Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

AIS Notes

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

REPORTING 1

General ledger system


- hub connected to the other systems of the firm
through spokes of information flows

Journal voucher
- source of input to the general ledger.
- Used to represent summaries of similar transactions
or a single unique transaction
- Identifies the financial amounts and affected general
ledger (GL) accounts
Controlling the GL/FRS
GLS DATABASE
- The Sarbanes-Oxley legislation requires that
1. General ledger master file - principal file in the GLS
management design and implement controls over the
database; based on the organization’s published chart of
financial reporting process. This includes the
accounts.
transaction processing systems that feed data into the
2. General ledger history file - same format as the GL
FRS
master; provide historical financial data for comparative
financial reports. The Potential Risks to the FRS
3. Journal voucher file - total collection of the journal 1. A defective audit trail
vouchers processed in the current period 2. Unauthorized access to the general ledger
4. Journal voucher history file – contains journal vouchers 3. GL accounts that are out of balance with subsidiary
for past periods accounts
5. Responsibility center file - Contains the revenues, 4. Incorrect GL account balances because of unauthorized or
expenditures, and other resource utilization data for each incorrect journal vouchers
responsibility center in the organization
6. Budget master file - Contains budgeted amounts for SAS 78/COSO INTERNAL CONTROL FRAMEWORK
revenues, expenditures, and other resources for  control environment
responsibility centers.  risk assessment,
 information and communication
Financial reporting system
 monitoring
- system that produces traditional financial statements,
 control activities
such as income statements, balance sheets,
statements of cash flows, tax returns, and other TRANSACTION AUTHORIZATION
reports required by law. - It is vital to the integrity of the accounting records that
- nondiscretionary/ mandatory. Nondiscretionary the journal vouchers be properly authorized by a
reporting is a type of reporting in which the responsible manager at the source department.
organization has few or no choices in the information
it provides. Segregating of Duties
Individuals with access authority to GL accounts should not:
Financial reporting procedure 1. Have record-keeping responsibility for special journals or
- Financial reporting is the final step in the overall subsidiary ledgers.
accounting process that begins in the transaction 2. Prepare journal vouchers.
cycles. 3. Have custody of physical assets.
- The process begins with a clean slate at the start of a
new fiscal year. Access Controls
- Only the balance sheet consisting of permanent - Unauthorized access to the GL accounts can result in
accounts are carried forward from the previous year. errors, fraud, and misrepresentations in financial
statements. SOX legislation explicitly addresses this
area of risk by requiring organizations to implement
controls that limit database access to authorized
individuals only.

Accounting Records
The GL and other files that constitute the audit trail should be
detailed and rich enough to:

1. provide the ability to answer inquiries


2. be able to reconstruct files if they are completely or
partially destroyed
3. provide historical data required by auditors
4. fulfill government regulations
5. provide a means for preventing, detecting, and correcting
errors

INDEPENDENT VERIFICATION
XBRL (Extensible Business Reporting Language) Provide proof of the accuracy of the independent verification
- The internet standard specifically designed for step:
business reporting and information exchange. Its 1. Journal voucher listing - provides relevant details about
objective is to facilitate the publication, exchange, and each journal voucher posted to the GL
processing of financial and business information 2. GL change report - presents the effects of journal
voucher postings to the GL accounts.
XML (Extensible Markup Language)
- metalanguage for describing markup languages INTERNAL CONTROL IMPLICATIONS OF XBRL
1. Taxonomy creation - Controls must be designed and put
“Extensible” - any markup language can be created using
in place to ensure the correct generation of XBRL
XML
taxonomies.
2. Taxonomy mapping error - Correctly generated XBRL
tags may be incorrectly assigned to internal database
accounts resulting in material misrepresentation of  evaluating the performance of subordinates against
financial data. standards
3. Validation of instance documents - Independent  Measuring performance is difficult because sound
verification procedures need to be established to validate decisions with long-term benefits may negatively
the instance documents to ensure that appropriate impact the short-term bottom line.
taxonomy and tags have been applied before posting to a 4. Operational control decisions:
Web server.  deal with routine tasks
 narrower focus, dependent on details
MANAGEMENT REPORTING SYSTEM
 highly structured
- Produce financial and nonfinancial information
needed by management to “plan, evaluate, control”  short time frame
- Usually seen as discretionary reporting  3 basic elements or steps:
- Can argue that Sarbanes-Oxley requires MRS (1) set attainable standards
- MRS provide a formal means for monitoring the (2) evaluate performance
internal controls (3) take corrective action

