Professional Documents
Culture Documents
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart
Fakultas Ekonomi dan
Bisnis
School of Economic and INTRODUCTION
Business
Telkom
University
Questions to be addressed in this chapter:
What are the basic internal control concepts, and why are computer
control and security important?
What is the difference between the COBIT, COSO, and ERM control
frameworks?
What are the major elements in the internal environment of a company?
What are the four types of control objectives that companies need to set?
What events affect uncertainty, and how can they be identified?
How is the Enterprise Risk Management model used to assess and
respond to risk?
What control activities are commonly used in companies?
How do organizations communicate information and monitor control
processes?
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
COBIT framework
Also know as the Control Objectives for Information and
Related Technology framework.
Developed by the Information Systems Audit and Control
Foundation (ISACF).
A framework of generally applicable information systems
security and control practices for IT control.
Telkom
University information must conform
certain criteria referred to
“business requirements fo
The framework addresses the issueinformation.”
of control from
• The criteria are divided int
three vantage points or dimensions:
seven distinct yet overlapp
Business objectives
categories that map into C
objectives:
– Effectiveness (relevant
pertinent, and timely)
– Efficiency
– Confidentiality
– Integrity
– Availability
– Compliance with legal
requirements
– Reliability
© 2008 Prentice Hall Business Publishing 17
Accounting Information
Creating
Systems, 11/e
the great business leaders
Romney/Steinbart
Fakultas Ekonomi dan
Bisnis
School of Economic and CONTROL FRAMEWORKS
Business
Telkom
University
• Includes:
• People
• Application systems
• Technology
• Facilities
• Data
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
The following policies and procedures are
important:
Hiring
Compensating
Training
Evaluating and promoting
Discharging
Managing disgruntled employees
Vacations and rotation of duties
Confidentiality insurance and fidelity bonds
Accountants:
Help management design effective controls to reduce
inherent risk.
Evaluate internal control systems to ensure they are
operating effectively.
Assess and reduce inherent risk using the risk assessment
and response strategy.
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Telkom
University
Accountants:
Help management design effective controls to reduce
inherent risk.
Evaluate internal control systems to ensure they are
operating effectively.
Assess and reduce inherent risk using the risk assessment
and response strategy.
Telkom
University
Telkom
University
Segregation of duties
Good internal control requires that no single employee be
given too much responsibility over business transactions or
processes.
An employee should not be in a position to commit and
conceal fraud or unintentional errors.
Segregation of duties is discussed in two sections:
Segregation of accounting duties
Segregation of duties within the systems function
Telkom
University
Telkom
University
Telkom
University
Ledger
$1,000
Telkom
University
Ledger
$1,000
Telkom
University
Ledger
$900
Bill also records an entry in the books to show that $100 was
spent for some “legitimate” purpose. Now the balance in
the books is $900.
Telkom
University
Ledger
$900
Telkom
University
Telkom
University
Ledger
$1,000
Telkom
University
Ledger
$1,000
Telkom
University
Ledger
$1,000
Telkom
University
Telkom
University
AUTHORIZATION
FUNCTIONS
• Authorization of
transactions
© 2008 Prentice Hall Business Publishing 49
Accounting Information
Creating
Systems, 11/e
the great business leaders
Romney/Steinbart
Fakultas Ekonomi dan
Bisnis
School of Economic and CONTROL ACTIVITIES
Business
Telkom
University
Telkom
University
Ledger
$1,000
If this happens . . .
Telkom
University
Ledger
$1,000
Telkom
University
Segregation of duties
Good internal control requires that no single employee be
given too much responsibility over business transactions or
processes.
An employee should not be in a position to commit and
conceal fraud or unintentional errors.
Segregation of duties is discussed in two sections:
Segregation of accounting duties
Segregation of duties within the systems function
Telkom
University
Authority and responsibility must be divided clearly among the
following functions:
Systems administration
Network management
Security management
Change management
Users
Systems analysts
Programming
Computer operations
Information systems library
Data control