资源简介

(共20张PPT)
Chapter 7Control and AIS7-Learning ObjectivesExplain basic control concepts and explain why computer control and security are pare and contrast the COBIT, COSO, and ERM control frameworks.Describe the major elements in the internal environment of a companyDescribe the four types of control objectives that companies need to set.Describe the events that affect uncertainty and the techniques used to identify them.Explain how to assess and respond to risk using the Enterprise Risk Management (ERM) model.Describe control activities commonly used in companies.Describe how to communicate information and monitor control processes in organizations.7-Internal ControlSystem to provide reasonable assurance that objectives are met such as:Safeguard assets.Maintain records in sufficient detail to report company assets accurately and fairly.Provide accurate and reliable information.Prepare financial reports in accordance with established criteria.Promote and improve operational efficiency.Encourage adherence to prescribed managerial ply with applicable laws and regulations.7-Internal ControlFunctionsPreventiveDeter problemsDetectiveDiscover problemsCorrectiveCorrect problemsCategoriesGeneralOverall IC system and processesApplicationTransactions are processed correctly7-Sarbanes Oxley (2002)Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraudPublic Company Accounting Oversight Board (PCAOB)Oversight of auditing professionNew Auditing RulesPartners must rotate periodicallyProhibited from performing certain non-audit services7-Sarbanes Oxley (2002)New Roles for Audit CommitteeBe part of board of directors and be independentOne member must be a financial expertOversees external auditorsNew Rules for ManagementFinancial statements and disclosures are fairly presented, were reviewed by management, and are not misleading.The auditors were told about all material internal control weak- nesses and fraud.New Internal Control RequirementsManagement is responsible for establishing and maintaining an adequate internal control system.Copyright 2012 Pearson Education7-SOX Management RulesBase evaluation of internal control on a recognized framework.Disclose all material internal control weaknesses.Conclude a company does not have effective financial reporting internal controls of material weaknesses.Copyright 2012 Pearson Education7-Internal Control FrameworksControl Objectives for Information and Related Technology (COBIT)Business objectivesIT resourcesIT processesCommittee of Sponsoring Organizations (COSO)Internal control—integrated frameworkControl environmentControl activitiesRisk assessmentInformation and communicationMonitoring7-Internal ControlEnterprise Risk Management ModelRisk-based vs. control-basedCOSO elements +Setting objectivesEvent identificationRisk assessmentCan be controlled but alsoAcceptedDiversifiedSharedTransferred7-Control EnvironmentManagement’s philosophy, operating style, and risk appetiteThe board of directorsCommitment to integrity, ethical values, and competenceOrganizational structureMethods of assigning authority and responsibilityHuman resource standardsExternal influences7-ERM—Objective SettingStrategicHigh-level goals aligned with corporate missionOperationalEffectiveness and efficiency of operationsReportingComplete and reliableImprove decision makingComplianceLaws and regulations are followed7-ERM—Event Identification“…an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.”Positive or negative impacts (or both)Events may trigger other eventsAll events should be anticipated7-Risk AssessmentIdentify RiskIdentify likelihood of riskIdentify positive or negative impactTypes of RiskInherentRisk that exists before any plans are made to control itResidualRemaining risk after controls are in place to reduce it7-ERM—Risk ResponseReduceImplement effective internal controlAcceptDo nothing, accept likelihood of riskShareBuy insurance, outsource, hedgeAvoidDo not engage in activity that produces risk7-Event/Risk/Response Model7-Control ActivitiesPolicies and procedures to provide reasonable assurance that control objectives are met:Proper authorization of transactions and activitiesSignature or code on document to signal authority over a processSegregation of dutiesProject development and acquisition controlsChange management controlsDesign and use of documents and recordsSafeguarding assets, records, and dataIndependent checks on performance7-Segregation of Accounting DutiesNo one employee should be given too much responsibilitySeparate:AuthorizationApproving transactions and decisionsRecordingPreparing source documentsEntering data into an AISMaintaining accounting recordsCustodyHandling cash, inventory, fixed assetsReceiving incoming checksWriting checks7-Information and CommunicationPrimary purpose of an AISGatherRecordProcessSummarizeCommunicate7-MonitoringEvaluate internal control framework.Effective supervision.Responsibility accounting system.Monitor system activities.Track purchased software and mobile devices.Conduct periodic audits.Employ a security officer and compliance officer.Engage forensic specialists.Install fraud detection software.Implement a fraud hotline.7-Segregation of System DutiesLike accounting system duties should also be separatedThese duties include:System administrationNetwork managementSecurity managementChange managementUsersSystems analystsProgrammersComputer operatorsInformation system librarianData control7-

展开更多......

收起↑