8.1) Controls and AIS Control Frameworks

Question 1

AIS controls refer to the measures and procedures put in place to
safeguard organisations’ Financial _______________ and Digital ________

Answer 1

information
assets

Question 2

What are the primary goals of these AIS controls? (2)

Answer 2

• Protect organisations from financial fraud
• Ensure that organizations comply with regulations established for
  processing and using financial data

Question 3

Organisations safeguard their financial information processing activities and digital assets through __________ controls.

Answer 3

internals

Question 4

What are internal controls?

Answer 4

Internal controls are implemented by
management and are integral to the
organization’s governance structure.

Question 5

What are the objectives of implementing internal controls in organizations? (6)

Answer 5

1) Safeguard assets
2) Maintain records to report them accurately
3) Provide accurate & reliable financial information
4) Promote and improve operational efficiency
5) Encourage adherence to prescribed managerial policies
6) Comply with laws and regulations where the organization operates

Question 6

What are the types of controls? (2)

Answer 6

1) General controls: Concerned with organisations’ operational efficiency
2) Application controls: Concerned with safeguarding organizations’ accuracy, validity, completeness and authorization of transactions

Question 7

What are general controls (4)

Answer 7

1. Access Controls: controls manage who has access to the AIS and what level of access they
   have. For example; user authentication, passwords, and access privileges based on job roles.
2. Segregation of Duties (SoD): SoD involves dividing tasks among multiple individuals to prevent a single person from having complete control over a process. For example, the person who records transactions should be separate from the person who authorizes them.
3. Change Management Controls: These controls ensure that changes made to the AIS,
   such as software updates or system configurations, are authorized, documented, and tested to prevent unintended consequences
   (data loss most likely)
4. Backup and Recovery Procedures: Regular backups of data are essential to ensure that financial information can be recovered in case of system failures, disasters, or data breaches

Question 8

What are the types of application controls? (3)

Answer 8

1. Input Controls:
   These controls ensure the
   accuracy and completeness of
   data entered into the AIS. This
   includes validation checks to
   verify the correctness of data,
   such as data type checks,
   range checks, and field
   checks.
2. Processing Controls Controls: Controls are implemented to ensure that transactions are processed accurately and in accordance with
   organizational policies and
   procedures. This may involve
   automated processing
   controls, such as reconciliation processes and exception reporting.
3. Output Controls: These controls ensure the integrity and confidentiality of output produced by the AIS, such as financial reports. This includes measures such as
   encryption, password
   protection, and restricted access to sensitive information.

Question 9

How does one identify important AIS control frameworks? (4)

Answer 9

Question 10

What is the committee of Sponsoring Organizations of the Treadway COmmission (COSO)? (3)

Answer 10

Question 11

What are the control enviroment components of COSO? (5)

Answer 11

Question 12

What are the risk assessment components of COSO? (4)

Answer 12

Question 12

What are the control activities components of COSO? (3)

Answer 12

Question 13

What are the information and communication components of COSO? (3)

Answer 13

Question 14

What are the monitoring activities components of COSO? (2)

Answer 14

Question 15

What is ERM (Enerprise Risk Management)? (2)

Answer 15

• ERM emanates from COSO, and it’s designed specifically for board member processes and responsibilities
• ERM is a process used by board of directors to use strategy, identify events that may affect the entity

Question 16

True or false, To cope with the
competitive online content, DSTV
introduced online streaming. The board constantly need to think
of online possibility that can keep this business afloat given Netflix &
YouTube

Answer 16

True

Question 17

What are the basic principles of ERM? (4)

Answer 17

• Companies are formed to create value for their owners
• Management must decide how much uncertainty it will accept as it creates value
• Uncertainty result in risks with great potential to affect the profitability of an organization
• Uncertainty may result in opportunities which may make the organization persevere through difficult times

NB! Think of companies that did not survive technological advancements or COVID/pandemic

Question 18

What is COBIT 5? (2)

Answer 18

• COBIT is a framework that helps orgnisations to monitor and improve IT governance
• IT governance refers to the framework, policies, processes, and controls that organizations put in place to ensure that their information technology (IT) resources are used effectively, efficiently, and in alignment with business objectives.

Question 19

What are the principles of COBIT 5? (5)

Answer 19

• Principle 1: Meeting stakeholder needs
• Principle 2: Covering the enterprise end to end
• Principle 3: Applying a single integrated framework
• Principle 4: Enabling a holistic approach
• Principle 5: Separating governance from management

Question 20

What is the COBIT 5 governance model? (5)

Answer 20

1. Evaluate, direct, and monitor (EDM)
2. Align, plan, and organize (APO)
3. Build, acquire, and implement (BAI)
4. Deliver, service, and support (DSS)
5. Monitor, evaluate, and assess (MEA)

Question 21

What is the ISO?

Answer 21

• International Organization for Standardization (ISO)
• ISO is an independent, non governmental organization that develops international standards for products, services, systems, and processes

Question 22

What do ISO standards do? (2)

Answer 22

• ISO standards ensure that everyone follows the same procedures, which can help businesses establish best practices for handling complaints, grievances, and system changes.
• Essentially, ISO standards, more than the previous Frameworks, concern themselves with customer satisfaction

Question 23

What ISO standards are relevant to AIS systems? (4)

Answer 23

• ISO 27001: Information Security Management
• ISO 20000: IT Service Management
• ISO 22301: Business Continuity Management
• ISO 31000: Risk Management