Please enable JavaScript.
Coggle requires JavaScript to display documents.
CONTROL SECURITY AND AUDIT - Coggle Diagram
CONTROL SECURITY AND AUDIT
Internal control systems
Purpose
Counter risks
Maintain the quality of reporting
Comply with law and regulations
Types
Control environment
(overall context)
Overall attitude, awareness and actions of directors and management
Reflected in philosophy and operating system
Control procedures
(Detailed controls)
Financial control procedure
SPAMSOAP
Segregation of duties
eg: Paying employees and bank reconciliation should be split
Physical
eg: lock, camera, security guard,...
Authorization and approval
eg: when employees make transactions with suppliers needs manager's signature
Management
eg: control over variance analysis
Supervision
eg: Supervise recording of monthly payslips
Organization
eg: Split the levels of authority to ensure control
Arithmetical and accounting
eg: Check reconciliations and trial balances
Personnel
Attention to selection, training, and qualifications, qualities,..
eg: limit hiring people with criminal background
Classifications
Administration and accounting
Prevent, detect and correct
Prevent: eg check invoices from suppliers against goods received notes before paying the invoices
Detect: eg include bank reconciliations and physical checks of inventory against inventory records
Correct: eg back up of computer input at the end of the day
Discretionary and non-discretionary
Discretionary is up to human discretion(1).
Non-discretionary is fixed by rules (2)
eg: check a signature on a purchase order (1)
entering a password to sign in an account(2)
Voluntary and mandated
Voluntary: controls are chosen by organization
Mandated: controls required by law
General and application
Financial
Manual and automated
Limitations
Human error
Collusion
Management override
Dealing with non-routine transactions
Internal audit
Features
Independence
Be independent of the line management
Appraisal
Types
Operational audits
(outputs, efficiency)
Systems audit
Compliance tests
(check if the internal controls are applied as prescribed)
Substantive tests
(Discover errors and omissions)
Transactions audit
Social audit
Management investigations
Reason
Improve organizations' operations
Reporting to
The board of directors or audit committee
Employees of the organization or sometimes it is outsourced
External audit
Reason
Opinion on the financial statements
Reporting to
Shareholders, members of a company on stewardship of the directors
Independent of the company and its management.
Appointed by the shareholders
IT systems security and safety
Aspects
Prevention
Detection
Deterrence
(computer misuse by personnel
=> disciplinary action)
Recovery
(checkpoint program)
Correction
Threat avoidance
(change design of the system)
Building controls into an information system
Security
(accidental/deliberate threats)
Integrity
Data
Systems
Contingency controls
(Recover the data as soon as possible)
eg: System recovery procedures