Control and Accounting Information Systems - PowerPoint PPT Presentation

Loading...

PPT – Control and Accounting Information Systems PowerPoint presentation | free to download - id: 5682a4-MzliN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Control and Accounting Information Systems

Description:

Title: Blue Red-Lines Background Author: Dr. Fred Barbee Last modified by: College of Business and Public Policy Created Date: 9/14/1996 6:26:06 AM – PowerPoint PPT presentation

Number of Views:176
Avg rating:3.0/5.0
Slides: 99
Provided by: Dr1944
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Control and Accounting Information Systems


1
Control and Accounting Information Systems

7
  • UAA ACCT 316 Accounting
    Information Systems
  • Dr. Fred Barbee

Chapter
2
Introduction to Internal Control
3
Internal Control . . .
  • Can an information system operate without
    internal controls?
  • Perhaps.
  • Will the organization attain its objectives?
  • Perhaps.

4
Why Internal Control?
5
Why Controls . . .
  • To Ensure system goals are achieved
  • To Lessen the risk of unwanted outcomes

6
Controls . . .
  • What are the goals that internal control is
    designed to achieve?

What are the typical business risks that the
organization should try to avoid?
7
What are the goals that internal control is
designed to help achieve?
  • Question

8
Internal Control Goals
  • The National Commission on Fraudulent Financial
    Reporting
  • Appointed
  • The Committee of Sponsoring Organizations (COSO)
  • To study internal control

9
Internal Control Goals
  • COSO entity objectives . . .
  • Operations - relating to effective and efficient
    use of an entitys resources.
  • Financial Reporting - relating to preparation of
    reliable financial reports.
  • Compliance - relating to the entitys compliance
    with applicable laws and regulations.

10
What are the typical business risks that an
organization should try to avoid?
  • Question

11
What is Risk?
  • The dictionary defines risk as . . .

Hazard peril exposure to loss or injury.
  • What is an exposure?

12
Exposure . . .
  • . . . the potential financial effect of an event
    multiplied by its probability of occurrence.

Potential Financial Effect of an Event
Probability of Occurrence
Exposure
X

13
Risk Analysis
EXPECTEDLOSS



THREAT
EXPOSURE
RISK
14
Risk Analysis
Internal Controls
EXPECTEDLOSS
THREAT
EXPOSURE
RISK



15
Controls . . .
  • An exposure consists of the potential financial
    effect of an event multiplied by its probability
    of occurrence.

Potential Financial Effect of an Event
Probability of Occurrence
Exposure
X

5
250,000
5,000,000
X

16
Direct Material Variances
  • An example of a control system in accounting

17
Common Business Exposures
18
Common Business Exposures
Business Exposures
19
Common Business Exposures
Business Exposures
20
What are the legal responsibilities of management?
  • Or, what are we supposed to do?

21
The SEC . . .
  • The establishment and maintenance of a system of
    internal controls is an important management
    obligation.

22
The SEC . . .
  • A fundamental aspect of managements stewardship
    responsibility is to provide shareholders with
    reasonable assurance that the business is
    adequately controlled.

23
The SEC . . .
  • Additionally, management has a responsibility to
    furnish shareholders and potential investors with
    reliable financial information on a timely basis.

24
Legal Responsibilities
  • Management is legally responsible
  • for establishing and maintaining an adequate
    system of internal control.

25
The SEC . . .
  • An adequate system of internal control is
    necessary to managements discharge of these
    obligations.

26
OK, so what if management doesnt do this. What
then?
27
Enter . . . The Foreign Corrupt Practices Act
28
FCPA Legal Requirement
  • Make and keep
  • books,
  • records, and
  • accounts
  • that, in reasonable detail, accurately and
    fairly reflect the transactions of the registrant
    and the disposition of its assets.

29
FCPA Legal Requirement
  • Design and maintain
  • a system of internal accounting controls
  • sufficient to provide reasonable assurances
  • that certain specified objectives are met.

30
The Internal Control Structure . . .
What is Internal Control?
31
Standards of Field Work
  • The Field Work standards are so named because
    they pertain primarily to the conduct of the
    audit at the clients
    place of business
    that is, in the field.

