Please enable JavaScript.
Coggle requires JavaScript to display documents.
CONTROL AND ACCOUNTING INFORMATION SYSTEMS - Coggle Diagram
CONTROL AND ACCOUNTING INFORMATION SYSTEMS
OVERVIEW OF CONTROL CONCEPTS
Important Functions
Preventive controls
Controls that deter problems before they arise.
Detective controls
Controls designed to discover control problems that were not prevented.
Corrective controls
Controls that identify and correct problems as well as correct and recover from the resulting errors
Two Categories
General controls
Controls designed to make sure an organization’s information system and control environment is stable and well managed.
Application controls
Controls that prevent, detect, and correct transaction errors and fraud in application programs.
CONTROL FRAMEWORK
Cobit Framework
(1) management to benchmark the security and control practices of IT environments,
(2) users of IT services to be assured that adequate security and control exist, and
(3) auditors to substantiate their internal control opinions and advise on IT security and control matters.
Coso's Internal Control Framework
COSO
A privatesector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.
Internal Control—Integrated Framework (IC)
A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems.
Coso's Enterprise Risk Management Framework
Enterprise Risk Management—Integrated Framework (ERM)
A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control—Integrated.
The Enterprise Risk Management Framework Versus The Internal Control Framework
THE INTERNAL ENVIRONMENT
Management's Philosophy, Operating, Style, and Risk Appetite
Risk appetite
The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy.
Commitment To Integrity, Ethical Values, And Competence
Organizations need a culture that stresses integrity and commitment to ethical values and competence.
Internal Control Oversight By The Board Directors
SOX requires public companies to have an audit committee of outside, independent directors.
Organizational Structure
Methods Of Assigning Authority And Responsibility
Policy and procedures manual
A document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties.
Human Resources Standart That Attract, Develop, And Retain Competent Individuals
External Influences
OBJECTIVE SETTING
Operations objectives
Objectives that deal with the effectiveness and efficiency of company operations and determine how to allocate resources.
strategic objectives
High-level goals that are aligned with and support the company’s mission and create shareholder value
Reporting objectives
Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance.
Compliance objectives
Objectives to help the company comply with all applicable laws and regulations
EVENT IDENTIFICATION
Event
A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives
RISK ASSESMENT AND RISK RESPONSE
Estimate Likelihood And Impact
Identity Controls
Estimate Costs And Benefits
Determine Cost/Benefit Effectiveness
Implement Control Or Accept, Share, Or Avoid The Risk
CONTROL ACTIVITIES
Proper Authorization Of Transactions And Activities
Authorization
Establishing policies for employees to follow and then empowering them to perform certain organizational functions. Authorizations are often documented by signing, initializing, or entering an authorization code on a document or record.
Digital signature
A means of electronically signing a document with data that cannot be forged.
Specific authorization
Special approval an employee needs in order to be allowed to handle a transaction.
General authorization
The authorization given employees to handle routine transactions without special approval.
Segregation Of Duties
Segregation of accounting duties
Separating the accounting functions of authorization, custody, and recording to minimize an employee’s ability to commit fraud.
Segregation of systems duties
Implementing control procedures to clearly divide authority and responsibility within the information system function.
Project Development And Acquisition Controls
Change Manajement Controls
Design And Use Of Documents And Records
Safeguard Assets, Record, And Data
Independent Checks On Performance
INFORMATION AND COMMUNICATION
MONITORING
Conduct Periodic Audits
Engage Forensic Specialists
Track Purchased Software And Mobile Devices
Install Fraud Detection Software
Implement A Fraud Hotline
Implement Effective Supervision
Monitor Systems Activities
Employ A Computer Security Officer And A Chief Compliance Officer
Perform Internal Control Evaluations
Use Responsibility Accounting Systems