Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 7 : Control and Accounting Information Systems - Coggle Diagram
CHAPTER 7 : Control and Accounting Information Systems
Internal Controls
Safeguard assets
Maintain sufficient records
Provide accurate and reliable information
Prepare financial reports according to established criteria
Promote and improve operational efficiency
Encourage adherence with management policies
Comply with laws and regulations
Functions of Internal Controls
Preventive controls
Deter problems from occurring
Detective controls
Discover problems that are not prevented
Corrective controls
Identify and correct problems; correct and recover from the problems
Control Frameworks
COBIT : Framework for IT control
Current framework version is COBIT5
Based on the following principles
Applying a single, integrated framework
Enabling a holistic approach
Covering the enterprise end-to-end
Separating governance from management
Meeting stakeholder needs
COSO : Framework for enterprise internal controls (control-based approach)
component
Risk assessment
Control activities
Control (internal) environment
Information and communication
Monitoring
COSO-ERM : Expands COSO framework taking a risk-based approach
component
Event identification
Risk assessment
Objective setting
Risk response
Internal environment
Control activities
Information and communication
Monitoring
Internal Environment
Management’s philosophy, operating style, and risk appetite
Commitment to integrity, ethical values, and competence
Internal control oversight by Board of Directors
Methods of assigning authority and responsibility
Organizing structure
Human resource standards
Objective Setting
Strategic objectives : High-level goals
Operations objectives : Effectiveness and efficiency of operations
Reporting objectives : Improve decision making and monitor performance
Compliance objectives : Compliance with applicable laws and regulations
Event Identification
Key Management Questions
What could go wrong?
How can it go wrong?
What is the potential harm?
What can be done about it?
Risk Assessment
perspective
Likelihood : Probability that the event will occur
Impact : Estimate potential loss if event occurs
Types of risk
Inherent : Risk that exists before plans are made to control it
Residual : Risk that is left over after you control it
response
Reduce : Implement effective internal control
accept : Do nothing, accept likelihood and impact of risk
Share : Buy insurance, outsource, or hedge
Avoid: Do not engage in the activity
Control Activities
Proper authorization of transactions and activities
Segregation of duties
Project development and acquisition controls
Change management controls
Design and use of documents and records
Safeguarding assets, records, and data
Independent checks on performance
Monitoring
Perform internal control evaluations (e.g., internal audit)
Implement effective supervision
Use responsibility accounting systems (e.g., budgets)
Monitor system activities
Track purchased software and mobile devices
Conduct periodic audits (e.g., external, internal, network security)
Employ computer security officer
Engage forensic specialists
Install fraud detection software
Implement fraud hotline