Chapter 7: Control and AIS
• System to provide reasonable assurance that objectives are met such as:
o Safeguard assets.
o Maintain records in sufficient detail to report company assets accurately and
o Provide accurate and reliable information.
o Prepare financial reports in accordance with established criteria.
o Promote and improve operational efficiency.
o Encourage adherence to prescribed managerial policies.
o Comply with applicable laws and regulations.
Overall IC system and processes
Transactions are processed correctly
Sarbanes Oxley (2002)
• Designed to prevent financial statement fraud, make financial reports more transparent,
protect investors, strengthen internal controls, and punish executives who perpetrate
fraud o Public Company Accounting Oversight Board (PCAOB)
Oversight of auditing profession
o New Auditing Rules
Partners must rotate periodically
Prohibited from performing certain non-audit services
• New Roles for Audit Committee
o Be part of board of directors and be independent
o One member must be a financial expert
o Oversees external auditors
• New Rules for Management
o Financial statements and disclosures are fairly presented, were reviewed by
management, and are not misleading.
o The auditors were told about all material internal control weak- nesses and fraud.
• New Internal Control Requirements
o Management is responsible for establishing and maintaining an adequate internal
SOX Management Rules
• Base evaluation of internal control on a recognized framework.
• Disclose all material internal control weaknesses.
• Conclude a company does not have effective financial reporting internal controls of
Internal Control Frameworks
• Control Objectives for Information and Related Technology (COBIT)
o Business objectives
o IT resources
o IT processes • Committee of Sponsoring Organizations (COSO)
o Internal control—integrated framework
o Control environment
o Control activities
o Risk assessment
o Information and communication
• Enterprise Risk Management Model
o Risk-based vs. control-based
o COSO elements +
o Setting objectives
o Event identification
o Risk assessment
Can be controlled but also
• Management’s philosophy, operating style, and risk appetite
• The board of directors
• Commitment to integrity, ethical values, and competence
• Organizational structure
• Methods of assigning authority and responsib