ACCOUNTING INFORMATION SYSTEM

04/10/2024 Sống tử tế, học đàng hoàng, kết nối năm châu 6 • Achieving entity performance and profitability targets • Preventing loss of resources • Helping ensure reliable financial repo

ACCOUNTING INFORMATION SYSTEM

• Introduce generally about internal control

• Introduce about COSO 2013

• Introduce about COBIT 2013

• Comparision between COSO 2013 and COBIT 2013

• Conclusion

Other personnel

Objectives

Effectiveness and efficiency of operations.

Reliability of financial reporting

Compliance with laws and regulations

Control Environment Control Activities

• Sets the tone of the organization

• Influences the control

consciousness of its people

-> ensure necessary actions are taken to address risks to

achievement of the entity's objectives

Inclusion a range of activities :

04/10/2024 Sống tử tế, học đàng hoàng, kết nối năm châu

6

• Achieving entity performance and

profitability targets

• Preventing loss of resources

• Helping ensure reliable financial

reporting

• Ensuring enterprise complies with

laws and regulations

• Avoiding damage to its reputation

and other consequences

• Cannot change an inherently poor manager into a good one

• Cannot ensure success, or even survival

• Not absolutely assurance to achieve entity's objectives

• Judgments in decision-making can

be faulty, and breakdowns can occur

• The design of an internal control system must reflect the fact that there are resource constraints

• The benefits of controls must be considered relative to their costs

COSO (Committee of Sponsoring

Organizations )

A joint initiative of five private sector organizations, established in the United States:

– The Institute of Management Accountants (IMA)

– The American Accounting Association (AAA)

– The American Institute of Certified Public Accountants (AICPA)

– The Institute of Internal Auditors (IIA)

– Financial Executives International (FEI)

-> to provide thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics,

internal control, enterprise risk management, fraud, and financial reporting

as “relating to the preparation of reliable financial statements.”

• Compliance with laws and regulations The 2013 Framework considers the increased demands and complexities in laws, regulations, and accounting standards that have occurred since 1992

COSO Framework

Control Environment

• Demonstrates commitment to integrity and ethical values

• Exercises oversight responsibility

• Establishes structure, authority, and responsibility

• Demonstrates commitment to competence

• Enforces accountability

Risk Assessment

• Specifies suitable objectives

• Identifies and analyzes risk

• Assesses fraud risk

• Identifies and analyzes significant change

Control Activities

• Selects and develops control activities

• Selects and develops general controls over technology

• Deploys through policies and procedures

Changes in COSO 1992 to 2013

04/10/2024 Sống tử tế, học đàng hoàng, kết nối năm châu

10

COBIT (Control Objectives for Information

and related Technology)

• An IT governance framework and supporting toolset that allows managers

to bridge the gap between control requirements, technical issues and

business risks

• Enables clear policy development and good practice for IT control

throughout organizations

• Helps organizations to increase the value attained from IT

• Enables alignment and simplifies implementation of the COBIT framework

The Purpose of COBIT

• Improves IT efficiency and effectiveness

• Helps IT understand the needs of the business

• Puts practices in place to meet the business needs as efficiently as

of IT and reduce related risks

04/10/2024 Sống tử tế, học đàng hoàng, kết nối năm châu

12

Principles

Stakeholders’ needs

Internal Stakeholders

 Board

 CxOs

 Business process owners & managers

 Risk and security managers

 Strategic use of new technology

 Compliance with regulations

 IT-related risk control

 Control IT costs (+ sourcing options)

Enterprises exist to create value for their stakeholders Consequently, any enterprise—commercial or not—will have value creation as a governance objective Value creation means realizing benefits at an optimal resource cost while optimizing risk.

To Enterprise Goals

• Stakeholder needs can be related to a set of generic enterprise goals

These enterprise goals have been developed using the balanced scorecard (BSC).

Step 3

Enterprise Goals Cascade To IT- related Goals

• Achievement of enterprise goals requires a number

of IT-related outcomes, 2 which are represented by the IT-related

goals IT-related stands for

information and related technology, and the IT-related goals are

structured along the dimensions of the IT balanced scorecard (IT BSC)

Step 4 related Goals Cascade To Enabler Goals

• Achieving related goals requires the successful application and use of a number of enablers.

IT-Covering the Enterprise End-to-End

• Covers governance & management of IT (GEIT)

• Integrates GEIT into Enterprise Governance

• Seamless integration since aligned with latest views

• Not focused ONLY on the IT function

• Covers all functions and processes with the enterprise

• IT is like all other assets in an enterprise

Single Integrated Framework

COBIT 5 is a single and integrated framework because:

1 It aligns with other latest relevant standards and frameworks, and thus

allows the enterprise to use COBIT 5 as the overarching governance and

management framework integrator

2 It is complete in enterprise coverage, providing a basis to integrate

effectively other frameworks, standards and practices used

3 A single overarching framework serves as a consistent and integrated source

of guidance in a nontechnical, technology-agnostic common language

4 It provides a simple architecture for structuring guidance materials and

producing a consistent product set

Enabling a Holistic Approach

• Principles, policies and frameworks are the vehicle to translate the desired

behavior into practical guidance for day-to-day management

• Processes describe an organized set of practices and activities to achieve

certain objectives and produce a set of outputs in support of achieving overall IT-related goals

• Organizational structures are the key decision-making entities in an

enterprise

• Culture, ethics and behavior of individuals and of the enterprise are very

often underestimated as a success factor in governance and management activities

• Information is pervasive throughout any organization and includes all

information produced and used by the enterprise Information is required for keeping the organization running and well governed, but at the

operational level, information is very often the key product of the

enterprise itself

• Services, infrastructure and applications include the infrastructure,

technology and applications that provide the enterprise with information technology processing and services

• People, skills and competencies are linked to people and are required for

successful completion of all activities and for making correct decisions and taking corrective actions

04/10/2024 Sống tử tế, học đàng hoàng, kết nối năm châu

22

Enabling a Holistic Approach

 Enablers must be interconnected

– Inputs from other enablers

– Outputs to benefit other enablers

Process

Information

People, Skills and

Separating Governance From

Management

Governance ensures that stakeholder needs, conditions and options are

evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and

compliance against agreed-on direction and objectives

Management plans, builds, runs and monitors activities in alignment with the

direction set by the governance body to achieve the enterprise objectives

VS

Separating Governance From

Management

COMPARISON

COBIT COSO

more comprehensive, process-orientated, risk, control needs, and it

relates more to technical issues.

more broad-based, fewer complexes, without

so much technical issues.

covers quality and security requirements COSO’s control objects: operating, reports,

compliance.

The domains of COBIT are: Planning and organizing , Acquisition and

implementation, Manage IT investment, Delivery and support,

Monitoring and evaluation.

5 components: Control environment, Risk assessment, Control activities, Information and Communication, Monitoring.

• Provides a good framework for risk management and improves

communication among management, users and auditors regarding IT

governance.

focuses on monitoring and evaluation, which is also one of the COBIT's domains

by the COBIT framework

• COBIT would also help with the complexity of software system On the other hand, the COSO will support control activities and the COBIT will help in detailed monitoring and evaluating

THANK YOU FOR WATCHING

AND LISTENING US