CHAP 10 AIS
Why is control needed?
- threat or an event.
- exposure or impact of the threat
- The probability that the threat will happen is the likelihood associated with the threat
threat or an event.
Any potential adverse occurrence or unwanted event that could be injurious to either the
accounting information system or the organization
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
Read More
exposure or impact of the threat.
the potential dollar loss should a particular threat become a reality
the probability that the threat will happen is the...
likelihood associated with the threat
A primary objective of an AIS
Is to control the organization so the organization can achieve its objectives
management expects accountants to:
1. Take a proactive approach to eliminating system threats.
2. Detect, correct, and recover from threats when they occur.
, FCPA (Foreign Corrupt Practices Act) 1977
- to prevent companies from bribing foreign officials to obtain business
- requires all publicly owned corps to maintain a system of internal acctg controls
SOX (Sarbanes-Oxley Act of 2002)
applies to publicly held companies and their auditors to:
- report on the effectiveness of internal controls
- req of CEO/CFO certification of fin. state.
- req of auditor to examine the effectiveness of a comp internal controls
- creation of PCAOB (public company accounting oversight board) to serve as an auditing
profession "watchdog"
- prohibition of certain client services by firms conducting a client's audit
Major control frameworks
- COBIT: IT control
- COSO: internal control
- COSO-ERM: expands COSO taking a strategic risk-based approach
COBIT (Control Objectives for Information and related Technology)
framework that describes best practices for the effective governance and management of IT
- Control OBjectives for Information and related Technologies
COBIT principles
1) meeting stakeholder needs
2) covering the enterprise end to end
3) applying a single, integrated framework
4) enabling a holistic approach
Why is control needed?
- threat or an event.
- exposure or impact of the threat
- The probability that the threat will happen is the likelihood associated with the threat
threat or an event.
Any potential adverse occurrence or unwanted event that could be injurious to either the
accounting information system or the organization
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
Read More
exposure or impact of the threat.
the potential dollar loss should a particular threat become a reality
the probability that the threat will happen is the...
likelihood associated with the threat
A primary objective of an AIS
Is to control the organization so the organization can achieve its objectives
management expects accountants to:
1. Take a proactive approach to eliminating system threats.
2. Detect, correct, and recover from threats when they occur.
, FCPA (Foreign Corrupt Practices Act) 1977
- to prevent companies from bribing foreign officials to obtain business
- requires all publicly owned corps to maintain a system of internal acctg controls
SOX (Sarbanes-Oxley Act of 2002)
applies to publicly held companies and their auditors to:
- report on the effectiveness of internal controls
- req of CEO/CFO certification of fin. state.
- req of auditor to examine the effectiveness of a comp internal controls
- creation of PCAOB (public company accounting oversight board) to serve as an auditing
profession "watchdog"
- prohibition of certain client services by firms conducting a client's audit
Major control frameworks
- COBIT: IT control
- COSO: internal control
- COSO-ERM: expands COSO taking a strategic risk-based approach
COBIT (Control Objectives for Information and related Technology)
framework that describes best practices for the effective governance and management of IT
- Control OBjectives for Information and related Technologies
COBIT principles
1) meeting stakeholder needs
2) covering the enterprise end to end
3) applying a single, integrated framework
4) enabling a holistic approach
