Professional Documents
Culture Documents
Ethics, Fraud, and Internal Control: Accounting Information Systems, 6 Edition James A. Hall
Ethics, Fraud, and Internal Control: Accounting Information Systems, 6 Edition James A. Hall
Scavenging
• Searching through the trash cans on the computer
canter for discarded output (the output should be
shredded, but frequently in not)
Modifying Assumptions to the
Internal Control Objectives
Management Responsibility
The establishment and maintenance of a system of
internal control is the responsibility of management.
Reasonable Assurance
the cost of achieving the objectives of internal control
should not outweigh its benefits.
Methods of Data Processing
The techniques of achieving the objectives will vary with
different types of technology.
Limitations of Internal Controls
Possibility of honest errors
Circumvention via collusion
Management override
Changing conditions—especially in companies with
high growth
Exposure of Weak Internal
Controls (Risk)
Destruction of an asset
Theft of an asset
Corruption of information
Disruption of the information system
The Preventive-Detective-
Corrective Internal Control
Preventive Controls. Prevention is the first line of
defense in the control structure. Are passive
techniques designed to reduce the frequency or
occurrence of undesirable events.
Detective Controls. Theses are devices, techniques, and
procedures designed to identify and expose
undesirable events that elude preventive controls.
Corrective Controls. Are action taken reverse the
effects of errors detected in the previous step. There is
an important distinction between detective and
corrective controls.
SAS 78 / COSO
Describes the relationship between the firm’s
• internal control structure,
• auditor’s assessment of risk, and
• the planning of audit procedures