AIS - Chapter 6
Order by
29 terms
Terms | Definitions |
|---|---|
 Threat | Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization . |
| Exposure | The potential dollar loss should a particular threat become a reality. |
| Likelihood | The probability that the threat will happen. |
| Internal Control | The process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that the following control objectives are achieved. -Perform 3 important functions: Preventive, Detective, and corrective controls -Process that provides reasonable, rather than absolute assurance. -Susceptible to Errors, Mgmt Override, and Poor Decisions |
| Objectives of Internal Controls | 1.safeguard assets, including preventing/detecting unauthorized use of assets 2. maintaining records in sufficient detail to accurately and fairly reflect the co's assets 3. provide accurate and reliable information, 4. provide assurance financial reporting is done with GAAP, 5. promoting and improving operational efficiency, 6. encouraging adherence to managerial policies, 7. complying with applicable laws and regulations. ***some IC Obj may be at odds with one other |
| Preventive Controls | Deter problems before they arise. -Ex. Hiring qualified personnel, segregation of duties, controlling physical access -spend most resources on this control |
| Detective Controls | Discover problems as soon as they arise, since not all problems can be prevented -Ex. Duplicate checking of calculations and bank reconciliations -use only when something bad has happened or in attempt to see if something bad has happened. |
| Corrective Controls | Remedy control problems that have been discovered. -Apply to all sizes of systems -Having backup copies of trans and master files, resubmitting info |
| General Controls | Designed to make sure an organization's control environment is stable and well managed. -IS mgmt controls, security mgmt controls |
| Foreign Corrupt Practices Act | The primary purpose was to prevent the Bribery of foreign officials in order to obtain business. (1997) -A significant effect was to require corporations to maintain good systems of internal accounting control. -Mandates record keeping of high cost assets |
| Sarbanes Oxley Act | Applies to publicly traded companies, and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls, and punish executives who perpetrate fraud. -2002 |
| Important Aspects of SOX | Created Public Company Accounting Oversight Board (PCAOB), -new rules for auditors, new rules for audit committees, new rules for management, new internal control requirements. |
| Committee of Sponsoring Organizations (COSO) | group of key bus execs who model internal controls of firms. -Create appropriate controls for firms. -Established the Integrated Framework, defining IC and provides guidance for evaluating/enhancing IC systems |
| Why increase in security problems? (3) | 1. Increase in # of IS and IS users 2. Networks are all over world - harder to control 3. Wide area network giving customers and suppliers access to each other's systems and data. |
| Why Ctrl and Security are Important? | -An acct must be able to understand how to protect IS from threats. -Having security and ctrl over IS should be top mgmt priority |
| Inherent and Residual Risk | Inherent - Risk that exists before mgmt takes any steps to control likelihood/impact of risk. -Residual - risk that remains after mgmt implements IC |
| 4 Ways to Respond to Risk | 1. Reduce: Most effective way to reduce likelihood and impact of risk is to implement an effective system of IC 2. Accept the impact/likelihood of risk by not acting to prevent/mitigate it 3. Share some of the risk with someone else (insurance) 4. Avoid the risk completely |
| Control Activities | Policies, prod, and rules that provide reasonable assurance that mgmt's control obj are met and risk responses are carried out. |
| Control Procedures (7) | 1. Proper authorization of trans and activities 2. Segregation of duties 3. Project development and acquisition control 4. Change mgmt controls 5. Design and use of docs and records 6. Safeguarding assets, records, and data 7. Independent checks on performance |
| Segregation of Duties | Most important IC function -Ensures no single employee is given too much responsibility over bus transactions/ processes -Achieved when the functions are separated: 1. Authorization - approving trans/ decisions 2. Recording data 3. Custody of assets -if an employee performs 2 or 3 of these functions, problems can arise |
| Collusion | When 2 or more employees get together to commit fraud. -Harder to detect/prevent |
| Independent Checks on Performance | Checks on IC should be performed independently, by someone other than the person who is responsible for the original operation. -Ex. Top-level reviews, analytical reviews, reconciliation of two maintained sets of records, comparison of actual and recorded amts., double-entry acct, indie review |
| Threats | Political - (laws/regs and foreign threats) Natural - weather, things that occur naturally Unintentional Act (most common) - software errors, equip malfunctions, errors and ommisions Intentional acts - crimes, sabotage *External = Political and Natural **Internal = Unintentional and intentional acts |
| Risk Appetite | amt of risk a co is willing to accept in order to achieve its goals and obj -must be aligned with company's strategy -Risk Seeking - aggressive risk takers -Risk Neutral - accept risks as normal. Don't go looking for risks -Risk Averse: avoid all risks |
| HR Standards | Hiring qualified indivs (background checks) Compensating fairly Training - fraud and ethical awareness training and known and enforced punishment for fraud and unethical behavior Evaluating/Promoting should be fair Discharging with security Managing disgruntled employees Vacations and rotation of duties to decrease possibility of fraud. Confidentiality agreements and fidelity bond assurance on key employees in case of losses from fraud by employees |
| Top-Level Reviews | Mgmt at all levels should monitor co results and periodically compare actual co performance to planned performance and prior period performance and performance of competitors |
| More Threats (4) | 1. Strategic - doing the right thing, but something goes wrong 2. Operational - doing right thing in wrong way 3. Fin - lost, wasted or stolen A's and inappropriate Ls 4. Info - privacy protection, correctness and completion |
| Obj of an AIS (5) | 1. ID and record valid trans 2. Properly classify trans 3. Record trans at proper values 4. Record trans in proper period 5. Prepare/present appropriate fin. statements showing impact of trans, along with note disclosure |
| Proper authorization of trans and activities | -Specific Authorization: specific criteria that needs mgmt approval -General Authorization: authorize employees to handle routine trans without special approval -Establish policies for employees to follow and then empower them to perform them, or authorize them |
First Time Here?
Welcome to Quizlet, a fun, free place to study. Try these flashcards, find others to study, or make your own.