Professional Documents
Culture Documents
CH Vi
CH Vi
Chapter 6
7-1
Learning Objectives
Explain basic control concepts and explain why computer control and security are
important.
Compare and contrast the COBIT, COSO, and ERM control frameworks.
Describe the four types of control objectives that companies need to set.
Describe the events that affect uncertainty and the techniques used to identify them.
Explain how to assess and respond to risk using the Enterprise Risk Management (ERM)
model.
For example, the standard may have been unrealistic, the measures
taken may have been inappropriate or not properly carried out or
implemented.
Functions of Internal control
Organizational structure
External influences
ERM (Objective Setting) (Enterprise Risk Management)
Strategic
High-level goals aligned with corporate mission
Operational
Effectiveness and efficiency of operations
Reporting
Complete and reliable
Improve decision making
Compliance
Laws and regulations are followed
ERM—Event Identification
Identify Risk
Identify likelihood (chances) of risk
Identify positive or negative impact
Types of Risk
Inherent
Risk that exists before any plans are made to control it
Residual
Remaining risk after controls are in place to reduce it
ERM—Risk Response
Reduce
Implement effective internal control
Accept
Do nothing, accept likelihood of risk
Share
Buy insurance, outsource, hedge
Avoid
Do not engage in activity that produces risk
Event/Risk/Response Model
Control Activities
Effective supervision.