SOLUTION: ACCT 402 Saudi Electronic University Accounting Information System Paper

College of Administrative and Financial Sciences
Assignment 2
Deadline: (End of Week 9) 31 /10/ 2020 @ 23:59
Course Name:
Student’s Name:
Accounting Information System
Course Code: ACCT 402
Student’s ID Number:
Semester: I
CRN:
Academic Year: 1441/1442 H
For Instructor’s Use only
Instructor’s Name:
Students’ Grade: …… /5
Level of Marks: High/Middle/Low
Instructions – PLEASE READ THEM CAREFULLY
● The Assignment must be submitted on Blackboard (WORD format only) via
allocated folder.
● Assignments submitted through email will not be accepted.
● Students are advised to make their work clear and well presented, marks may be
reduced for poor presentation. This includes filling your information on the cover
page.
● Students must mention question number clearly in their answer.
● Late submission will NOT be accepted.
● Avoid plagiarism, the work should be in your own words, copying from students
or other resources without proper referencing will result in ZERO marks. No
exceptions.
● All answered must be typed using Times New Roman (size 12, double-spaced)
font. No pictures containing text will be accepted and will be considered
plagiarism).
● Submissions without this cover page will NOT be accepted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Provide examples of business concerns describing the Preventive, Detective
and Corrective Action with reference to Internal Control.
(1.5 Marks)
2. A disaster recovery plan (DRP) is a documented process or set of procedures
to execute an organization’s disaster recovery processes and recover and
protect a business IT infrastructure in the event of a disaster. It is “a
comprehensive statement of consistent actions to be taken before, during
and after a disaster”.
Describe a Disaster Recovery Plan (DRP) for
Information Technology of a Saudi Business Concern.
(1.5
Marks)
3. Personal information about customers is collected, used, disclosed, and
maintained only in compliance with internal policies and external regulatory
requirements and is protected from unauthorized disclosure. With reference
to Privacy Concern how would you deal with SPAM and Identify Theft
problem of your business organization?
(2 Marks)
Chapter 7
Control and AIS
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-1
Learning Objectives

Explain basic control concepts and explain why computer control and security
are important.

Compare and contrast the COBIT, COSO, and ERM control frameworks.

Describe the major elements in the internal environment of a company

Describe the four types of control objectives that companies need to set.

Describe the events that affect uncertainty and the techniques used to identify
them.

Explain how to assess and respond to risk using the Enterprise Risk Management
(ERM) model.

Describe control activities commonly used in companies.

Describe how to communicate information and monitor control processes in
organizations.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-2
Internal Control
 System to provide reasonable assurance that objectives
are met such as:
 Safeguard assets.
 Maintain records in sufficient detail to report company assets
accurately and fairly.
 Provide accurate and reliable information.
 Prepare financial reports in accordance with established
criteria.
 Promote and improve operational efficiency.
 Encourage adherence to prescribed managerial policies.
 Comply with applicable laws and regulations.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-3
Internal Control
Functions
Categories
 Preventive
 General
 Deter problems
 Detective
 Discover problems
 Corrective
 Overall IC system and
processes
 Application
 Transactions are
processed correctly
 Correct problems
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-4
Sarbanes Oxley (2002)
 Designed to prevent financial statement fraud, make
financial reports more transparent, protect investors,
strengthen internal controls, and punish executives who
perpetrate fraud
 Public Company Accounting Oversight Board (PCAOB)
 Oversight of auditing profession
 New Auditing Rules
 Partners must rotate periodically
 Prohibited from performing certain non-audit services
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-5
Sarbanes Oxley (2002)
 New Roles for Audit Committee
 Be part of board of directors and be independent
 One member must be a financial expert
 Oversees external auditors
 New Rules for Management
 Financial statements and disclosures are fairly presented,
were reviewed by management, and are not misleading.
 The auditors were told about all material internal control
weak- nesses and fraud.
 New Internal Control Requirements
 Management is responsible for establishing and
maintaining an adequate internal control system.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-6
SOX Management Rules
 Base evaluation of internal control on a recognized
framework.
 Disclose all material internal control weaknesses.
 Conclude a company does not have effective financial
reporting internal controls of material weaknesses.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-7
Internal Control Frameworks
 Control Objectives for Information and Related
Technology (COBIT)
 Business objectives
 IT resources
 IT processes
 Committee of Sponsoring Organizations (COSO)
 Internal control—integrated framework
 Control environment
 Control activities
 Risk assessment
 Information and communication
 Monitoring
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-8
Internal Control
 Enterprise Risk Management Model
 Risk-based vs. control-based
 COSO elements +
 Setting objectives
 Event identification
 Risk assessment
 Can be controlled but also
 Accepted
 Diversified
 Shared
 Transferred
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-9
Control Environment
 Management’s philosophy, operating style, and risk
appetite
 The board of directors
 Commitment to integrity, ethical values, and
competence
 Organizational structure
 Methods of assigning authority and responsibility
 Human resource standards
 External influences
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-10
ERM—Objective Setting
 Strategic
 High-level goals aligned with corporate mission
 Operational
 Effectiveness and efficiency of operations
 Reporting
 Complete and reliable
 Improve decision making
 Compliance
 Laws and regulations are followed
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-11
ERM—Event Identification
 “…an incident or occurrence emanating from internal or
external sources that affects implementation of strategy
or achievement of objectives.”
 Positive or negative impacts (or both)
 Events may trigger other events
 All events should be anticipated
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-12
Risk Assessment
 Identify Risk
 Identify likelihood of risk
 Identify positive or negative impact
 Types of Risk
 Inherent
 Risk that exists before any plans are made to control it
 Residual
 Remaining risk after controls are in place to reduce it
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-13
ERM—Risk Response
 Reduce
 Implement effective internal control
 Accept
 Do nothing, accept likelihood of risk
 Share
 Buy insurance, outsource, hedge
 Avoid
 Do not engage in activity that produces risk
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-14
Event/Risk/Response Model
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-15
Control Activities
 Policies and procedures to provide reasonable
assurance that control objectives are met:
 Proper authorization of transactions and activities
 Signature or code on document to signal authority
over a process
 Segregation of duties
 Project development and acquisition controls
 Change management controls
 Design and use of documents and records
 Safeguarding assets, records, and data
 Independent checks on performance
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-16
Segregation of Accounting Duties
 No one employee should be given too much responsibility
 Separate:
 Authorization
 Approving transactions and decisions
 Recording
 Preparing source documents
 Entering data into an AIS
 Maintaining accounting records
 Custody
 Handling cash, inventory, fixed assets
 Receiving incoming checks
 Writing checks
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-17
Information and Communication
 Primary purpose of an AIS
 Gather
 Record
 Process
 Summarize
 Communicate
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-18
Monitoring
 Evaluate internal control framework.
 Effective supervision.
 Responsibility accounting system.
 Monitor system activities.
 Track purchased software and mobile devices.
 Conduct periodic audits.
 Employ a security officer and compliance officer.
 Engage forensic specialists.
 Install fraud detection software.
 Implement a fraud hotline.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-19
Segregation of System Duties
 Like accounting system duties should also be separated
 These duties include:










System administration
Network management
Security management
Change management
Users
Systems analysts
Programmers
Computer operators
Information system librarian
Data control
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-20
…
Purchase answer to see full
attachment