AIS07Computer-Based Information Systems Controls

7/23/2019 AIS07Computer-Based Information Systems Controls

http://slidepdf.com/reader/full/ais07computer-based-information-systems-controls 1/59

AccountingInformation

Systems9th Edition

Marshall B. Romney

Paul John Steinbart

Comuter!Based Information

Systems Controls

Chater "

#$%%& Prentice 'all BusinessPublishing(

*earning +b,ecti-es

. /escribe the threats to an AIS and

discuss 0hy these threats are

gro0ing.$. E1lain the basic concets of control

as alied to business organi2ations.

&. /escribe the ma,or elements in thecontrol en-ironment of a business

organi2ation.

*earning +b,ecti-es( continued

3. /escribe control olicies and rocedures

commonly used in business organi2ations.

E-aluate a system of internal accountingcontrol( identify its deficiencies( and

rescribe modifications to remedy those

deficiencies.

5. Conduct a cost!benefit analysis forarticular threats( e1osures( ris6s( and

controls.

Introduction

Jason Scott has been hired as an

internal auditor for 7orth0est

Industries( a di-ersified forestroducts comany.

'e is assigned to audit Sringer8s

*umber Suly( 7orth0est8s

building materials outlet in Montana.

Introduction

'is suer-isor( Maria Pilier( has as6ed himto trace a samle of urchase transactionsto -erify that roer control rocedures 0ere

follo0ed. Jason becomes frustrated 0ith thistas6. :hy is Jason frustrated;

<he urchasing system is oorly

documented.'e 6ees finding transactions that ha-e not

been rocessed as Ed =ates( the accountsayable manager( said they should be.

Introduction

Jason8s frustrations( continued Some -endor in-oices ha-e been aid 0ithout suorting

documents. Purchase re>uisitions are missing for se-eral items that had

been authori2ed by Bill Sringer( urchasing -.. Prices charged for some items seem unusually high. Sringer8s is the largest sulier in the area and has a near

monooly. Management authority is concentrated in the comany

resident( Joe Sringer( and his sons Bill( the urchasing

-..( and <ed( the controller. Maria feels that <ed may ha-e engaged in ?creati-e

accounting.@

Introduction

Jason onders the follo0ing issuesShould he describe the unusual

transactions in his reort;Is a -iolation of roer control

rocedures accetable if it has beenauthori2ed by management;

Regarding Jason8s assignment( doeshe ha-e a rofessional or ethicalresonsibility to get in-ol-ed;

Introduction

<his chater discusses the tyes of

threats a comany faces.

It also resents the fi-e interrelatedcomonents of the Committee of

Sonsoring +rgani2ations C+S+8sD

internal control model.

*earning +b,ecti-e

/escribe the threats to an AIS and

discuss 0hy these threats are

gro0ing.

<hreats to Accounting

Information Systems

:hat are e1amles of natural and

political disasters;

fire or e1cessi-e heat floods

earth>ua6es

high 0inds 0ar

Information Systems

:hat are e1amles of software errors

and equipment malfunctions;

hard0are failures o0er outages and fluctuations

undetected data transmission errors

Information Systems

:hat are e1amles of unintentionalacts;

accidents caused by humancarelessness

innocent errors of omissions

lost or mislaced data

logic errors systems that do not meet comany

Information Systems

:hat are e1amles of intentional

sabotage comuter fraud

embe22lement

:hy are AIS <hreats

Increasing;

Increasing numbers of client)ser-er systemsmean that information is a-ailable to anunrecedented number of 0or6ers.

Because *A7s and client)ser-er systemsdistribute data to many users( they areharder to control than centrali2edmainframe systems.

:A7s are gi-ing customers and suliersaccess to each other8s systems and data(ma6ing confidentiality a concern.

*earning +b,ecti-e $

E1lain the basic concets

of control as alied tobusiness organi2ations.

