CONTROL & ACCOUNTING

INFORMATION SYSTEM
BY :
K e v i n D w i j a y a P. S e b o ( 1 6 0 8 1 0 3 0 1 0 3 5 )
Chesilia Pramesti A (160810301084)
Davidea Rahma (160810301087)
 Why Is Control Needed?

A Primary Objective of an AIS

Is to control the organization so the organization can achieve its objectives

Management expects accountants to:

Take a proactive approach to eliminating system threats.
Detect, correct, and recover from threats when they occur.

7-3
Internal Controls

Processes implemented to provide assurance that the following objectives are

achieved:
1. Safeguard assets
2. Maintain sufficient records
3. Provide accurate and reliable information
4. Prepare financial reports according to established criteria
5. Promote and improve operational efficiency
6. Encourage adherence with management policies
7. Comply with laws and regulations
Functions of Internal Controls

Preventive controls
1 Deter problems from occurring

Detective controls
2 Discover problems that are not prevented

Corrective controls
3 Identify and correct problems; correct and recover from the problems
Control Frameworks

Control Objectives for Information and

Related Technology

Committee of Sponsoring Organozations

Enterprise Risk Management

Expands COSO framework taking a risk-based
approach
 COBIT Framework

1. Meeting stakeholder needs

2. Covering the enterprise end-to-end
3. Applying a single, integrated framework
4. Enabling a holistic approach
5. Separating governance from management
COBIT5 Separates Governance from Management

7-8
Committee of Sponsoring Organizations

The Committee of Sponsoring Organizations (COSO) is a

private sector group consisting of five organizations:
1 American Accounting Association
2 American Institute of Certified Public Accountants
3 Institute of Internal Auditors
4 Institute of Management Accountants
5 Financial Executives Institute
Components of COSO Frameworks

COSO COSO-ERM
Control (internal) environment Internal environment
Risk assessment Objective setting
Control activities Event identification
Information and communication Risk assessment
Risk response
Monitoring
Control activities
Information and communication
Monitoring
7-10
COSO & COBIT Similarities and Differences
COSO
1. Primary User Focus is management.
2. The point of view of internal control is the unity of some
processes in general.
3.The goals to be achieved from an internal control is the
operation of an effective and efficient system, reporting of reliable
financial statements and compliance with applicable regulations.
4.Component / domain is the control of the environment, risk
management, supervision and control of information and
communication activities.
5. The control focus of eSAC is the entity entity.
6.Evaluation of internal control is directed to how effectively the
control is applied in certain time points.
7. Accountability of the eSAC control system is addressed to
management.
COBIT
1. The Primary User Focus is the management, operator
and auditor of the information system.
2. The internal view of the internal control is the unity of several
processes consisting of policies, procedures, application and
organizational structure.
3. Objectives to be achieved from an internal control is the operation of
an effective and efficient system, confidentiality, unity and availability of
information equipped with a reliable financial reporting system in
accordance with applicable regulations.
4. The intended components / domains are planning and organizing,
integration and application, supervision of support and distribution.
5. The control focus of COBIT is the information technology side.
6. Evaluation of internal control is directed to how effective the control is
applied within the specified time period.
7. Accountability for the control system of COBIT is directed to
management.
 STRATEGIC OBJECTIVES
1
OPERATION OBJECTIVES

OBJECTIVE 2
SETTING COMPLIANCE OBJECTIVES
3
COMPLIANCE OBJECTIVES
4
EVENT IDENTIFICATION

EVENT TECHNIQUES
RISK ASSESSMENT AND RISK RESPONSE

INHERENT RISK

RESIDUAL RISK
MANAGEMENTS RESPOND TO RISK
ESTIMATE LIKELIHOOD & IMPACT
IDENTIFY CONTROLS

Preventive Corrective
Control Detective Control Control
ESTIMATE COST AND BENEFIT
CONTROL ACTIVITIES
 Controls are selected and developed to help reduce risks
1 to an acceptable

Appropriate general controls are selected and developed

2 over technology

Control activities are implemented are followed as

3 specified in company policies and procedures
Control procedures category :

1. Proper authorization

2. Segregation of duties

3. Project development and acquistion controls

4. Change management controls

5. Design and use of document and records

6. Safeguarding assets, record, and data

7. Independent checks on performance

 Segregation of duties
1. System administration

2. Network Management
1. Autorization
3. Security Management
Segretion
of Segretion 4. Change Management
2. Recording Accounting of 5. Users
Duties Systems
Duties 6. System Analysis
3. Custody
7. Programming
8. Computer operations
9. Information System Library
10. Data Control
1 Steering committe
4 Data processing schedule

2 Strategic masterplan
5 System performance measurements

3 Project development plan

6 Postimplementation review

23
INFORMATION AND COMMUNICATION
MONITORING
THANK YOU!
No Questions?