Topic 1.5 Control In Accounting Information Systems Flashcards
Why is control needed?
So that we can avoid or try to overcome the threat and it’s financial burden
Why do threats incur?
Even if there are certain guidelines to follow people still make mistakes and errors
What is the exposure or impact of threat?
The potential dollar loss should a particular threat become a reality
Primary objective of an AIS
Is to control the organisation so the organisation can achieve its objectives
What is internal control?
Presses implemented to provide assurance that the following objectives are achieved:
- safeguard assets
- maintain sufficient records
- provide accurate and reliable information
- prepare financial reports according to established criteria
- promote and improve operational efficiency
- encourage adherence with management policies
- comply with laws and regulations
Functions of internal control
Prevention controls
- deter problems from occurring
Detective controls
- discover problems that are not prevented
Corrective controls
- identify and correct problems; correct and recover from the problems
What are the categories of internal control
General
- looking at internal control environment and does it have internal controls e.g does it have proper software
- over IC system and processes
Application
- transactions are processed correctly
- ensure accuracy that all transaction are taking place in the right way
What are the four levers of control
- belief system : what is the overall mission you want to pass down to your employees
- boundary system : get the job done however you want but still in the belief of the company
- diagnostic control system : where the firm makes a goal for each employee and then end of the year see if they meet it
- interactive control system : face to face meetings with others to listen to others ideas
What is the Serious Fraud Office (SFO)
Established in 1990 in response to the collapse of financial markets in New Zealand at the time. Only covers very serious fraud
SFO operates 3 investigative teams
- Evaluation and intelligence
- Financial Markets & Corporate Fraud
- Fraud & Corruption
What is the Financial Markets Authority (FMA)
Was established in 2011 in response to the need to address failures in the financial markets, made evident from the global financial crisis
What is Sarbanes-Oxley Acts (SOX)
Is the legislation passed in 2002 applies to publicly help companies and their auditors to
- Prevent financial statement fraud
- financial report transparent
- protect investors
- strengthen internal controls
- punish executives who perpetrate fraud
What are the control frameworks
- COBIT (control objective for information and related technology)
- framework of IT control
- COSO (committee of Sponsoring Organisation)
- framework for enterprise internal controls (control based approach)
- COSO-ERM ( enterprise risk management)
- expands COSO framework taking a risk- based approach
What is COBIT framework and its principles
It is a control framework
Current version is COBIT5
Based on the following principle:
- meeting stakeholders needs
- covering the enterprise end to end ( links all departments together e.g production to sales)
- applying a single, integrated framework
- enabling a holistic approach
- separating governance and management
What to management do in IT?
Plan
- APO
Build
-BAI
Run
-DSS
Monitor
-MEA
What do governance do in IT
Direct
Evaluate
Monitor
What are the components of COSO and COSO-ERM
COSO
- control (internal) environment
- Risk Assessment
- Control Activities
- Information and communication
- Monitoring
COSO-ERM The same as above but also - Objective setting - Event Identification - Risk Response
What is the difference between COSO and COSO-REM
COSO is more of an overview of control. More general
COSO-ERM Is more in depth
In relation to COSO-ERM what does it he principle internal environment cover
- The culture of the business
- management’s philosophy, mission or vision. Operating style and risk appetite
- commitment to integrity, ethical values and competence
- internal control oversight board of directors
- organising structure
- methods of assigning authority and responsibility
- human resource standards
In relation to COSO-ERM what does the principle objective setting cover?
Strategic objective
- high level goals e.g the missions or 5 year goals
Operations objectives
- effectiveness and efficiency of operations e.g how to allocate resources so each department can work efficiently
Reporting objectives
- improve decision making and monitor performance e.g financial statements have to be accurate and complete
Compliance objectives
- compliance with applicable laws and regulations
Compliance
In relation to COSO-ERM what does the principle event identification cover?
Identify incidents or events both internal and external that could affect the achievement of the organisation’s objectives
Key questions to ask
- what could go wrong
- how can it go wrong
- what is the potential harm
- what can be done
In relation to COSO-ERM what does the principle risk assessment?
This is assessed from two perspectives
Likelihood
- probability that the event will occur
Impact
- estimate potential loss if the event happens
Types of risk
Inherent
- risk that exists before the plans are made to control e.g possibly that somebody will steal cash or assets
Residual
- risk that is left over after you control the risk
In relation to COSO-ERM what does the principle risk response?
The four responses
Reduce
-implement effective internal control e.g get employees training
Accept
-do nothing, accept likelihood and impact of risk e.g if it’s out of your control or you can afford to do anything about the risk
Share
- buy insurance, outsource, or hedge e.g have insurance in case there is a flood you are covered
Avoid
- do not engage in the activity e.g close branch if it’s not going well
In relation to COSO-ERM what does the principle control activities cover?
- proper authorisation of transactions and activities
- segregation of duties
- project development and acquisition controls
- change management controls
- design and use of documents and records
- safeguarding assets, records, and data
- independent checks on performance
In relation to COSO-ERM what does the principle monitoring cover?
- perform internal control evaluations
- implement effective supervision
- employ computer security officer
- engage forensic specialists
- install fraud detection software
- implement fraud hotline
