Ais-Ch7

Accounting Information Systems, 2013 Fall Accounting Information Systems, 2013 Fall

Chapter 7

Control and AIS

1 1

Learning Objectives Learning Objectives

 Explain basic control concepts and explain why computer control and security are important.  Compare and contrast the COBIT, COSO, and ERM control frameworks.  Describe the major elements in the internal environment of a company  Describe the four types of control objectives that companies need to set.  Describe the events that affect uncertainty and the techniques used to identify them.  Explain how to assess and respond to risk using the Enterprise Risk Management (ERM) model.  Describe control activities commonly used in companies.  Describe how to communicate information and monitor control processes in organizations.

2 2

7-2

Introduction Introduction

AIS threats are increasing, why?

More than 60 percent of organizations have recently experienced a major control failure for some of the following reasons:

 Control risks have increased in the last few years because: There are computers and servers everywhere. Distributed computer networks make data available to many users. Wide area networks (WANs) are giving customers and suppliers access to each other’s systems and data.  Inadequate Protection: Threats are underestimated, controls are not well understood. Productivity pressures, cost reduction pressures. Companies have not always understood the threats. Cost pressures mean that mgr.s skip time-consuming control proc.

3 3

3

Introduction Introduction

 Control and security are important  Companies are now recognizing the problems and taking positive steps to achieve better control, including: Devoting full-time staff to security and control concerns. Educating employees about control measures. Establishing and enforcing formal information security policies. Making controls a part of the applications development process. Moving sensitive data to more...