Risk Exposures and Internal Control Structure
Rujukan: Wilkinson Ch 7
_________________________________________________________
-
Topik Perkuliahan
Kategori
-
Komentar Terakhir
Vimala di Kuliah Sistem Informasi Akunta… gunawan di Kuliah Sistem Informasi Akunta… Igna Radia 023060564… di Topik 8 Igna Radia 023060564… di Topik 11 Igna Radia 023060564… di Topik 12 Mei 2007 S S R K J S M 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Meta
-
Blog Stats
- 17,464 hits
CHAPTER 7
RISK EXPOSURES AND THE INTERNAL CONTROL STRUCTURE
There are risks that company should face in its business, and for minimizing it, there should be internal control structure. A company surely has objectives, such as:
-Maximum customers’ satisfaction
-Maximum employees’ welfare
A company has to make regulations to overcome the risks. Because of that, the company should provide internal control structure in order to promote effectiveness and efficiency of operations, reliability of financial reporting, safeguarding assets, etc.
There are components and major considerations of the IC structure, such as Control environment, Risk assessment, Control activities, Information and communication, and Monitoring.
Additionally there are some typical sources of risks, for instance Clerical and operational employees, Computer programmers, Managers and accountants, Former employees, Customers and suppliers, Competitors, Outside persons, and Acts of nature or accidents.
The risks consists of some types, they are Unintentional errors, Deliberate errors, Unintentional losses of assets, Thefts of assets, Breaches of security, Acts of violence and natural disasters.
RISK EXPOSURES AND THE INTERNAL CONTROL STRUCTURE
*There are risks that company should face in its business, and for minimizing it, there should be internal control structure. A company surely has objectives, such as:
1. Maximum customers’ satisfaction
2. Maximum employees’ welfare.
*There are components and major considerations of the IC structure, such as:
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring.
*There are some typical sources of risks, for instance: Clerical and operational employees, Computer programmers, Managers and accountants, Former employees, Customers and suppliers, Competitors, Outside persons, and Acts of nature or accidents.
*The risks consists of some types, they are:
1. Unintentional errors
2. Deliberate errors
3. Unintentional losses of assets
4. Thefts of assets
5. Breaches of security
6. Acts of violence and natural disasters.
*A company has to make regulations to overcome the risks.
YEHEZKIEL ABISAY
SUMMARY OF CHAPTER 7 RISK EXPOSURES AND THE INTERNAL CONTROL STRUCTURE
After i read overall chapter 7, i can conclude that every company needs internal control, both small and big company. Since internal control provide control in all of sector in te company to safeguard firms assets and avoide from risk exposures, effectiveness and efficiency of operatins, reliability of financial reporting, and compliance with applicable laws and regulations. Internal control structure consist of control environment, risk assessment, control activities (financial reporting, and information processing), information communication, and monitoring. Types of risks arfe unintentional errors, deliberate errors, unintentional losses of asstes. Thefts of asstes, breaches of security, and acts of violance and natural disaster. Degree of risk exposure are frequency, vulnerability, and size.
Internal control is a system, structure, or process, implemented by a firm’s board of directors, management, and other personnel, intended to provide reasonable assurance about achieving control objective in the following categories: (1) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations.
These five components of internal controls are as follows: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring.
MANAGEMENT CONTROLS SYSTEM. The management control process focuses on managerial performance rather than on technical operations. Management control systems involve developing control and monitoring activities to evaluate performance and supervise the firm’s activities on an ongoing basis. Their purpose is to encourage compliance with the firm’s policies and procedures and with laws and regulations.
OPERATIONAL CONTROL SYSTEM. The process or a system that promotes effectiveness and efficiency in performing day-to-day operating task is called operational control.
RISK EXPOSURES
Risk exposures may arise from variety of internal and external sources, such as employees, customers, computer hackers, criminals, and act of nature. Risk assessment consists of identifying the relevant risks, analyzing those risks in terms of the extent of exposure, and managing risks by proposig effective control procedures.