+-er-ie0 of Control

Concets

:hat is the traditional definition of internal

control;

Internal control is the plan of organization

and the methods a business uses to

safeguard assets, provide accurate and

reliable information, promote and improve

operational efficiency, and encourage

adherence to prescribed managerial

policies.

+-er-ie0 of Control

Concets

:hat is management control; Management control encomasses the

follo0ing three features

It is an integral art of managementresonsibilities.

$ It is designed to reduce errors(irregularities( and achie-e organi2ational

goals.& It is ersonnel!oriented and see6s to hel

emloyees attain comany goals.

Internal Control

Classifications

<he secific control rocedures used in the

internal control and management control

systems may be classified using the

follo0ing four internal control classifications

Pre-enti-e( detecti-e( and correcti-e controls

$ Feneral and alication controls

Administrati-e and accounting controls3 Inut( rocessing( and outut controls

<he Goreign Corrut

Practices Act

In 9""( Congress incororated language

from an AICPA ronouncement into the

Goreign Corrut Practices Act.

<he rimary urose of the act 0as to

re-ent the bribery of foreign officials in

order to obtain business.

A significant effect of the act 0as to re>uirecororations to maintain good systems of

internal accounting control.

Committee of Sonsoring

+rgani2ations

<he Committee of Sonsoring

+rgani2ations C+S+D is a ri-ate sector

grou consisting of fi-e organi2ations

American Accounting Association

$ American Institute of Certified Public

Accountants

& Institute of Internal Auditors

3 Institute of Management Accountants

4 Ginancial E1ecuti-es Institute

+rgani2ations

In 99$( C+S+ issued the results of a

study to de-elo a definition of

internal controls and to ro-ideguidance for e-aluating internal

control systems.

<he reort has been 0idely acceted

as the authority on internal controls.

+rgani2ations

<he C+S+ study defines internal controlas the rocess imlemented by theboard of directors( management( and

those under their direction to ro-idereasonable assurance that controlob,ecti-es are achie-ed 0ith regard to effecti-eness and efficiency of oerations

reliability of financial reorting comliance 0ith alicable la0s and

regulations

+rgani2ations

C+S+8s internal control model has

fi-e crucial comonents

Control en-ironment$ Control acti-ities

& Ris6 assessment

3 Information and communication4 Monitoring

Information Systems Audit

and Control Goundation

<he Information Systems Audit and Control

Goundation ISACGD recently de-eloed the

Control +b,ecti-es for Information and

related <echnology C+BI<D.

C+BI< consolidates standards from &5

different sources into a single frame0or6.

<he frame0or6 addresses the issue ofcontrol from three -antage oints( or

dimensions

Information Systems Audit

and Control Goundation

Information needs to conform to certain

criteria that C+BI< refers to as business

re>uirements for information

$ I< resources eole( alication systems(

technology( facilities( and data

& I< rocesses lanning and organi2ation(

ac>uisition and imlementation( deli-eryand suort( and monitoring

*earning +b,ecti-e &

/escribe the ma,or

elements in the controlen-ironment of a

business organi2ation.

<he Control En-ironment

<he first comonent of C+S+8s internal

control model is the control en-ironment.

<he control en-ironment consists of many

factors( including the follo0ing

Commitment to integrity and ethical -alues

$ Management8s hilosohy and oerating

style& +rgani2ational structure

<he Control En-ironment

3 <he audit committee of the board of

directors

Methods of assigning authority andresonsibility

5 'uman resources olicies and

ractices

" E1ternal influences

*earning +b,ecti-e 3

/escribe control

olicies and rocedures

commonly used in

business organi2ations.

Control Acti-ities

<he second comonent of C+S+8s

internal control model is control

acti-ities. Fenerally( control rocedures fall into

one of fi-e categories

Proer authori2ation of transactions

and acti-ities

$ Segregation of duties

Control Acti-ities

& /esign and use of ade>uate

documents and records

Ade>uate safeguards of assets andrecords

4 Indeendent chec6s on erformance

Proer Authori2ation of

<ransactions and Acti-ities

Authorization is the emo0ermentmanagement gi-es emloyees toerform acti-ities and ma6e decisions.

