Controls and AIS

Document Sample
Controls and AIS Powered By Docstoc
					 Chapter 7

Control and AIS
              Threats to AIS
• Natural disasters
   – DSM flood (p. 249)
• Political disasters
   – Terrorism
• Cyber crime (as opposed to general terrorism)
• Equipment malfunctions
• Employee mistakes
            Summary Statistics
•   Information Systems Security Association
•   65% human errors
•   20% natural disasters and political terrorism
•   15% fraud (internal and external)
    (another association for you to join…)
            Internal Control
• Management Control - broad focus

• Internal (Accounting) Control - narrower
  – policies and procedures
             Internal Control
•   Preventive, detective, corrective controls
•   General and application controls
•   Administrative and accounting controls
•   Input, process, output controls
                  Focus
• Management and accounting controls exist
  for every purpose
• Do not get lost in the authors’ categories
        Essential Background
• FCPA 1977 - evolved from bribery concerns
  – proper recording of transactions
  – safeguard assets
  – accurate assets
• COSO 1992 - AICPA, IIA, IMA, FEI
  – in-depth IC study
     • Effective and efficient operations
     • Reliable reporting
     • Regulatory compliance
                    COBIT
• Info Sys Audit & Control Foundation
• Control Objectives for IT
  – benchmark security and control
  – users protected
  – auditors able to substantiate their opinions
• (Another organization for you to join…)
       COSO IC Model
• Control environment
• Control activities
• Risk assessment
• Information and communication
• Monitoring
(can you provide examples of each?)
               Basic Needs
•   Integrity and Ethical Values
•   Management Philosophy and Operating Style
•   Organizational Structure
•   Assignment of Responsibility and Authority
    – Accounting Procedures Manual
    – Policy and Procedures Manual
• SEC Audit Committees
        IC Activities
•   Proper authorization
•   Segregation of duties
•   Design and use of documentation
•   Safeguarding assets
•   Review performance
Proper Authorization
• Dual signatures on checks
  – when ?
• Digital signatures
Segregation of Duties
•   Custodial Functions
•   Recording Functions
•   Authorization Functions
•   Examples
    – aviation
    – construction
    – collusion?
Adequate Documentation
• How to verify in a digital world?
Safeguard Assets (and Records?)
     • Primarily, restrict access
     • Implement IC procedures
   Review Performance
• Redundant records
  – staff-level and administrators
• Audit - actual Vs. reported
• Batch totals - by hand
• Accounting - double-entry

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:1/17/2013
language:English
pages:16