slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 12: Computer Controls for Organizations and Accounting Information Systems PowerPoint Presentation
Download Presentation
Chapter 12: Computer Controls for Organizations and Accounting Information Systems

Loading in 2 Seconds...

play fullscreen
1 / 56

Chapter 12: Computer Controls for Organizations and Accounting Information Systems - PowerPoint PPT Presentation


  • 784 Views
  • Uploaded on

Chapter 12: Computer Controls for Organizations and Accounting Information Systems. Introduction General Controls for Organizations General Controls for Information Technology Application Controls for Transaction Processing. General Controls For Organizations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 12: Computer Controls for Organizations and Accounting Information Systems' - jana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 12 computer controls for organizations and accounting information systems
Chapter 12:ComputerControls for Organizations and Accounting Information Systems
  • Introduction
  • General Controls for Organizations
  • General Controls for Information Technology
  • Application Controls for Transaction Processing
general controls for organizations
General Controls For Organizations
  • Integrated Security for the Organization
  • Organization-Level Controls
  • Personnel Policies
  • File Security Controls
  • Business Continuity Planning
  • Computer Facility Controls
  • Computer Access Controls
integrated security for the organization
Integrated Security forthe Organization
  • Physical Security
    • Measures used to protect its facilities, resources, or proprietary data stored on physical media
  • Logical Security
    • Limit access to system and information to authorized individuals
  • Integrated Security
    • Combines physical and logical elements
    • Supported by comprehensive security policy
organization level controls
Organization-Level Controls
  • Consistent policies and procedures
  • Management’s risk assessment process
  • Centralized processing and controls
  • Controls to monitor results of operations
organization level controls8
Organization-Level Controls
  • Controls to monitor the internal audit function, the audit committee, and self-assessment programs
  • Period-end financial reporting process
  • Board-approved policies that address significant business control and risk management practices
personnel policies
Personnel Policies
  • Separation of Duties
    • Separate Accounting and Information Processing from Other Subsystems
    • Separate Responsibilities within IT Environment
  • Use of Computer Accounts
    • Each employee has password protected account
    • Biometrics
personnel policies13
Personnel Policies
  • Informal Knowledge of Employees
    • Protect against fraudulent employee actions
    • Observation of suspicious behavior
    • Highest percentage of fraud involved employees in the accounting department
    • Must safeguard files from intentional and unintentional errors
business continuity planning
Business Continuity Planning
  • Definition
    • Comprehensive approach to ensuring normal operations despite interruptions
  • Components
    • Disaster Recovery
    • Fault Tolerant Systems
    • Backup
disaster recovery
Disaster Recovery
  • Definition
    • Process and procedures
    • Following disruptive event
  • Summary of Types of Sites
    • Hot Site
    • Flying-Start Site
    • Cold Site
fault tolerant systems
Fault Tolerant Systems
  • Definition
    • Used to deal with computer errors
    • Ensure functional system with accurate and complete data (redundancy)
  • Major Approaches
    • Consensus-based protocols
    • Watchdog processor
    • Utilize disk mirroring or rollback processing
backup
Backup
  • Batch processing
    • Risk of losing data before, during, and after processing
    • Grandfather-parent-child procedure
  • Types of Backups
    • Hot backup
    • Cold Backup
    • Electronic Vaulting
computer facility controls
Computer Facility Controls
  • Locate Data Processing Centers in Safe Places
    • Protect from the public
    • Protect from natural disasters (flood, earthquake)
  • Limit Employee Access
    • Security Badges
    • Man Trap
  • Buy Insurance
study break 1
Study Break #1
  • A _______ is a comprehensive plan that helps protect the enterprise from internal and external threats.
  • Firewall
  • Security policy
  • Risk assessment
  • VPN
study break 1 answer
Study Break #1 - Answer
  • A _______ is a comprehensive plan that helps protect the enterprise from internal and external threats.
  • Firewall
  • Security policy
  • Risk assessment
  • VPN
study break 2
Study Break #2
  • All of the following are considered organization-level controls except:
  • Personnel controls
  • Business continuity planning controls
  • Processing controls
  • Access to computer files
study break 2 answer
Study Break #2 - Answer
  • All of the following are considered organization-level controls except:
  • Personnel controls
  • Business continuity planning controls
  • Processing controls
  • Access to computer files
study break 3
Study Break #3
  • Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _________.
  • Redundancy
  • COBIT
  • COSO
  • Integrated security
study break 3 answer
Study Break #3 - Answer
  • Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _________.
  • Redundancy
  • COBIT
  • COSO
  • Integrated security
