited 2015.
7-10
Foreign Corrupt Practices (F C P A) and
Sarbanes–Oxley Acts (S O X) (P.325)
F C P A is legislation passed (1977)
To prevent companies from bribing foreign officials to obtain
business
Requires all publicly owned corporations to maintain a system of
internal accounting controls
S O X is legislation passed (2002) that applies to publicly held
companies and their auditors to
Prevent financial statement fraud
Make financial reports transparent
Protect investors
Strengthen internal controls
Punish executives who perpetrate fraud
7-11
Control Frameworks
• COBIT
▫Framework for IT control
• COSO
▫Framework for enterprise internal controls
(control-based approach)
• COSO-ERM
▫Expands COSO framework taking a risk-based
approach
7-12
COBIT Framework
Developed by The Information Systems Audit and
Control Foundation (ISACF) .
COBIT consolidates control standards from many
different sources into a single framework that
allows:
(1)management to benchmark security and control
practices of IT environments.
(2)users to be assured that adequate IT security and
controls exist.
(3)auditors to substantiate their internal control
opinions and to advise on IT security and control
Copyright © Pearson Education Limited 2015.
matters.
7-13
COBIT Framework
Based on the following principles:
1.
Meeting stakeholder needs : helps users customize
2.
business processes and procedures to create an
information system.
Covering the enterprise end-to-end : integrates all IT
functions and processes into companywide functions and
processes
3.
4.
5.
Applying a single, integrated framework
Enabling a holistic approach
Separating governance from management :
Distinguishes between governance (direct, evaluate,
and monitor) and management (plan, build, run,
and monitor).
Copyright © Pearson Education Limited 2015.
7-14
COBIT5 Separates Governance from
Management
Copyright © Pearson Education Limited 2015.
7-15
Copyright © Pearson Education Limited 2015.
7-16
Components of COSO Frameworks
COSO
• Control (internal)
environment
• Risk assessment
• Control activities
• Information and
communication
• Monitoring
Copyright
© Pearson Education Limited 2015.
COSO-ERM
•
•
•
•
•
•
•
Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
Information and
communication
• Monitoring
7-17
Copyright © Pearson Education Limited 2015.
Objectives
Units
COSO’s
Enterprise
Risk
Management
Model
Copyright © Pearson Education Limited 2015.
Internal Environment
1. Management’s philosophy, operating style, and
risk appetite
2. Commitment to integrity, ethical values, and
competence
3. Internal control oversight by Board of Directors
4. Organizing structure
5. Methods of assigning authority and
responsibility
6. Human resource standards that attract, develop,
and retain competent individuals
7. External influences.
7-2
0
Objective Setting
• Strategic objectives
High-level goals, that are aligned with the company's mission
• Operations objectives
Effectiveness and efficiency of operations
• Reporting objectives
Improve decision making and monitor performance
• Compliance objectives
Compliance with applicable laws and regulations
Copyright © Pearson Education Limited 2015.
7-21
Event Identification
Event - A positive or negative incident or
occurrence from internal or external sources that
affects the implementation of strategy or the
achievement of objectives.
An event represents uncertainty; it may or may not occur.
If it does occur, it is hard to know when. Until it occurs, it
may be difficult to determine its impact. Events may occur
individually or concurrently.
Management must try to anticipate all possible positive or
negative events.
Copyright © Pearson Education Limited 2015.
7-22
Risk Assessment
Risk is assessed from two perspectives:
• Likelihood
▫Probability that the event will occur
• Impact
▫Estimate potential loss if event occurs
Types of risk
• Inherent
▫Risk that exists before plans are made to control it
• Residual
Copyright © Pearson Education Limited 2015.
▫Risk that is left over after you control it
7-23
Risk Response
Management can respond to risk in one of four
ways:
• Reduce
▫Implement effective internal control
• Accept
▫Do nothing, accept likelihood and impact of risk
• Share
▫Buy insurance, outsource, or hedge
• Avoid
▫Do not engage in the activity
Copyright © Pearson Education Limited 2015.
7-20
ESTIMATE
LIKELIHOOD AND
IMPACT
ESTIMATE COSTS AND BENEFITS
One way to estimate the value of internal
controls involves expected loss :
Expected loss = Impact X Likelihood
Copyright © Pearson Education Limited 2015.
7-26
Control Activities
Control activities are policies, procedures, and rules that
provide reasonable assurance that control objectives are met
and risk responses are carried out :
• Proper authorization of transactions and
activities
• Segregation of duties
• Project development and acquisition controls
(C.20-C.22)
• Change management controls
• Design and use of documents and records
• Safeguarding assets, records, and data
Copyright © Pearson Education Limited 2015.
7-27
• Independent checks on performance
Copyright © Pearson Education Limited 2015.
7-28
Figure 10.5 Segregation of System Duties
7-29
Information and Communication
There are three principles that apply to the information and
communication process:
1.
Obtain or generate relevant, high-quality information to
support internal control.
2.
Internally communicate the information, including
objectives and responsibilities, necessary to support the
other components of internal control.
3.
Communicate relevant internal control matters to
external parties.
7-30
Monitoring
• Perform internal control evaluations (e.g., internal
audit)
• Implement effective supervision
• Use responsibility accounting systems (e.g.,
budgets)
• Monitor system activities
• Track purchased software and mobile devices
• Conduct periodic audits (e.g., external, internal,
network security)
• Employ computer security officer and a chief
compliance officer
• Engage forensic specialists
7-31
• Install fraud detection software
Key Terms
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Threat or Event
Exposure or impact
Likelihood
Internal controls
Preventive controls
Detective controls
Corrective controls
General controls
Application controls
Belief system
Boundary system
Diagnostic control system
Interactive control system
Audit committee
Copyright © Pearson Education Limited 2015.
• Foreign Corrupt Practices Act
(FCPA)
• Sarbanes-Oxley Act (SOX)
• Public Company Accounting
Oversight Board (PCAOB)
• Control Objectives for
Information and Related
Technology (COBIT)
• Committee of Sponsoring
Organizations (COSO)
• Internal control-integrated
framework (IC)
• Enterprise Risk Management
Integrated Framework (ERM)
• Internal environment
7-32
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Risk appetite
Policy and procedures manual
Background check
Strategic objectives
Operations objectives
Reporting objectives
Compliance objectives
Event
Inherent risk
Residual risk
Expected loss
Control activities
Authorization
Digital signature
Copyright © Pearson Education Limited 2015.
• Specific authorization
• General authorization
• Segregation of accounting
duties
• Collusion
• Segregation of systems duties
• Systems administrator
• Network manager
• Security management
• Change management
• Users
• Systems analysts
• Programmers
• Computer operators
• Information system library 7-25
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
Data control group
Steering committee
Strategic master plan
Project development
plan
Project milestones
Data processing
schedule
System
performance
measurements
Throughput
Utilization
Response time
Copyright © Pearson Education Limited 2015.
• Postimplementation
review
• Systems integrator
• Analytical review
• Audit trail
• Computer security
officer (CSO)
• Chief compliance officer
(CCO)
• Forensic investigators
• Computer forensics
specialists
• Neural networks
• Fraud hotline
7-26
Related documents
conceptmap1
conceptmap1
BARTOL 11E ECU S2 2021 (2)
BARTOL 11E ECU S2 2021 (2)
Cell Cycle Concept Map
Cell Cycle Concept Map
Assignment 1
Assignment 1
pdfcoffee.com 2016-operations-management-by-jay-heizer-sustainability-and-supply-chain-management-12th-edition-pearson-pdf-free
pdfcoffee.com 2016-operations-management-by-jay-heizer-sustainability-and-supply-chain-management-12th-edition-pearson-pdf-free
Download
advertisement