0% found this document useful (0 votes)
28 views1 page

Ais Handouts

The document outlines the Sarbanes-Oxley Act's requirements for public companies to implement internal controls over financial reporting, emphasizing management's responsibilities under Sections 302 and 404. It details the COSO internal control framework, which includes components such as control environment, risk assessment, and monitoring, along with various types of application controls like input, processing, and output controls. Additionally, it highlights the importance of segregation of duties, supervision, and access control in maintaining effective internal controls.

Uploaded by

bazarkatarina53
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views1 page

Ais Handouts

The document outlines the Sarbanes-Oxley Act's requirements for public companies to implement internal controls over financial reporting, emphasizing management's responsibilities under Sections 302 and 404. It details the COSO internal control framework, which includes components such as control environment, risk assessment, and monitoring, along with various types of application controls like input, processing, and output controls. Additionally, it highlights the importance of segregation of duties, supervision, and access control in maintaining effective internal controls.

Uploaded by

bazarkatarina53
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Sarbanes-Oxley and Internal Control g.

Independent Verification procedures are independent checks of


→Requires management of public companies to implement an the accounting system to identify errors and misrepresentations.
adequate system of internal controls over their financial reporting IT APPLICATION CONTROLS
process. Application controls are associated with specific applications, such as
→ Includes controls over transaction processing systems that feed payroll, purchases, and cash disbursements systems, and fall into
data to the financial reporting systems. three broad categories: input controls, processing controls, and
→ Management's responsibilities for this are codified in output controls.
 Sections 302 of SOX requires that corporate management Input controls
certify their organization's internal controls on a quarterly and Input controls are programmed procedures, often called edits, which
annual basis. perform tests on transaction data to ensure that they are free from
 404 of SOX requires the management of public companies errors.
to assess the effectiveness of their organization's internal  CHECK DIGIT. Data codes are used extensively in transaction
controls. processing systems for representing such things as customer
SAS 78/COSO INTERNAL CONTROL FRAMEWORK accounts, items of inventory, and GL accounts in the chart of
Five components: accounts.
1. Control environment sets the tone for the organization and  MISSING DATA CHECK. This edit identifies blank or incomplete
influences the control awareness of its management and employees. input fields that should contain data that are required to process
The foundation for the other four control components. the transaction.
Elements:  NUMERIC-ALPHABETIC CHECK. This edit identifies when data
 The integrity and ethical values of management. in a particular field are in the wrong form.
 The structure of the organization.  LIMIT CHECK. Limit checks are used to identify field values that
 The participation of the organization's board of directors and the exceed an authorized limit.
audit committee, if one exists.  RANGE CHECK. Many times, data have upper and lower limits to
 Management's philosophy and operating style. their acceptable values.
 The procedures for delegating responsibility and authority.  REASONABLENESS CHECK. The error above may be detected
 Management's methods for assessing performance. by a test that determines if a value in one field, which has already
 External influences, such as examinations by regulatory agencies. passed a limit check and a range check, is reasonable when
 The organization's policies and practices for managing its human considered along with data in other fields of the record.
resources.  VALIDITY CHECK. A validity check compares actual field values
2. Risk Assessment- to identify, analyze, and manage risks relevant against known acceptable values.
to financial reporting. Processing Controls
3. Information and Communication - The accounting information Processing controls are programmed procedures to ensure that
system consists of the records and methods used to initiate, identify, an application’s logic is functioning properly.
analyze, classify, and record the organization's transactions and to  Batch controls are used to manage the flow of high volumes of
account for the related assets and liabilities. transactions through batch processing system
4. Monitoring is the process by which the quality of internal control  Run-to-run controls use the values in the batch control record to
design and operation can be assessed. This may be accomplished by monitor the batch as it moves from one programmed procedure
separate procedures or by ongoing activities. (run) to another.
5. Control activities are the policies and procedures used to ensure  Hash total is used in the preceding discussion, is the summation
that appropriate actions are taken to deal with the organization's of a nonfinancial field to keep track of the records in a batch.
identified risks.  Audit Trail Controls in an IT environment ensure that every
Grouped into two distinct categories transaction can be traced through each stage of processing from
a. IT controls relate specifically to the computer environment. its economic source to its presentation in financial statements.
I. General controls pertain to entity-wide concerns such as  TRANSACTION LOGS. Every transaction the system
controls over the data center, organization databases, successfully processes should be recorded on a transaction log,
systems development, and program maintenance. which serves as a journal.
II. Application controls ensure the integrity of specific  GFS BACKUP TECHNIQUE Systems that use sequential master
systems such as sales order processing, accounts payable, files (whether tape or disk) employ a backup technique called
and payroll applications. grandfather-father-son (GFS), which is an integral part of the
b. Physical controls - this class of controls relates primarily to the master file update process.
human activities employed in accounting systems. The issues Output controls
pertaining to six categories of physical control activities: Output controls are a combination of programmed routines and
i. The purpose of transaction authorization is to other procedures to ensure that system output is not lost,
ensure that all material transactions processed by the misdirected, or corrupted and that privacy is not violated.
information system are valid and in accordance with  PRINT PROGRAMS. When a printer becomes available, the print
management's objectives run program produces hard- copy output from the output file. Print
c. Segregation of Duties One of the most important control activities programs are often complex systems that require operator
is the segregation of employee duties to minimize incompatible intervention.
functions.  WASTE. Computer output waste is a potential source of
d. Supervision - Implementing adequate segregation of duties exposure.
requires that a firm employ a sufficiently large number of employees.  REPORT DISTRIBUTION. The primary risks associated with the
Achieving adequate segregation of duties often presents difficulties for distribution of sensitive reports include their being lost, stolen, or
small organizations. misdirected in transit to the user.
e. Accounting Records. The accounting records of an organization  END-USER CONTROLS. Once in the hands of the user, output
consist of source documents, journals, and ledgers. These records reports should be examined for correctness. Errors the user
capture the economic essence of transactions and provide an audit detects should be reported to the appropriate IT management.
trail of economic events.  Controlling Digital Output Digital output can be directed to the
f. Access Control. The purpose of access controls is to ensure that user’s computer screen or printer. The primary output threat is the
only authorized personnel have access to the firm’s assets. interception, disruption, destruction, or corruption of the output
Unauthorized access exposes assets to misappropriation, damage, message as it passes across the communications network.
and theft. Therefore, access controls play an important role in
safeguarding assets.

You might also like