Factors that influence MRS Design Problem Structure


 Management principles - Reflects and affects how well decision makers
 Management function, level, and decision type understand and solve problems
- Elements of problem structure:
 Problem structure
 Data
 Types of management report
 Procedures
 Responsibility accounting
 Objectives
 Behavioral considerations
Types of Management Reports
Management Principles
1. Programmed reports:
1. Formalization of tasks
- scheduled reports
- structures the firm around the tasks performed rather
- produced at specified intervals, e.g., weekly
than around individuals’ unique skills
- on-demand reports
- it allows specification of the information needed to
- triggered by events, e.g., inventory levels
support the tasks
- drop to a certain level
2. Responsibility and authority
2. Ad hoc reports:
- responsibility - the obligation to achieve desired
- designed and created “as needed”
results
- situations arise that require new information
- authority - the power to make decisions within the
limits of that responsibility Responsibility Accounting
3. Span of control - Implies that every economic event that affects the
- refers to the number of subordinates directly under a organization is the responsibility of and can be traced
manager's control to an individual manager
4. Management by exception - Incorporates the fundamental principle that
- Managers should limit their attention to potential responsibility-area managers are accountable for
problem areas. items that they control
- Reports should focus on changes in key factors that
are asymptomatic of potential problems SETTING FINANCIAL GOALS
1. Budgeting
Management Function, Level, and Decision Type - Budgeting helps management achieve financial
objectives by setting measurable goals for each
organizational segment.
- Budget information flows downward and becomes
increasingly detailed at each lower level.
- The performance information flows upward as
responsibility reports
2. Responsibility centers
(a) Cost centers – responsible for keeping costs within
budgetary limits
(b) Profit centers – responsible for both cost control and
revenue generation
(c) Investment centers – have general authority to make
a wide range of decisions affecting costs, revenue,
1. Strategic planning decisions:
and investments in assets
 firm’s goals and objectives
 scope of business activities BEHAVIORAL CONSIDERATIONS
 organizational structure 1. Goal congruence
 management philosophy - MRS and compensation schemes help to
 long-term, with broad scope and impact appropriately assign authority and responsibility.
 non-recurring , with high degree of uncertainty - If compensation measures are not carefully designed,
 need highly summarized information managers may engage in actions not optimal for the
 require external & internal information sources organization
2. Tactical planning decisions: 2. Information overload
 subordinate to strategic decisions - Occurs when managers receive more information
 short term than they can assimilate
- Can cause managers to disregard formal information
 specific objectives
and rely on informal— probably inferior—cues when
 recur often
making decisions
 fairly certain outcomes
3. Performance measures
 limited impact on the firm - Appropriate performance measures
3. Management control decisions:  Stimulate behavior consistent with firm objectives
 using resources as productively as possible in all  Managers consider all relevant aspects, not just
functional areas one
- Example of inappropriate measures: wide variety of data supplied by the vast and
 price variance, quotas, and profit measures growing array of IoT (Internet of things) devices
 UNSTRUCTURED DATA: datasets (typical large
DATA ANALYTICS AND AD HOC REPORTING collections of files) that aren't stored in a
Data analytics structured database format.
- the process of examining data sets in order to find  INTERNET OF THINGS (IOI): network of
trends and draw conclusions about the information physical objects that feature an IP address for
they contain. Increasingly, data analytics is done with Internet connectivity. Examples of IoT are
the aid of specialized systems and software. thermostats, automobiles, environmental data
(Stedman, 2020) from private households and commercial
Small data analytics buildings, security systems, electricity usage
- Characterizes techniques that employ data that are in sensors, water meters, and cell phones
a format and of a volume that allows them to be BIG DATA REPORTING SYSTEMS
analyzed and acted upon by traditional technologies. 1. Prescriptive analytics
- directed at solving a specific problem or answering a - tells the user what actions should be taken in
specific question response to specific questions.
 CENTRAL FEATURE: Data Warehouse of Archived - By considering all relevant factors, this type of
data analysis yields recommendations for next steps.
