Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    4 - AIS Reviewer

    Uploaded by

    Aira Jaimee Gonzales
    The document discusses internal controls and governance for organizations. It covers enterprise risk management, the COSO internal control framework, IT controls, codes of ethics, and corporate and IT governance. The COSO framework has 5 components: control environment, risk assessment, control activities, information and communication, and monitoring. IT governance focuses on aligning IT with business strategy, providing structures to implement strategies, and adopting control frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    4 - AIS Reviewer

    Uploaded by

    Aira Jaimee Gonzales
    25 views1 page
    The document discusses internal controls and governance for organizations. It covers enterprise risk management, the COSO internal control framework, IT controls, codes of ethics, and corporate and IT governance. The COSO framework has 5 components: control environment, risk assessment, control activities, information and communication, and monitoring. IT governance focuses on aligning IT with business strategy, providing structures to implement strategies, and adopting control frameworks.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses internal controls and governance for organizations. It covers enterprise risk management, the COSO internal control framework, IT controls, codes of ethics, and corporate and IT governance. The COSO framework has 5 components: control environment, risk assessment, control activities, information and communication, and monitoring. IT governance focuses on aligning IT with business strategy, providing structures to implement strategies, and adopting control frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    25 views1 page

    4 - AIS Reviewer

    Uploaded by

    Aira Jaimee Gonzales
    The document discusses internal controls and governance for organizations. It covers enterprise risk management, the COSO internal control framework, IT controls, codes of ethics, and corporate and IT governance. The COSO framework has 5 components: control environment, risk assessment, control activities, information and communication, and monitoring. IT governance focuses on aligning IT with business strategy, providing structures to implement strategies, and adopting control frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    Week 4: THE INTERNAL CONTROL STRUCTURE OF ORGANIZATIONS

     examines policies and procedures; how security is


    I. Enterprise Risk Management (ERM) implemented and even the plans organization have in
    place to manage continuity
     a process, effected by an entity’s board of directors, 4. Outsourcing
    management and other personnel, applied in strategy  evaluating how well management are communicating
    setting and across the enterprise, designed to identify and how well needs are being met ensures money is
    potential events that may affect the entity, and being spent wisely and that the organization gets the
    manage risk to be within its risk appetite best possible ROI for its outsourcing investments
    Internal Environment 5. Monitoring
     encompasses the tone of an organization that sets the  establishing the conditions organizations want to
    basis for how risk is viewed and addressed by an work in and the policies that the team needs to use is
    entity’s people an ideal start, but unless the management monitors
    Objective Setting and evaluate processes, they won’t be able to keep up
     a must exist before management can identify with the changes
    potential events affecting their achievement.
    Event Identification IV. IT Controls
     internal and external events affecting achievement of  an organization must institute controls to limit these
    an entity’s objectives must be identified, with risks in IT systems
    distinction made between risks and opportunities
    Risk Assessment Categories of IT Controls
     risks are analyzed by likelihood and impact, as a
    basis for determining how they should be managed General Controls
     risks are assessed on both an inherent and a residual  a apply overall to the IT accounting system; they are
    basis, meaning that the likelihood of errors is not restricted to any particular accounting application
    considered both before and after the application of Application Controls
    controls  are used specifically in accounting applications to
    Risk Response control inputs, processing, and output
     management selects risk responses— avoiding,
    accepting, reducing, or sharing risk—by developing V. Corporate Governance
    a set of actions to align risks with the entity’s risk  an elaborate system of checks and balances whereby
    tolerances and risk appetite a company’s leadership is held accountable for
    Control Activities building shareholder value and creating confidence in
     policies and procedures are established and the financial reporting processes
    implemented to help ensure that the risk responses
    are effectively carried out VI. IT Governance
    Information and Communication
     the leadership, organizational structure, and processes
     relevant information is identified, captured, and that ensure that the enterprise achieve(s) its goals by
    communicated in a form and a time frame that enable adding value while balancing risk versus return over
    people to carry out their responsibilities; effective IT and its processes
    communication also occurs in a broader sense,
    flowing down, across, and up the entity To fulfill the management obligations that are inherent in
    Monitoring IT governance, management must focus on the following
     is accomplished through ongoing management aspects:
    activities (including internal auditing), separate
    1. Aligning IT strategy with the business
    evaluations (such as those performed by external
    strategy
    auditors), or both
    2. Cascading strategy and goals down into the
    enterprise
    II. Code of Ethics 3. Providing organizational structures that
    facilitate the implementation of strategies
     should reduce opportunities for managers or and goals
    employees to conduct fraud. This will only be true, 4. Insisting that an IT control framework be
    however, if top management emphasizes this code of adopted and implemented
    ethics and disciplines or discharges those who violate
    it

    III. COSO Accounting Internal Control Structure

     Committee of Sponsoring Organizations of the


    Treadway Commission (COSO)
     is a voluntary, private‐sector organization that was
    originally formed in 1985 to sponsor the National
    Commission on Fraudulent Financial Reporting
     it sponsors and disseminates frameworks and
    guidance based on in‐depth research, analysis, and
    best practices in the areas of enterprise risk
    management, internal controls, and fraud deterrence

    5 Components of the COSO Framework

    1. The Control Environment


     this component encompasses leadership, mission,
    goals and desired outcomes
    2. Risk Assessment and Management
     this directly targets threats and weaknesses and
    allows management to fully understand risks
    3. Control Activities

    You might also like