8.1) Controls and AIS Control Frameworks Flashcards
AIS controls refer to the measures and procedures put in place to
safeguard organisations’ Financial _______________ and Digital ________
information
assets
What are the primary goals of these AIS controls? (2)
- Protect organisations from financial fraud
- Ensure that organizations comply with regulations established for
processing and using financial data
Organisations safeguard their financial information processing activities and digital assets through __________ controls.
internals
What are internal controls?
Internal controls are implemented by
management and are integral to the
organization’s governance structure.
What are the objectives of implementing internal controls in organizations? (6)
1) Safeguard assets
2) Maintain records to report them accurately
3) Provide accurate & reliable financial information
4) Promote and improve operational efficiency
5) Encourage adherence to prescribed managerial policies
6) Comply with laws and regulations where the organization operates
What are the types of controls? (2)
1) General controls: Concerned with organisations’ operational efficiency
2) Application controls: Concerned with safeguarding organizations’ accuracy, validity, completeness and authorization of transactions
What are general controls (4)
-
Access Controls: controls manage who has access to the AIS and what level of access they
have. For example; user authentication, passwords, and access privileges based on job roles. - Segregation of Duties (SoD): SoD involves dividing tasks among multiple individuals to prevent a single person from having complete control over a process. For example, the person who records transactions should be separate from the person who authorizes them.
-
Change Management Controls: These controls ensure that changes made to the AIS,
such as software updates or system configurations, are authorized, documented, and tested to prevent unintended consequences
(data loss most likely) - Backup and Recovery Procedures: Regular backups of data are essential to ensure that financial information can be recovered in case of system failures, disasters, or data breaches
What are the types of application controls? (3)
-
Input Controls:
These controls ensure the
accuracy and completeness of
data entered into the AIS. This
includes validation checks to
verify the correctness of data,
such as data type checks,
range checks, and field
checks. -
Processing Controls Controls: Controls are implemented to ensure that transactions are processed accurately and in accordance with
organizational policies and
procedures. This may involve
automated processing
controls, such as reconciliation processes and exception reporting. -
Output Controls: These controls ensure the integrity and confidentiality of output produced by the AIS, such as financial reports. This includes measures such as
encryption, password
protection, and restricted access to sensitive information.
How does one identify important AIS control frameworks? (4)
What is the committee of Sponsoring Organizations of the Treadway COmmission (COSO)? (3)
What are the control enviroment components of COSO? (5)
What are the risk assessment components of COSO? (4)
What are the control activities components of COSO? (3)
What are the information and communication components of COSO? (3)
What are the monitoring activities components of COSO? (2)
What is ERM (Enerprise Risk Management)? (2)
- ERM emanates from COSO, and it’s designed specifically for board member processes and responsibilities
- ERM is a process used by board of directors to use strategy, identify events that may affect the entity
True or false, To cope with the
competitive online content, DSTV
introduced online streaming. The board constantly need to think
of online possibility that can keep this business afloat given Netflix &
YouTube
True
What are the basic principles of ERM? (4)
- Companies are formed to create value for their owners
- Management must decide how much uncertainty it will accept as it creates value
- Uncertainty result in risks with great potential to affect the profitability of an organization
- Uncertainty may result in opportunities which may make the organization persevere through difficult times
NB! Think of companies that did not survive technological advancements or COVID/pandemic
What is COBIT 5? (2)
- COBIT is a framework that helps orgnisations to monitor and improve IT governance
- IT governance refers to the framework, policies, processes, and controls that organizations put in place to ensure that their information technology (IT) resources are used effectively, efficiently, and in alignment with business objectives.
What are the principles of COBIT 5? (5)
- Principle 1: Meeting stakeholder needs
- Principle 2: Covering the enterprise end to end
- Principle 3: Applying a single integrated framework
- Principle 4: Enabling a holistic approach
- Principle 5: Separating governance from management
What is the COBIT 5 governance model? (5)
- Evaluate, direct, and monitor (EDM)
- Align, plan, and organize (APO)
- Build, acquire, and implement (BAI)
- Deliver, service, and support (DSS)
- Monitor, evaluate, and assess (MEA)
What is the ISO?
- International Organization for Standardization (ISO)
- ISO is an independent, non governmental organization that develops international standards for products, services, systems, and processes
What do ISO standards do? (2)
- ISO standards ensure that everyone follows the same procedures, which can help businesses establish best practices for handling complaints, grievances, and system changes.
- Essentially, ISO standards, more than the previous Frameworks, concern themselves with customer satisfaction
What ISO standards are relevant to AIS systems? (4)
- ISO 27001: Information Security Management
- ISO 20000: IT Service Management
- ISO 22301: Business Continuity Management
- ISO 31000: Risk Management
