SlideShare ist ein Scribd-Unternehmen logo

Internal controls in an IT environment

Chris Nicole Apat-Orcullo, CPA
Chris Nicole Apat-Orcullo, CPA

Application Controls

TechnologieBusiness
1 von 18
Downloaden Sie, um offline zu lesen
Internal Controls in an IT Environment
What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
PDC Model Preventive, Detective and Corrective Controls
Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
COSO INTERNAL CONTROL FRAMEWORK
What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
THE COSO INTERNAL FRAMEWORK
The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
Monitoring – Process by which the quality of internal control design and operation can be assessed.
Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
• IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
– General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures

Empfohlen

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
Accounting information system
Accounting information systemAccounting information system
Accounting information system
Vivek K. Singh
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
CenapSerdarolu
 

Empfohlen

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
Accounting information system
Accounting information systemAccounting information system
Accounting information system
Vivek K. Singh
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
CenapSerdarolu
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
Tommy Zul Hidayat
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
Syed Osama Rizvi
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
Aziz Fataliyev, Internal Audit Practitioner
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
jayussuryawan
 
Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
Amarnath Gupta
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
jayussuryawan
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
jayussuryawan
 
Internal control
Internal controlInternal control
Internal control
SALIH AHMED ISLAM
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 

Weitere ähnliche Inhalte

Was ist angesagt?

03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 

Was ist angesagt? (20)

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
Internal control system
Internal control systemInternal control system
Internal control system
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
 

Ähnlich wie Internal controls in an IT environment

Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdf
owaissayyed0041
 

Ähnlich wie Internal controls in an IT environment (20)

Internal control
Internal controlInternal control
Internal control
 
Internal Control
Internal ControlInternal Control
Internal Control
 
1auditconcepts
1auditconcepts1auditconcepts
1auditconcepts
 
Accounting system and control
Accounting system and controlAccounting system and control
Accounting system and control
 
8. Business achieving & organizational control
8. Business achieving & organizational control 8. Business achieving & organizational control
8. Business achieving & organizational control
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Red Flag Reporting - Organizational Level Controls
Red Flag Reporting - Organizational Level ControlsRed Flag Reporting - Organizational Level Controls
Red Flag Reporting - Organizational Level Controls
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptx
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Internal Audit - A Comprehensive Risk Management tool
Internal Audit - A Comprehensive Risk Management toolInternal Audit - A Comprehensive Risk Management tool
Internal Audit - A Comprehensive Risk Management tool
 
Internal audits role in compliance
Internal audits role in complianceInternal audits role in compliance
Internal audits role in compliance
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
Internal audit
Internal auditInternal audit
Internal audit
 
auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdf
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Internal controls in an IT environment

  • 1. Internal Controls in an IT Environment
  • 2. What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
  • 3. Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
  • 4. Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
  • 5. PDC Model Preventive, Detective and Corrective Controls
  • 6. Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
  • 7. Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
  • 8. Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
  • 10. What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
  • 12. The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
  • 13. Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
  • 14. Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
  • 15. Monitoring – Process by which the quality of internal control design and operation can be assessed.
  • 16. Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
  • 17. • IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
  • 18. – General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures