ACCOUNTING INFORMATION SYSTEMS

2: PRESENTATIONS GROUP 2
GROUP MEMBERS
SERIAL NAME SURNAME REG NUMBER
1 ONISMO PUTSAYI R204087J
2 MELINDA MASUTU R204135Y
3 HERBERT CHAFANZA R204214Z
4 TANAKA V MASVINGE R204220X
5 BLESSING T FARANANDO R204228Q
6 TANAKA T KAFURANDI R204227S
7 LIBERTY T MUDOKA R204291L
8 NOMATTER CHIMUDENDE R204147E
9 TOBY T SIMANGO R204141Z
10 MELISSA C JAVA R204181B
 Qsn 1. INTERNAL CONTROLS AND THEIR
IMPACT ON ACC INFOR SYSTEMS

DEFN: Internal controls are the mechanisms, rules, and

procedures implemented by a company to ensure the integrity of
financial and accounting information, promote accountability and
prevent fraud.

• Besides complying with laws and regulations and preventing

fraud, internal control can help improve operational efficiency
by ensuring that budgets are adhered to, policies are followed,
capital shortages are identified and that accurate company
reports are generated.
 IMPACTS OF INTERNAL
CONTROLS
Positive impact of internal controls on accounting information systems.
1. It helps in preventing, detecting and correcting fraud.

• Preventive controls are controls that deter problems before they arise.
 Detective controls designed to discover control problems that were not prevented.
 Corrective controls are controls that identify and correct problems as well as correct
and recover from the resulting errors.

2.Ensures security of company information by restricting access of information and

only granting authorisation to a few personnel.

3. Safeguards company assets by preventing and detecting their unauthorised

acquisition, use or disposition.

Negative impact of internal controls on accounting information systems

1. Susceptibility to errors and mistakes
2. Affected by management override and collusion.
3. Only mitigate the risk and cannot 100% eliminate the risk
 QSN 2. FRAUD BY THE
ASSISTANT FINANCE
DIRECTOR
FRAUD refers to any means a person uses to gain an unfair advantage over
another person.
Fraud is a white collar crime
WEAKNESSES IN THE AUDIT APPROACH
1. Allowing 2% error factor.
2. No restriction on access to sensitive data
3. No segregation of duties.
4. Audit checks were not done regularly
HOW THE AUDIT PLAN CAN BE IMPROVED
• Use of fraud detection systems
• Removing the 2% error factor
• Use whatever information is gathered to identify, assess, and respond to
risks.
• Auditors can respond by varying the nature, timing, and extent
of auditing procedures they perform.
• They should also carefully evaluate risks related to management
override of controls.
 QSN 2. FRAUD BY THE
ASSISTANT FINANCE DIRECTOR
cont’
INTERNAL CONTROL WEAKNESSES
 Management override
 No restriction on access to acc infor systems
 Non existent of computer controls
over input, processing, storage
and output of data
 Authorisation and authentication was not in place
 Segregation of duties was overlooked.
SHOULD INTERNAL AUDITORS HAVE DISCOVERED THE FRAUD EARLIER
YES,
• Auditors must assess the risk of fraud throughout the
audit.
• When the audit is complete, they must evaluate whether
any identified misstatements indicate the presence of
fraud.
• If so, they should determine the impact on the financial misstatements and fraud.
• Communicate findings and document their work
 QSN 3. WHY IT IS CRUCIAL THAT INTERNAL
AUDITORS REPORT SOLELY TO THE UPPER
MOST LEVEL OF MANAGEMENT

INTERNAL AUDITORS
 Internal audit refers to the department located within a business that monitors the
efficacy of its processes and controls.
 The internal auditor is the entity’s staff that work independently and objectively. By
being independent, an auditor is more qualified to approach the audit process
objectively and perform the task with integrity.
 The internal auditor is the entity’s staff that work independently and objectively. By
being independent, an auditor is more qualified to approach the audit process
objectively and perform the task with integrity.
 Independent auditors are often used to avoid conflicts of interest and to objectively
evaluate the performance of employees without bias.
 WHY THEY ONLY REPORT TO TOP
MANAGEMENT
The internal audit main objective is to add value to the entity and helps them to meet
their objective. This require independence to assess whether current risk
management that possesses by senior management is well identifying and manage.

They control and well as strategy are normally held by CFO, CEO, as well as other
senior management. To have a good assessment, internal audit should not report
directly to these people.
There are many other reasons why internal auditors should not have a direct report
to employees but rather to the CEO or audit committee and these are :
 To maintain objectivity:
 To avoid conflict of interest:
 To adhere to the requirements of the law
 To satisfy the what is expected of them by shareholders and board of directors
 To ensure A high discipline approach in an organization.
 QSN 4. RISK BASED AUDIT
APPROACH

AUDITING DFN: Is a systematic, step by-step process that involves the

collection and review of evidence and uses established criteria to evaluate
evidence.

RISK BASED AUDIT: Is an internal control evaluation approach that provides a

framework for conducting information systems audits. The risk-based audit
approach is a four-step
approach to carrying out an audit.
 THE FOUR STEPS
1. Determine the threats (fraud and errors) facing the company. This is a list of the
accidental or intentional abuse and damage to which the system is exposed.

2. Identify the control procedures that prevent, detect, or correct the threats. These are
all the controls that management has put into place and that auditors should review
and test, to minimize the threats

3. Evaluate control procedures. Controls are evaluated in two ways:

a. A systems review determines whether control procedures are actually in place.
b. Tests of controls are conducted to determine whether existing controls work as
intended.

4. Evaluate control weaknesses to determine their effect on the nature, timing, or

extent of auditing procedures. If the auditor determines that control risk is too high
because the control system is inadequate, the auditor may have to gather more
evidence, better evidence, or more timely evidence. Control weaknesses in one area
may be acceptable if there are compensating controls in other areas.
 QSN 4. RISK BASED AUDIT APPROACH CONT’

When performing an information systems audit, auditors should ascertain that the
following six objectives are met:
1. Security provisions protect computer equipment, programs, communications, and
data from unauthorized access, modification, or destruction.
2. Program development and acquisition are performed in accordance with
management’s general and specific authorization.
3. Program modifications have management’s authorization and approval.
4. Processing of transactions, files, reports, and other computer records is accurate
and complete.
5. Source data that are inaccurate or improperly authorized are identified and
handled according to prescribed managerial policies.
6. Computer data files are accurate, complete, and confidential.
of which security is a crucial element that needs to be maintained within information
systems
• Auditors test security controls by observing procedures, verifying that controls are in
place and work as intended, investigating errors or problems to ensure they were handled
correctly, and examining any tests previously performed.
• Sound personnel policies and effective segregation of incompatible duties can
partially compensate for poor computer security.  
• Good user controls will also help, provided that user personnel can recognize
unusual system output.
 QSN 5. WHY COLLUSION BETWEEN MANAGEMENT
AND EMPLOYEES ON COMMISSION OF FRAUD IS
DIFFICULT TO BOTH PREVENT AND DETECT

DEFN: Collusion is a secret agreement between two or more employees working

in different or same departments to obtain an objective which is against law or
business ethics. This is done to get mutual personal benefit. It can be in the
form of money, reputed position or anything.

WHY IT IS DIFFICULT TO BOTH DETECT AND PREVENT.

• Collusion among employees and management is difficult to both prevent and detect
as the mmanagement plays a key role in the internal control structure of an
organization.
• They are supposed watch out for risks and fraud. Hence, when they participate in
fraud with the employees they are supposed to provide oversight, it becomes
difficult to either prevent or detect the fraud.
 WHY IT IS DIFFICULT TO BOTH
DETECT AND PREVENT.

EXAMPLE: AR department post the sales in AR subsidiary ledger. Customer balances

are updated on the basis of remittance advice received from customer.
AR employee and cash receipts function employee may collide by closing a open
invoice. This way customer ledger will be shown as settled and cheque received from
customer will be enchased by cash receipts personnel.
 QSN 6. DISCUSS THE FRAUD SCHEMES
OF BRIBERY, ILLEGAL GRATUITIES,
AND ECONOMIC EXTORTION.
DEFN: Fraud is gaining an unfair advantage over another person.
 Legally, for an act to be fraudulent there must be a false statement,
representation, or disclosure, material fact, which is something that
induces a person to act, intent to deceive, justifiable reliance that is, the
person relies on the misrepresentation to take an action or injury or loss
suffered by the victim.

1. Bribery fraud scheme

 Refers to the offering, giving, soliciting or receiving of any items of value as
means of influencing the actions of an individual.
 It can also pose threats to economic development and international trade since
the price of bribes made be factored in international transactions
 It is punishable as a felony
 These include invoice kickbacks, bid rigging, price fixing
 2. Illegal gratuity fraud scheme

Is giving a public official a gift after an act was perfomed

It takes place after the fact
This is done to appreciate a decision that has already been made by
the official unlike bribing where o gift is given to influence a decision
made
The difference between illegal gratuity and bribery is the intention.

3. Economic extortion fraud scheme

 Is the wrongful use of actual or threatened force, violence or intimidation to gain money or
property from an individual or entity.
 Forms include blackmails, ransom ware, etc.
 An example is when a government official threaten to enact policies that would harm
business man’s financial interest unless they vote for them.
 Robbery can also be a part of extortion because of its ability to spread itself across an
organization or individuals property or funds
  Another form of fraud scheme is conflict of interest where various interests, duties, or
commitments that a person may have come to conflict with that of a company