Corporate Governance and Entity-Level Controls - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

Corporate Governance and Entity-Level Controls

Description:

Title: AK/ADMS 3511 - Management Information Systems Session 5 Author: Ingrid Last modified by: Professor Created Date: 10/7/2002 6:14:52 PM Document presentation ... – PowerPoint PPT presentation

Number of Views:296
Avg rating:3.0/5.0
Slides: 34
Provided by: Ing54
Category:

less

Transcript and Presenter's Notes

Title: Corporate Governance and Entity-Level Controls


1
Corporate Governance and Entity-Level Controls
2
Escalating Role of Board Members
  • Corporate Fraud
  • Qualifications of directors and management

3
Board Member Sample Tasks and Expertise Board Member Sample Tasks and Expertise
Sample Task Expected Expertise
Approve hiring of chief executive officer Human resources, personnel evaluation
Approve risk assessment framework and monitor risk evaluation Industry expertise, strategic planning, awareness of potential risks, risk assessment methodologies
Review and approve organizational and business strategies and changes thereto Long-term planning, strategic planning, industry-specific expertise
Review and approve information systems strategy and changes thereto Ability to link information systems strategy to business strategy understand information systems terminology, impact, and alternatives industry-specific expertise
Approve information systems acquisitions, business acquisitions, or contracts over specified dollar limits Understand information systems terminology, impact, and alternatives industry-specific expertise
Approve auditors and financial statements Financial or accounting competence understand complex accounting terminology and be able to ask the right questions
Oversee the work of internal auditors Understand risks that the organization is exposed to and alternative ways of addressing those risks
4
Organizational Structure and Corporate Governance
  • What has an effect on corporate governance?
  • For example, an entrepreneurial structure
  • What type of structure would a public company
    probably have?

5
Enterprise Risk Management (ERM)
  • What is ERM
  • Risk management framework

6
Auditor Evaluation of Corporate Governance
  • What is the auditors goal?
  • Typical tools used to understand the components
    of corporate governance

7
IT Governance
  • IT governance is crucial to the evaluation of
    corporate governance
  • Definition of IT governance
  • IT governance is a crucial subset of

8
Evaluation of IT Governance by the Auditor
  • Evaluation of IT governance
  • What does the auditor look at next?

9
  • Continuous assessment
  • Value Management methodologies

10
Impact of General Information Systems Controls
on the Audit
  • There are three general control categories
  • organization and management controls
  • systems acquisition, development, and maintenance
    controls
  • operations and information systems support.

11
Organization and Management Controls
  • Auditors consider
  • Key question - Who are the super-users?

12
Systems Acquisition, Development, and
Maintenance Controls
  • Auditors focus
  • Typical types of software
  • Providing user interfaces
  • Providing security
  • Managing hardware and software
  • Information communication

13
Operations and Information Systems Support
  • A number of things canb affect the types of
    controls
  • Hardware confirguration
  • Auditor needs to determine
  • Operating system

14
  • Internal vs outsourced support
  • What is outsourcing?
  • Internal

15
Advanced Information Systems
  • Advanced IS results in high complexity.
  • Such systems have one or more of the following
    characteristics
  • Strategic information systems
  • Custom software
  • Multiple information processing locations
  • Database management systems
  • Paperless systems
  • Integrated computing

16
Strategic Information Systems
  • Such systems provide a competitive advantage or
    improve efficiency within an entity.
  • The problems?
  • Such systems can be extremely strategic

17
Custom Software
  • Custom software is unique software designed for
    the entity.
  • How can it be developed?
  • The key reasons why such software is chosen by
    entities

18
Risks Associated with Custom Software
  • Such systems are usually very costly
  • Rigorous testing is required

19
Audit Impact of Custom Software
  • Systems development process
  • Risk of errors or unauthorized programs

20
Multiple Information Processing Locations
  • Problems with data processed in multiple
    locations
  • Programs could be inaccurate or unauthorized
  • Access to programs and data
  • Data sent from one location to another

21
Databases and Database Management Systems (DBMS)
  • Many software packages use a database as an
    underlying file structure.
  • Key concept of a DBMS
  • The DBMS

22
Effects of a DBMS on Internal Controls
  • Existence of a DBMS
  • Typical general controls that are affected
  • Organization and management controls
  • Systems acquisition, development, and maintenance
    controls
  • Operations and information systems support

23
Organization and Management Controls
  • The database administrator
  • Auditor documentation

24
Systems Acquisition, Development and Maintenance
  • Added controls should exist to ensure that
  • Database development
  • Programs

