SlideShare a Scribd company logo

Internal Controls

National Pork Board
National Pork Board

Cody Griffin, Frazer Frost, LLP, 2010 Pork Management Conference, June 16-18 in Hilton Head, S.C.

Government & Nonprofit
1 of 26
Download to read offline
Internal Controls Cody Griffin CPA, CITP, CISA Risk Assurance Services
Content • Common SAS 115 Comments • Common Applications • Outsourcing /Cloud Computing • SAS 70 • Control Basics • IT General Controls • The Bull’s Eye
Common SAS 115 Comments Business Process Controls Percentage Finding / Risk 33% Due to the limited number of employees working at the buying sites, many of critical duties are combined and given to the available employees. Presently, a single individual prepares and signs checks as well as maintains the general ledger. 20% At the time of our audit, there were several large checks that had been outstanding for several months. Tracking outstanding checks is an important control procedure that ensures that all outgoing checks are accounted for. 13% One person is responsible for preparing payroll input, reviewing the payroll journals from the payroll system, finalizing each payroll for employees and amounts, determining the bank transfer and distribution of bank transfer to the employees accounts for each payroll. This combination of duties is completely incompatible and significantly increases the chance of an error or irregularity going undetected. 13% During the review of internal control processes related to AP we noted that all employees with access to the AP module also maintained the ability to create vendors.
Common SAS 115 Comments General Computer Controls Percentage Finding / Risk 60% Passwords to log onto the network / financial application(s) are not required to change (expire) periodically. 60% Backup media is not being rotated off site to an environmentally and physically secure location. Backup media is not being tested periodically to ensure recoverability. 47% The CFO/Controller have administrator rights to the financial application(s). 40% Access to the physical location of the computer hardware is not restricted. 40% Written disaster recovery procedures do not exist. 33% While many IT and operational procedures are standardized and routinely followed, they have not been documented and approved by management. 27% Segregation of duties does not exist within the financial application 20% Shared users IDs are being used. 13% An evaluation of the outside service provider's SAS 70 Type II report is not being conducted. 1% User access within the financially significant applications is not being reviewed periodically. 1% Programmers have access to the live application's source code / supporting data, and change documentation is not standardized.
Common Applications ERP Custom (Unix) Dynamics Farm Business Software (FBS) Macola MAS200 MAS90 Peachtree Quantum Platinum Taylor Made Solutions
Common Applications Live Inventory Dynamics Farm Business Software (FBS) Lot Tracker Macola MAS200 MAS90 MTech PigKnows ProTrack Taylor Made Solutions
Common Applications Feed Mill Agris CTN Data Dynamics Feed Office Pro Repete Taylor Made Solutions WEM4000
Common Applications Payroll ADP CompuPay Custom (Unix) Evolution Farm Business Software (FBS) Macola MAS90 Platinum Redwing Taylor Made Solutions WebPay
Outsourcing / Cloud Computing • What controls do you have in place? • Do you still own your data? • What happens if you decide to change providers? • Did you have an attorney assist with the contract? • Do they have a SAS 70?
SAS 70 • A SAS 70 audit is a process in which an independent accounting firm assesses the internal controls of a service organization and issues both a service auditor’s report and an opinion based on the assessment. • Service auditor reports are referred to as SAS 70 reports because they are defined by Statement on Auditing Standard (SAS) No. 70 issued by the American Institute of Certified Public Accountants (AICPA).
Type 1 vs. Type 2 Report • Type 1 Report: A service auditor's report on the fair presentation of a service organization's description of its controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, and on whether they had been placed in operation as of a specific date. No Testing Limited Value
Type 1 vs. Type 2 Report (cont.) • Type 2 Report: provides a description of the controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, on whether they had been placed in operation as of a specific date, and on whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved during the period specified. Testing Most Common Most Customer Value
Importance of User Control Considerations
User Control Considerations: What are they? • Controls important to the process but that are left to the responsibility of user organization • Outside the scope of the controls the service organization can provide • Guidance for user auditor for controls to test at the user organization
User Control Considerations: How do they help service organizations? • Clearly Define Responsibility: If the control cannot be maintained internally it provides a way to notify user that they are responsible for the control. • Limit Liability: User control considerations help more clearly define where liability for controls is situated.
Identification of controls Question: What is a control? Answer: A control is an activity put in place to mitigate a risk. Question: What types of risks should we be thinking about in our work? Answer: The risk that Financial Statement Assertions and Information Processing Objectives are not met.
Think controls! What words are often associated with controls? • Match • Review • Re-perform • Compare • Restrict • Validate • Reconcile
Control Evaluation Questions • Automated or Manual • Close to process or far from process • Close to accounts or far from accounts • Control has been placed in operation • Staff are competent • Control covers 100% of the population
Attributes of the “best” controls: • Invisible • Automated • Preventative • Risk-based
IT General Controls • Access to Programs and Data • Computer Operations • Program Changes • Program Development & Implementation
Access to Programs and Data Objective To ensure that only authorized access is granted to programs and data upon authentication of a user's identity.
Computer Operations Objective To ensure that production systems are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data.
Program Changes Objective To ensure that changes to programs and related infrastructure components are requested, prioritized, performed, tested, and implemented in accordance with management’s objectives.
Program Development Objective To ensure that systems are developed, configured, and implemented to achieve management’s objectives.
Cody Griffin, CPA, CITP, CISA cgriffin@frazerfrost.com (501) 537-7441