general controls for information technology
General Controls for Information Technology
  • Security for Wireless Technology
  • Controls for Networks
  • Controls for Personal Computers
  • IT Control Objectives for Sarbanes-Oxley
general controls for information technology29
General Controls for Information Technology
  • IT general controls apply to all information systems
  • Major Objectives
    • Computer programs are authorized, tested, and approved before usage
    • Access to programs and data is limited to authorized users
security for wireless technology
Security for Wireless Technology
  • Utilization of wireless local area networks
  • Virtual Private Network (VPN)
    • Allows remote access to entity resources
  • Data Encryption
    • Data converted into a scrambled format
    • Converted back to meaningful format following transmission
controls for networks
Controls for Networks
  • Control Problems
    • Electronic eavesdropping
    • Hardware or software malfunctions
    • Errors in data transmission
  • Control Procedures
    • Checkpoint control procedure
    • Routing verification procedures
    • Message acknowledgment procedures
controls for personal computers
Controls for Personal Computers
  • Take an inventory of personal computers
  • Applications utilized by each personal computer
  • Classify computers according to risks and exposures
  • Physical security
it control objectives for sarbanes oxley
IT Control Objectives for Sarbanes-Oxley
  • “IT Control Objectives for Sarbanes-Oxley”
    • Issued by IT Governance Institute (ITGI)
    • Provides guidance for compliance with SOX and PCAOB requirements
  • Content
    • IT controls from COBIT
    • Linked to PCAOB standards
    • Linked to COSO framework
application controls for transaction processing
Application Controlsfor Transaction Processing
  • Purpose
    • Embedded in business process applications
    • Prevent, detect, and correct errors and irregularities
  • Application Controls
    • Input Controls
    • Processing Controls
    • Output Controls
input controls
Input Controls
  • Purpose
    • Ensure validity
    • Ensure accuracy
    • Ensure completeness
  • Categories
    • Observation, recording, and transcription of data
    • Edit tests
    • Additional input controls
observation recording and transcription of data
Observation, Recording,and Transcription of Data
  • Confirmation mechanism
  • Dual observation
  • Point-of-sale devices (POS)
  • Preprinted recording forms
edit tests
Edit Tests
  • Input Validation Routines (Edit Programs)
    • Programs or subroutines
    • Check validity and accuracy of input data
  • Edit Tests
    • Examine selected fields of input data
    • Rejects data not meeting preestablished standards of quality
additional input controls
Additional Input Controls
  • Unfound-Record Test
    • Transactions matched with master data files
    • Transactions lacking a match are rejected
  • Check-Digit Control Procedure
  • Modulus 11 Technique
processing controls
Processing Controls
  • Purpose
    • Focus on manipulation of accounting data
    • Contribute to a good audit trail
  • Two Types
    • Control totals
    • Data manipulation controls
control totals
Control Totals
  • Common Processing Control Procedures
    • Batch control total
    • Financial control total
    • Nonfinancial control total
    • Record count
    • Hash total
data manipulation controls
Data Manipulation Controls
  • Data Processing
    • Following validation of input data
    • Data manipulated to produce decision-useful information
  • Processing Control Procedures
    • Software Documentation
    • Error-Testing Compiler
    • Utilization of Test Data
output controls
Output Controls
  • Purpose
    • Ensure validity
    • Ensure accuracy
    • Ensure completeness
  • Major Types
    • Validating Processing Results
    • Regulating Distribution and Use of Printed Output
output controls50
Output Controls
  • Validating Processing Results
    • Preparation of activity listings
    • Provide detailed listings of changes to master files
  • Regulating Distribution and Use of Printed Output
    • Forms control
    • Pre-numbered forms
    • Authorized distribution list
study break 4
Study Break #4
  • A ______ is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, hand-held devices.
  • Data encryption
  • WAN
  • Checkpoint
  • VPN
study break 4 answer
Study Break #4 - Answer
  • A ______ is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, hand-held devices.
  • Data encryption
  • WAN
  • Checkpoint
  • VPN
study break 5
Study Break #5
  • Organizations use ______ controls to prevent, detect, and correct errors and irregularities in transactions that are processed.
  • Specific
  • General
  • Application
  • Input
study break 5 answer
Study Break #5 - Answer
  • Organizations use ______ controls to prevent, detect, and correct errors and irregularities in transactions that are processed.
  • Specific
  • General
  • Application
  • Input
copyright
Copyright

Copyright 2010 John Wiley & Sons, Inc. All rights reserved.

Reproduction or translation of this work beyond that permitted in

Section 117 of the 1976 United States Copyright Act without the

express written permission of the copyright owner is unlawful.

Request for further information should be addressed to the

Permissions Department, John Wiley & Sons, Inc. The purchasermay make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.