Scribd Logo
Upload

Welcome to Scribd!

  • Romney Ais13 PPT 07

    Uploaded by

    Yose At The Kahyangan
    8 views21 pages

    Original Title

    romney_ais13_ppt_07

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views21 pages

    Romney Ais13 PPT 07

    Uploaded by

    Yose At The Kahyangan

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Control and Accounting Information Systems

    Chapter 7

    Copyright © 2015 Pearson Education, Inc.


    7-1
    Learning Objectives

    • Explain basic control concepts and why computer control and security are important.

    • Compare and contrast the COBIT, COSO, and ERM control frameworks.

    • Describe the major elements in the internal environment of a company.

    • Describe the four types of control objectives that companies need to set.

    • Describe the events that affect uncertainty and the techniques used to identify them.

    • Explain how to assess and respond to risk using the Enterprise Risk Management model.

    • Describe control activities commonly used in companies.

    • Describe how to communicate information and monitor control processes in


    organizations.
    Copyright © 2015 Pearson Education, Inc.
    7-2
    Why Is Control Needed?
    • Any potential adverse occurrence or unwanted event
    that could be injurious to either the accounting
    information system or the organization is referred to as
    a threat (ancaman) or an event.

    • The potential dollar loss should a particular threat


    become a reality is referred to as the exposure
    (paparan) or impact (dampak) of the threat.

    • The probability that the threat will happen is the


    likelihood (kemungkinan) associated with the threat
    Copyright © 2015 Pearson Education, Inc.
    7-3
    A Primary Objective of an AIS

    • Is to control the organization so the organization


    can achieve its objectives

    • Management expects accountants to:


    ▫ Take a proactive approach to eliminating system
    threats.
    ▫ Detect, correct, and recover from threats when
    they occur.

    Copyright © 2015 Pearson Education, Inc.


    7-4
    Internal Controls
    • Processes implemented to provide assurance
    that the following objectives are achieved:
    ▫ Safeguard assets
    ▫ Maintain sufficient records
    ▫ Provide accurate and reliable information
    ▫ Prepare financial reports according to established
    criteria
    ▫ Promote and improve operational efficiency
    ▫ Encourage adherence (ketaatan) with
    management policies
    ▫ Comply with laws and regulations
    Copyright © 2015 Pearson Education, Inc.
    7-5
    Functions of Internal Controls

    • Preventive controls
    ▫ Deter problems from occurring
    • Detective controls
    ▫ Discover problems that are not prevented
    • Corrective controls
    ▫ Identify and correct problems; correct and recover
    from the problems

    Copyright © 2015 Pearson Education, Inc.


    7-6
    Control Frameworks
    • COBIT
    ▫ Framework for IT control
    • COSO
    ▫ Framework for enterprise internal controls
    (control-based approach)
    • COSO-ERM
    ▫ Expands COSO framework taking a risk-based
    approach

    Copyright © 2015 Pearson Education, Inc.


    7-7
    COBIT Framework
    Control Objective for Information and Related Technolgy

    • Current framework version is COBIT5


    • Based on the following principles:
    ▫ Meeting stakeholder needs
    ▫ Covering the enterprise end-to-end
    ▫ Applying a single, integrated framework
    ▫ Enabling a holistic approach
    ▫ Separating governance from management

    Copyright © 2015 Pearson Education, Inc.


    7-8
    COBIT5 Separates Governance from
    Management

    Copyright © 2015 Pearson Education, Inc.


    7-9
    Components of COSO Frameworks
    Committee of Sponsoring Organization

    COSO COSO-ERM
    (Enterprise Risk Management)

    • Control (internal) • Internal environment


    environment • Objective setting
    • Risk assessment • Event identification
    • Control activities • Risk assessment
    • Information and • Risk response
    communication • Control activities
    • Monitoring • Information and
    communication
    • Monitoring
    Copyright © 2015 Pearson Education, Inc.
    7-10
    Internal Environment
    • Management’s philosophy, operating style, and
    risk appetite
    • Commitment to integrity, ethical values, and
    competence
    • Internal control oversight by Board of Directors
    • Organizing structure
    • Methods of assigning authority and
    responsibility
    • Human resource standards

    Copyright © 2015 Pearson Education, Inc.