o consists of a centralized relational database, 2. Predictive analytics
which is separate from the organization’s - encompasses a variety of statistical techniques that
operational data, and has been designed draw upon current and past data to calculate the
specifically to meet the needs of data statistical likelihood of future scenarios occurring.
analytics - makes personal movie recommendations based on
o contains copies of operational data about each customer's unique tastes
current transactions as well as events that 3. Descriptive analytics
have transpired over many years. - is a mathematical process that describes events and
(1) Data are coded and stored in fine detail the relationships between factors responsible for
and at various levels of aggregation to them.
facilitate identification of recurring - creates a summary of historical data that is either
patterns and trends. interpreted or submitted as input
(2) These data are tapped to support - Answers to what happened
management reporting through data 4. Diagnostic analytics
mining - provides greater insight into the underlying causes of
 DATA MINING: the process of sorting through large events and behaviors.
data sets to identify patterns and relationships that - Often management cannot see the "problem."
can help solve business problems through data Instead, they see a symptom of the problem.
analysis - Answers to why it happened
(1) Verification model - drill-down technique to either
verify or reject a user’s hypothesis sometimes BIG DATA ANALYTICS RISKS AND CONTROLS
through historical data and demographic 1. Data security
information. Many high-profile events of the recent past stand
(2) Discovery model - discover previously unknown testimony to the risks. Because of this, companies need to
but important information that is hidden within the ensure that data are protected from both external and
data by searching for recurring patterns, trends, internal threats.
and generalizations 2. Firewall
A central component in controlling against external
Big data analytics hackers is the implementation of an electronic firewall that
- Characterized by 3 Vs: insulates the organization's internal network and stored
(1) extreme volumes of data data from outside intruders on the Internet.
(2) rapid velocity at which the data must be 3. Access privileges
processed Organizations should implement formal procedures
(3) wide variety of structured and unstructured data for assigning access privileges and should periodically
types that need to be integrated. review existing employee privileges.
 VOLUME - Big data which involves terabytes, 4. Password control
petabytes, and even exabytes (1) reusable password system.
 COMES FROM: Customer sales records; Voice (2) employees should be required to create only
and text log files; Stored images; Speech-to-text strong passwords.
data from call center recordings (3) should be changed periodically
 TOP USERS: marketing; executive management; (4) use a one-time password system
finance 5. System audit trails
 VELOCITY - the speed at which big data must be Logs that record activity at the system, application,
analyzed; can overwhelm traditional data mining and and user level. Individuals are less likely to violate an
storage infrastructures organization's security policy when they know that their
 SOLUTIONS: actions are recorded in an audit log.
(1) obtain and apply the storage and processing 6. Outsourcing controls
power of hundreds or thousands of servers Hiring a party outside a company to perform services
that work in parallel to complete the big data or create goods that were traditionally performed in-house
analytics project. by the company's own employees and staff. (Twin, 2022)
(2) turn to public cloud computing for big data
analytics
 VARIETY - the primary driver of volume
 Conventional wisdom estimates that 80% of big
data are unstructured and are derived from audio,
video, timeseries data, real-time streaming data,
external web data, external social media, and a
REPORTING 2
REVENUE CYCLE
- All administrative and clinical functions that contribute
to the capture, management, and collection of patient
service revenue. In the most simplistic and basic
terms, this is the entire life of a customer’s account
from creation to payment Cash receipts procedure
- This involves payment on the account due. It is the
THE CONCEPTUAL SYSTEM receiving & securing of cash. This involves five (5)
- examines the revenue cycle conceptually. It gives a procedures of Cash Receipt:
narrow description of the sequence of activities that (1) Open Mail & Prepare Remittance List
constitute the revenue cycle for most retail, wholesale (2) Record and Deposit Check
and manufacturing system. (3) Update Accounts Receivable Records
(4) Update General Ledger
Three procedures of Conceptual System (5) Reconcile Cash Receipts & Deposits
1. Sales order procedure
2. Sales return procedure
3. Cash receipt procedure

