Control and Accounting Information System
Control and Accounting Information System
Control and Accounting Information System
Informaon is available to a
vast amount of employees…
some of them unauthorized
to access the
informaon
Informaon on computer
networks may be di$cult to
control
Customers and suppliers
have access to each other’s
informaon
Informaton is available to a vast amount of employees. Some of them unauthorized to access
the informaton
Informaton on computer networks may be difficult to control
Customers and suppliers have access to each other’s informaton.
Internal controls are the processes implemented to provide reasonable assurance that the following
control objectves are achieved:
Safeguard assets—prevent or detect their unauthorized acquisiton, use, or dispositon.
Maintain records in sufficient detail to report company assets accurately and fairly.
Provide accurate and reliable informaton.
Prepare financial reports in accordance with established criteria.
Promote and improve operatonal efficiency.
Encourage adherence to prescribed managerial policies.
Comply with applicable laws and regulatons.
Robert Simons, a Harvard business professor, has espoused four levers of control to help management
reconcile the conflict between creatvity and controls.
1. A belief system describes how a company creates value, helps employees understand
management’s vision, communicates company core values, and inspires employees to live by
those values.
2. A boundary system helps employees act ethically by setting boundaries on employee behavior.
Instead of telling employees exactly what to do, they are encouraged to creatvely solve
problems and meet customer needs while meetng minimum performance standards, shunning
off-limit actvites, and avoiding actons that might damage their reputaton.
3. A diagnostc control system measures, monitors, and compares actual company progress to
budgets and performance goals. Feedback helps management adjust and fine-tune inputs and
processes so future outputs more closely match goals.
4. An interactve control system helps managers to focus subordinates’ attenton on key strategic
issues and to be more involved in their decisions. Interactve system data are interpreted and
discussed in face-to-face meetngs of superiors, subordinates, and peers.
Regrettably, not all organizatons have an effectve internal control system. For instance, one
report indicated that the FBI is plagued by IT infrastructure vulnerabilites and security problems, some
of which were identfied in an audit 16 years previously. Specific areas of concern were security
standards, guidelines, and procedures; segregaton of dutes; access controls, including password
management and usage; backup and recovery controls; and software development and change controls.
CONTROL FRAMEWORKS
The COBIT 5 framework The 5 components included in The basic principles include:
represents the best practces the Internal Control
- forming companies to create
for effectve IT management: framework are: value
- Meetng stakeholder needs - Control environment - whilst creatng value,
decisions must be made
- Covering the whole - Risk assessment about the certainty
enterprise
- Control actvites - uncertainty can result in
- Applying one integrated
- Informaton and high risk of the company to
framework protect values
communicaton
- Enable a holistc approach
- Monitoring - it can also result in
- Differentaton between opportunity, that can a6ect
governance and management the values of the company
- management of uncertainty
ORGANIZATIONAL STRUCTURE
A company’s organizatonal structure provides a framework for planning, executng, controlling, and
monitoring operatons. Important aspects of the organizatonal structure include the following:
● Centralizaton or decentralizaton of authority
● A direct or matrix reportng relatonship
● Organizaton by industry, product line, locaton, or marketng network
● How allocaton of responsibility affects informaton requirements
● Organizaton of and lines of authority for accountng, auditng, and informaton system functons
● Size and nature of company actvites
CONTROL ACTIVITIES
Control actvites are policies, procedures, and rules that provide reasonable assurance that control
objectves are met and risk responses are carried out. It is management’s responsibility to develop a
secure and adequately controlled system. Management must make sure that:
1. Controls are selected and developed to help reduce risks to an acceptable level.
2. Appropriate general controls are selected and developed over technology.
3. Control actvites are implemented and followed as specified in company policies and procedures.
The informaton security officer and the operatons staff are responsible for ensuring that control
procedures are followed.
Controls are much more effectve when placed in the system as it is built, rather than as an afterthought.
As a result, managers need to involve systems analysts, designers, and end users when designing
computer-based control systems. It is important that control actvites be in place during the end-of-the-
year holiday season, because a disproportonate amount of computer fraud and security break-ins takes
place during this tme. Some reasons for this are (1) extended employee vacatons mean that there are
fewer people to “mind the store”; (2) students are out of school and have more tme on their hands; and
(3) lonely counterculture hackers increase their attacks.
Control procedures fall into the following categories:
1. Proper authorizaton of transactons and actvites
2. Segregaton of dutes
3. Project development and acquisiton controls
4. Change management controls
5. Design and use of documents and records
6. Safeguarding assets, records, and data
7. Independent checks on performance.
Arrange meetngs between the new manager and the old manager to transfer ideas and informaton
from the old manager to the new manager.
Have the top manager address the importance of the project with the new manager.
Have an agreement with the new manager that ongoing projects will be completed according to pre-
approved plans. Changes will be accepted only for justfiable and critcal issues.
Intel resolved conflicts between cost effectveness and system functonality/scalability through
negotaton, justficaton, strategic values, and politcs.
For the overall benefits to an organizaton, top management should arbitrate such conflicts.
The total project cost = 5200000 Benefit from each workstation = 4500
6. Economic justficaton:
The tangible benefit can be estimated on a dollar basis per employee per year. Historical data have to be
reviewed to get an approximate for each benefit category. For intangible benefits, a proxy has to be
determined for each category. Absenteeism, productivity by operator errors; etc may undermine
employee morale.