Internal controls in an IT environment

874 views
651 views

Published on

Application Controls

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
874
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Internal controls in an IT environment

  1. 1. Internal Controls in an IT Environment
  2. 2. What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
  3. 3. Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
  4. 4. Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
  5. 5. PDC Model Preventive, Detective and Corrective Controls
  6. 6. Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
  7. 7. Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
  8. 8. Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
  9. 9. COSO INTERNAL CONTROL FRAMEWORK
  10. 10. What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
  11. 11. THE COSO INTERNAL FRAMEWORK
  12. 12. The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
  13. 13. Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
  14. 14. Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
  15. 15. Monitoring – Process by which the quality of internal control design and operation can be assessed.
  16. 16. Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
  17. 17. • IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
  18. 18. – General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures

×