25
Operations and Information Systems Support
  • Data security
  • Each application cycle needs to be examined for
    controls over

26
Paperless Systems
  • A wide variety of paperless systems exist.
  • Typical business data communications
  • EDI (electronic data interchange)
  • EFT (electronic funds transfer)

27
Impact of Paperless Systems on the Audit
Engagement
  • Where there is no paper trail
  • Without a paper trail

28
Integrated Computing
  • Increased leve of complexity
  • Typical examples
  • Enterprise Resource Planning (ERP)
  • Relational databases
  • The objective of such systems

29
Some Common Entity-Level Controls
  • Controls related to the control environment
  • Controls over management override
  • The company's risk assessment process
  • Controls to monitor other controls, including
    activities of the internal audit function, the
    audit committee, and self-assessment programs
  • Controls over the period-end financial reporting
    process
  • Policies that address significant business
    control and risk management practices
  • Whistle-blower hotline
  • Code of conduct
  • IT environment and organizations
  • Self-assessment
  • Oversight by the Board of Senior Management
  • Policies procedures manual
  • Variance analysis reporting
  • Management triggers embedded within IT systems
  • Internal communication and performance reporting
  • Tone setting
  • Board/audit committee reporting
  • External communication
  • Segregation of duties

30
The Effects of Entity-Level Controls
  • What can be affected?
  • Any one of the control levels being absent or not
    properly implemented

31
Relationship between Entity-Level Controls and
Specific Audit Objectives
  • Entity-level controls can affect

32
Problem 10-21, Canadian 11th. Edition, Page 342
  • Friggle Corp. is a leasing and property
    management company located in Alberta. It
    provides financing to organizations wishing to
    purchase equipment or property and manages
    apartments and condominium properties. The
    company decided that it was time to upgrade its
    local area network. It decided to also purchase
    new accounting software but wanted to retain its
    old unit maintenance software, which, although 10
    years old, had an easy-to-use interface that
    allowed maintenance personnel to track the
    maintenance work that they did in each unit. The
    controller, Joe, decided that the company should
    purchase the software from Midland Computers,
    which was owned by his brother-in-law, Tom. The
    prices were comparable with those of other
    computer networks that he priced, and Midland
    happened to be close by. Using materials from
    industry magazines, Joe decided that the best
    property management software to buy would be from
    Quebec the software had received rave reviews
    about being easy to use.
  • The implementation was scheduled for the weekend
    after the June month-end close so that systems
    could be up and running by the following Monday.
    To Joes horror, when he arrived at work on
    Monday, computers were still being unpacked and
    installed. Tom had difficulty following the
    installation instructions for the accounting
    software, which was not up and running until the
    end of the week. General ledger details had to be
    manually entered, since the software could not
    handle the structure of the old accounts. At the
    end of two weeks, Joe had the old system put back
    up so that Friggle could catch up on transactions
    and get some work out the door. It took three
    months of 12-hour days for all accounting staff
    to get the new system operational. Unfortunately,
    the old maintenance systems would not work with
    the new operating system, and a new maintenance
    system had to be evaluated and purchased.
  • Required
  • Assess the IT governance at Friggle Corp. For
    weaknesses that you identify, provide
    recommendations for improvement.

33
Problem 10-22, Canadian 11th. Edition. Page 342
  • Turner Valley Hospital plans to install a
    database management system, Hosp Info, that will
    maintain patient histories, including tests
    performed and their results , vital statistics,
    and medical diagnoses. The system will also
    manage personnel and payroll, medical and
    non-medical supplies, and patient and provincial
    health-care billings. The decision was taken by
    the board of the hospital on the advice of a
    consultant who was a former employee of Medical
    Data Services Inc., the developer of Hosp Info.
  • Turner Valley Hospitals chief information
    officer has come to your accounting firm to ask
    for advice on what general controls she should
    ask Medical Data Services Inc. to install to
    preserve the integrity of the information in the
    system and to deal with privacy issues.
  • The system would permit data about patients to be
    entered by doctors, nurses, and medical
    technologists.
  • Required
  • Describe in general terms the controls you would
    suggest for the system as a whole.
  • Considering the nature of Turner Valley Hospital,
    describe the potential risks the hospital should
    be concerned about with respect to Hosp Info.
  • What are the advantages of such a database
    management system?
  • How would the quality of general controls at the
    hospital affect your audit?
Write a Comment
User Comments (0)
About PowerShow.com