SlideShare ist ein Scribd-Unternehmen logo

Internal controls in an IT environment

Chris Nicole Apat-Orcullo, CPA
Chris Nicole Apat-Orcullo, CPA

Application Controls

TechnologieBusiness
1 von 18
Downloaden Sie, um offline zu lesen
Internal Controls in an IT Environment
What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
PDC Model Preventive, Detective and Corrective Controls
Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
COSO INTERNAL CONTROL FRAMEWORK
What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
THE COSO INTERNAL FRAMEWORK
The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
Monitoring – Process by which the quality of internal control design and operation can be assessed.
Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
• IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
– General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures

Empfohlen

Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-software
kzoe1996
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
Tommy Zul Hidayat
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal Control
Zefren Edior
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
Sreekanth Narendran
 
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
MUHAMMAD HUZAIFA CHAUDHARY
 
Audit of Cash Balances
Audit of Cash BalancesAudit of Cash Balances
Audit of Cash Balances
James Raymond Matibag
 
Topic 11 notes and question on ppe
Topic 11 notes and question on ppeTopic 11 notes and question on ppe
Topic 11 notes and question on ppe
sakura rena
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 

Empfohlen

Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-software
kzoe1996
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
Tommy Zul Hidayat
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal Control
Zefren Edior
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
Sreekanth Narendran
 
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
UNDERSTANDING OF INTERNAL CONTROL AND CONTROL , RISK ASSESSMENT
MUHAMMAD HUZAIFA CHAUDHARY
 
Audit of Cash Balances
Audit of Cash BalancesAudit of Cash Balances
Audit of Cash Balances
James Raymond Matibag
 
Topic 11 notes and question on ppe
Topic 11 notes and question on ppeTopic 11 notes and question on ppe
Topic 11 notes and question on ppe
sakura rena
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 
Topic 7 audit planning
Topic 7 audit planningTopic 7 audit planning
Topic 7 audit planning
sakura rena
 
Ifrs
IfrsIfrs
Ifrs
aishvi busar
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
Rajeswaran Muthu Venkatachalam
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
kzoe1996
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice
Bikash Kumar
 
Audit of Fixed Assets
Audit of Fixed AssetsAudit of Fixed Assets
Audit of Fixed Assets
Admin SBS
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
HeldaMaryA
 
Internal control
Internal controlInternal control
Internal control
iPleaders - Re-engineering Legal education, New Delhi
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
Dr. Zar Rdj
 
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash BatraComparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Yash Batra
 
International Financial Reporting Standard (IFRS)
International Financial Reporting Standard (IFRS)International Financial Reporting Standard (IFRS)
International Financial Reporting Standard (IFRS)
Dr. Sushil Bansode
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniques
Syed Osama Rizvi
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
Sreekanth Narendran
 
Accounting for intangibles
Accounting for intangiblesAccounting for intangibles
Accounting for intangibles
Mallikarjun Bali
 
Internal controls
Internal controlsInternal controls
Internal controls
Geetali Tare
 
Ch02-conceptual framework or financial reporting
Ch02-conceptual framework or financial reportingCh02-conceptual framework or financial reporting
Ch02-conceptual framework or financial reporting
Vivi Tazkia
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
Akash Saxena
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Jami Martin
 
Internal control
Internal controlInternal control
Internal control
SALIH AHMED ISLAM
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 

Weitere ähnliche Inhalte

Was ist angesagt?

Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash BatraComparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Yash Batra
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
Accounting for intangibles
Accounting for intangiblesAccounting for intangibles
Accounting for intangibles
Mallikarjun Bali
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
Akash Saxena
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 

Was ist angesagt? (20)

Topic 7 audit planning
Topic 7 audit planningTopic 7 audit planning
Topic 7 audit planning
 
Ifrs
IfrsIfrs
Ifrs
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice
 
Audit of Fixed Assets
Audit of Fixed AssetsAudit of Fixed Assets
Audit of Fixed Assets
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
Internal control
Internal controlInternal control
Internal control
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
 
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash BatraComparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
Comparison of IFRS, India GAAP & USGAAP (Revenue Recogniation) by Yash Batra
 