Recommended

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditManoj Agarwal
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Integrated Test Facility
Integrated Test FacilityIntegrated Test Facility
Integrated Test Facilitykzoe1996
 

Recommended

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditManoj Agarwal
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Integrated Test Facility
Integrated Test FacilityIntegrated Test Facility
Integrated Test Facilitykzoe1996
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an IntroductoryMNorazizi HM
 
Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-softwarekzoe1996
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisaasrulsani09
 
Chapter 6
Chapter 6Chapter 6
Chapter 6Nur Dalila Zamri
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...NAFCU Services Corporation
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questionsdouglascarnicelli
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITComputer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITShahzeb Pirzada
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copySaleh Rashid
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1Hemang Doshi
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 

More Related Content

What's hot

Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an IntroductoryMNorazizi HM
 
Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-softwarekzoe1996
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...NAFCU Services Corporation
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questionsdouglascarnicelli
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITComputer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITShahzeb Pirzada
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copySaleh Rashid
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1Hemang Doshi
 

What's hot (20)

IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
 
Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-software
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITComputer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1
 

Similar to Internal Controls

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Gaiani (CarnCorpAudit)
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controlsMulyadi Yusuf
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)cp2000
 
Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?Reveille Software
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector ValueNotes
 
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validationXybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validationXybion Corporation
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice questionArshad A Javed
 
Survey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceSurvey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceNimonik
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 

Similar to Internal Controls (20)

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controls
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)
 
Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector
 
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validationXybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
Survey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceSurvey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed compliance
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 

More from National Pork Board

Credit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production CompanyCredit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production CompanyNational Pork Board
 
Electronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh FarmsElectronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh FarmsNational Pork Board
 
Taking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet MiningTaking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet MiningNational Pork Board
 
Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010National Pork Board
 
Analytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing PerformanceAnalytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing PerformanceNational Pork Board
 
Reorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm StoryReorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm StoryNational Pork Board
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureNational Pork Board
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureNational Pork Board
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureNational Pork Board
 
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed CostsManaging Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed CostsNational Pork Board
 
Packer Contracts and Perspective
Packer Contracts and PerspectivePacker Contracts and Perspective
Packer Contracts and PerspectiveNational Pork Board
 
Legislative and Regulatory Update
Legislative and Regulatory UpdateLegislative and Regulatory Update
Legislative and Regulatory UpdateNational Pork Board
 
U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)National Pork Board
 
National Pork Board Update - 2010
National Pork Board Update - 2010National Pork Board Update - 2010
National Pork Board Update - 2010National Pork Board
 

More from National Pork Board (20)

Hiring and Firing Employees
Hiring and Firing EmployeesHiring and Firing Employees
Hiring and Firing Employees
 
Worker Safety / OSHA
Worker Safety / OSHAWorker Safety / OSHA
Worker Safety / OSHA
 
Credit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production CompanyCredit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production Company
 
Electronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh FarmsElectronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh Farms
 
Taking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet MiningTaking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet Mining
 
Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010
 
Analytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing PerformanceAnalytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing Performance
 
Animal Welfare Initiatives
Animal Welfare InitiativesAnimal Welfare Initiatives
Animal Welfare Initiatives
 
Reorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm StoryReorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm Story
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed CostsManaging Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
 
Packer Contracts and Perspective
Packer Contracts and PerspectivePacker Contracts and Perspective
Packer Contracts and Perspective
 
Legislative and Regulatory Update
Legislative and Regulatory UpdateLegislative and Regulatory Update
Legislative and Regulatory Update
 
Market Outlook - 2010
Market Outlook - 2010Market Outlook - 2010
Market Outlook - 2010
 
U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)
 
National Pork Board Update - 2010
National Pork Board Update - 2010National Pork Board Update - 2010
National Pork Board Update - 2010
 
Grain Outlook - 2011
Grain Outlook - 2011Grain Outlook - 2011
Grain Outlook - 2011
 
Market Outlook - 2011
Market Outlook - 2011Market Outlook - 2011
Market Outlook - 2011
 

Recently uploaded

VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escortsaditipandeya
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Hemant Purohit
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfSamirsinh Parmar
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginningsinfo695895
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxaaryamanorathofficia
 
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escortssonatiwari757
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...ranjana rawat
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxPeter Miles
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.Christina Parmionova
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...MOHANI PANDEY
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...SUHANI PANDEY
 

Recently uploaded (20)

VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
 
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl mohali 7001035870 Enjoy Call Girls With Our Escorts
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
 

