chapter 13 control and accounting information systems

30
Chapter 13 Control and Accounting Information Systems

Upload: irma-owens

Post on 25-Dec-2015

262 views

Category:

Documents


8 download

TRANSCRIPT

Page 1: Chapter 13 Control and Accounting Information Systems

Chapter 13

Control and Accounting Information Systems

Page 2: Chapter 13 Control and Accounting Information Systems

Introduction

• Control - the process of exercising a restraining or directing influence over the activities of an object, organism, or system– The goal is to prevent losses from the many

possible hazards that businesses face.

• The accountant’s job is to take a proactive approach to eliminating threats and detect, correct, and recover from threats if they occur.

Page 3: Chapter 13 Control and Accounting Information Systems

Introduction

• Threat - any potential adverse occurrence or unwanted event that could injure either the AIS or the organization

• Exposure - the potential dollar loss of a particular threat if that threat occurs

• Risk - the likelihood that the threat will actually come to pass

Page 4: Chapter 13 Control and Accounting Information Systems

Overview of Control Concepts

• Historical developments– 1949 - AIA– 1958 - SAP No. 29– 1972 - SAP NO. 54– 1977 - Foreign Corrupt Practices Act– 1981 - Research Foundation of the FEI– 1988 - SAS No. 55– 1992 Committee of Sponsoring Organizations

(COSO)

Page 5: Chapter 13 Control and Accounting Information Systems

Overview of Control Concepts

• Internal control - the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed management policies

• Management control - designed to reduce errors and irregularities and help employees achieve goals by following policies

Page 6: Chapter 13 Control and Accounting Information Systems

Overview of Control Concepts

• Administrative controls - help ensure operational efficiency and adherence to managerial policies

• Accounting controls - safeguard assets and ensure the reliability of accounting records

• Internal control structure - policies and procedures established to provide reasonable assurance that objectives will be achieved

Page 7: Chapter 13 Control and Accounting Information Systems

Overview of Control Concepts

• Internal control classifications– Preventive, Detective, and Corrective– Feedback and Feedforward– General and Application– Input, Processing, and Output

Page 8: Chapter 13 Control and Accounting Information Systems

Internal Control Classifications

• Preventive - designed to stop problems before they arise

• Detective - designed to find problems if they arise

• Corrective - designed to fix problems once they are found– Find the cause of the problems– Correct the results of the problem– Modify the system to keep problem from

happening again

Page 9: Chapter 13 Control and Accounting Information Systems

Internal Control Classifications

• Feedback controls - measure a process and correct it when deviations from normal occur

• Feedforward controls - monitor a process and inputs to that process and try to predict potential problems

Page 10: Chapter 13 Control and Accounting Information Systems

Internal Control Classifications

• General controls - ensure that the control environment is stable and well managed to enhance the effectiveness of application controls

• Application controls - used to prevent, detect, and correct errors and irregularities during processing

Page 11: Chapter 13 Control and Accounting Information Systems

Internal Control Classifications

• Input controls - ensure that only accurate, valid, and authorized data are entered into the system

• Processing controls - ensure that all data are processed completely and accurately and all applicable files are updated correctly

• Output controls - ensure that output is properly controlled

Page 12: Chapter 13 Control and Accounting Information Systems

The Foreign CorruptPractices Act

• Passed by Congress in 1977 in response to a bribery scandal– Primary purpose was to prevent the bribery of

foreign officials in order to obtain business– Significant effect was to require all publicly

traded companies to have a good system of internal controls

Page 13: Chapter 13 Control and Accounting Information Systems

The Foreign CorruptPractices Act

• Requires all SEC registrants to have a system that provides reasonable assurance that:– Transactions are executed with management’s

authorization– Transactions are recorded to permit preparation of

financial statements and maintain accountability for assets– Access to assets is permitted only with authorization– Recorded assets are compared to existing assets and

action taken with respect to differences

Page 14: Chapter 13 Control and Accounting Information Systems

Committee on Sponsoring Organizations (COSO)

• Defined internal control as the process implemented to provide reasonable assurance that control objectives are achieved with regard to:– Effectiveness and efficiency of operations– Reliability of financial reporting– Compliance with applicable laws and regulations

Page 15: Chapter 13 Control and Accounting Information Systems

Committee on Sponsoring Organizations (COSO)

• Five interrelated components of internal control:– Control environment– Control activities– Risk assessment– Information and communication– Monitoring

Page 16: Chapter 13 Control and Accounting Information Systems

The Control Environment

• Management philosophy and operating style– Employees follow the lead of management.– Assessing management’s philosophy:

• Does management take undue risks to achieve objectives?

• Does management attempt to manipulate performance measures to make the company look better?

• Does management pressure employees to achieve results regardless of the methods required?

Page 17: Chapter 13 Control and Accounting Information Systems

The Control Environment

• Organizational structure - defines the lines of authority and responsibility and provides the overall framework for how things are done

• Audit Committee of the Board of Directors - composed of entirely outside directors (directors who are not employees of the company) - provides an independent review of management

Page 18: Chapter 13 Control and Accounting Information Systems

The Control Environment

• Methods of assigning authority and responsibility - job descriptions, employee training, and operating plans, schedules, and budgets– Formal code of conduct addresses issues such as

ethics, acceptable business practices, and conflicts of interest.

– Written policy and procedures manuals spell out exactly what is expected of employees.

Page 19: Chapter 13 Control and Accounting Information Systems

The Control Environment

• Human resources policies and procedures - rules for hiring, evaluating, compensating, and promoting employees– Hire and promote employees based on performance.– Background checks on applicants are very important.

• External influences - FASB or SEC requirements and government regulations

Page 20: Chapter 13 Control and Accounting Information Systems

Control Activities

• Control activities - rules that provide reasonable assurance that management’s control objectives are achieved.

• Five categories:– Proper authorization of transactions and activities– Separation of duties– Design and use of adequate documents and records– Adequate safeguards over assets and records– Independent checks on performance

Page 21: Chapter 13 Control and Accounting Information Systems

Control Activities

• Proper authorization– General authorization - authorize employees to

handle routine transactions without explicit approval from management (daily sales)

– Specific authorization - require employees to obtain approval for unusual or large transactions (sale in excess of a certain amount, write off of an A/R over a certain amount)

Page 22: Chapter 13 Control and Accounting Information Systems

Control Activities

• Separation of duties - no single employee should have too much responsibility - must separate the authorization, recording and custody of assets involved in a transaction

• Documents and records - help to ensure accurate and complete recording of all relevant data about transactions and events– Keep forms simple and include room for authorization

Page 23: Chapter 13 Control and Accounting Information Systems

Control Activities

• Safeguarding of assets - both physical assets and information– Supervise and separate duties– Maintain accurate records– Restrict physical access to assets– Restrict access to certain critical locations– Physically protect documents and records– Control the environment– Restrict access to systems with passwords

Page 24: Chapter 13 Control and Accounting Information Systems

Control Activities

• Independent checks– Reconciliation of two independent sets of records– Comparison of actual quantities to recorded amounts– Double-entry accounting– Batch totals (financial total, hash total, record count,

line count, cross-footing balance test)– Independent review for authorization, supporting

documentation, and accuracy

Page 25: Chapter 13 Control and Accounting Information Systems

Risk Assessment

• Steps in assessing risk:– Identify threats - natural or manmade– Estimate the risk - likelihood that a threat will

happen– Estimate exposure - potential dollar loss– Identify controls - consider effectiveness and timing– Estimate costs and benefits - design to provide

reasonable assurance– Determine cost/benefit effectiveness

Page 26: Chapter 13 Control and Accounting Information Systems

Risk Assessment

• Compliance with the Foreign Corrupt Practices Act– Document existing control system

– Evaluate the quality of the internal control system - within bounds of reasonable assurance

– Evaluate the costs and benefits of instituting controls

– Weigh the costs and benefits to determine whether more control is needed

Page 27: Chapter 13 Control and Accounting Information Systems

Information and Communication

• The primary purpose of an AIS is to record, process, store, and communicate information about an organization; therefore, accountants must understand:– how transactions are initiated– how data are captured– how computer files are accessed and updated– how data are processed to prepare information– how information is reported to internal users and

external parties

Page 28: Chapter 13 Control and Accounting Information Systems

Information and Communication

• According to the AICPA, an AIS has 5 primary objectives– Identify and record all valid transactions– Properly classify transactions– Record transactions at their proper value– Record transactions in the proper period– Properly present transactions and related

disclosures in the financial statements

Page 29: Chapter 13 Control and Accounting Information Systems

Monitoring Performance

• Effective supervision - training and assisting employees, monitoring performance, correcting errors, and safeguarding assets by overseeing employees who have access to them

• Responsibility reporting - use of budgets, quotas, standard costs, and investigation of variances

Page 30: Chapter 13 Control and Accounting Information Systems

Monitoring Performance

• Internal auditing - reviewing the reliability of financial and operating information and providing and appraisal of internal control effectiveness– Also involves assessing employee compliance with

policies and procedures and applicable laws and regulations and assessing the efficiency and effectiveness of management

– Internal audit must be separate from accounting and operating functions of the organization