...Controls for Information Technology (IT) and Reporting and Evaluation Jami L. Valek ACC-544 January 28, 2013 Christine Errico Controls for Information Technology (IT) and Reporting and Evaluation Information Technology (IT) controls are activities that are specifically performed to ensure that business objectives are met through the use of people and systems. IT control objectives are related to the business enterprise’s confidentiality, integrity, availability of data, and the overall management of the IT functions. There are two types of IT controls: IT general controls, which are controls over the IT environment, computer operations, access to programs and data, program development and program changes; and IT application controls, which refer to transaction processing controls (“Information Technology Controls”, 2013). IT General Controls are the foundation of a company’s IT control structure. With IT General Controls, data that is generated can be deemed more reliable and assertion that systems are operating as intended is supported. IT General Controls usually include controls that are designed to: * Shape the corporate environment through control environment; * Ensure that changes are authorized and meet business requirements through changes in management procedures; * Protect the integrity of program controls through source code/document version controls procedures; * Ensure effective management of IT projects through software development life...
Words: 507 - Pages: 3
... 63–76 Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate an organization’s overall level of ITGC risk within the context of an integrated audit. Keywords: internal controls; general control; ITGC; risk assessment. INTRODUCTION he Sarbanes-Oxley Act (SOX 2002) and the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) require that the organization’s chief executive officer (CEO) and chief financial officer (CFO) include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. External auditors must review management’s internal control assessment as part of an annual integrated audit of an organization’s internal controls over financial reporting...
Words: 6299 - Pages: 26
...1. Flamholtz (1996) article a. summarize the four functions of control (i) Give people motivation to make decisions and take actions consistent with organizational objectives (ii) Integrate efforts of different parts (iii) Provide information of results of organization and people’s performance (iv) Facilitate the implementation of plans b. identify the key components of an organizational control system and the role of each core control system, organizational structure, organizational culture (i) The core control system focuses on any aspect of human behavior which has to do with attainment of organizational objectives (ii) c. the key components of the core control system Five organizational process, planning, operations, measurements. 2. MCDONALD’S This article used financial measurement such as sales figures and net income to measure Mr. Thompson’s leading performance, which turned out to be not satisfying. According to Mr. Smead, Mr. Thompson failed to inspire the franchisees or people around him in the way that they needed to be. FACEBOOK This article uses both financial and non-financial measurements to evaluate Facebook’s performance, including daily active Facebook users, advertising revenue and global revenue per user. All these measurements affected Facebook’s decision and its strategy in the future. 3. a. Brooke received the quarterly financial report and found out that The Coffee Pot was still losing money...
Words: 307 - Pages: 2
...Controls for Information Technology Janet Lafountain ACC/544 July 9, 2012 Bret Mann Controls for Information Technology Many types of controls for Information Technology are available for companies to choose, the controls for reporting and evaluation would benefit the company and keep employees and investors informed. Managers and investors need to understand this information to make knowledgeable decisions. One responsibility as a controller is to keeping track of information. Information is vital to the company. Generic tools do not provide optimal protection for the company, unlike document management, and workflow tools. The document management and workflow tools go together with different accounting software. The data provided by these tools assist management by making it straightforward and easy to access the information. Linking separate processes, the examination of instrumental job responsibilities, and the relations to the progress of work are achievable. As the transformation of the company’s business practices become essential after monitoring, updating the risk and controls becomes necessary also. The other tools useful to the company are real-time compliance and data mining. Real-time compliance tools offer data throughout the company via added software. This data is available to make reliable improvements to practices and procedures and any compliance problems are accessible by management at any time. Data mining draws on information from...
Words: 255 - Pages: 2
...ST. LOUIS UNIVERSITY NATIONAL SERVICE TRAINING PROGRAM(NSTP)OFFICE SCHOOL OF TEACHER EDUCATION Gonzaga Campus, Gen. Luna Rd., 2600 Baguio City Tel: (074) 4470664/09198807387/09163349807 Email: nstpcoor@slu.edu.ph / slunstp@yahoo.com PARENT’S AUTHORIZATION FOR GUARDIANS OF OWN CHILDREN OTHER THAN THEMSELVES To St. Louis University: This is to authorize_______________________________,of _________________________________ (Name of guardian) (address of guardian) the _______________________________of our child ____________________________who is studying in (relationship of guardian to the child) (Name of child) St Louis University, to act as the guardian of our child; to sign all documents, papers or waivers that require parent’s signature in accordance with SLU policies, and do all other things in connection thereof. We understand that by this authorization, we shall not hold St. Louis University liable for any lapse of diligence committed by the above guardian. Signed: ______________________________ (and/or ) ________________________________ Name and Signature of Father Name and Signature of Mother Date:______________________ Date:______________________ Conforme: __________________________ ________________________________ Name and Signature of Guardian Name and Signature of Child Date:______________________ Date:______________________ NOTE: required attachment –photocopy of two ID’s of parents...
Words: 448 - Pages: 2
...Internal Controls for Information Technology ACC 544 September 2, 2013 Miriam Shealy Internal Controls for Information Technology Internal controls for Information Technology are important as they help protect the company’s assets. Internal controls are necessary to comply with the security of the company’s information. Internal controls will be reviewed in this document as well as how can the company review its security over their internal controls. The assets of the company need to be protected. In order to do so, the company needs to review for risks. The company needs to develop a plan for what internal control measures they would want to put into place. Internal controls will help guide how we protect our assets against threats and vulnerabilities. Threats to a company’s assets can be known or unknown. A hacker of the system can bring parts of a system down or lose some data. It also can completely take down the system. A company should have a threat agent that would help identify such a task. The IT team will need to correct and fix this quickly. It is necessary to have firewalls in the system that will help protect against vulnerabilities. Vulnerabilities for the system would be not protecting the system. If there is not a firewall or security agent assigned to the system the information can be stolen and damaged by any type of threat. The company should take steps of system control with monitoring, managing, and having back...
Words: 643 - Pages: 3
...CONTROL AND AIS (Version 1 – Brief, just for the exam) Overview of Control Concepts * Internal Control - plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency and encourage adherence to prescribed management procedures. * Management Control - broader than internal control 1. Integral part of management responsibilities. 2. Is designed to reduce errors and irregularities and achieve goals 3. Is personnel oriented and seeks to help employees attain company goals by following policies. * Administrative Controls - help ensure operational efficiency and adherence to managerial policies. * Accounting controls - safeguard assets and ensure the reliability of accounting records. * Internal control structure - policies and procedures established to provide reasonable assurance that the organization's specific objectives will be achieved. 1. Control environment 2. Accounting system 3. Control procedures * Internal control classifications 1. Preventive, detective, corrective 2. Feedback, feedforward 3. General, application 4. Input, processing and output COSO - Committee of Sponsoring Organizations * Internal control - process implemented by management, the BOD, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to: ...
Words: 5228 - Pages: 21
...Controls for IT and Reporting University of Phoenix Internal Controls ACC 544 August 22, 2011 Controls for IT and Reporting As more business processes become streamlined and automated, many companies rely heavily on technology and the support from their Information Technology departments. Information technology has the largest responsibility within an organization. Information technology is responsible for the implementation and maintenance of the hardware and software within a company. Information technology is responsible for ensuring that the hardware and software are secure and align with the company’s needs, business operations, goals and objectives. Information technology serves as a mechanism of supporting internal control systems and reporting. Most information, including financial records, that are generated, circulated, and reported within a company are electronic. Therefore, the threat of information technology being compromised is prevalent. Companies must take precautions to protect their systems and choose proper internal controls for information technology and reporting. This includes evaluating the internal controls system’s effectiveness and answering the following questions: • Is the design and operation of the internal control system up-to-date with technological advancements? • Is the internal control system and reporting in compliance with Sarbanes-Oxley Act of 2002? • Does the current system identify existing controls that are inefficient...
Words: 570 - Pages: 3
...Case 13-9 ZOU’s Fencing Controls ZOU Fencing Inc. (ZOU Fencing or the Company) is a public company in the United States that files quarterly and annual reports with the SEC. ZOU Fencing has five manufacturing facilities located in Missouri and produces and provides chain-link fencing to customers throughout the Midwest (Wisconsin, Indiana, Michigan, Ohio, Illinois, and Iowa) via rail car. ZOU Fencing sells chain-link fencing to customers under free on board (FOB) shipping point terms. Therefore, revenue is recorded when goods are shipped from the respective warehouse. ZOU Fencing currently uses a sophisticated warehouse management system (the Warehouse K-Series System), which allows the Company to (1) record sales upon shipment of goods out of the warehouse, (2) automatically price fence sales on the basis of standard pricing tables, and (3) generate multiple reports for the evaluation of ZOU Fencing’s operations. Engagement Team Note: Materiality was determined to be $5 million. At year-end, the engagement team evaluated the internal controls related to revenue. This evaluation was done through inquiries of appropriate personnel and consideration of the results of other audit procedures including: (1) updating the risk assessment procedures (including the understanding of internal control) and substantive procedures, (2) considering the result of the entity’s monitoring of controls (or our testing of the entity’s monitoring of controls), and (3) obtaining an update...
Words: 2449 - Pages: 10
...Guide to Internal Control and Internal Control Services Members in government, both mangers and auditors, must understand the concepts of internal control and independence and the effect they have on the CPA practitioners that the government hires for both its financial statement audits and for other nonaudit engagements related to internal control services. As auditing standards have evolved, the auditors may no longer default to a maximum control risk but now should obtain a sufficient understanding of internal control by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented.1 This may result in the auditor spending additional time. Additionally, internal control deficiencies identified by an auditor that upon evaluation are considered significant deficiencies or material weaknesses should be communicated in writing to management and those charged with governance.2 This standard also has led to a great deal of discussion about what is or is not a control and what role an auditor can play, with respect to the client’s system of internal control. Even if a CPA practitioner does not perform audits but performs reviews and compilations, it is important that he or she understand internal control because of the possible independence ramifications. A CPA practitioner’s independence would be impaired if he or she establishes or maintains internal control for a client.3 This...
Words: 4795 - Pages: 20
...here, such as Data Base Detail 10 Court Type (Category table) 10 Employee(Object table) 10 Equipment (Category table) 10 Member (Object table) 11 Membership Type (Category table) 11 Payment (Transaction table) 11 Rental Record (Intersection table) 12 Schedule (Transaction table) 12 Information Technology Controls for XYZ Recreation center 14 ADD A TiTLE, Such s overview of Controls 14 Control Details 14 Control classification zone 15 Type 16 Implementation 17 Metrics 17 Compensating Control 18 Change log 19 PRJ 1 19 PRJ 2 20 Exclusive summary Going to stadium is an enduring activities among Americans, especially among those college students. Those people are keen to exercise their body day by day. It brings our company, XYZ Stadium, large amount of clients and incomes. What’s more, other organizations are willing to rent our space to hold their activities such as sport event. However, these good news challenge us in management process especially in check-in process which we did not think it over carefully before. To mitigate these problem, our company pushes and implement a sequence of system associated with the check-in process to control and prevent existing and potential risks. Our check-in system is mainly constituted by a main process and two sub-processes. The main process is a general and simple process which our clients will face directly. It’s an almost automatic process operating and recording by computer system after staffs...
Words: 5460 - Pages: 22
...Chapter 12 Take Home Quiz |1. Typical controls developed for manual systems which are still important in IT systems include: | |a. proper authorization of transactions. | |b. competent and honest personnel. | |c. careful and complete preparation of source documents. | |d. all of the above. | | | |2. ______ controls prevent and detect errors while transaction data are processed. | |a. Software | |b. Application | |c. Processing | |d. Transaction | | | |3. Which of the...
Words: 501 - Pages: 3
...IT General Controls Risk Assessment Report Foods Fantastic Company Thomas Woods 12/7/2012 ------------------------------------------------- Background: ------------------------------------------------- In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house. Purpose: We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a well-controlled IT environment and to meet the requirements that are outlined in SAS 109 and SOX Section 404 Management Assessment of Internal Controls. Considering that the FFC IT environment has a direct impact on the account balances and financial statements, it is imperative that we provide assurance over IT controls prior to the financial statement audit and assess the risk of material misstatement in the different areas of the IT environment. Scope: ------------------------------------------------- Our team initially reviewed key provisions included in SAS 109, SOX Section 404, PCAOB Auditing Standard No.5, and FFC policies...
Words: 1551 - Pages: 7
...characteristics of IT systems. Choose the best response. a. Effective management of information technologies in an organization embraces the viewpoint that (1)most technologies reduce existing risk conditions. (2)technologies reduce some types of risks while introducing new types of risks to be managed. (3)technologies generally increase an organization’s overall net risks. (4)the objective of technology implementations is to increase profitability on a net basis. b. Which of the following is generally not considered a category of IT general controls? (1)Controls that determine whether a vendor number matches the pre-approved vendors in the vendor master file. (2)Controls that restrict system-wide access to programs and data. (3)Controls that oversee the acquisition of application software. (4)Controls that oversee the day-to-day operation of IT applications. c. As general IT controls weaken, the auditor is most likely to (1)reduce testing of automated application controls done by the computer. (2)increase testing of general IT controls to conclude whether they are operating effectively. (3)expand testing of automated application controls used to reduce control risk to cover greater portions of the fiscal year under audit. (4)ignore obtaining knowledge about the design of general IT controls and whether they have been implemented. d. Which of the following is an example of an application control? (1)The client uses access security software to limit access to each of the accounting...
Words: 1276 - Pages: 6
...Table of Contents: Introduction: 1 General & Application controls: 1 General controls: 1 Application controls: 1 Data Input: 1 Data Entry Procedures: 1 Authorized staff: 2 Documentation: 3 Satisfaction by end users and end user management: 3 End-user documentation: 4 Conclusion: 4 Introduction: In today’s business sector there are many threats that face business information systems such as malicious intent, both from internal and external sources, and this can be either intent to disrupt data entry or hacking into a system to create chaos. Disasters such as crippling power surges that shut down a system or ones that completely corrupts the database or issues that arise from Hardware or software failures or possibly from upgrading a system to a newer “better version”. To help combat these threats there are two basic types of controls; General controls, and Application controls. These controls help to control how the database is used, monitored and protected, as well as set in place firm documentation that outlines how the system is used and methods to ensure the proper use and maintenance of the system. General & Application controls: General controls: Monitors and secures the use of the system throughout the organization, protects data through consistent backups as well as ensuring procedures and standards are followed. Application controls: Risk - Data Input: Are Input controls in place help to ensure that all data that is being entered into...
Words: 1215 - Pages: 5