Digital signature or fingerrint is ameans of signing a document 0ith aiece of data that cannot be forged.

Specific authorization is the grantingof authori2ation by management forcertain acti-ities or transactions.

Segregation of /uties

Food internal control demands that no

single emloyee be gi-en too much

resonsibility. An emloyee should not be in a

osition to eretrate and conceal

fraud or unintentional errors.

Recording Functions

Preparing source documents

Maintaining journals

Preparing reconciliations

Preparing performance reports

Custodial Functions

Handling cash

Handling assets

Writing checksReceiving checks in mail Authorization Functions

Authorization of

transactions

If t0o of these three functions are the

resonsibility of a single erson( roblems

can arise.

Segregation of duties re-ents emloyees

from falsifying records in order to conceal

theft of assets entrusted to them.

Pre-ent authori2ation of a fictitious orinaccurate transaction as a means of

concealing asset thefts.

Segregation of duties re-ents an

emloyee from falsifying records to

co-er u an inaccurate or falsetransaction that 0as inaroriately

authori2ed.

/esign and Hse of Ade>uate

/ocuments and Records

<he roer design and use of

documents and records hels ensure

the accurate and comlete recordingof all rele-ant transaction data.

/ocuments that initiate a transaction

should contain a sace for

authori2ation.

/esign and Hse of Ade>uate

/ocuments and Records

<he follo0ing rocedures safeguard assetsfrom theft( unauthori2ed use( and-andalism

effecti-ely suer-ising and segregatingduties

maintaining accurate records of assets(including information

restricting hysical access to cash and aerassets

ha-ing restricted storage areas

Ade>uate Safeguards of

Assets and Records

:hat can be used to safeguardassets; cash registers

safes( loc6bo1es

safety deosit bo1es

restricted and fireroof storage areas

controlling the en-ironment restricted access to comuter rooms(

comuter files( and information

Indeendent Chec6s

on Performance

Indeendent chec6s ensure that

transactions are rocessed accurately are

another imortant control element.

Indeendent Chec6s

on Performance

:hat are -arious tyes of

indeendent chec6s;

reconciliation of t0o indeendentlymaintained sets of records

comarison of actual >uantities 0ith

recorded amounts

double!entry accounting batch totals

Indeendent Chec6s

on Performance

Gi-e batch totals are used in comuter

systems

A financial total is the sum of a dollarfield.

$ A hash total is the sum of a field that

0ould usually not be added.

Indeendent Chec6s

on Performance

& A record count is the number of

documents rocessed.

A line count is the number of lines ofdata entered.

4 A cross!footing balance test comares

the grand total of all the ro0s 0ith the

grand total of all the columns to chec6that they are e>ual.

E-aluate a system of

internal accounting

control( identify itsdeficiencies( and rescribe

modifications to remedythose deficiencies.

Ris6 Assessment

<he third comonent of C+S+8s internal

control model is ris6 assessment.

Comanies must identify the threats they

strategic doing the 0rong thing

financial ha-ing financial resources lost(

0asted( or stolen

information faulty or irrele-ant

information( or unreliable systems

Ris6 Assessment

Comanies that imlement electronic

data interchange E/ID must identify

the threats the system 0ill face( suchas

Choosing an inaroriate technology

$ Hnauthori2ed system access

& <aing into data transmissions

3 *oss of data integrity

Ris6 Assessment

4 Incomlete transactions

5 System failures

" Incomatible systems

Ris6 Assessment

Some threats ose a greater ris6

because the robability of their

occurrence is more li6ely. Gor

e1amle A comany is more li6ely to be the

-ictim of a comuter fraud rather than

a terrorist attac6. Ris6 and e1osure must be

considered together.

