CH6 Control and Accounting Information Systems - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

CH6 Control and Accounting Information Systems

Description:

Student out of school with more time on their hands ... One way to do that is to have written policies that employees agree to in ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 32
Provided by: MIR90
Category:

less

Transcript and Presenter's Notes

Title: CH6 Control and Accounting Information Systems


1
CH6 Control and Accounting Information Systems
  • ????? ??? ??? ??? ???

2
COBIT Frameworks
  • COSOs Enterprise Risk Management Model

3
The Internal Environment and Objective Setting
  • ???? 697526011 ???

4
The Internal Environment
5
The Internal Environment
  • Managements Philosophy, Operating Style, and
    Risk Appetite

6
The Internal Environment
  • The Board of Directors
  • SOX section 301
  • Commitment to integrity, ethical values, and
    competence
  • Organizational structure
  • Centralization or decentralization of authority
  • Assignment of responsibility for specific tasks
  • Whether there is a direct reporting relationship
    or more of a matrix structure
  • Organization by industry, product line,
    geographical location, or by a particular
    distribution or marketing network
  • The way responsibility allocation affects
    managements information requirements

7
The Internal Environment
  • The size and the nature of company activities
  • Methods of assigning authority and responsibility
  • Policy and procedures manual
  • Human resource standards
  • Hiring
  • Compensating
  • Training
  • Fraud awareness
  • Ethical considerations
  • Punishment for fraud and unethical behavior
  • Evaluating and Promoting
  • Discharging

8
The Internal Environment
  • Managing Disgruntled Employees
  • Vacations and rotation of duties
  • Confidentiality agreements and fidelity bond
    insurance
  • Prosecute and incarcerate hackers and fraud
    perpetrators
  • External influences
  • FASB
  • PCAOB
  • SEC

9
Objective Setting
10
Event identification?Risk assessment and Risk
response
  • ???? 697526007 ???

11
Event Identification
  • COSO defines an event as an incident or
    occurrence emanating from internal or external
    sources that affects implementation of strategy
    or achievement of objectives. Events may have
    positive or negative impacts or both.

12
(No Transcript)
13
Techniques used to identify events
  • Use comprehensive lists of potential events.
  • Perform an internal analysis.
  • Monitor leading events and trigger points.
  • Conduct workshops and interviews.
  • Perform data mining and analysis.
  • Analyze business processes.

14
Risk Assessment
  • Inherent riskthe risk that exists before
    management takes any steps to control the
    likelihood or impact of a risk.
  • Residual riskthe risk that remains after
    management implements internal controls, or some
    other response to risk.
  • DR AR / IR CR

15
Risk Response
Respond to Risk
16
Identify the events, or threats, that confront
the company
  • Companies typically accept risk when it is within
    the companys risk tolerance range.
  • A reduce or share response is used to bring
    residual risk into an acceptable risk tolerance
    range.
  • An avoid response is typically only used when
    there is no way to cost-effectively bring risk
    into an acceptable risk tolerance range.
  • Likelihood and impact must be considered
    together.
  • Software tools have been developed to help
    automate the risk assessment and response
    process.
  • A preventive control is superior to a detective
    one.
  • Preventive, detective, and corrective controls
    complement each other, and a good internal
    control system should employ all three.
  • The benefits of an internal control procedure
    must exceed its costs.
  • Expected loss Impact Likelihood

Estimate the likelihood, or probability, of each
threat occurring
Estimate the impact, or potential loss, from each
threat
Identify controls to guard against each threat
Estimate the costs and benefits from instituting
controls
Avoid, share, or accept risk
Is it cost-beneficial to protect the system from
a threat?
No
YES
Reduce risk by implementing controls to guard
against the threat
17
Control activities
  • ???? 697526001 ???

18
Control activities
  • Control activities are policies, procedures, and
    rules that provide reasonable assurance
    managements control objectives are met and the
    risk responses are carried out.
  • Controls are much more effective when placed in
    the system as it is built.

19
Control activities
  • Control activities are in place during the
    end-of-the-year season.
  • Extended employee vacations and fewer people to
    mind the store
  • Student out of school with more time on their
    hands
  • Counterculture hackers getting lonely this time
    of year and increasing their attacks on systems
  • Focus 6-1

20
Control activities
  • Proper authorization of transactions and
    activities
  • Specific authorization
  • General authorization
  • Segregation of duties
  • Segregation of accounting duties
  • Authorization, recording, custody
  • Segregation of systems duties
  • Systems administration, network management,
    security management, change management, users,
    systems analysis, programming, computer
    operations, information system library, data
    control.

21
Control activities
22
Control activities
  • Project development and acquisition controls
  • Strategic master plan, project control, data
    processing schedule, steering committee, system
    performance measurements, post-implement review.
  • Systems integrator
  • Develop clear specifications, monitor the systems
    integration project.
  • Change management control

23
Control activities
  • Design and use of documents and records
  • Safeguard assts, records, and data
  • Create and enforce appropriate policies and
    procedures
  • Maintain accurate records of all assets
  • Restrict access to assets
  • Protect records and documents

24
Information and Communication, Monitoring, and
Case
  • ???? 697526021 ???

25
Information and Communication
  • According to the AICPA, an AIS has five primary
    objectives
  • Identify and record all valid transactions.
  • Properly classify transactions.
  • Record transactions at their proper monetary
    value.
  • Record transactions in the proper accounting
    period.
  • Properly present transactions and related
    disclosures in the financial statement.

26
Monitoring
  • Use Responsibility Accounting
  • Monitor System Activities
  • Companies who monitor system activities need to
    make sure they do not violate employee privacy.
    One way to do that is to have written policies
    that employees agree to in writing and indicate
    the following
  • The technology employees use on the job belongs
    to the company.
  • E-mails received on company computers are not
    private and can be ready by supervisory
    personnel.
  • Employees should not use technology in any way to
    contribute to a hostile work environment.

27
Monitoring
  • Track Purchased Software and Mobile Devices
  • Conduct Periodic Audit
  • Employ a computer Security Officer, a Chief
    Compliance Officer, and Computer Consultants
  • Engage Forensic Specialists

28
Monitoring
  • Install Fraud Detection Software
  • For example, ReliaStar Financial used a fraud
    detection package from IBM to detect the
    following
  • Hundreds of thousands of dollars in fraudulent
    claim from a Los Angeles chiropractor.
  • A Long Island doctor who submitted bills weekly
    for a rare and expensive procedure that is
    normally done only once or twice in a lifetime.
  • A podiatrist who saw four patients and then
    billed ReliaStar for almost 500 separate
    procedures.
  • Implement a Fraud Hotline

29
????
  • ????

30
????
  • ?Maria ???,???????
  • Ed Yates????????????????,??Jason???????????????
  • ???????????,????????????
  • Maria???????????????????????????????Jason??,??????
    ??????????????

31
Thank You !
Write a Comment
User Comments (0)
About PowerShow.com