Tải bản đầy đủ (.ppt) (314 trang)
  1. Trang chủ
    2. >>
  2. Giáo án - Bài giảng
    3. >>
  3. Tiếng anh

Accounting information systems 11e romney steinbart chapter 06

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.54 MB, 314 trang )

C

HAPTER 6

Control and Accounting
Information Systems

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

1 of 315


INTRODUCTION
• Questions to be addressed in this chapter:
– What are the basic internal control concepts, and why are
computer control and security important?
– What is the difference between the COBIT, COSO, and ERM
control frameworks?
– What are the major elements in the internal environment of
a company?
– What are the four types of control objectives that
companies need to set?
– What events affect uncertainty, and how can they be
identified?
– How is the Enterprise Risk Management model used to
assess and respond to risk?
– What control activities are commonly used in companies?


– How do organizations communicate information and
monitor control processes?
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

2 of 315


INTRODUCTION
• Why AIS threats are increasing
– Control risks have increased in the last few years
because:
• There are computers and servers everywhere, and
information is available to an unprecedented number of
workers.
• Distributed computer networks make data available to many
users, and these networks are harder to control than
centralized mainframe systems.
• Wide area networks are giving customers and suppliers
access to each other’s systems and data, making
confidentiality a major concern.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart


3 of 315


INTRODUCTION
• Historically, many organizations have not adequately
protected their data due to one or more of the
following reasons:
– Computer control problems are often underestimated and
downplayed.
– Control implications of moving from centralized, host-based
computer systems to those of a networked system or
Internet-based system are not always fully understood.
– Companies have not realized that data is a strategic
resource and that data security must be a strategic
requirement.
– Productivity and cost pressures may motivate management
to forego time-consuming control measures.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

4 of 315


INTRODUCTION
• Some vocabulary terms for this chapter:

– A threat is any potential adverse occurrence or unwanted
event that could injure the AIS or the organization.
– The exposure or impact of the threat is the potential dollar
loss that would occur if the threat becomes a reality.
– The likelihood is the probability that the threat will occur.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

5 of 315


INTRODUCTION
• Control and security are important
– Companies are now recognizing the problems and
taking positive steps to achieve better control,
including:
• Devoting full-time staff to security and control concerns.
• Educating employees about control measures.
• Establishing and enforcing formal information security
policies.
• Making controls a part of the applications development
process.
• Moving sensitive data to more secure environments.

© 2008 Prentice Hall Business Publishing


Accounting Information Systems, 11/e

Romney/Steinbart

6 of 315


INTRODUCTION
• To use IT in achieving control objectives,
accountants must:
– Understand how to protect systems from threats.
– Have a good understanding of IT and its capabilities and
risks.

• Achieving adequate security and control over the
information resources of an organization should be a
top management priority.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

7 of 315


INTRODUCTION
• Control objectives are the same regardless of
the data processing method, but a computerbased AIS requires different internal control

policies and procedures because:
– Computer processing may reduce clerical errors
but increase risks of unauthorized access or
modification of data files.
– Segregation of duties must be achieved differently
in an AIS.
– Computers provide opportunities for
enhancement of some internal controls.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

8 of 315


INTRODUCTION
• One of the primary objectives of an AIS is to
control a business organization.
– Accountants must help by designing effective control
systems and auditing or reviewing control systems
already in place to ensure their effectiveness.

• Management expects accountants to be control
consultants by:
– Taking a proactive approach to eliminating system
threats; and
– Detecting, correcting, and recovering from threats
when they do occur.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

9 of 315


INTRODUCTION
• It is much easier to build controls into a system
during the initial stage than to add them after the
fact.
• Consequently, accountants and control experts
should be members of the teams that develop or
modify information systems.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

10 of 315


OVERVIEW OF CONTROL CONCEPTS
• In today’s dynamic business environment,
companies must react quickly to changing
conditions and markets, including steps to:

– Hire creative and innovative employees.
– Give these employees power and flexibility to:
• Satisfy changing customer demands;
• Pursue new opportunities to add value to the organization;
and
• Implement process improvements.

• At the same time, the company needs control
systems so they are not exposed to
excessive risks or behaviors that could harm
their reputation for honesty and integrity.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

11 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.


This objective includes prevention or timely
detection of unauthorized acquisition, use, or

disposal of material company assets.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

12 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

13 of 315


OVERVIEW OF CONTROL CONCEPTS

• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.
– Accurate and reliable information is provided.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

14 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.
– Accurate and reliable information is provided.
– There is reasonable assurance that financial reports are
prepared in accordance with GAAP.


© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

15 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.
– Accurate and reliable information is provided.
– There is reasonable assurance that financial reports are
prepared in accordance with GAAP.
– Operational efficiency is promoted and improved.
• This objective includes ensuring that company
receipts and expenditures are made in accordance
with management and directors’ authorizations.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart


16 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under
their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.
– Accurate and reliable information is provided.
– There is reasonable assurance that financial reports are
prepared in accordance with GAAP.
– Operational efficiency is promoted and improved.
– Adherence to prescribed managerial policies is
encouraged.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

17 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is the process implemented by the
board of directors, management, and those under

their direction to provide reasonable assurance that
the following control objectives are achieved:
– Assets (including data) are safeguarded.
– Records are maintained in sufficient detail to accurately and
fairly reflect company assets.
– Accurate and reliable information is provided.
– There is reasonable assurance that financial reports are
prepared in accordance with GAAP.
– Operational efficiency is promoted and improved.
– Adherence to prescribed managerial policies is encouraged.
– The organization complies with applicable laws and
regulations.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

18 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control is a process because:
– It permeates an organization’s operating activities.
– It is an integral part of basic management
activities.

• Internal control provides reasonable, rather
than absolute, assurance, because complete
assurance is difficult or impossible to

achieve and prohibitively expensive.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

19 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal control systems have inherent
limitations, including:
– They are susceptible to errors and poor decisions.
– They can be overridden by management or by
collusion of two or more employees.

• Internal control objectives are often at odds
with each other.
– EXAMPLE: Controls to safeguard assets may also
reduce operational efficiency.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

20 of 315



OVERVIEW OF CONTROL CONCEPTS
• Internal controls perform three important functions:
– Preventive controls

• Deter problems before they arise.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

21 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal controls perform three important functions:
– Preventive controls
– Detective controls



Discover problems quickly when they do arise.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e


Romney/Steinbart

22 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal controls perform three important functions:
– Preventive controls
– Detective controls
– Corrective controls

• Remedy problems that have occurred by:
– Identifying the cause;
– Correcting the resulting errors; and
– Modifying the system to prevent future
problems of this sort.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

23 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal controls are often classified as:
– General controls
• Those designed to make sure an

organization’s control environment is stable
and well managed.
• They apply to all sizes and types of systems.
• Examples: Security management controls.

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

24 of 315


OVERVIEW OF CONTROL CONCEPTS
• Internal controls are often classified as:
– General controls
– Application controls



Prevent, detect, and correct transaction errors
and fraud.
Concerned with accuracy, completeness,
validity, and authorization of the data captured,
entered into the system, processed, stored,
transmitted to other systems, and reported.

© 2008 Prentice Hall Business Publishing


Accounting Information Systems, 11/e

Romney/Steinbart

25 of 315


Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×