Control and Accounting Information SystemsChapter 7... Learning Objectives• Explain basic control concepts and why computer control and security are important.. • Describe the four types
Trang 1Control and Accounting Information Systems
Chapter 7
Trang 2Learning Objectives
• Explain basic control concepts and why computer control and security are important.
• Compare and contrast the COBIT, COSO, and ERM control frameworks.
• Describe the major elements in the internal environment of a company.
• Describe the four types of control objectives that companies need to set.
• Describe the events that affect uncertainty and the techniques used to identify them.
• Explain how to assess and respond to risk using the Enterprise Risk Management model.
• Describe control activities commonly used in companies.
•Describe how to communicate information and monitor control processes in organizations.
Trang 3Why Is Control Needed?
• Any potential adverse occurrence or unwanted event that could be injurious to either the accounting
information system or the organization is referred to
as a threat or an event.
• The potential dollar loss should a particular threat
become a reality is referred to as the exposure or impact of the threat.
• The probability that the threat will happen is the
Trang 4A Primary Objective of an AIS
• Is to control the organization so the organization
can achieve its objectives
▫ Take a proactive approach to eliminating system threats.
▫ Detect, correct, and recover from threats when
they occur.
Trang 5Internal Controls
that the following objectives are achieved:
▫ Safeguard assets
▫ Maintain sufficient records
▫ Provide accurate and reliable information
▫ Prepare financial reports according to established criteria
▫ Promote and improve operational efficiency
▫ Encourage adherence with management policies
▫ Comply with laws and regulations
Trang 6Functions of Internal Controls
Trang 8COBIT Framework
• Based on the following principles:
▫ Meeting stakeholder needs
▫ Covering the enterprise end-to-end
▫ Applying a single, integrated framework
▫ Enabling a holistic approach
▫ Separating governance from management
Trang 9COBIT5 Separates Governance from
Management
Trang 10Components of COSO Frameworks
Trang 13Event Identification
Identifying incidents both external and internal to the organization that could affect the achievement
of the organizations objectives
Key Management Questions:
Trang 16Control Activities
• Proper authorization of transactions and
activities
• Segregation of duties
• Safeguarding assets, records, and data
Trang 17Segregation of Duties
Trang 18security)
Trang 19• Diagnostic control system
• Interactive control system
• Foreign Corrupt Practices Act (FCPA)
• Sarbanes-Oxley Act (SOX)
• Public Company Accounting Oversight Board (PCAOB)
• Control Objectives for Information and Related Technology (COBIT)
• Committee of Sponsoring Organizations (COSO)
• Internal control-integrated framework (IC)
• Enterprise Risk Management Integrated Framework (ERM)
Trang 20Key Terms (continued)
Trang 21Key Terms (continued)
• Data control group
• Steering committee
• Strategic master plan
• Project development plan