Internal Controls

  • 1. Internal Controls Cody Griffin CPA, CITP, CISA Risk Assurance Services
  • 2. Content • Common SAS 115 Comments • Common Applications • Outsourcing /Cloud Computing • SAS 70 • Control Basics • IT General Controls • The Bull’s Eye
  • 3. Common SAS 115 Comments Business Process Controls Percentage Finding / Risk 33% Due to the limited number of employees working at the buying sites, many of critical duties are combined and given to the available employees. Presently, a single individual prepares and signs checks as well as maintains the general ledger. 20% At the time of our audit, there were several large checks that had been outstanding for several months. Tracking outstanding checks is an important control procedure that ensures that all outgoing checks are accounted for. 13% One person is responsible for preparing payroll input, reviewing the payroll journals from the payroll system, finalizing each payroll for employees and amounts, determining the bank transfer and distribution of bank transfer to the employees accounts for each payroll. This combination of duties is completely incompatible and significantly increases the chance of an error or irregularity going undetected. 13% During the review of internal control processes related to AP we noted that all employees with access to the AP module also maintained the ability to create vendors.
  • 4. Common SAS 115 Comments General Computer Controls Percentage Finding / Risk 60% Passwords to log onto the network / financial application(s) are not required to change (expire) periodically. 60% Backup media is not being rotated off site to an environmentally and physically secure location. Backup media is not being tested periodically to ensure recoverability. 47% The CFO/Controller have administrator rights to the financial application(s). 40% Access to the physical location of the computer hardware is not restricted. 40% Written disaster recovery procedures do not exist. 33% While many IT and operational procedures are standardized and routinely followed, they have not been documented and approved by management. 27% Segregation of duties does not exist within the financial application 20% Shared users IDs are being used. 13% An evaluation of the outside service provider's SAS 70 Type II report is not being conducted. 1% User access within the financially significant applications is not being reviewed periodically. 1% Programmers have access to the live application's source code / supporting data, and change documentation is not standardized.
  • 5. Common Applications ERP Custom (Unix) Dynamics Farm Business Software (FBS) Macola MAS200 MAS90 Peachtree Quantum Platinum Taylor Made Solutions
  • 6. Common Applications Live Inventory Dynamics Farm Business Software (FBS) Lot Tracker Macola MAS200 MAS90 MTech PigKnows ProTrack Taylor Made Solutions
  • 7. Common Applications Feed Mill Agris CTN Data Dynamics Feed Office Pro Repete Taylor Made Solutions WEM4000
  • 8. Common Applications Payroll ADP CompuPay Custom (Unix) Evolution Farm Business Software (FBS) Macola MAS90 Platinum Redwing Taylor Made Solutions WebPay
  • 9. Outsourcing / Cloud Computing • What controls do you have in place? • Do you still own your data? • What happens if you decide to change providers? • Did you have an attorney assist with the contract? • Do they have a SAS 70?
  • 10. SAS 70 • A SAS 70 audit is a process in which an independent accounting firm assesses the internal controls of a service organization and issues both a service auditor’s report and an opinion based on the assessment. • Service auditor reports are referred to as SAS 70 reports because they are defined by Statement on Auditing Standard (SAS) No. 70 issued by the American Institute of Certified Public Accountants (AICPA).
  • 11. Type 1 vs. Type 2 Report • Type 1 Report: A service auditor's report on the fair presentation of a service organization's description of its controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, and on whether they had been placed in operation as of a specific date. No Testing Limited Value
  • 12. Type 1 vs. Type 2 Report (cont.) • Type 2 Report: provides a description of the controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, on whether they had been placed in operation as of a specific date, and on whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved during the period specified. Testing Most Common Most Customer Value
  • 13. Importance of User Control Considerations
  • 14. User Control Considerations: What are they? • Controls important to the process but that are left to the responsibility of user organization • Outside the scope of the controls the service organization can provide • Guidance for user auditor for controls to test at the user organization
  • 15. User Control Considerations: How do they help service organizations? • Clearly Define Responsibility: If the control cannot be maintained internally it provides a way to notify user that they are responsible for the control. • Limit Liability: User control considerations help more clearly define where liability for controls is situated.
  • 16. Identification of controls Question: What is a control? Answer: A control is an activity put in place to mitigate a risk. Question: What types of risks should we be thinking about in our work? Answer: The risk that Financial Statement Assertions and Information Processing Objectives are not met.
  • 17. Think controls! What words are often associated with controls? • Match • Review • Re-perform • Compare • Restrict • Validate • Reconcile
  • 18. Control Evaluation Questions • Automated or Manual • Close to process or far from process • Close to accounts or far from accounts • Control has been placed in operation • Staff are competent • Control covers 100% of the population
  • 19. Attributes of the “best” controls: • Invisible • Automated • Preventative • Risk-based
  • 20. IT General Controls • Access to Programs and Data • Computer Operations • Program Changes • Program Development & Implementation
  • 21. Access to Programs and Data Objective To ensure that only authorized access is granted to programs and data upon authentication of a user's identity.
  • 22. Computer Operations Objective To ensure that production systems are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data.
  • 23. Program Changes Objective To ensure that changes to programs and related infrastructure components are requested, prioritized, performed, tested, and implemented in accordance with management’s objectives.
  • 24. Program Development Objective To ensure that systems are developed, configured, and implemented to achieve management’s objectives.
  • 25.
  • 26. Cody Griffin, CPA, CITP, CISA cgriffin@frazerfrost.com (501) 537-7441