International Financial Reporting Standard (IFRS)
International Financial Reporting Standard (IFRS)International Financial Reporting Standard (IFRS)
International Financial Reporting Standard (IFRS)
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniques
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Accounting for intangibles
Accounting for intangiblesAccounting for intangibles
Accounting for intangibles
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Ch02-conceptual framework or financial reporting
Ch02-conceptual framework or financial reportingCh02-conceptual framework or financial reporting
Ch02-conceptual framework or financial reporting
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 

Ähnlich wie Internal controls in an IT environment

Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 

Ähnlich wie Internal controls in an IT environment (20)

Internal control
Internal controlInternal control
Internal control
 
Internal Control
Internal ControlInternal Control
Internal Control
 
1auditconcepts
1auditconcepts1auditconcepts
1auditconcepts
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Accounting system and control
Accounting system and controlAccounting system and control
Accounting system and control
 
8. Business achieving & organizational control
8. Business achieving & organizational control 8. Business achieving & organizational control
8. Business achieving & organizational control
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Red Flag Reporting - Organizational Level Controls
Red Flag Reporting - Organizational Level ControlsRed Flag Reporting - Organizational Level Controls
Red Flag Reporting - Organizational Level Controls
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptx
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Internal Audit - A Comprehensive Risk Management tool
Internal Audit - A Comprehensive Risk Management toolInternal Audit - A Comprehensive Risk Management tool
Internal Audit - A Comprehensive Risk Management tool
 
Internal audits role in compliance
Internal audits role in complianceInternal audits role in compliance
Internal audits role in compliance
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 

Kürzlich hochgeladen

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
EasyPrinterHelp
 

Kürzlich hochgeladen (20)

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

Internal controls in an IT environment

  • 1. Internal Controls in an IT Environment
  • 2. What are Internal Controls? • It is comprised of policies, practices and procedures employed by the organization to achieve four (4) broad objectives: – To safeguard assets of the firm – To ensure the accuracy and reliability of accounting records and information – To promote efficiency of the firm’s operations – To measure compliance with management’s prescribed policies and procedures
  • 3. Modifying Principles of Internal Control • • • • Management Responsibility Methods of Data Processing Limitations Reasonable Assurance
  • 4. Limitations of Internal Control 1. 2. 3. 4. Possibility of error Circumventions Management Override Changing conditions
  • 5. PDC Model Preventive, Detective and Corrective Controls
  • 6. Preventive Controls • First line of defense • Passive techniques designed to reduce the frequency of occurrence of undesirable events. • Example is a well-designed data screen – only valid entries and user-defined fields are entered.
  • 7. Detective Controls • Are devices, techniques and procedures designed to identify and expose undesirable events that elude preventive controls. • Example – alert that the amount entered as DEBIT in the system does not equal the CREDIT entered, vice versa
  • 8. Corrective Control • The “fix.” • Example – adjusting entries to erroneous accounts used in entering in the journal entry.
  • 10. What is COSO? • Stands for “Committee of Sponsoring Organizations of the Treadway Commission.” • Included the following organizations: – Financial Executives International (FEI) – Institute of Management Accountants (IMA) – American Accounting Association (AAA) – AICPA – IIA
  • 12. The Control Environment – Integrity and ethical values of management – Organizational structure – BOD and Audit Committee participation – Management philosophy and operating style – External influences – HR policies and practices
  • 13. Risk Assessment – Changes in operating environment – New personnel – New/re-engineered systems – Significant and rapid growth – Introduction of new product lines or activities – Organizational restructuring – Entrance to foreign markets – Adoption of new accounting principle(s)
  • 14. Information and Communication – Identify and record all valid financial information. – Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. – Accurately measure the financial value of transactions so their effects can be recorded in financial statements. – Accurately record transactions in the proper time period.
  • 15. Monitoring – Process by which the quality of internal control design and operation can be assessed.
  • 16. Control Activities • Physical controls  relates primarily to the human activities employed in accounting systems.  the six (6) categories of physical controls are:       Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification
  • 17. • IT Controls – Application  Ensures validity, completeness, and accuracy of financial transactions.  Examples include: limit checks, check digits, batch balancing techniques.
  • 18. – General  Also known as General Computer Controls, Information Technology Controls  Include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures