Chapter-6

Accounting Information System

Internal Control Systems

Chapter
6-1
 Definition of Internal
Control
 Policies, plans, and procedures
 Implemented to protect a firms assets

 People Involved
 Board of directors
 Management
 Other key personnel

Chapter
6-2
 Definition of Internal Control


The reason this is important is that these individuals want
reasonable assurance that the goals and objectives of the
organization can be achieved (i.e., effectiveness and efficiency
of operations, reliability of financial reporting, protection of
assets, and compliance with applicable laws and regulations)

Chapter
6-3
 Internal Control System Objectives

 Safeguard assets
 Check the accuracy and reliability of accounting data
 Promote operational efficiency
 Enforce prescribed managerial policies

Chapter
6-4
 Types of Controls

Preventive Controls
 reduce the frequency of occurrence of undesirable events.
 Prevent problems from occurring.
 a company might install a firewall to prevent unauthorized
access to the company’s network, thereby safeguarding
the disclosure, alteration, or destruction of sensitive
information from external hackers

Chapter
6-5
 Types of Controls

Detective Controls
alert managers when the preventive controls fail
As an example,

assume that a company’s information system prepares daily
responsibility accounting performance reports for management
that computes variations of actual production costs from
standard production costs. If a significant variance occurs, a
manager’s report signals this problem and the manager can
initiate corrective action

Chapter
6-6
 Types of Controls

Detective Controls
Organizations can initiate corrective action only if corrective
controls are in place.
A company establishes corrective controls to remedy problems it
discovers by the detective controls.

Chapter
6-7
 Types of Controls

• Corrective controls
– Solve or correct a problem
– Corrective controls are actions taken to reverse the effects of
errors
– detected in the previous step

Chapter
6-8
 Internal Control Framework

 Framework consists of five components:

1. the control environment,
2. risk assessment,
3. information and
4. communication, monitoring, and control

Chapter
6-9
 The Control Environment

 is the foundation for the other four control components

 The control environment sets the tone for the organization and influences the
control awareness of its management and employees
 The integrity and ethical values of management.
 The structure of the organization.
 The participation of the organization’s board of directors and the audit
committee, if one exists.
 Management’s philosophy and operating style.
 The procedures for delegating responsibility and authority.
 Management’s methods for assessing performance.
 External influences, such as examinations by regulatory agencies.
 The organization’s policies and practices for managing its human resources
Chapter
6-10
 Risk Assessment


Identify, analyze and manage risks relevant to financial
reporting.
– changes in external environment
– risky foreign markets
– significant and rapid growth that strain internal controls
– new product lines
– restructuring, downsizing
– changes in accounting policies

Chapter
6-11
 Information and Communication

• The AIS should produce high quality information which:

– identifies and records all valid transactions
– provides timely information in appropriate detail to permit
proper classification and financial reporting
– accurately measures the financial value of transactions
– accurately records transactions in the time period in which
they occurred

Chapter
6-12
 Monitoring

 The process for assessing the quality of internal control design

and operation
 Separate procedures; internal auditors test the control and
communicate the control strength and weakness management.
 Ongoing monitoring;
 computer modules integrated into routine operations
 management reports which highlight trends and exceptions
from normal performance
 allow management and auditors to maintain constant
surveillance over the functioning of internal controls
Chapter
6-13
 Control Activities


Policies and procedures to ensure that the appropriate actions are
taken in response to identified risks.

Fall into two distinct categories
• IT controls—relate specifically to the computer environment
• Physical controls—primarily pertain to human activities

Chapter
6-14
 Control Activities

• Two Types of IT Controls

• General controls—pertain to the entity wide computer
environment
– Examples: controls over the data center, organization
databases, systems development, and program maintenance

• Application controls—ensure the integrity of specific systems

– Examples: controls over sales order processing, accounts
payable, and payroll applications

Chapter
6-15
 Control Activities

Physical Controls
This class of controls relates primarily to the human activities employed in
accounting systems
Transaction Authorization

The purpose of transaction authorization is to ensure that all material
transactions processed by the information system are valid and in accordance
with management’s objectives.
Example
the procedure to authorize the purchase of inventories from a designated vendor
only when inventory levels fall to their predetermined reorder points.

Chapter
6-16
 Control Activities

Segregation of Duties
Supervision

the firm employs competent and trustworthy personnel

The competent and trustworthy employee assumption promotes
supervisory efficiency
Accounting Records

Accounting records provide an audit trail of economic events.

The audit trail enables the auditor to trace any transaction through
all phases of its processing from the initiation of the event to the
financial statements
Chapter
6-17
 Control Activities

Accounting Records

The audit trail helps employees respond to customer inquiries by
showing the current status of transactions in process.


It enables external (and internal) auditors to verify selected
transactions by tracing them from the financial statements to the
ledger accounts, to the journals, to the source documents, and back
to their original source

Chapter
6-18
 Control Activities

Access Control

The purpose of access controls is to ensure that only authorized
personnel have access to the firm’s assets. Unauthorized access
exposes assets to misappropriation damage, and theft.

Therefore, access controls play an important role in safeguarding
assets.
Access to assets can be

Direct Physical security devices, such as locks, safes, fences, and electronic and
infrared alarm systems, control against direct access.

Indirect access to assets is achieved by gaining access to the records and
documents that control the use, ownership, and disposition of the asset Chapter
6-19
Chapter
6-20