Professional Documents
Culture Documents
SIA Kel 3 Finish
SIA Kel 3 Finish
Information Systems
Mamber Of Group
1 2 3
4 5 6
1 2 3
Implement a single,
Meeting the needs of Covering the company from integrated framewor k
4 5
monitor,evaluate,
Delivery, service and
support (DSS) And assess (MEA)
COSO Internal Control Framework
The IC framework has been widely adopted as a way to evaluate internal controls, as
required by SOX. A more comprehensive ERM framework takes a risk-based
approach rather than control based approach. ERM adds three additional elements
to the COSO IC framework: setting goals, identifying events that can influence the
company, and develop responses to assessed risk. As a result, controls are flexible
and relevant as they relate to the current goals of the organization. The ERM model
also recognizes that risk, in addition to being controlled, can be accepted, avoided,
diversified, shared, or transferred
02.
Internal Environmen t
“Internal environment, or culture
the company, influencing the way
the organization sets strategy and
goals; arrange business activities;
and identify, assess, and respond
tp risk.”
The internal environment consists of:
3
1 2
Organization by industry,
Centralization or decentralization Direct reporting relationship product line, location, or
or matrix marketing network
of authority
4 5
6
How does the
Organization and lines of
allocation of Size and nature of
authority for accounting,
responsibilities affect company activities
auditing, and information
needs information
systems functions
HOW TO GIVE
AUTHORITY AND
RESPONSIBILITY
audit trail-The path that allows a transaction to be traced through the data
processing system from point of origin to output or backwards from output to point
of origin.
The updated IC framework stipulates that the following
three principles apply to information and communication
processes: