Midterm 2 Chapter 10 Flashcards
Threat
Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization
Exposure/Impact
The potential dollar loss should a particular threat become reality
Likelihood
The probability that the threat will happen
What is the primary objective of an AIS?
To control the organization so the organization can achieve its objectives/goals
Management expects accountants to:
- Take a proactive approach to eliminating system threats
- Detect, correct, and recover from threats when they occur
Strategic, operating, reporting, compliance objectives
- What does the company want to accomplish?
- What are the risks to that?
- What are the ways we can mitigate those risks?
Internal Controls
Safeguard assets
Maintain sufficient records
Provide accurate and reliable information
Prepare financial reports according to established criteria
Promote and improve operational efficiency
Encourage adherence with management policies
Comply with laws and regulations
Preventative Controls
Deter problems from occuring
Detective Controls
Discover problems that are not prevented
Corrective Controls
Identify and correct problems; correct and recover from the problems
General Controls
Ensure that organization’s control environment is stable and well managed
Application Controls
Controls that prevent, detect, and correct transaction errors and fraud in application programs. These controls are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported.
Design
The first test
Would it mitigate the risk?
Operating
Is it working effectively?
COBIT
Framework for IT control
COSO
Framework for enterprise internal controls (control-based approach)
COSO-ERM
Expands COSO framework taking a risk-based approach
What is the current framework version of COBIT?
COBIT 2019
What principles is COBIT based on?
Meeting stakeholder needs
Covering the enterprise end-to-end
Applying a single, integrated framework
Enabling a holistic approach
Separating governance from management
What are the 3 benefits of a standard framework for IT controls?
- Management to benchmark their environments and compare it to other organizations
- Because the framework is comprehensive, it provides assurances that IT security and controls exist
- Auditors to substantiate their internal control opinions
What 5 principles is COBIT based on?
- Meeting stakeholders’ needs means that enterprises exist to create value to their shareholders. Thus, the governance objective is value creation. (stakeholder and NOT shareholders)
- Covering the enterprise from end-to-end means that COBIT 2019 addresses governance and management of information and information-related technologies throughout the enterprise. This means that it is not focused solely on the IT function as information technology runs throughout the enterprise.
- Applying a single, integrated framework means that COBIT 2019 can align with other governance frameworks such as COSO and COSO-ERM.
- Enabling a holistic approach
- Separating governance from management (segregation of duties)
Stakeholder
Effected by the company
Stakeholder
Effected by the company
Shareholder
Has an ownership interest
