AIS chapter 3

INTERNAL CONTROLS

Integrated Framework (2013, the Committee of Sponsoring Organizations of the Treadway

Commission (COSO))
“A process, effected by an entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding achievement of objectives relating to
operations, reporting and compliance.”

ELEMENTS
● IS A PROCESS
○ Improvement
○ Control problems
○ Judgment and Experience in designing and implementing
○ Periodically reviewed to ensure effectiveness

● NECESSARILY INVOLVE PEOPLE THROUGHOUT THE ORGANIZATION.

○ Require discussion during design, implementation and evaluation.
○ Subject to Cost/benefit constraint

● DESIGNED TO PROVIDE REASONABLE ASSURANCE.

○ Reasonable – being within the bounds of common sense
○ Not designed for absolute assurance on anything
○ Can be circumvented through collusion orcollaboration

PURPOSES OF INTERNAL CONTROL

● Safeguarding assets
● Ensuring financial statement reliability
● Promoting operational efficiency
● Encouraging compliance with
● management’s directives

Five components of COSO

1. Control environment - establishing the “tone at the top”
2. Risk assessment- clarifying an organization’s risk exposures
3. Control activities- developing specific controls to address the risk exposures
4. Information and communication- ensuring stakeholders know about the internal
control plan
5. Monitoring- creating a process for keeping the plan updated and relevant
INTERNAL CONTROL EXAMPLES

Adequate documentation - Can help you critiques internal controls and determine if they are
functioning effectively.

Background checks – essential for employees in sensitive positions, such as those who deals
with large amounts of money

Backup of computer files – ensures that no more than one day’s work is lost in an event of a
systems failure

Backup of power supplies – can give the user time to save any open files, ensuring they are
not lost
ciliation – account for timing differences between the account holder’s records and the bank’s
records of a cash account

Batch control totals - users can calculate various control totals to promote data integrity.
Example you could add up the invoice numbers for a group of sales invoices.
Data encryption - translates data into another form, or code, so that only people with access to
a secret key (formally called a decryption key) or password can read it.

Document matching - whether electronic or paper based, document matching helps ensure
that vendor invoices are only paid when merchandise has been properly ordered and invoiced.

Echo checks - That process allows you to edit the data for any errors or other changes.

Firewalls - They can prevent unauthorized intrusions into an accounting information system and
warn users when such intrusions are detected.

Insurance and Bonding - can help organizations correct any financial

losses they experience probably bonded. Companies often bond key
employees to address human error and other forms of risk.

Internal audits - can reveal indications of fraud, waste, and inefficiency, thus strengthening
internal control.

Limit checks - An accounting information system can incorporate various kinds of limit checks.

Lockbox systems - help promote strong internal control over cash. Rather than remitting
payment directly to an organization, customers send their payment to a lockbox.

Physical Security - Simple actions such locking doors and securing computers and related
equipment can go a long way in safeguard assets.

Preformatted data entry screens- greatly improves data entry efficiency. Prenumbered
documents - Checks, purchase orders, sales invoices, and other documents should be
prenumbered strong internal control

Restrictive endorsement and daily deposits of checks received - give the bank more
specific instructions that limit the uses of the endorsed check: the most common is “for deposit
only”, often with an account number included.

Segregation of duties - means to the extent possible, three different people should take on one
responsibility with respect to a specific asset: authorization for use, physical custody, and
recordkeeping.

User training - all internal control processes in the world are virtually worthless if people don’t
know how to apply them. Employees should receive periodic training/reminders about
appropriate internal control procedures.
ETHICAL ISSUES IN BUSINESS

1. Equity
● Executive salaries
● Comparable worth
● Product pricing

2. Rights
● Corporate due process
● Employee health screening
● Employee privacy
● Sexual harassment
● Diversity
● Equal employment opportunity
● Whistle-blowing

3. Honesty
● Employee & management conflict of interest
● Security of organization data & records
● Misleading advertising
● Questionable business practices in foreign
● countries
● Accurate reporting on shareholders’ interest

4. Exercise of corporate
● Political action committees power
● Workplace safety
● Product safety
● Environmental issues
● Divestment of interest
● Corporate political contributions
● Downsizing and plant closures

BUSINESS ETHICS - pertains to the principles of conduct that individuals use in making
choices and guiding their behavior in situations that involve the concept of right and wrong.

Ethical Principles that Provide Guidance in Making Ethical Decisions

1. Proportionality - The benefit from a decision must outweigh the risks. There must be no
alternative decision that provides the same or greater benefit with less risk.
 2. Justice - The benefits of the decision should be distributed fairly to those who share the
risks. Those who do not benefit should not carry the burden of risk.

3. Minimize risk - Even if judged acceptable by the principle. The decision should be
implemented so as to minimize all the risks and and avoid any unnecessary risks.

ISSUES OF CONCERN IN THE STUDY OF AIS

1. Privacy - people desire to be in full control of what and how much information about
themselves is available to others and to whom it is available.

2. Security (Accuracy and Confidentiality) - computer security is an attempt to avoid

such undesirable events asa loss of confidentiality or data integrity

3. Ownership of property - software - an intellectual property. What can an

individual/organization own; ideas? media? source code? Object code?

4. Equity in access
Factors that can limit access to computing technology:
A. economic status of an individual/affluence of an organization
B. culture - documentation is prepared in ONLY one language or is poorly translated
C. Safety features or the lack thereof - pregnant women
D. Differences in physical or cognitive skills - “how can hardware
E. and software be designed to consider these difference?”

5. Environmental issues - Paper comes from trees, a natural resource, which if not properly
recycled will end up in landfills. limit printing? require recycling? How?

6. Artificial Intelligence - who is responsible for the completeness and appropriateness of the
knowledge base? who is responsible for the decisions made by an expert system that causes
harm when implemented? Who owns the expertise once it is coded into a knowledge base?

7. Unemployment and displacement Should employers be responsible for retraining workers

who are displaced as a result of the computerization of their functions?

8. Misuse of computers - copying proprietary software using company computers for personal
benefits snooping through other people’s files

FRAUD - denotes a false representation of a material fact made by one party to another party
with the intent to deceive and induce the other party to justifiably rely on the fact to his/her
detriment.

5 conditions for an act to be considered fraudulent

1. False representation - there must be a false statement or a nondisclosure
 2. Material fact - the fact must be a substantial factor in inducing someone to act
3. Intent - there must be the intent to deceive or the knowledge that one’ statement is false
4. Justifiable reliance - the misrepresentation must have been a substantial factor on
which the injured party relied
5. Injury or loss - the deception must have caused injury or loss to the victim of the fraud

Fraud, in business, is an intentional deception, misappropriation of a company’s assets, or

manipulation of a company’s financial data to the advantage of the perpetrator.

Other names:
● white-collar crime
● defalcation
● embezzlement
● Irregularities

Employee fraud - fraud by non-management employees, designed to directly convert cash or

other assets to the employees personal benefit. 3 steps:
1. stealing something of value (asset)
2. converting the asset to a usable form (cash)
3. concealing the crime to avoid detection

Management fraud - often escapes detection until the company has suffered irreparable
damage or loss

3 characteristics:
1. the fraud is perpetrated at levels of management above the one to which internal control
structures generally relate
2. the fraud frequently involves using the financial statements to create an illusion that an
entity is healthier and more prosperous than, in fact, it is
3. if the fraud involves misappropriation of assets, it frequently is shrouded in a maze of
complex business transactions, often involving related third parties.