Types of risk. (1) Unintentional errors, (2) deliberate errors, (3) unintentional losses of assets, (4) thefts of assets, (5) breaches of security, and (6) acts of violence and natures disasters.
Degree of risk exposure. (1) frequency, the more frequent an occurrence, the greater the exposure risk. (2) vulnerability, the more vulnerable an asset, the greater the exposure to risk. (3) size, the higher the monetary value of potential loss, the greater the risk exposure.
Chapter 7: RISK EXPOSURE AND INTERNAL CONTROL STRUCTURE
Risk exposure is the threat of asset and quality of information because of inappropriate controlling.
Internal control is a system, structure, or process that is implemented by management and other employees in organization to serve the suitable guarantee in organization’s environment.
The components of Internal Control Structure:
1. Control environment
2.Risk assessment
3. control activities
4. information and communication
5. monitoring
Sources of risk to which a firm is exposed:
1. clerical and operating employee, that process data
2. computer programmers, that make and serve the computer program
3. managers and accountant, that always relate in financial statement
4. former employee, that know exactly about company
5. customer and supplier, that are always have transaction with company
6. competitor, that is want to get information about company
7. outside person, such as hacker and criminal
8. act of nature or accident, such as flood, fire, transportation accident.
CHAPTER 7
(summary of chapter 7)
Risk Exposures and Internal Control Structure
Internal control is a system, structure, or process, implemented by a firm’s board of directors, management, and other personnel, intended to provide reasonable assurance about achieving control objective in the following categories:
1. Effectiveness and efficiency of operations.
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations.
These five components of internal controls are as follows:
1. Control environment
2.Risk assessment
3. control activities
4. information and communication
5. monitoring
There are some typical sources of risks, for instance
- Clerical and operational employees
- Computer programmers
- Managers and accountants
- Former employees
- Customers and suppliers
- Competitors
- Outside persons
- Acts of nature or accidents
Risk Exposure
Risk exposures may arise from variety of internal and external sources, such as employees, customers, computer hackers, criminals, and act of nature. Risk assessment consists of identifying the relevant risks, analyzing those risks in terms of the extent of exposure, and managing risks by proposing effective control procedures.
Types of risk, they are:
1. Unintentional errors
2. deliberate errors
3. unintentional losses of assets
4. thefts of assets
5. breaches of security
6. acts of violence and natures disasters
A control framework ensures that relevant controls measures whose purpose is to provide reasonable assurance that certain risk exposures are counteracted within the tree formal structures are implemented. The control framework is called internal control or the internal control structures (ICS). If a proper ICS is implemented, all the operations, physical resources, and data will be monitored and under control, objectives will be achieved, risks will be minimized, and information outputs will be trustworthy.
INTERNAL CONTROL STRUCTURES
The study defined internal control as a system, structure, or process, implemented by a firm’s board of directors, management, and other personnel, intended to provide reasonable assurance about achieving control objectives in the following categories:
1. Effectiveness and efficiency of operations
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations
FINANCIAL-ORIENTED VIEW OF THE INTERNAL CONTROL STRUCTURE
These five interrelated components and other consideration are as follows:
§ Control environment component
First, management philosophy and operating cycle, a subcomponent of the control environment, requires certain positive management actions. These actions include setting an example of ethical behavior by following a personal code of ethics, establishing a formal corporate code of conduct, stressing the importance of internal controls, and treating personnel fairly and with respect. A second component is integrity and ethical values. The ethical and unethical behaviors of managers and employees can have pervasive impact on the entire ICS, creating atmosphere that can significantly influence the validity of the financial reporting process. A third subcomponent of the control environment is commitment to competence. Firms must recruit competent and trustworthy employees to encourage initiative and creatively and to react quickly to changing condition.
The board of directors or audit committee is a fourth subcomponent. The audit committee’s role to actively oversee the firm’s accounting and financial reporting policies and practices and to act ac a liaison between the board and the external and internal auditors.
A fifth subcomponent is assignment of authority and responsibility. Authority is the right to command subordinates based on rank or formal position. Responsibility is one’s obligation to perform assigned duties and to be held accountable for the results attained.
Human resource policies and practices the seventh and final subcomponent involves a consideration of policies regarding the recruitment, orientation, training, motivation, evaluation, promotion, compensation, counseling, discharge, and protection of employees.
§ Risk assessment component
The risk assessment component of the ICS consists of the identification and analysis of relevant risk that may prevent the attainment of companywide objectives and objectives of organizational units and the formation plan to determine how to manage the risks.
§ Control activities component
A firm should develop specific control activities policies, practices, and procedures to help ensure that employee properly carry out management directives.
§ Information and communication component
Information must be identified, processed, and communicated so that appropriate personnel may carry out their responsibilities.
§ Monitoring component
The purpose of monitoring, the final component is to assess the quality of the ICS over time by conducting ongoing activities and separate evaluation.
NONFINANCIAL-ORIENTED VIEW OF THE INTERNAL CONTROL STRUCTURE
The non-financial oriented view considers the same five components of the ICS, except that it concentrates on the factors relevant to achieving each component’s operations and compliance objectives.
Management control system
The management control process focuses on managerial performance rather than on technical operations. Management control systems involve developing control and monitoring activities to evaluate performance and supervise the firm’s activities on ongoing basis. Their purpose is to encourage compliance with the firm’s policies and procedures and with laws and regulations.
Operational control system
The process or system that promotes effectiveness and efficiency in performing day-to-day operating tasks.
RISK EXPOSURES
Every firm faces risks that reduce the chances of achieving its objectives. Risk exposures may arise from a variety or internal and external sources, such as employees, customers, computer hacker, criminals, and acts of nature.
Types of risk
Ø Unintentional errors
Errors may appear in input data, such as in customer names or numbers
Ø Deliberate errors
Deliberate errors constitute fraud, since they are made to secure unfair or unlawful gain.
Ø Unintentional losses of assets
Assets may be lost or misplaced by accident.
Ø Thefts of assets
A firm’s assets may be stolen by outsiders, such as professional thieves who break into a storeroom
Ø Breaches of securities
Unauthorized persons may gain access to a firm’s data files and reports.
Ø Acts of violence and natural disasters
Certain violent acts cause damage to a firm’s asset, including data. If sufficiently serious, they can interrupt business operations and even propel firms toward bankruptcy.
Degree of exposure
1. Frequency
The more frequent an occurrence, the greater the exposure to risk.
2. Vulnerability.
The more vulnerable an asset, the greater the exposure to risk.
3. Size
The higher the monetary value of a potential loss, the greater the risk exposure.
Problem condition affecting exposures to risks
v Collusion
The cooperation of two or more employees for a fraudulent purpose.
v Lack of enforcement
A firm may have adequate management policies and control procedures but may overlook irregularities
v Computer crime
COMPUTER FRAUD AND CONTROL PROBLEMS RELATED TO COMPUTERS
Nature of computer crimes
In a computer crime, the computer is involved directly or indirectly in committing the criminal act. Sabotage of computer facilities is classified as a direct computer crime, and unauthorized access of stored data is an indirect computer crime because the presence of the computer created the environment for committing the crime.
Types of computer crimes
Two types already are unauthorized access of stored data and sabotage of computer facilities
Reason why computer cause control problems
ü Processing is concentrated
ü Audit trails may be undermined
ü Human judgment is bypassed
ü Data are stored in device oriented rather than human oriented forms
ü Computer equipment is powerful but complex and vulnerable
AUDIT CONSIDERATIONS
A typical AIS periodic audits,. Normally, the internal control structure receives particular scrutiny during such audit. Thus the internal control structure should be designed to be fully auditable.
COST BENEFIT CONSIDERATIONS
Incorporating a control into an information system involves a cost. Adding a control after the system is implemented usually tends to be more costly and difficult. If every conceivable control were included within an organization structure, the total cost would likely be exorbitant. Thus a firm’s auditors should conduct a cost benefit analysis. The seven steps to conducting a cost benefit analysis are as follows:
1. determine specific computer resources subject to control
2. determine all potential threats to the company’s computer system
3. assess the relevant risks to which the firm is exposed
4. measures the extent of each relevant risk exposure in dollar terms
5. multiply the estimated effect of each relevant risk exposure by the estimated frequency of occurrence over a reasonable period, such as a year
6. compute the cost of installing and maintaining a control that is counteract each relevant risk exposure
7. compare the benefits against the costs of each control
CHAPTER 7
Risk Exposures and Internal Control Structure
Internal control is a system, structure, or process that is implemented by management and other employees in organization to serve the suitable guarantee in organization’s environment.
five components of internal controls are as follows:
1. Control environment
2.Risk assessment
3. control activities
4. information and communication
5. monitoring
typical sources of risks, for instance
- Clerical and operational employees
- Computer programmers
- Managers and accountants
- Former employees
- Customers and suppliers
- Competitors
- Outside persons
- Acts of nature or accidents
Risk Exposures
Risk exposures may arise from variety of internal and external sources, such as employees, customers, computer hackers, criminals, and act of nature. Risk assessment consists of identifying the relevant risks, analyzing those risks in terms of the extent of exposure, and managing risks by proposig effective control procedures.
Degree of exposure
1. Frequency
2. Vulnerability.
3. Size
Computer Fraud and Control Problems Related To Computers
Nature of computer crimes
In a computer crime, the computer is involved directly or indirectly in committing the criminal act.
Types of computer crimes
1.unauthorized access of stored data
2.sabotage of computer facilities
COST BENEFIT CONSIDERATIONS
The seven steps to conducting a cost benefit analysis are as follows:
1. determine specific computer resources subject to control
2. determine all potential threats to the company’s computer system
3. assess the relevant risks to which the firm is exposed
4. measures the extent of each relevant risk exposure in dollar terms
5. multiply the estimated effect of each relevant risk exposure by the estimated frequency of occurrence over a reasonable period, such as a year
6. compute the cost of installing and maintaining a control that is counteract each relevant risk exposure
7. compare the benefits against the costs of each control
CHAPTER 7
RISK EXPOSURES AND THE INTERNAL CONTROL STRUCTURE
I. There are risks that company should face in its business, and for minimizing it, there should be internal control structure. A company surely has objectives, such as:
1. Maximum customers’ satisfaction
2. Maximum employees’ welfare.
II. COMPONENTS AND MAJOR CONSIDERATIONS OF THE INTRENEAL CONTROL STRUCTURE :
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring.
III. TYPICAL SOURCE OF RISKS , for instance:
- Clerical and operational employees,
- Computer programmers,
- Managers and accountants,
- Former employees,
- Customers and suppliers,
- Competitors,
- Outside persons, and
- Acts of nature or accidents.
IV. RISK EXPOSURES
Every firm faces risks that reduce the chances of achieving its objectives. Risk exposures may arise from a variety or internal and external sources, such as employees, customers, computer hacker, criminals, and acts of nature.
Types of risk
- Unintentional errors
Errors may appear in input data, such as in customer names or numbers
- Deliberate errors
Deliberate errors constitute fraud, since they are made to secure unfair or unlawful gain.
- Unintentional losses of assets
Assets may be lost or misplaced by accident.
- Thefts of assets
A firm’s assets may be stolen by outsiders, such as professional thieves who break into a storeroom
- Breaches of securities
Unauthorized persons may gain access to a firm’s data files and reports.
- Acts of violence and natural disasters
Certain violent acts cause damage to a firm’s asset, including data. If sufficiently serious, they can interrupt business operations and even propel firms toward bankruptcy.