...Controls for IT and Reporting University of Phoenix Internal Controls ACC 544 August 22, 2011 Controls for IT and Reporting As more business processes become streamlined and automated, many companies rely heavily on technology and the support from their Information Technology departments. Information technology has the largest responsibility within an organization. Information technology is responsible for the implementation and maintenance of the hardware and software within a company. Information technology is responsible for ensuring that the hardware and software are secure and align with the company’s needs, business operations, goals and objectives. Information technology serves as a mechanism of supporting internal control systems and reporting. Most information, including financial records, that are generated, circulated, and reported within a company are electronic. Therefore, the threat of information technology being compromised is prevalent. Companies must take precautions to protect their systems and choose proper internal controls for information technology and reporting. This includes evaluating the internal controls system’s effectiveness and answering the following questions: • Is the design and operation of the internal control system up-to-date with technological advancements? • Is the internal control system and reporting in compliance with Sarbanes-Oxley Act of 2002? • Does the current system identify existing controls that are inefficient...
Words: 570 - Pages: 3
...learned" opportunity. During this process stakeholders need to be asking the tough questions and gathering information to identify the factors that allowed the event to occur. Featured Resource Presented by Citrix Systems 10 essential elements for a secure enterprise mobility strategy Best practices for protecting sensitive business information while making people productive from Learn More The process should not be viewed as a fault finding mission but a determination of whether there was a company, policy, procedure or guideline in place to address this situation, whether the guidelines were followed as designed or adequate to address (or prevent) the specific situation that occurred. If the fraud event occurred because an employee(s) simply failed to follow the internal control policies, then there are corrective measures that business units may take to ensure policies are followed in the future. These include communication to employees regarding increased awareness, correct handling processes and policy adherence. It may simply be that employees performed as expected under the circumstances but there were insufficient internal control policies in place to guide their behavior. Lessons learned here will strengthen internal controls through the creation of new ones. Also learn about the basics of internal investigations A fraud event without in-depth incident evaluation, lessons learned and corrective action...
Words: 1397 - Pages: 6
...including electronic records and electronic messages, must be saved for "not less than five years." The consequences for non-compliance are fines, imprisonment, or both. IT departments are increasingly faced with the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation. Section 404 of Sarbanes-Oxley In consequence, Search Financial Security (2009) shows the Section 404 of SOX mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test and maintain those controls and procedures to ensure their effectiveness. The purpose of SOX is to reduce the possibilities of corporate fraud by increasing the stringency of procedures and requirements for financial reporting. These reports require to be conveyed annually of the public company by management on the internal control over financial reporting within the organization. McGladrey & Pullen...
Words: 2280 - Pages: 10
...Controls for Information Technology and Reporting and Evaluation April Keller ACC/544 Instructor: September 11th, 2009 Controls for Information Technology The success of a business is determined by how effective its managers are in managing risk. Therefore, acquiring effective risk management helps to protect the company from losses because of poor accounting practices as well as fraudulent activities. Using good controls protect managers from liabilities that may arise when certifying financial statements used in annual reports because when these reports are issued, they are also a reflection of the company’s internal controls. The internal control process begins with management and the attitude that management portrays through the company. Manager duties include implementing the policies and procedures used within the company, these policies and procedures are also used to build the structure which is found within the internal control environment. Internal Control Reporting Options An audit report has three general functions used to report a company’s financial statements. These reports indicate whether the financial statements are presented in conformity with generally accepted accounting principles. Auditors use their reports to highlight any unusual aspects of the audit examination, and the reports can be used to communicate useful information to decision makers that may not appear on the face of the financial statements. Internal reporting...
Words: 730 - Pages: 3
...Controls for InformationTechnology and Reporting and Evaluation Julie Strange University of Phoenix ACC/544 Internal Control Systems Christina Yang October 24, 2011 Controls for Information Technology The success of a business is determined by how effective its managers are in managing risk. Therefore, acquiring effective risk management helps to protect the company from losses because of poor accounting practices as well as fraudulent activities. Using good controls protect managers from liabilities that may arise when certifying financial statements used in annual reports because when these reports are issued, they are also a reflection of the company’s internal controls. The internal control process begins with management and the attitude that management portrays through the company. Manager duties include implementing the policies and procedures used within the company, these policies and procedures are also used to build the structure which is found within the internal control environment. Internal Control Reporting Options An audit report has three general functions used to report a company’s financial statements. These reports indicate whether the financial statements are presented in conformity with generally accepted accounting principles. Auditors use their reports to highlight any unusual aspects of the audit examination, and the reports can be used to communicate useful information to decision makers that may...
Words: 747 - Pages: 3
...Controls for Information Technology The success of a business is determined by how effective its managers are in managing risk. Therefore, acquiring effective risk management helps to protect the company from losses because of poor accounting practices as well as fraudulent activities. Using good controls protect managers from liabilities that may arise when certifying financial statements used in annual reports because when these reports are issued, they are also a reflection of the company’s internal controls. The internal control process begins with management and the attitude that management portrays through the company. Manager duties include implementing the policies and procedures used within the company, these policies and procedures are also used to build the structure which is found within the internal control environment. Internal Control Reporting Options An audit report has three general functions used to report a company’s financial statements. These reports indicate whether the financial statements are presented in conformity with generally accepted accounting principles. Auditors use their reports to highlight any unusual aspects of the audit examination, and the reports can be used to communicate useful information to decision makers that may not appear on the face of the financial statements. Internal reporting options are important in keeping regulators, investors, and employees informed, and the format should be understandable for managers...
Words: 663 - Pages: 3
...Concepts and Analysis (16-20%) | |Area III |Financial Management (17-23%) |Financial Management (19-23%) | |Area IV |Information Technology (22-28%) |Information Systems and Communication (15-19%) | |Area V |Planning and Measurement (22-28%) |Strategic Planning (10-14%) | |Area VI |N/A |Operations Management (12-16%) | Controls over Business Processes • segregation of duties: for each transaction cycle, the functions of authorization, approval, execution (custody of assets) and recordkeeping should be segregated (manual- different individuals performing functions, technology-based- controlling access and passwords) Sales & Collections Business Process |Risk |Nature of Process |Examples Controls | |Inaccurate or incomplete sales data and lack |Sales orders inputted manually |• Password control over terminals to assure that sales are | |of security over sales order information | |authorized by sales...
Words: 1757 - Pages: 8
...Internal auditing covers a broad range of areas that includes a lot of regulation. Even more focus is on information technology. “As the demands of traditional audits responsibilities and the growing burden of information security evolve, the industry is beginning to see emerging trends in internal auditing departments across many organizations” (Hirth, 2012). Information technology controls continue to increase in importance to today’s organizations as reliance on technology and compliance requirements increase. Deficiencies in information technology controls can have a significant impact on the organization. According to a 2011 presentation by public accounting firm Deloitte & Touche, the following are some of the top emerging information technology emerging issues. Social networking and social media technologies is expanding into new areas, including user communities, business collaboration, and commerce. The risks in this area include brand protection, unauthorized access to confidential data, and regulatory or legal violations. Historical audits are not sufficient to determine risks in this area as the medium is constantly changing. The audit plans should be updated every year based on a review of social media usage within the company with an eye on emerging risks. Mobile devices, including cell phones and tablets have become common workplace tools. These devices do not maintain the same level of data security as the organizations stationary network. There is...
Words: 859 - Pages: 4
...the customary tradition, internal auditing’s testing of controls has been performed on months once business activities have occurred. Internal auditors need to respond effectively to the demands of a fast changing business environment, while assisting organizations comply with growing regulatory mandates. This pressures internal auditors to provide more timely and ongoing assurance that controls are working effectively and risk is being mitigated. Today, IAs use continuous auditing as a method to perform control and risk assessments automatically on a more frequent basis. According to Canadian Institute of Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA), Continuous Auditing is defined as a methodology that enables independent auditors (both internal & external) to provide written assurance on a subject matter using a series of auditors’ reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter (Searcy and Woodroof, 2003). The Institute of Internal Auditors' (IIA) Global Technology Audit Guide (GTAG 3) defined continuous auditing as any method used by auditors to perform audit-related activities (including control and risk assessments) on a more continuous (occurring without interruption) or continual (occurring at repeated intervals.) basis. Continuous auditing requires specialized skills of audit personnel to monitor information electronically and incorporate...
Words: 1568 - Pages: 7
...Control Self-assessment for Information and Related Technology To ensure smooth functioning of an enterprise striving to achieve predetermined objectives, business processes are identified and defined. To ensure the proper completion of process work, procedures are defined, documented and established. Business procedures need to be properly controlled to ensure smooth completion. Out-of-control procedures are expensive; therefore, controls need to be in place. These controls can be preventive, detective and/or corrective in nature. However, the adequacy of controls over procedures depends on various factors, including a balance between costs incurred for implementing controls and the resulting benefits derived. Many controls are essential overheads for the business, and therefore, their effectiveness must be reviewed periodically. Internal audit of controls, an essential overhead, helps avoid relaxation on controls. Ultimately, the control overheads constitute a major expenditure item. Assurance that the controls are in place and effective is essential. This assurance can be given through control self-assessment (CSA), also referred to as control self-assurance. Systems and procedures for many business organizations within various sectors have evolved over time. For example, banking is the oldest service sector and the controls over banking procedures are essential not only for the bank, but also for society in general. Controls in banking procedures have also evolved over...
