Professional Documents
Culture Documents
Accounting
Information
Systems & Internal
Controls
Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Learning Objectives
• LO#1 Explain essential control concepts and why a
code of ethics and internal controls are important.
• LO#2 Explain the objectives and components of the
COSO internal control framework and the COSO
enterprise risk management framework.
• LO#3 Describe the overall COBIT framework and its
implications for IT governance.
• LO#4 Describe other governance frameworks related
to information systems management and security.
10-2
LO# 1
10-3
LO# 1
10-4
LO# 1
10-5
LO# 1
Corporate Governance
10-6
LO# 1
10-7
LO# 1
10-8
LO# 1
Computerized environment:
• General controls pertain to enterprise-wide issues
such as controls over accessing the network,
developing and maintaining applications,
documenting changes of programs, etc.
• Application controls are specific to a subsystem or
an application to ensure the validity, completeness
and accuracy of the transactions.
10-9
LO# 2
10-10
LO# 2
10-11
LO# 2
10-13
LO# 2
COSO 2.0
10-14
LO# 2
Control Environment
10-15
LO# 2
Risk Assessment
10-16
LO# 2
Control Activities
10-17
LO# 2
10-18
LO# 2
Monitoring Activities
10-19
LO# 2
10-20
LO# 2
10-21
LO# 2
10-22
LO# 2
10-23
LO# 2
Objective Setting
10-24
LO# 2
Event Identification
10-25
LO# 2
Risk Response
10-26
LO# 2
10-27
LO# 2
10-28
LO# 2
10-29
LO# 2
10-30
LO# 2
Control Activities
10-31
LO# 2
Control Activities
Control Activities
IT controls
--IT application controls
Input controls (field checks, size checks, range
checks, validity checks, completeness checks,
Reasonableness checks, Check digit verifications,
closed-loop verifications)
Processing controls (pre-numbered documents,
sequence checks, batch totals, cross-footing balance
tests, concurrent update controls)
Output controls
10-33
LO# 3
COBIT Framework
10-34
LO# 3
COBIT Framework
Governance:
firm objectives: evaluating stakeholder needs
setting direction through decision making
monitoring performance, compliance and progress
Management:
activities: planning, building, running and
monitoring
10-35
LO# 3
COBIT Framework
10-36
LO# 3
COBIT Framework
• Provides a business focus to align business and IT
objectives;
• Defines the scope and ownership of IT process and
control;
• Is consistent with accepted IT good practices and
standards;
• Provides a common language with a set of terms and
definitions that are generally understandable by all
stakeholders; and
• Meets regulatory requirements by being consistent
with generally accepted corporate governance
standards (e.g., COSO) and IT controls expected by
regulators and auditors.
10-37
LO# 3
COBIT Framework
Key criteria of business requirements for information:
• Effectiveness – relevant and timely information
• Efficiency – information is produced economically
• Confidentiality – protection of sensitive information
• Integrity – valid, accurate and complete information
• Availability – information is available when needed
• Compliance – information produced complying with
the laws and regulations
• Reliability – reliable information for daily decision
making
10-38
LO# 4
10-39
LO# 4
10-41
LO# 4
10-42
LO# 4
10-43