g Text Version
Beauty & Self
Books & Music
Food & Wine
Health & Fitness
Hobbies & Crafts
Home & Garden
News & Politics
Religion & Spirituality
Travel & Culture
TV & Movies

Bored? Games!
Take a Quiz
Rate My Photo

Natural Living
Folklore and Mythology
Distance Learning

All times in EST

Full Schedule
g Accounting Site

BellaOnline's Accounting Editor


CBIS Impact on Controls and COSO Link

Guest Author - Consuelo Herrera, CAMS, CFE

Organizations must a perform risk assessment to identify, analyze, and manage risk relevant to financial reporting. Controls should be implemented depending on the risks identified and a proper combination of manual and CBIS controls should ensure an adequate climate for the organization. Aligned with this approach the COSO framework brings guidance to accountants and auditors.

The Committee of Sponsoring Organizations of the Tradeway Commission (COSO) and its Enterprise Risk Management, ERM Framework activities are a must-know for accountants and auditors that want to help organizations achieve their financial goals. COSO activities include:

o Articulating and communicating the organization's objectives.
o Determining the organization's risk appetite.
o Establishing an appropriate internal environment, including a risk management framework.
o Identifying potential threats to the achievement of objectives.
o Assessing risks, including their impact and likelihood of occurring.
o Selecting and implementing responses to risks.
o Undertaking control and other response activities.
o Communicating information on risks consistently at all levels in the organization.
o Centrally monitoring and coordinating the risk management processes and the outcomes.
o Providing assurance on the effectiveness with which risks are managed.

Computer Based Information Systems, CBIS, is a powerful tool than enhances manual controls over transaction authorization, segregation of duties, supervision, access control, adequate accounting records, and independent verification. COSO ERM Framework activities are deemed to minimize risks through effective controls.

From the CBIS environment perspective, transactions are authorized by rules often embedded within computer programs. For example, if an employee is deemed to work only 40 hours per week an error message should appear when someone has worked 42 hours in a given week. Authorization procedures are controls that ensure the process of valid transactions only. Valid transactions must be within the scope of a prescribed authority.

The proper segregation of duties ensures that an individual is not in a position to steal and conceal. Incompatible duties during a transaction process must be separated. For example, transaction authorization must be separated from transaction processing. Asset custody should be separated from record keeping responsibilities. If fraud were going to happen, it would be accomplished only by collusion between two or more individuals with incompatible duties. In a CBIS environment the activities of program development, program operation, and program maintenance should be properly separated.

When an adequate segregation of duties is not feasible, supervision plays an important role compensating the lack of proper segregation. In a CBIS environment supervisory controls should be designed to mitigate lack of direct supervision. For example, it would be cumbersome for a manager to directly supervise a computer programmer while doing his or her job.

The accounting records in a manual system provide an audit trial while in a CBIS environment the audit trial is provided by different techniques that take the form of pointers, indexes, or embedded keys.

Access controls should prevent asset misappropriation, by far the largest fraud scheme, according to the Association of Certified Fraud Examiners, ACFE. CBIS tends to centralize records in a single location, which entails threats of fraud and losses from disasters. A great control is to ensure that individuals are granted access to data, programs, and restricted areas only strictly necessary.

Independent verification identify errors and misrepresentations. For example an independent count of inventory, a reconciliation of assets to accounting records, etc. In a CBIS environment, accountants and auditors evaluate controls over system development and the logic of computer programs.

The COSO ERM framework and control activities whether manual or through CBIS strive for a common goal: help the organization with its quest for financial sustainability through proper controls in response to risks identified.

This site needs an editor - click to learn more!

Add CBIS+Impact+on+Controls+and+COSO+Link to Twitter Add CBIS+Impact+on+Controls+and+COSO+Link to Facebook Add CBIS+Impact+on+Controls+and+COSO+Link to MySpace Add CBIS+Impact+on+Controls+and+COSO+Link to Del.icio.us Digg CBIS+Impact+on+Controls+and+COSO+Link Add CBIS+Impact+on+Controls+and+COSO+Link to Yahoo My Web Add CBIS+Impact+on+Controls+and+COSO+Link to Google Bookmarks Add CBIS+Impact+on+Controls+and+COSO+Link to Stumbleupon Add CBIS+Impact+on+Controls+and+COSO+Link to Reddit

Reporting Irregular Items
Inherent Risk and Audit Risk
Drawing Conclusions from Financial Statements
Related Articles
Editor's Picks Articles
Top Ten Articles
Previous Features
Site Map

For FREE email updates, subscribe to the Accounting Newsletter

Past Issues

Printer Friendly
tell friend
Tell a Friend
Email Editor

Content copyright © 2015 by Consuelo Herrera, CAMS, CFE. All rights reserved.
This content was written by Consuelo Herrera, CAMS, CFE. If you wish to use this content in any manner, you need written permission. Contact BellaOnline Administration for details.


g features
Archives | Site Map


Past Issues

Less than Monthly

BellaOnline on Facebook

| About BellaOnline | Privacy Policy | Advertising | Become an Editor |
Website copyright © 2016 Minerva WebWorks LLC. All rights reserved.

BellaOnline Editor