Conduct a cost!benefit

analysis for articular

threats( e1osures(

ris6s( and controls.

Estimate Cost and Benefits

7o internal control system can ro-ide

foolroof rotection against all internal

control threats. <he cost of a foolroof system 0ould

be rohibiti-ely high.

+ne 0ay to calculate benefits in-ol-es

calculating e1ected loss.

Epected loss ! risk " eposure

Estimate Cost and Benefits

<he benefit of a control rocedure is

the difference bet0een the e1ected

loss 0ith the control roceduresD andthe e1ected loss 0ithout it.

#$%%& Prentice 'all BusinessPublishing( "!4&

Information and

Communication

<he fourth comonent of C+S+8s

internal control model is information

and communication.

#$%%& Prentice 'all BusinessPublishing( "!43

Information and

Communication

Accountants must understand the follo0ing 'o0 transactions are initiated

$ 'o0 data are catured in machine!readable

form or con-erted from source documents& 'o0 comuter files are accessed and

udated

3 'o0 data are rocessed to reare

information4 'o0 information is reorted

5 'o0 transactions are initiated

Information and

Communication

All of these items ma6e it ossible for thesystem to ha-e an audit trail.

An audit trail e1ists 0hen indi-idual

comany transactions can be tracedthrough the system.

Monitoring Performance

<he fifth comonent of C+S+8s

internal control model is monitoring.

:hat are the 6ey methods ofmonitoring erformance;

effecti-e suer-ision

resonsibility accounting

internal auditing

Case Conclusion

+ne of the Sringers held a significant

o0nershi interest in each of these three

comanies.

<hey also found e-idence that se-eral of

Sringer8s emloyees 0ere aid for more

hours than documented by time6eeing(

and that in-entories 0ere o-erstated.

7orth0est settled the case 0ith the

Sringers.

End of Chapter 7

AIS07Computer-Based Information Systems Controls

Documents

Transportation Controls and Communication Systems

Systems approach to flight controls

Heating Systems and Their Controls

TrueSTEAM Humidification Systems - Industrial Controls

ITIS 1210 Introduction to Web-Based Information Systems Chapter 52 Parental Controls on the Internet

PROGRAMMABLE LOGIC CONTROLLER. Control Systems Types Programmable Logic Controllers Distributed Control System PC- Based Controls

YORK SYSTEMS - Johnson Controls · 2016-01-20 · 4 OHNSON CONTROLS DUCTfiFREE MINIfiSPLIT SYSTEMS OHNSON CONTROLS DUCTfiFREE MINIfiSPLIT SYSTEMS 5 INTEGRATED SOFTWARE TOOLS THAT

Propulsion Systems With Controls

Akshay Controls & Systems Pvt Ltd, Introduction ( Marine Controls and Automation)

Computer-Based Information Systems Controls

Security/Auditing & Controls of Information Systems & Controls of Information Systems ... The weakest link in any security system is the user. ... Based on the concept that individuals

Networked Lighting Controls for Non-residential Buildings ... · Room vs. Building/Enterprise Systems Room-Based: • Centralized load controllers • Zoning based on physical wiring

ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES ...testbankbyte.com/.../uploads/2016/09/Accounting-Information-Systems-1e.pdf · ACCOUNTING INFORMATION SYSTEMS CONTROLS AND

Accounting Systems and Internal Controls

CONTROLS FOR CENTRAL HEATING SYSTEMS

Akshay Controls & Systems Pvt Ltd

Labs Appropriate for Lecture-based Introductory Systems ... · AC 2012-5287: LABS APPROPRIATE FOR LECTURE-BASED INTRO-DUCTORY SYSTEMS AND CONTROLS CLASSES USING LEGO NXT AND LABVIEW

ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES ...testbankcart.com/.../2015/07/Accounting-Information-Systems-1e.pdf · accounting information systems controls and processes

Controls systems ACE notes

WPF Windows Based Controls