32
Second Standard of Field Work
  • A sufficient understanding of the internal
    control structure is to be obtained to plan
    the audit and to determine the nature, timing,
    and extent of tests to be performed.

33
Defining Internal Control
Reviewing the Literature
34
1949 Committee on Auditing Procedure
  • A system of internal control should be designed
    to achieve objectives that are both
  • operational and
  • accounting in nature.

35
Defining Internal Control
  • The 1958 definition was the first to
    differentiate between
  • accounting controls and
  • administrative controls,
  • A distinction that is very important to
    independent auditors.

36
  • In 1963, chapter 5 of Statement on Auditing
    Procedure No. 33 attempted to clarify the
    distinction between administrative and accounting
    controls, stating that the independent auditor is
    primarily concerned with the latter when applying
    generally accepted auditing standards.

37
  • After 1963, there continued to be confusion
    concerning the scope of the auditors
    responsibility as it related to safeguarding of
    assets and the reliability of financial
    statements.

38
So . . . What is Internal Control?
39
Cohen Commission Report
  • Published annual reports should contain a report
    in which corporate management discloses the
    condition of the companys internal control
    system.

40
Internal Control
Some Recent Additions
41
Internal Control . . .
  • Information Systems Audit and Control Foundation
  • Control Objectives for Information and
    Related Technology COBIT

42
COBIT
Audience Management Users IS Auditors
Focus Information Technology
Responsibility Management
Size 187 Pages 4 Documents
43
Internal Control Viewed as
  • A set of processes including policies,
    procedures, practices, and organizational
    structure.

www.isaca.org/bkr_cbt3.htm
44
Internal Control Objectives
  • Effective efficient operations
  • Confidentiality
  • Integrity availability of information
  • Reliable financial reporting
  • Compliance with laws and regulations

45
Internal Control . . .
  • Institute of Internal Auditors Research
    Foundations
  • Systems Auditability and Control (SAC)

46
Systems Auditability and Control
Audience Internal Auditors
Focus Information Technology
Responsibility Management
Size 1,193 pages in 12 modules
47
Internal Control Viewed as . . .
  • Set of processes, subsystems, and people.

www.theiia.org
48
Internal Control Objectives
  • Effective efficient operations
  • Reliable financial reporting
  • Compliance with laws and regulations

49
Internal Control . . .
  • The Committee of Sponsoring Organizations of the
    Treadway Commission
  • Internal Control Integrated Framework

50
COSO
Audience Management
Focus Overall Entity
Responsibility Management
Size 353 pages in 4 volumes
51
COSO
  • Internal control viewed as a process.

www.coso.org
52
COSO
  • Internal control objectives
  • Effective and efficient operations
  • Reliable financial reporting
  • Compliance with laws and regulations

53
Internal Control . . .
  • American Institute of Certified Public
    Accountants
  • Consideration of the Internal Control
    Structure in a Financial Statement Audit
    (SAS 55)

54
SAS 55 SAS 78
Audience External Auditors
Focus Financial Statement
Responsibility Management
Size 63 pages in 2 documents
55
SAS 55/78
  • Internal control viewed as a process.

www.aicpa.org
56
SAS 55/78
  • Internal control objectives
  • Effective and efficient operations
  • Reliable financial reporting
  • Compliance with laws and regulations

57
National Commission on Fraudulent Financial
Reporting
The TreadwayCommission
58
Treadway Commission
  • Emphasized the importance of internal control.
    Specifically . . .
  • The control environment
  • Codes of conduct
  • Audit committees and
  • The internal audit function

59
Treadway Commission
  • The commission reaffirmed the Cohen Commissions
    call for management reports on the effectiveness
    of its internal controls.

60
COSO Report . . .
  • COSOs final report Internal Control
    Integrated Framework was issued in September
    1992
  • 4 volumes
  • 453 pages
  • Thousands of hours of work

61
COSO Report . . .
  • Provides a common definition of internal control
    to meet the needs of diverse users.
  • Provides a framework against which entities can
    assess and improve their internal control systems.