    7-11
    Objective Setting

    • Strategic objectives
    ▫ High-level goals
    • Operations objectives
    ▫ Effectiveness and efficiency of operations
    • Reporting objectives
    ▫ Improve decision making and monitor
    performance
    • Compliance objectives
    ▫ Compliance with applicable laws and regulations
    Copyright © 2015 Pearson Education, Inc.
    7-12
    Event Identification
    Identifying incidents both external and internal to
    the organization that could affect the achievement
    of the organizations objectives
    Key Management Questions:
    • What could go wrong?
    • How can it go wrong?
    • What is the potential harm?
    • What can be done about it?

    Copyright © 2015 Pearson Education, Inc.


    7-13
    Risk Assessment
    Risk is assessed from two perspectives:
    • Likelihood
    ▫ Probability that the event will occur
    • Impact
    ▫ Estimate potential loss if event occurs

    Types of risk
    • Inherent
    ▫ Risk that exists before plans are made to control it
    • Residual
    ▫ Risk that is left over after you control it
    Copyright © 2015 Pearson Education, Inc.
    7-14
    Risk Response

    • Reduce
    ▫ Implement effective internal control
    • Accept
    ▫ Do nothing, accept likelihood and impact of risk
    • Share
    ▫ Buy insurance, outsource, or hedge
    • Avoid
    ▫ Do not engage in the activity

    Copyright © 2015 Pearson Education, Inc.


    7-15
    Control Activities

    • Proper authorization of transactions and


    activities
    • Segregation of duties
    • Project development and acquisition controls
    • Change management controls
    • Design and use of documents and records
    • Safeguarding assets, records, and data
    • Independent checks on performance

    Copyright © 2015 Pearson Education, Inc.


    7-16
    Segregation of Duties

    Copyright © 2015 Pearson Education, Inc.


    7-17
    Monitoring
    • Perform internal control evaluations (e.g., internal
    audit)
    • Implement effective supervision
    • Use responsibility accounting systems (e.g., budgets)
    • Monitor system activities
    • Track purchased software and mobile devices
    • Conduct periodic audits (e.g., external, internal,
    network security)
    • Employ computer security officer
    • Engage forensic specialists
    • Install fraud detection software
    • Implement
    Copyright fraud
    © 2015 Pearson Education, Inc. hotline
    7-18
    Key Terms
    • Threat or Event • Foreign Corrupt Practices Act
    • Exposure or impact (FCPA)
    • Likelihood • Sarbanes-Oxley Act (SOX)
    • Internal controls • Public Company Accounting
    • Preventive controls Oversight Board (PCAOB)
    • Detective controls • Control Objectives for
    • Corrective controls Information and Related
    Technology (COBIT)
    • General controls
    • Committee of Sponsoring
    • Application controls
    Organizations (COSO)
    • Belief system
    • Internal control-integrated
    • Boundary system framework (IC)
    • Diagnostic control system • Enterprise Risk Management
    • Interactive control system Integrated Framework (ERM)
    • Audit committee • Internal environment
    Copyright © 2015 Pearson Education, Inc.
    7-19
    Key Terms (continued)
    • Risk appetite • Specific authorization
    • Policy and procedures manual • General authorization
    • Background check • Segregation of accounting
    • Strategic objectives duties
    • Operations objectives • Collusion
    • Reporting objectives • Segregation of systems duties
    • Compliance objectives • Systems administrator
    • Event • Network manager
    • Inherent risk • Security management
    • Residual risk • Change management
    • Expected loss • Users
    • Control activities • Systems analysts
    • Authorization • Programmers
    • Digital signature • Computer operators
    Copyright © 2015 Pearson Education, Inc. • Information system library 7-20
    Key Terms (continued)
    • Data control group • Postimplementation review
    • Steering committee • Systems integrator
    • Strategic master plan • Analytical review
    • Project development plan • Audit trail
    • Project milestones • Computer security officer
    • Data processing schedule (CSO)
    • • Chief compliance officer (CCO)
    System performance
    measurements • Forensic investigators
    • Throughput • Computer forensics specialists
    • Utilization • Neural networks
    • Response time • Fraud hotline

    Copyright © 2015 Pearson Education, Inc.


    7-21

    You might also like