AIS_ch7

System to provide reasonable assurance that objectives are met; Making sure everything is as it is supposed to be.

- Preventative (deter problems)

- Detective (discover problems)

- Corrective (correct problems).

- safeguard assets

- maintain records appropriatly

- reports are fair and accurate

- provide accurate and reliable info

- prepare financial reports in accordance with established criteria

- improve and promote operational efficiency

- encourage adherence to policies

- comply with laws and regulations.

- General (overall system and process; entire organization)

- Application (transactions are processed correctly; app works as it should).

- prevent financial statement fraud

- inrease transparency of financial reports

- protect investors

- stregthen internal controls

- establish responsibility for executives.

Public Company Accounting Oversight Board

= organization that oversees auditors.

- new auditing rules (partner rotation; separation of audit and non-audit services)

- new rules for audit committees (independent, but part of BOD; one must be financial expert; oversee external auditors)

- new rule for management (responsibility for fairness and review of financial statements; resp. for sharing material IC weaknesses and fraud w/ auditors)

- new IC requirements (establishing and maintaining adequate IC system).

• COBIT
• = Control Objectives for Information and Related Technology
• - business objectives, IT resources + processes

• COSO
• = Committee of Sponsoring Organizations
• - (non IT IC) control environment + activities, assess risks, info and communication, monitoring.

set objectives (what org. needs to do)

=> ID event (that enables reaching objectives)

=> assess risk (that can threaten event).

- Accept

- Diversify

- Share

- Transfer

- Avoid.