Terms in this set (61)

Management typically has three broad objectives in designing effective
internal controls.
1. Reliability of Reporting While this objective relates to both
external and internal reporting, we focus here on the reliability of
external financial reporting. Management is responsible for
preparing financial statements for investors, creditors, and other
users. Management has both a legal and professional
responsibility to be sure that the information is fairly presented in
accordance with reporting requirements such as GAAP or IFRS.
The objective of effective internal control over financial reporting
is to fulfill these financial reporting responsibilities.
2. Efficiency and Effectiveness of Operations Controls within an
organization are meant to encourage efficient and effective use of
its resources to optimize the company's goals. An important
objective of these controls is accurate financial and non-financial
information about the entity's operations for decision making.
3. Compliance with Laws and Regulations Section 404 of the
Sarbanes-Oxley Act requires all public companies to issue a
report about the operating effectiveness of internal control over
financial reporting. In addition to the legal provisions of Section
404, public, nonpublic, and not-for-profit organizations are
required to follow many laws and regulations. Some relate to
accounting only indirectly, such as environmental protection and
civil rights laws. Others are closely related to accounting, such as
income tax regulations and anti-fraud regulations such as the
Foreign Corrupt Practices Act of 1977 and certain provisions of
the Sarbanes-Oxley Act.
When entities rely extensively on IT systems to process financial
information, there are risks specific to IT environments that must be
considered. Key risks include the following:
Reliance on the functioning capabilities of hardware and software.
The risk of system crashes due to hardware or software failures
must be evaluated when entities rely heavily on IT to produce
financial statement information.
Systematic versus random errors. Due to the uniformity of processing
performed by IT-based systems, errors in computer software can
result in incorrect processing for all transactions processed. This
increases the risk of many significant misstatements.
Unauthorized access. The centralized storage of key records and
files in electronic form increases the potential for unauthorized online
access from remote locations.
Loss of data. Centralized storage of data in electronic form
increases the risk of data loss in the event the data file is altered or
Visibility of audit trail. The use of IT often converts the traditional
paper trail to an electronic audit trail, eliminating source documents
and paper-based journals and records.
Reduced human involvement. The replacement of traditional
manual processes with computer-performed processes reduces
opportunities for employees to recognize misstatements resulting
from transactions that might have appeared unusual to experienced
Lack of traditional authorization. IT-based systems can be programmed
to initiate certain types of transactions automatically without
obtaining traditional manual approvals.
Reduced segregation of duties. The installation of IT-based
accounting systems centralizes many of the traditionally segregated
manual tasks under the authority of the IT function now that those
functions are mainly performed by the computer.
Need for IT experience. As companies rely on IT-based systems
to a greater extent, the need for personnel trained in IT systems
increases in order to install, maintain, and use systems.