62
Internal Control . . .
The COSO Definition
63
COSO
  • Internal control is a process, effected by an
    entitys board of directors, management, and
    other personnel,

64
COSO
  • designed to provide reasonable assurance
    regarding the achievement of objectives in the
    following categories

65
COSO
  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations.

66
COSO
  • Key Concepts
  • Internal control is a process. It is a means to
    an end, not an end in itself.
  • Internal control is effected by people. Its not
    merely policy manuals and forms, but people at
    every level of an organization.

67
COSO
  • Key Concepts
  • Internal control can be expected to provide only
    reasonable assurance, not absolute assurance, to
    an entitys management and board.
  • Internal control is geared to the achievement of
    objectives in one or more overlapping categories.

68
COSO
  • It consists of several interrelated components,
    with
  • integrity,
  • ethical values
  • competence, and
  • the control environment,
  • serving as the foundation for the other
    components.

69
COSO
  • Cosos Components
  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information Communication
  • Monitoring

70
COSO Integrated Framework
71
Control Environment
  • Commitment to integrity and ethical values
  • Managements philosophy and operating style
  • Organizational structure
  • The audit committee of the board of directors.

72
Control Environment
  • Methods of assigning authority and
    responsibility.
  • Human resources policies and practices
  • External influences

73
COSO Integrated Framework
74
Risk Assessment
  • Identification of risks
  • Analysis of risks
  • Management of risks

75
Typical Sources of Risk
  • Clerical and Operational employees
  • Computer programmers
  • Managers and Accountants
  • Former Employees
  • Customers and Suppliers

76
Typical Sources of Risk
  • Competitors
  • Outside persons
  • Acts of Nature

77
Types of Risks
  • Unintentional Errors
  • Deliberate Errors (Fraud)
  • Unintentional Losses of Assets
  • Thefts of Assets
  • Breaches of Security
  • Acts of violence and Natural Disasters

78
Factors That Increase Risk Exposure
  • Frequency
  • Vulnerability
  • Size of the potential loss

79
Problem Conditions Affecting Risk Exposures
  • Collusion
  • Computer Crime
  • Lack of Enforcement

80
COSO Integrated Framework
81
Control Activities
  • Proper authorization of transactions and
    activities

82
Control Activities
  • Proper authorization of transactions and
    activities
  • Segregation of duties

83
Segregation of Duties
Authorization
Recording
Custody
Must Be Separate
84
Control Activities
  • Proper authorization of transactions and
    activities
  • Segregation of duties
  • Design and use of adequate documents and records

85
Control Activities
  • Proper authorization of transactions and
    activities
  • Segregation of duties
  • Design and use of adequate documents and records
  • Adequate safeguards of assets records

86
Control Activities
  • Proper authorization of transactions and
    activities
  • Segregation of duties
  • Design and use of adequate documents and records
  • Adequate safeguards of assets records
  • Independent checks on performance.

87
COSO Integrated Framework
88
Information and Communication
  • Identify, assemble, analyze, classify, record and
    report transactions
  • Maintain accountability for assets and
    liabilities
  • Open and well-defined lines of communication

89
COSO Integrated Framework
90
Monitoring
  • Effective supervision
  • Responsibility accounting
  • Internal auditing

91
COSO Integrated Framework
Objectives
Financial Reporting
Compliance
Operations
Components
92
Internal Control . . .
  • Classifications

93
Preventive, Detective, and Corrective Controls
Input
Output
Process
Sensor
Detective and Corrective Controls
Corrective Controls
Bench- mark
94
Control Classifications Control Classifications Control Classifications
By Objectives By Settings By Risk Aversion
Administrative Accounting General Application Input Processing Output Corrective Preventive Detective
By System Architectures
Manual Systems Computer Based Systems Batch Processing Online Processing Data Base
95
Internal Control . . .
  • Some Common Grounds

96
Some Common Ground
  • A system of internal control is not an end in
    itself.
  • It is, rather, a means to an end.
  • Internal control is a system
  • Clearly defined goals
  • Interrelated components acting in concert to
    achieve those goals.

97
Some Common Ground
  • Establishing a viable internal control system in
    managements responsibility.
  • The strength of any internal control system is
    largely a function of the people who operate it.

98
Some Common Ground
  • Internal control cannot be expected to provide
    100 assurance that the organization will reach
    its objectives.
  • Internal control is not free it has a cost
    associated with it.
About PowerShow.com