Beruflich Dokumente
Kultur Dokumente
An Accountant’s
Perspective
Recognize the primary information flows within the business
environment.
Data are facts which may or may not be processed and have no direct effect on a user’s
actions.
Information causes a user to take an action that would otherwise not have been taken.
Data sources are financial transactions that enter the information system for internal or
external sources.
A General Model for AIS
The levels in the data hierarchy:
SOX legislation restricts non-audit services that auditors may provide and prohibits
auditors from providing these services:
• Other accounting services including bookkeeping, financial information systems
design and implementation, appraisal or valuation, actuarial, and internal audit
outsourcing.
• Management or human resources, broker or dealer, investment adviser, or
investment banking services.
• Legal services and expert services unrelated to the audit.
• Any other service that the Board determines, by regulation, is impermissible.
The Role of Accountants in AIS
Types of Audits in AIS (continuation)
Internal auditing is an independent appraisal function within an organization to
examine and evaluate activities. External auditors represent outsiders and internal
auditors represent the interests of the organization.
Audit Committees serves an independent “check and balance” for internal audit
functions and a liaison with external auditors. Usually three people, one of which must
be a “financial expert”.
Ethical Issues in Business
Computer ethics analyzes the social impact of computer technology and formulation
and justification of policies for the ethical use of technology.
Para computer ethics involves taking an interest in computer ethics cases and acquiring
some level of skill and knowledge in the field.
Fraud losses equal 5% of revenue. Actual cost difficult to quantify and do not include
indirect losses.
Most frauds are committed by employees than managers, the losses are much higher
for managers and owners.
Collusion in the commission of a fraud is difficult to prevent and detect.
Internal Control Concepts and Techniques
The internal control system consists of policies, practices and procedures to achieve
four broad objectives:
Management Responsibility
The establishment and maintenance of a system of internal control is the
responsibility of management.
Reasonable Assurance
Cost of achieving objectives should not outweigh the benefits.
Methods of Data Processing
Control techniques vary with different types of technology.
Limitations
These include (1) possibility of error, (2) circumvention, (3) management override
and (4) changing conditions.
Internal Control Concepts and Techniques
The absence or weakness of a control is an exposure:
May result in asset destruction or theft and corruption or disruption of the information
system.
Detective controls are designed to identify undesirable events that elude preventive
controls.
Corrective controls are actions taken to reverse the effects of errors detected.
Internal Control Concepts and Techniques
Public company management responsibilities are codified in Sections 302 and 404 of
SOX:
The control environment sets the tone for the organization and influences control
awareness.
Internal Control Concepts and Techniques
COSO internal control framework five components:
Organizations must perform a risk assessment to identify, analyze and manage financial
reporting risks.
The quality of information the AIS generates impacts management’s ability to take actions
and make decisions.
An effective system records all valid transactions and provides timely and accurate
information.
Monitoring is the process by which the quality of internal control design and operations
can be assessed.
Control activities are policies and procedures to ensure appropriate actions are taken
to deal with identified risks.
Internal Control Concepts and Techniques
IT controls relate to the computer environment:
• General control pertain to entity-wide IT concerns.
• Application controls ensure the integrity of specific systems.
* End-user should examine reports for correctness, report errors and maintain r
report security.
Internal Control Concepts and Techniques
Discussions on Physical Controls
Physical controls relate to human activities:
• Accounting records consist of source documents, journals and ledgers
which capture economic essence and provide an audit trail.
• Access controls ensure that only authorized personnel have access to firm
assets.
• Independent verification procedures are checks to identify errors and
misrepresentations. Management can assess (1) individual performance, (2)
system integrity and (3) data correctness. Includes:
The destructive update approach leaves no backup copy and requires a special
recovery program if data is destroyed or corrupted.