Sales order procedure


- tasks involved in receiving and processing a customer
order, filling the order and shipping product to the
customer, billing the customer at the proper time and
correctly accounting for the transaction
(1) Receive Order
(2) Check Credit
(3) Pick Goods
(4) Ship Goods
(5) Update Inventory Records
(6) Update Account Receivable Records
(7) Post to General Ledger
INTEGRATED SALES ORDER PROCESSING SYSTEM
- Set of procedures
- In a professional setting
- Order-processing
- Influence the goal and scope of the sales order
processing system.

Sales order procedure


(1) Sales Order
(2) Cash Receipts/Collections
(3) Billing/Accounts Receivable
(4) Shipping
(5) Credit/Customer Service

Sales return procedure


- When a return is necessary, the buyer request credit
for the unwanted products. The five (5) procedures of
Sales Return includes:
(1) Preparing Return Slip
(2) Preparing Credit Memo
(3) Update Sales Journal
(4) Update Inventory and Account Receivable
Records
(5) Update the General Ledger
- Return can occur in business because:
 The company shipped the customer the wrong PHYSICAL ACCOUNTING INFORMATION SYSTEMS
merchandise - combination of computer technology and human
 The goods were defective activity. This technology/human mix creates a
 The product was damaged in shipment continuum of alternative design options.
 The buyer refused delivery because good were
delayed in transit Objective of physical systems
- illustrate AIS functionality and workflow patterns under
different levels of technology
- demonstrate how the internal control profile changes - The objective of integration is to improve operational
as the technology/human mix changes performance and reduce costs by identifying
nonvalue-added tasks.
BASIC TECHNOLOGY REVENUE CYCLE & BASIC
TECHNOLOGY SALES ORDER PROCESSING SYSTEMS INTEGRATED SALES ORDER PROCESSING SYSTEM
(1) Sales Department
(2) Credit Department Approval
(3) Warehouse Procedures
(4) The Shipping Department
(5) The Billing Department
(6) Accounts Receivable, Inventory Control, and General
Ledger Departments

INTEGRATED CASH RECEIPTS SYSTEM

Automatic Data Processing Procedures


- Close the sales invoices that are covered by the
customer checks placing the customer check number
and payment date in the invoice record
- Post to the General Ledger accounts
- Prepares and distributes various management
reports, including transaction listings, discrepancy
reports, and GL change reports

REVENUE CYCLE RISKS AND INTERNAL CONTROL


RISKS PHYSICAL IT CONTROL
CONTROL
Risk of selling to  Transaction  Automated
uncreditworthy authorization credit check
BASIC TECHNOLOGY CASH RECEIPTS SYSTEM customers  Segregation
(1) Mail Room of duties
(2) Cash Receipts Risk of shipping  Independent  Scanner
(3) Accounts Receivable customers verification technology
(4) General Ledger Department incorrect items  Automated
(5) Credit/Customer Service or quantities inventory
(6) Controller's Officer ordering
Risk of  Transaction  Input data
inaccurately authorization edits
recording  Accounting authorization
transactions in records  Automated
journals and  Independent posting to
accounts verification accounts
 File backup
Risk of  Transaction  Multilevel
misappro- authorization security
privation of  Supervision
assets  Access
control
 Segregation
of duties
Risk of  Access  Password
unauthorized control control
ADVANCE TECHNOLOGY CYCLE access to data  Segregation  Multilevel
- Advanced technologies allow systems designers to of duties security
integrate accounting and other business functions
through a common information system.
POINT OF SALE SYSTEMS REPORTING 3
- Commonly used in: Grocery stores; department ETHICS, FRAUD & INTERNAL CONTROL
stores; retail businesses Ethical standards
- are derived from societal mores and deep-rooted
personal beliefs about issues of right and wrong that
are NOT UNIVERSALLY agreed upon

Ethics
- the principles of conduct that individuals use in
making choices and guiding their behavior in
situations that involve the concepts of right and
wrong.

