0 evaluări0% au considerat acest document util (0 voturi)
19 vizualizări3 pagini
This article explores the relationship between internal control and accounting information systems (AIS). It seeks to identify factors that explain how these systems are dependent for effectiveness on the applied internal controls, as well as identify how standard-setters and regulators affect the design, implementation, and managerial commitment to these controls. Since the AIS functions as the bloodstream for the host business, it needs an internal focus that is consistent with the mission and profitability of the business, as well as the capacity to respond to regulation and compliance issues. All stakeholders, including employees within the business, agents outside the business, customers and suppliers, and the public at large, are reliant upon both the fruits of businesses such as essential goods and services and the containment of businesses within the bounds of civil society expectations derived from law, rule, and custom. The extent to which the AIS, through internal controls, substantially assists in meeting these objectives forms the focus of this article. In brief, this article will demonstrate that internal control comprises an essential element in and over the entity’s AIS to assure compliance with the norms established at the level of regulation of the ambient political economy. Otherwise, perhaps, garbage in, garbage out.
This article explores the relationship between internal control and accounting information systems (AIS). It seeks to identify factors that explain how these systems are dependent for effectiveness on the applied internal controls, as well as identify how standard-setters and regulators affect the design, implementation, and managerial commitment to these controls. Since the AIS functions as the bloodstream for the host business, it needs an internal focus that is consistent with the mission and profitability of the business, as well as the capacity to respond to regulation and compliance issues. All stakeholders, including employees within the business, agents outside the business, customers and suppliers, and the public at large, are reliant upon both the fruits of businesses such as essential goods and services and the containment of businesses within the bounds of civil society expectations derived from law, rule, and custom. The extent to which the AIS, through internal controls, substantially assists in meeting these objectives forms the focus of this article. In brief, this article will demonstrate that internal control comprises an essential element in and over the entity’s AIS to assure compliance with the norms established at the level of regulation of the ambient political economy. Otherwise, perhaps, garbage in, garbage out.
This article explores the relationship between internal control and accounting information systems (AIS). It seeks to identify factors that explain how these systems are dependent for effectiveness on the applied internal controls, as well as identify how standard-setters and regulators affect the design, implementation, and managerial commitment to these controls. Since the AIS functions as the bloodstream for the host business, it needs an internal focus that is consistent with the mission and profitability of the business, as well as the capacity to respond to regulation and compliance issues. All stakeholders, including employees within the business, agents outside the business, customers and suppliers, and the public at large, are reliant upon both the fruits of businesses such as essential goods and services and the containment of businesses within the bounds of civil society expectations derived from law, rule, and custom. The extent to which the AIS, through internal controls, substantially assists in meeting these objectives forms the focus of this article. In brief, this article will demonstrate that internal control comprises an essential element in and over the entity’s AIS to assure compliance with the norms established at the level of regulation of the ambient political economy. Otherwise, perhaps, garbage in, garbage out.
Abstract: This article explores the relationship between
internal control and accounting information systems (AIS). It seeks to identify factors that explain how these systems are dependent for effectiveness on the applied internal controls, as well as identify how standard-setters and regulators affect the design, implementation, and managerial commitment to these controls. Since the AIS functions as the bloodstream for the host busi- ness, it needs an internal focus that is consistent with the mission and profitability of the business, as well as the capacity to respond to regulation and compliance issues. All stakeholders, including employees within the business, agents outside the business, customers and suppliers, and the public at large, are reliant upon both the fruits of businesses such as essential goods and services and the containment of businesses within the bounds of civil society expectations derived from law, rule, and custom. The extent to which the AIS, through internal controls, substantially assists in meeting these objectives forms the focus of this article. In brief, this article will demonstrate that internal control comprises David M. Shapiro is a fraud risk an essential element in and over the entity’s AIS to and financial crimes specialist. He is an expert on financial investigations assure compliance with the norms established at the and law enforcement. His extensive, level of regulation of the ambient political economy. diverse background includes work as Otherwise, perhaps, garbage in, garbage out. an assistant professor at the John Jay College of Criminal Justice, FBI special Keywords: accounting data; conduct risk; inspection agent, prosecuting attorney in New Jersey, corporate investigator in and oversight; preventive and detective controls; New York City, and certified public privacy and confidentiality accountant in New Jersey. Introduction and Overview It is not merely power and leverage that businesses seek to maximize through their AISs: Effective actions should comply with the moral, ethical, and legal expec- tations wherever business operations are conducted throughout the globe. At all levels—from the individ- ual to the e mployer to the community and society at
1 www.businessexpertpress.com Internal Control for Accounting Information Systems
large—business and its transactions should ■■ American Institute of Certified Public
