Control in Accounting Information Systems

Control

Helps companies achieve objectives and mitigate risks.

Threat

Potential adverse occurrence impacting accounting systems.

Exposure or impact

Potential dollar loss from a realized threat.

Likelihood

Probability of a threat occurring.

Preventive Controls

Deter problems from occurring in systems.

Detective Controls

Discover problems that were not prevented.

Corrective Controls

Identify and rectify existing problems.

Internal Control Objectives

o   Safeguard assets

o   Maintain records in sufficient detail

o   Provide accurate and reliable information

o   Prepare financial reports according to established criteria

o   Promote and improve operational efficiency

o   Encourage adherence with management policies

o   Comply with laws and regulations

Compliance objective

Ensure compliance with applicable laws and regulations

General Controls

Stabilize information systems and control environments.

Application Controls

Prevent, detect, and correct transaction errors.

Belief System

Describes how a company creates value.

Boundary System

Sets ethical behavior limits for employees.

Diagnostic Control System

Measures and compares performance against goals.

Interactive Control System

engages managers and subordinates in face-to-face discussions to align attention and decisions with key strategic issues.

Foreign Corrupt Practices Act (FCPA)

Legislation preventing bribery of foreign officials. Requires all publicly owned corporations to maintain a system of internal accounting controls

Sarbanes-Oxley Act (SOX)

applies to publicly held companies and their auditors designed to

o   Prevent financial statement fraud

o   Improve transparency of financial reporting

o   Protect investors

o   Strengthen internal controls

o   Punish executives who perpetrate fraud

Public Company Accounting Oversight Board (PCAOB)

Regulates the auditing profession under SOX.

Control Objectives for Information and Related Technology (COBIT)

Framework for IT security and control practices.

Committee of Sponsoring Organizations (COSO)

Group promoting effective internal control frameworks.

Control Environment

Company culture that is the foundation for all other internal control components

Risk Assessment

Identifies and analyzes risk factors.

Control Activities

Policies and procedures ensuring management directives are executed.

Monitoring

Ongoing assessment of internal control effectiveness.

Risk Appetite

Amount of risk a company is willing to accept.

Objective Setting

Defines strategic, operational, reporting, and compliance goals.

Event Identification

Recognizing incidents affecting organizational objectives.

Risk Assessment Perspectives

Likelihood and impact of potential risks.

Inherent Risk

Risk existing without any controls applied.

Residual Risk

Risk remaining after controls are implemented.

Expected Loss

Impact multiplied by likelihood of a threat.

Risk Response

Strategies to manage identified risks. Accept, risk, share or avoid

Control Activities Examples

Include authorization, segregation of duties, and safeguarding.

Internal Control Framework

A structure of policies and procedures designed to provide assurance that an organization's objectives will be achieved effectively and efficiently.

• control environment

• risk assessment

• control activities

• monitoring

General authorization

Given to employees to handle routine transactions without special approval

Systems integrator

Outside party hired to manage systems development effort

utilization

Percentage of time a system is used

Security management

Makes sure systems are secure and protected from internal and external threats

strategic master plan

Multiple year plan of projects company must complete to achieve long-range goals

Specific authorization

Special approval needed to handle a transaction

Collusion

Cooperation between two or more people to thwart internal controls

Thoughput

Amount of work performed during a given time period

Systems administrator

Responsible for making sure a system operates smoothly and efficiently

Data control

Ensures source data is approved, monitors work flow, and handles input errors

Analytical review

Examining relationships between different sets of data

Systems analysts

Help users determine their information needs and design systems to meet those needs

digital signature

Electronically signing a document with data that cannot be forged