Business Ethics
 Involves finding the answers to:
(1) How do managers decide what is right in
conducting their business?
(2) Once managers have recognized what is right,
how do they achieve it?
 Why make ethical decisions? Business
organizations have conflicting responsibilities to their
employees, shareholders, customers, and the public.
 MAJOR DECISION = CONSEQUENCE TO
CONSTITUENTS
 In seeking a balance between these consequences is
the managers’ ethical responsibility which is guided by
POS Control Issues the principle of PROPORTIONALITY.
 Authorization
 Supervision
 Access control
 Accounting records
 Independent verification

Computer Ethics
- the analysis of the nature and social impact of
computer technology and the corresponding
formulation and justification of policies for the ethical
use of such technology with concerns such as
software, hardware, networks and computers.
 3 LEVELS OF COMPUTER ETHICS
(1) POP - exposure to stories and reports found in
the popular media regarding the good/bad
ramifications of computer technology
(2) PARA - involves taking a real interest in
computer ethics cases and acquiring some level
of skill and knowledge in the field
(3) THEORETICAL - interest to multidisciplinary
researchers who apply the theories of philosophy,
sociology and psychology to computer science
with the goal of bringing some new understanding
to the field

SARBANE – OXLEY ACT


- most significant securities law since the Securities
and Exchange Commission Acts of 1933 and 1934.
- has many provisions designed to deal with specific
problems relating to capital markets, corporate
governance and the auditing profession.

Section 406 Code of Ethics for Senior Financial Officers


- requires public companies to disclose to the SEC
whether they have adopted a code of ethics that
applies to the organizations CEO, CFO, controller and (1) SITUATIONAL PRESSURE - personal or job related
other persons performing similar functions stresses that could coerce an individual to act
 The SEC has ruled that compliance with Section 406 dishonesty
to necessitate a written code of ethics that addresses (2) OPPORTUNITY - direct access to assets and/or
the following ethical issues. access to information that controls assets
(a) Conflicts of Interest - outline procedures for (3) ETHICS - one’s character and degree of moral
dealing with actual or apparent conflicts of opposition in acts of dishonesty
interest between personal and professional
relationships.
(b) Full and Fair Disclosure - should provide full,
fair, accurate, timely and understandable
disclosures in the documents, reports, and
financial statements.
(c) Legal Compliance - codes of ethics should
require employees to follow applicable
governmental laws, rules, and regulations.
(d) Internal Reporting of Code Violations - it must
provide a mechanism to permit prompt internal
reporting of ethics violations.
(e) Accountability - it must take appropriate action
when code violations occur where audit
committees will play an important role in the
oversight of ethics enforcement activities

