Professional Documents
Culture Documents
Information
Systems
9th Edition
Marshall B. Romney
Paul John Steinbart
7-1
Computer-Based Information
Systems Controls
Chapter 7
7-2
Learning Objectives
1.
2.
3.
7-3
5.
6.
7-4
Introduction
Jason Scott has been hired as an
internal auditor for Northwest
Industries, a diversified forest
products company.
He is assigned to audit Springers
Lumber & Supply, Northwests
building materials outlet in Montana.
7-5
Introduction
7-6
Introduction
Jasons frustrations, continued
Some vendor invoices have been paid without supporting
documents.
Purchase requisitions are missing for several items that had
been authorized by Bill Springer, purchasing v.p.
Prices charged for some items seem unusually high.
Springers is the largest supplier in the area and has a near
monopoly.
Management authority is concentrated in the company
president, Joe Springer, and his sons Bill, the purchasing
v.p., and Ted, the controller.
Maria feels that Ted may have engaged in creative
accounting.
7-7
Introduction
7-8
Introduction
This chapter discusses the types of
threats a company faces.
It also presents the five interrelated
components of the Committee of
Sponsoring Organizations (COSOs)
internal control model.
7-9
Learning Objective 1
Describe the threats to an AIS and
discuss why these threats are
growing.
7-10
Threats to Accounting
Information Systems
7-11
Threats to Accounting
Information Systems
hardware failures
power outages and fluctuations
undetected data transmission errors
7-12
Threats to Accounting
Information Systems
7-13
Threats to Accounting
Information Systems
sabotage
computer fraud
embezzlement
7-14
7-15
Learning Objective 2
7-16
Overview of Control
Concepts
What is the traditional definition of internal
control?
Internal control is the plan of organization
and the methods a business uses to
safeguard assets, provide accurate and
reliable information, promote and improve
operational efficiency, and encourage
adherence to prescribed managerial
policies.
2003 Prentice Hall Business
Publishing,
7-17
Overview of Control
Concepts
1
2
7-18
Internal Control
Classifications
7-19
7-20
Committee of Sponsoring
Organizations
7-21
Committee of Sponsoring
Organizations
In 1992, COSO issued the results of a
study to develop a definition of
internal controls and to provide
guidance for evaluating internal
control systems.
The report has been widely accepted
as the authority on internal controls.
7-22
Committee of Sponsoring
Organizations
7-23
Committee of Sponsoring
Organizations
Control environment
Control activities
Risk assessment
Information and communication
Monitoring
2003 Prentice Hall Business
Publishing,
7-24
7-25
7-26
Learning Objective 3
7-27
7-28
7-29
Learning Objective 4
Describe control
policies and procedures
commonly used in
business organizations.
7-30
Control Activities
The second component of COSOs
internal control model is control
activities.
Generally, control procedures fall into
one of five categories:
1
2
7-31
Control Activities
3
4
5
7-32
Proper Authorization of
Transactions and Activities
Authorization is the empowerment
management gives employees to
perform activities and make decisions.
Digital signature or fingerprint is a
means of signing a document with a
piece of data that cannot be forged.
Specific authorization is the granting
of authorization by management for
certain activities or transactions.
7-33
Segregation of Duties
Good internal control demands that no
single employee be given too much
responsibility.
An employee should not be in a
position to perpetrate and conceal
fraud or unintentional errors.
7-34
Segregation of Duties
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail
Recording Functions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
Authorization Functions
Authorization of
transactions
7-35
Segregation of Duties
7-36
Segregation of Duties
Segregation of duties prevents an
employee from falsifying records to
cover up an inaccurate or false
transaction that was inappropriately
authorized.
7-37
7-38
7-39
Adequate Safeguards of
Assets and Records
cash registers
safes, lockboxes
safety deposit boxes
restricted and fireproof storage areas
controlling the environment
restricted access to computer rooms,
computer files, and information
2003 Prentice Hall Business
Publishing,
7-40
Independent Checks
on Performance
Independent checks ensure that
transactions are processed accurately are
another important control element.
7-41
Independent Checks
on Performance
7-42
Independent Checks
on Performance
7-43
Independent Checks
on Performance
3
4
5
7-44
Learning Objective 5
Evaluate a system of
internal accounting
control, identify its
deficiencies, and prescribe
modifications to remedy
those deficiencies.
2003 Prentice Hall Business
Publishing,
7-45
Risk Assessment
7-46
Risk Assessment
7-47
Risk Assessment
5
6
7
Incomplete transactions
System failures
Incompatible systems
7-48
Risk Assessment
Some threats pose a greater risk
because the probability of their
occurrence is more likely. For
example:
A company is more likely to be the
victim of a computer fraud rather than
a terrorist attack.
Risk and exposure must be
considered together.
2003 Prentice Hall Business
Publishing,
7-49
Learning Objective 6
Conduct a cost-benefit
analysis for particular
threats, exposures,
risks, and controls.
7-50
7-51
7-52
Information and
Communication
7-53
Information and
Communication
7-54
Information and
Communication
7-55
Monitoring Performance
The fifth component of COSOs
internal control model is monitoring.
What are the key methods of
monitoring performance?
effective supervision
responsibility accounting
internal auditing
2003 Prentice Hall Business
Publishing,
7-56
Case Conclusion
What happened to Jasons report?
A high-level internal audit team was
dispatched to Montana.
The team discovered that the
problems identified by Jason occurred
almost exclusively in transactions with
three large vendors from whom
Springers had purchased several
million dollars of inventory.
7-57
Case Conclusion
7-58
End of Chapter 7
7-59