Words: 5755 - Pages: 24
...Internal Control and Risk Evaluation Kudler Fine Foods requested information on the controls that would be required if the company chose to follow the flowcharts prepared by Team A in Week Two. The following information will analyze the risks, identify the risks and internal control points, design internal controls, evaluate the application of internal controls, and discuss other controls. Risks With Point of Sale Cloud Computing After discussion, Team A chose to recommend a Point of Sale Cloud Computing System to Kudler Fine Foods. By design, the Cloud Computing System allows a company to determine how much capacity is needed and allows them to change the scalability as needed. Kudler Fine Foods would no longer need to be concerned with storage or having the internal resources available to maintain an in-house system. This allows a company with several locations to have access to real-time information, twenty-four hours a day and seven days a week. The Cloud Security Alliance (CSA) has outlined several risks that are associated with Cloud Computing Technology. While there are many benefits to Cloud Computing, it is important to understand the risks involved. According to “CSA Threats” (2010), “customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable” (Executive Summary). The first threat mentioned is abuse. Criminals continue to work on breaking...
Words: 970 - Pages: 4
...ACCOUNTING INFORMATION SYSTEMS: COURSE OBJECTIVES, DESCRIPTION, TOPICS, AND ASSIGNMENTS ACCT-5600 DR. NICOLAOU Fall 2010 COURSE STRUCTURE In the modern world, the majority of accounting entries occur electronically. Accountants and auditors store information in databases, managed by enterprise systems that have a set of controls to ensure that transactions and record keeping happen as expected. E-business Web sites handle transactions automatically, with the accounting data going directly into the necessary databases. The concept of a paper trail has become a bit of a misnomer; today, because of accounting information systems, there is often no paper involved at all; however, it is important to establish the flow the data in different areas of the organization, or audit trail, so as to properly exercise internal controls. AISs help in this purpose. At the outset of this course, you will learn the basics of accounting information systems and business processes. Next, you will learn about database management systems, and the design of various database models. Finally, you will learn about how to use internal controls effectively for risk management, as well as the requirements for business reporting. After completing this course, you should not only have a clear idea of how accounting information systems work, but you should also be prepared to design and configure them to meet the record-keeping and risk management requirements of the organization. In addition...
Words: 6838 - Pages: 28
...b: The system flow chart of the existing system is as follows: Answer c: There are many physical internal control weaknesses are present in the given system. Some of them are described here. * Physical count of inventory * wasteful and inefficient use of resources * poor management decisions * unintentional errors recording or processing data * accidental loss or destruction of records * loss of assets through employee carelessness * lack of compliance by employees with management policies The above are all the some weaknesses which are not present. If management wants to overcome these weaknesses in short time then first change the policy and make new strategy and immediately implement on the business to get the good results in less time. If the organization keeps going on the old policies and with the weaknesses then it will lead a failure or may be shutdown of operations in future. Internal control means different things to different people. This causes confusion among businesspeople, legislators, regulators and others. Resulting miscommunication and different expectations cause problems within an enterprise. Problems are compounded when the term, if not clearly defined, is written into law, regulation or rule. This report deals with the needs and expectations of management and others. It defines and describes internal control to: 1. Establish a common definition serving the needs of different parties. 2. Provide a standard against...
Words: 1027 - Pages: 5
...Title: Internal Control and Other Risk Internal Control and Other Risk University of Phoenix Internal Control and Other Risk Kudler Fine Food is very concern with the company internal control and risk evaluation. The company has put much time and money into ensuring Kudler is well protected. The company has hired an accountant firm to ensure the company has covered all their bases in dealing with risk an internal control. The company is fully concerns with making the most of what technology has to offer them as a company. Management needs an analysis on the risks in the system, which also identify of the risks and internal control points, which should be incorporate through the controls and risks into the flowcharts. The flowchart has been design to include and mitigate the risks associate with internal controls. An evaluation relate to the application concerning the system internal controls will be review and a full discussion of the other controls that may be need which are outside the system. Analyze Risk in the System The first risks in the system that was identified as directly related to software that would provide much more control over Kudler...
Words: 1154 - Pages: 5
...Executive Summary The need for auditors with technology skills have increased, this is why the IT auditing profession has become very important. Information Technology auditors analyze the information technology structure, operations, and software of an organization. They are in charge of identifying better ways in which the organization’s systems can meet their needs in a better and more reliable way. IT auditors can basically design new systems by configuring hardware and software programs and they also test the systems to make sure they are working properly. Most IT auditors work in offices, obviously with computer systems. Some IT auditors work with the same company for years making sure the information systems and internal controls work properly. Some other IT auditors work for CPA firms that provide auditing services, and are required to travel to evaluate the information systems of clients. For the most part IT auditors work independently, but when they are assigned to larger and/or complicated projects, they use the collaboration of other peers. James Reinhard, CPA, CIA, CISA, manager of Simon Property Group Inc. who has more than 20 years’ experience in IT and integrated auditing states that “The ideal IT auditor should be able to discuss IP routing with the network folks in one hour and financial statement disclosures with the controller in the next” (Scharf, 2008). To become the ideal IT auditor IT audit certifications are the best option. IT audit...
Words: 5614 - Pages: 23