FRAUD
- denotes a false representation of a material fact made
by one party to another party with the intent to THE PERPETRATORS OF FRAUDS
deceive and induce the other party to justifiable rely According to the ACFE fraud study conducted, the
on the fact to his/her detriment. opportunity factor explains much of the financial loss
Fraud in the business environment differential in each of the demographic categories.
- an intentional deception, misappropriation of a  individuals in the highest positions are beyond the
company’s assets, or manipulation of a company’s internal control structure and have the greatest
financial data to the advantage of the perpetrator. In access to company funds and assets
accounting literature, fraud is commonly known as  women are not fundamentally more honest than men,
white-collar crime, defalcation, embezzlement, and but men occupy high corporate positions in greater
irregularities. numbers than women. Thus, men have greater
FRAUDULENT ACT MUST MEET THE FOLLOWING FIVE (5) access to assets
CONDITIONS:  older employees tend to occupy higher-ranking
(1) False representation – there must be a false statement positions in their organizations and therefore have
or a nondisclosure greater access to company finds and other assets
(2) Material fact – a fact must be a substantial factor in  when individuals in critical positions collude, they
inducing someone to act create opportunities to control or gain access to
(3) Intent – intent to deceive or the knowledge that one’s assets that otherwise would not exist
statement is false FRAUD SCHEMES
(4) Justifiable reliance – misrepresentation must have been 1. Fraudulent statements - These are associated with
a substantial factor on which the injured party relied management fraud. The financial statement
(5) Injury or loss – deception must have caused injury or loss misrepresentation must itself bring direct or indirect
to the victim of the fraud financial benefit to the perpetrator.
Employee fraud  UNDERLYING PROBLEMS:
- Fraud by non-management employees  Lack of auditor independence
- a generally design to directly convert cash or other  Lack of executive independence
assets to the employee’s personal benefit  Questionable executive compensation schemes
 3 STEPS OF EMPLOYEE FRAUD  Inappropriate accounting practices
(1) stealing something of value (an asset) 2. Corruption - involves executive, manager, or employee of
(2) converting the asset to a usable form (cash) the organization in collusion with an outsider
(3) concealing the crime to avoid detection  Bribery - involves giving, offering, soliciting, or
receiving things of value to influence an official in the
Management fraud performance of his or her lawful duties
- more insidious than employee fraud because it often  Illegal gratuities - involves giving, receiving, offering,
escapes detection until the organization has suffered or soliciting something of value because of an official
irreparable damage or loss. act that has been taken.
 3 DEFINING CHARACTERISTICS  Economic extortion – the use (or threat) of force
(1) The fraud is perpetrated at levels of management (including economic sanctions) by an individual or
above the one to which internal control structures organization to obtain something of value.
generally relate.  Conflict of interest - occurs when an employee acts
(2) The fraud frequently involves using the financial on behalf of a third party during the discharge of his or
statements to create an illusion that an entity is her duties or has self-interest in the activity being
healthier and more prosperous than, in fact, it is. performed.
(3) If the fraud involves misappropriation of assets, it 3. Asset misappropriation
frequently is shrouded in a maze of complex  Skimming – involves stealing cash from n
business transactions, often involving related organization before it is recorded on the
third parties. organization’s books and records.
 Cash larceny - which cash receipts are stolen from an
THREE (3) FACTORS OF FRAUD TRIANGLE
organization after they have been recorded in the
organization's books and records
BILLING SCHEMES - also known as vendor fraud, are
perpetrated by employees who cause their employer to issue a
payment to a false supplier (vendor) by submitting invoices for
fictitious goods or services, inflated invoices, or invoices for
personal purchases.

(1) Pass – Through Fraud - This is a transaction that actually


takes place. Again, the perpetrator creates a false vendor,
and issues purchase orders to it for inventory or supplies.
(2) Pay – and – Return - This scheme involves a clerk with
check-writing authority who intentionally pays a vendor
twice for the same invoice for the purchase of inventory or
supplies. The vendor, recognizing that its customer made
a double payment, issues a reimbursement check to the
victim company, which the clerk intercepts and cashes.

CHECK TAMPERING - involves forging or changing in some


material way a check that the organization has written to a
legitimate payee.

