Deck 10: Accounting Information Systems and Internal Controls

Processing controls are IT general controls.

COBIT (Control Objectives for Information and related Technology)is a generally accepted framework for IT governance in the U.S.

Public Company Accounting Oversight Board (PCAOB)Auditing Standard No.5 (AS 5)encourages auditors to start from the basic/bottom of financial records to identify the key controls.

The chief executive officer is ultimately responsible for enterprise risk management.

Internal control is a process consisting of ongoing tasks and activities.It is a means to an end,not an end in itself.

Segregation of duties reduces the risk of errors and irregularities in accounting records.

According to the Sarbanes-Oxley Act of 2002,it is the responsibility of the Board of Directors to establish and maintain the effectiveness of internal control.

A firm must establish control policies,procedures,and practices that ensure the firm's business objectives are achieved and its risk mitigation strategies are carried out.

The main objective of the ISO 27000 series is to provide a model for establishing,implementing,operating,monitoring,maintaining,and improving information security.

The Sarbanes-Oxley Act of 2002 (SOX)2002 requires the management of all companies and their auditors to assess and report on the design and effectiveness of internal control over financial reporting annually.

Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX),the Public Company Accounting Oversight Board (PCAOB)established the Securities and Exchange Commission (SEC)to provide independent oversight of public accounting firms.

Internal controls guarantee the accuracy and reliability of accounting records.

In a computerized environment,internal controls can be categorized as general controls and application controls.

The risk of a company's internal auditing processes failing to catch the misstated dollar amount of revenue on the company's income statement is classified as inherent risk.

The information system of Company ABC is deemed to be 90% reliable.A major threat has been identified with an exposure of $5,000,000.Two control procedures exist to deal with the threat.Implementation of control A would cost of $140,000 and reduce the risk to 4%.Implementation of control B would cost $100,000 and reduce the risk to 6%.Implementation of both controls would cost $220,000 and reduce the risk to 2%.Given the data and based solely on an economic analysis of costs and benefits,which control procedure should you choose?
C.

What are the definitions of "governance" and "management" in the COBIT 5.0 framework?

What are the three main functions of COSO ERM?

Describe the three categories of objectives and five essential components of the COSO 2.0 framework.

Which internal control(s)would you recommend to prevent the following situations from occurring?
a.While entering the details about a large credit sale,a clerk mistakenly typed in a nonexistent account number.Consequently,the company never received the payment from this customer.
b.A customer filled in a wrong account number on the remittance advice.Consequently,a clerk entered the same number into the system,and the payment was credited to another customer's account.
c.After processing a large sales transaction,the inventory records showed negative quantities on hand for several items.

Discuss the ethical values created in Starbucks.How do they help to form the firm's control environment?

Put the listed steps in the corresponding parentheses in the risk assessment and response approach diagram below.
(A)Avoid,share or accept risk
(B)Reduce risk by implementing controls
(C)Is it cost beneficial to protect the firm from the risk?
(D)Estimate the likelihood of each risk occurring
(E)Identify control to mitigate the risk
(F)Estimate the costs and benefits from instituting controls
(G)Identify the risks
(H)Estimate the impact or potential loss,from each risk

What is the impact of the Sarbanes-Oxley Act of 2002 (SOX)on public companies and public accounting firms?