be held to sustainable, rational, and ethical Accountants (AICPA n.d.), which regu- standards of c onduct. At its core, the AIS larly publishes and updates best practice serves as the key component in perfor- guidelines for members of the organiza- mance m easurement (Djalil et al. 2017). tions, including internal auditors, public The internal controls over and within the auditors, and information technology AIS comprise both its brakes and steer- professionals. ing mechanisms. Moreover, material ■■ Comptroller General of the United States weaknesses in the AIS and its information (2011), which regularly publishes guidance technology p resent a higher risk of i mpaired on, among other things, audits, i nternal con- financial reporting when measured against trols, and information system a ssessment. AISs and a dequately functioning informa- Its most recent revision of government tion technology (Li et al. 2012). In brief, the auditing standards was published in 2011. AIS is a key m anagement tool, and internal ■■ Institute of Internal Auditors (IIA 2017), control is management’s set of techniques which published a set of attribute and that function to direct the usefulness and performance standards in 2017, directly reliability of the AIS. impacting risk assessment of internal audit First and foremost, the AIS is itself an and internal control. automated control mechanism dependent ■■ International Auditing and Assurance on manual customization by management. Standards Board (IAASB 2016–2017), which Charts of accounts and other measurement published a set of principles in 2016–2017 tools are prepared. While the platform may that, among other objectives. guide the be off-the-shelf, the AIS as implemented is external audit function, including review importantly tailored to management’s ends. and risk assessment of internal control of It is management’s responsibility at all lev- the client entity. els to design, implement, and p erhaps most ■■ Public Company Accounting and Oversight importantly revise the AIS to conform to the Board (PCAOB 2017), which published a applicable standards for control, security, set of standards in 2017 that, among other confidentiality and p rivacy, and audit- objectives, guide the independent public ability. Specifically, the entity-level and auditor in evaluating internal control risk, activity-based dependence of the AIS on con- including those arising from the AIS. trol and audit via information technology ■■ U.S.’s Government Accountability Office elevates information system management to (GAO), which published standards for a high-risk managerial concern (Sanderson internal control in the federal government 2013). In practice, the internal audit func- in 2014, also known as the Green Book, tion of the entity is primarily responsible for describing internal control standards for obtaining assurance as to the effectiveness the federal government. of internal control over financial reporting ■■ U.S.’s GAO, which published an audit manual and other processes. for federal auditing of information system Among the key standard-setters and rep- controls in 2009, which together with the utable institutions for applied research of Green Book would facilitate and enhance internal controls as a function of internal effective auditing and monitoring of AISs. audit include the following organizations that directly impact the internal audit func- These macro-level, professionally recog- tion through influence over the profession nized, and widely reputable standard-setters and practice of internal audit or indirectly operate as not-for-profit organizations, guid- impact the internal audit function i nfluence ing the profession of accountancy, public, over the internal audit by independent and internal audit, whether the individual (external) auditors. professional is practicing directly for clients
www.businessexpertpress.com Internal Control for Accounting Information Systems
in business or directly for public accoun- That reliable information is demanded
tancy firms. They have long experience with and that it can be timely provided through issues related to internal control and AISs. effective AISs are not novel observations. In overview, internal control comprises However, the operating environment changes. the set of features and properties that allow From geopolitical risk to regulatory risk to the AIS to be used by the entity as a reli- conduct risk and so on, the need for internal able tool to achieve entity goals and objec- check and control on the AIS—both to assure tives. Table 1 shows a summary overview compliance with the intended original design of the framework of how internal control and to obtain real-time data on adjustment facilitates effectiveness of the AIS. It is not to material changes in attendant circum- intended to provide a complete description stances—may be a continuously evolving of the relationship between internal con- problem. trol and AISs. However, it should stimulate thought for the purpose of design, imple- Risks and Mitigation mentation, and feedback from the AIS that The analysis of internal control as an inde- helps to address issues of timeliness, accu- pendent variable producing an e ffective AIS racy, and completeness of the AIS. That is, begins with risk assessment by m anagement is it made effective through application of (De Korvin, Shipley, and Omer 2004). Senior the entity’s internal control system? and executive management responsibility Managerial responsibility for the design for this duty is ultimately nondelegable. and implementation of internal control is Moreover, audit analytics provide substantial not limited to the financial reporting func- assistance to the internal audit and control tion; it extends to all rules, processes, and function (Li et al. 2018). While macro-level information demands of the entity, whether organizations and standard-setters such as the arising exogenously from regulators and so Public Company Accounting Oversight Board on or arising endogenously from the con- (PCAOB) provide invaluable information and duct of employees and agents. The AIS guidance for rules and processes, managerial is the set of automated tools and manual responsibility is exercised at the meso-level, techniques that provide required informa- leveraging the tools and techniques commonly tion to the entity. It provides the founda- accepted as best practices formulated and tion for decision making in the dynamic published at the macro-level. Thus, the global political economy; thus, it cannot be internal control structure and system may realistically fixed in advance. It must allow be interpreted as a means of directing the for the addition of new modules and edit AIS to record, process, and report all of the of preexisting modules. Models like maps essential data available from the entity’s need revision when the underlying terrain plans, operations, and analyses. changes.
Table 1: Mediation of Internal Control Through Accounting Information System
Domains Inputs Processes Outputs Records Timely and accurate manual Field checks for validity Clear and auditable cross- operations and accuracy referencing between accounts and transactions Reports Routine and nonroutine Integration of divisions Timely real-time and routine transaction capacity for completeness feedback Contingencies Initiation and authorization Predefined prompts for Default line items identifying functions completeness entry or nonentry