Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7 ( Control and Accounting Information System ) - Coggle Diagram
Chapter 7
(
Control and Accounting Information System
)
Control Concepts
Internal controls
is a process because it permeates an organization’s operating activities and is an integral part of management activities
Importants of Internal Controls
Detective controls
Corrective controls
Preventive controls
Types of Internal Controls
General controls
Application controls
Four levers of control to help management reconcile
boundary system
helps employees act ethically by setting boundaries on employee behavior
diagnostic control system
measures, monitors, and compares actual company progress to budgets and performance goals
belief system
communicates company core values
helps employees understand management’s vision
inspires employees to live by those values
describes how a company creates value
interactive control system
helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions
Control Frameworks
COBIT FRAMEWORK
users to be assured that adequate IT security and controls exist
auditors to substantiate their internal control opinions and to advise on IT security and control matters
management to benchmark security and control practices of IT environments
Principles of COBIT Framework
Applying a single, integrated framework
Enabling a holistic approach
Covering the enterprise end-to-end
Separating governance from management
Meeting stakeholder needs
COSO’S INTERNAL CONTROL FRAMEWORK
Components of COSO’s Internal Control Model
Control activities
Information and
communication
Risk assessment
Monitoring
Control environment
COSO’S ENTERPRISE RISK MANAGEMENT FRAMEWORK
To improve the risk management process
developed a second control framework called Enterprise Risk Management—Integrated Framework (ERM)
ERM
is the process the board of directors and management use to set strategy, identify events that may affect the entity, assess and manage risk, and provide reasonable assurance that the company achieves its objectives and goals
The Internal Environment
Organizational structure
Methods of assigning authority and responsibility
Internal control oversight by the board of directors
Human resource standards that attract, develop, and retain competent individuals
Commitment to integrity, ethical values, and competence
External influences
Management’s philosophy, operating style, and risk appetite
Objective Setting and Event Identification
Types of objectives
Operations objectives
which deal with the effectiveness and efficiency of company operations, determine how to allocate resources.
Reporting objectives
help ensure the accuracy, completeness, and reliability of company
reports, improve decision making; and monitor company activities and performance.
Strategic objectives
which are high-level goals that are aligned with the company’s
mission, support it, and create shareholder value, are set first
Compliance objectives
help the company comply with all applicable laws and regulations
Event Identification
A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives.
Control Activities
Control activities
are policies, procedures, and rules that provide reasonable assurance that
control objectives are met and risk responses are carried out.
Categories of Control Activities
Segregation of duties
Recording
Authorization
Custody
Project development and acquisition controls
Proper authorization of transactions and activities
Change management controls
Design and use of documents and record
Safeguarding assets, records, and data
Independent checks on performance
Communicate Information and Monitor
Control Processes
Information and Communication
Internally communicate the information, including objectives and responsibilities, necessary to support the other components of internal control
Communicate relevant internal control matters to external parties
Obtain or generate relevant, high-quality information to support internal control
Monitoring
Use responsibility accounting systems
This systems include budgets, quotas, schedules, standard costs, and quality standards.
Monitor system activities
Track purchased software and mobile devices