Welcome to Our

Presentation
“Control and Accounting
Information Systems”
 Introduction
Threats to AccountIng InformatIon Systems
 Difficult to monitor large number of employees
 Accidental destruction of data by employees
 Unauthorized access to the data or system by employees
 Unauthorized access to the data or system by outsiders
 Natural disasters
 Disasters of human origin
 The introduction of computer viruses to the systems
 Theft of data or information
Several reasons behind not protecting data
 Indifference to the loss of crucial data
 Lack of understandability to cope up with the new system
 Lack of realization about the strategic importance of the information
 Tend to forgo time-consuming control measures
The Internal control system
The internal control system consists of the policies and procedures
established to provide reasonable assurance that the following entity
objectives will be achieved.
o Safeguard assets
o Maintain accounting records accurately and fairly
o Provide accurate and reliable information
o Promote and improve operational efficiency
o Prepare financial reports in accordance with established criteria
Internal controls perform three important functions
1. Preventive Controls
2. Detective Controls
3. Corrective Controls

Internal controls are often segregated into two categories

1. General Controls
2. Application Controls
 Robert Simons, a Harvard business professor, has espoused four
levels of control control to help management reconcile the conflict
between creativity and controls
1. A belief control system
2. A boundary control system
3. A diagnostic control system
4. Interactive control system

7
 Foreign Corrupt Practices Act (1977)
▪ prevent companies from bribing foreign officials to
obtain business.
▪ maintain a system of internal accounting controls.
▪ these requirements were not sufficient to prevent further
problems.
▪ accounting frauds at Enron, WorldCom, Xerox, Tyco,
Global Crossing, Adelphia, and other companies.

8
 Sarbanes - Oxley Act (SOX) (2002)
▪ creation of the Public Company Accounting Oversight
Board (PCAOB).
▪ new rules for auditors, audit committees, and
management.
▪ new roles for audit committees
▪ New internal control requirements

9
 Sarbanes - Oxley Act (SOX)
(2002)
After SOX was passed, the SEC mandated that management must:
▪ Base its evaluation on a recognized control framework. The
most likely frameworks, formulated by the Committee of
Sponsoring Organizations (COSO)
▪ Disclose all material internal control weaknesses.
▪ Conclude that a company does not have effective financial
reporting internal controls if there are material weaknesses.

10
 COBIT framework

1. Management to benchmark security COBIT based on five key components of IT

and Control practices of it
environment
1. Meeting stakeholder needs.
2. Users to be assured that adequate IT
security and control exist. 2. Covering the enterprise end-to-end.
3.Auditors to substantiate their 3. Applying a single, integrated framework
internal 4. Enabling a holistic approach.
Control opinions and to advice on IT 5. Separating governance from management
security and control matters