Internal controls in an IT environment

  • 385 views
Uploaded on

Application Controls

Application Controls

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
385
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
12
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Internal Controls in an IT Environment
  • 2. What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
  • 3. Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
  • 4. Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
  • 5. PDC Model Preventive, Detective and Corrective Controls
  • 6. Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
  • 7. Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
  • 8. Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
  • 9. COSO INTERNAL CONTROL FRAMEWORK
  • 10. What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
  • 11. THE COSO INTERNAL FRAMEWORK
  • 12. The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
  • 13. Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
  • 14. Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
  • 15. Monitoring – Process by which the quality of internal control design and operation can be assessed.
  • 16. Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
  • 17. • IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
  • 18. – General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures