Scribd Logo
Upload

Welcome to Scribd!

  • Primary Objective of An AIS

    Uploaded by

    GundamSeed
    11 views16 pages
    This document outlines learning objectives and key concepts around internal controls and risk management. It discusses control frameworks like COBIT and COSO and the importance of internal controls in achieving organizational objectives. The document also describes how to identify risks, assess risks, and respond to risks using the Enterprise Risk Management model. Control activities and monitoring processes are also summarized.

    Original Description:

    Primary Objective of an AIS

    Original Title

    Primary Objective of an AIS

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines learning objectives and key concepts around internal controls and risk management. It discusses control frameworks like COBIT and COSO and the importance of internal controls in achieving organizational objectives. The document also describes how to identify risks, assess risks, and respond to risks using the Enterprise Risk Management model. Control activities and monitoring processes are also summarized.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views16 pages

    Primary Objective of An AIS

    Uploaded by

    GundamSeed
    This document outlines learning objectives and key concepts around internal controls and risk management. It discusses control frameworks like COBIT and COSO and the importance of internal controls in achieving organizational objectives. The document also describes how to identify risks, assess risks, and respond to risks using the Enterprise Risk Management model. Control activities and monitoring processes are also summarized.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Learning Objectives

    • Explain basic control concepts and why computer control and security are important.

    • Compare and contrast the COBIT, COSO, and ERM control frameworks.

    • Describe the major elements in the internal environment of a company.

    • Describe the four types of control objectives that companies need to set.

    • Describe the events that affect uncertainty and the techniques used to identify them.

    • Explain how to assess and respond to risk using the Enterprise Risk Management model.

    • Describe control activities commonly used in companies.

    • Describe how to communicate information and monitor control processes in organizations.


    Why Is Control Needed?
    • Any potential adverse occurrence or unwanted event that could be injurious to
    either the accounting information system or the organization is referred to as a
    threat or an event.

    • The potential dollar loss should a particular threat become a reality is referred to as
    the exposure or impact of the threat.

    • The probability that the threat will happen is the likelihood associated with the
    threat
    A Primary Objective of an AIS
    • Is to control the organization so the organization
    can achieve its objectives
    • Management expects accountants to:
    – Take a proactive approach to eliminating system threats.
    – Detect, correct, and recover from threats when they
    occur.
    Internal Controls
    Processes implemented to provide assurance that the following objectives are
    achieved:
    • Safeguard assets
    • Maintain sufficient records
    • Provide accurate and reliable information
    • Prepare financial reports according to established criteria
    • Promote and improve operational efficiency
    • Encourage adherence with management policies
    • Comply with laws and regulations
    Functions of Internal Controls
    • Preventive controls
    – Deter problems from occurring
    • Detective controls
    – Discover problems that are not prevented
    • Corrective controls
    – Identify and correct problems; correct and recover from
    the problems
    Control Frameworks
    • COBIT
    – Framework for IT control
    • COSO
    – Framework for enterprise internal controls (control-based
    approach)
    • COSO-ERM
    – Expands COSO framework taking a risk-based approach
    COBIT Framework
    • Current framework version is COBIT5
    • Based on the following principles:
    – Meeting stakeholder needs
    – Covering the enterprise end-to-end
    – Applying a single, integrated framework
    – Enabling a holistic approach
    – Separating governance from management
    Internal Environment
    • Management’s philosophy, operating style, and risk appetite
    • Commitment to integrity, ethical values, and competence
    • Internal control oversight by Board of Directors
    • Organizing structure
    • Methods of assigning authority and responsibility
    • Human resource standards
    Objective Setting
    • Strategic objectives
    – High-level goals
    • Operations objectives
    – Effectiveness and efficiency of operations
    • Reporting objectives
    – Improve decision making and monitor performance
    • Compliance objectives
    – Compliance with applicable laws and regulations
    Event Identification
    Identifying incidents both external and internal to the
    organization that could affect the achievement of the
    organizations objectives
    Key Management Questions:
    • What could go wrong?
    • How can it go wrong?
    • What is the potential harm?
    • What can be done about it?
    Risk Assessment
    Risk is assessed from two perspectives:
    • Likelihood
    – Probability that the event will occur
    • Impact
    – Estimate potential loss if event occurs

    Types of risk
    • Inherent
    – Risk that exists before plans are made to control it
    • Residual
    – Risk that is left over after you control it
    Risk Response
    • Reduce
    – Implement effective internal control
    • Accept
    – Do nothing, accept likelihood and impact of risk
    • Share
    – Buy insurance, outsource, or hedge
    • Avoid
    – Do not engage in the activity
    Control Activities
    • Proper authorization of transactions and activities
    • Segregation of duties
    • Project development and acquisition controls
    • Change management controls
    • Design and use of documents and records
    • Safeguarding assets, records, and data
    • Independent checks on performance
    Segregation of Duties
    Monitoring
    • Perform internal control evaluations (e.g., internal audit)
    • Implement effective supervision
    • Use responsibility accounting systems (e.g., budgets)
    • Monitor system activities
    • Track purchased software and mobile devices
    • Conduct periodic audits (e.g., external, internal, network security)
    • Employ computer security officer
    • Engage forensic specialists
    • Install fraud detection software
    • Implement fraud hotline
    Key Terms
    • Threat or Event • Foreign Corrupt Practices Act (FCPA)
    • Exposure or impact • Sarbanes-Oxley Act (SOX)
    • Likelihood • Public Company Accounting Oversight Board
    • (PCAOB)
    Internal controls
    • Control Objectives for Information and Related
    • Preventive controls
    Technology (COBIT)
    • Detective controls • Committee of Sponsoring Organizations (COSO)
    • Corrective controls • Internal control-integrated framework (IC)
    • General controls • Enterprise Risk Management Integrated
    • Application controls Framework (ERM)
    • Belief system • Internal environment
    • Boundary system
    • Diagnostic control system
    • Interactive control system
    • Audit committee

    You might also like