PAYROLL FRAUD - distribution of fraudulent paychecks to SARBANES – OXLEY & INTERNAL CONTROL
existent and/ or nonexistent employees.  REQUIREMENT - requires management of public
companies to implement an adequate system of internal
EXPENSE REIMBURSEMENT - schemes in which an controls over their financial reporting process
employee makes a claim for reimbursement of fictitious or  SECTION 302 - requires corporate management
inflated business expenses. (including CEO) certify the organization’s internal controls
on a quarterly and annual basis.
THEFTS OF CASH - schemes that involve the direct theft of
 SECTION 304 - requires the management of public
cash on hand in the organization.
companies to assess the effectiveness of the
NON-CASH MISAPPROPRIATION - schemes that involve the organization’s internal controls
theft or misuse of the victim organization’s noncash assets.
Annual Report of the Following Points:
COMPUTER FRAUD - important to auditors because computer 1. A statement of management’s responsibility for
lie at the heart of modern accounting information systems. establishing and maintaining adequate internal control
2. An assessment of the effectiveness of the company’s
INTERNAL CONTROL CONCEPTS internal controls over financial reporting
Four (4) Broad Objectives: 3. A statement that the organization’s external auditors have
(1) To safeguard assets of the firm issued an attestation report on management’s assessment
(2) To ensure the accuracy and reliability of accounting of the company’s internal controls
records and information 4. An explicit written conclusion as to the effectiveness of
(3) To promote efficiency in the firm’s operations internal control over financial reporting
(4) To measure compliance with management’s prescribed 5. A statement identifying the framework used in the
policies and procedures assessment of internal controls.
Modifying Assumptions COSO (Committee of Sponsoring Organizations of the
 Management Responsibility - establishment and Treadway Commission)
maintenance of a system of internal control is a (1) Control environment - the foundation for the other four
management responsibility control components
 Reasonable Assurance - internal control system should (2) Risk assessment - organizations must perform a risk
provide reasonable assurance that the four broad assessment to identify, analyze, and manage risks
objectives of internal control are met in a cost-effective relevant to financial reporting.
manner (3) Information & communication - the accounting
 Methods of Data Processing - internal controls should information system consists of the records and methods
achieve the four broad objectives regardless of the data used to initiate, identify, analyze, classify, and record the
processing method used organization’s transactions and to account for the related
 Limitations - the possibility of error circumvention assets and liabilities
management override changing conditions (4) Monitoring - the process by which the quality of internal
control design and operation can be assessed.
INTERNAL CONTROL SYSTEM (5) Control activities - policies and procedures used to
 PURPOSE: Mitigate risk ensure that appropriate actions are taken to deal with the
 a shield that protects the firm’s assets from numerous organization’s identified risks. (IT controls & Physical
risks including: unauthorized access, fraud, errors, faulty controls)
computer programs, and malicious acts.
 Destruction of Assets (Physical & Information) Transaction authorization
 Theft of Assets - its purpose is to ensure that all material transactions
 Corruption of Information processed by the information system are valid and in
 Disruption of the Information System accordance with management’ objectives.
 SUPERVISION - implementing adequate segregation
of duties requires that a firm employ a sufficiently
large number of employees
 ACCESS CONTROL - its purpose is to ensure that
only authorized personnel have access to the firm’s
asset
 ACCOUNTING RECORD - consist of source
documents, journals, and ledgers
 INDEPENDENT VERIFICATION - verification
procedures are independent checks of the accounting
system to identify errors and misrepresentations.
INPUT CONTROLS
- verification procedures are independent checks of the
accounting system to identify errors and
misrepresentations.
 Check digit
 Missing data check
 Numeric alphabetic check
 Limit check
 Range check
 Reasonableness check
 Validity check

Check digit
- data codes are used extensively in transaction
processing system for representing such things as
customer accounts, items of inventory, and GL
accounts in the chart of accounts

TRANSCIPTION ERRORS TRANSPOSITION ERRORS


1. Addition Error 1. Single Transposition
C: 83276 Error
IC: 832766 C: 12345
IC: 21345
2. Truncation Error 2. Multiple Transposition
C: 83276 Error
IC: 8327 C; 12345
IC: 14325
3. Substitution Error
C: 83276
IC:83266

PROCESSING CONTROLS - programmed procedures to


ensure that an application’s logic is functioning properly

AUDIT TRAIL CONTROL - ensure that every transaction can


be traced through each stage of processing from its economic
source to its presentation in financial statements

OUTPUT CONTROLS - a combination of programmed routines


and other procedures to ensure that system output is not lost,
misdirected, or corrupted and that privacy is not violated

WASTE - computer output waste is a potential source of


exposure

END-USER CONTROL - once in the hands of the user, output


reports should be examined for correctness

You might also like