SlideShare a Scribd company logo

Internal Controls

National Pork Board
National Pork Board

Cody Griffin, Frazer Frost, LLP, 2010 Pork Management Conference, June 16-18 in Hilton Head, S.C.

Government & Nonprofit
1 of 26
Download to read offline
Internal Controls Cody Griffin CPA, CITP, CISA Risk Assurance Services
Content • Common SAS 115 Comments • Common Applications • Outsourcing /Cloud Computing • SAS 70 • Control Basics • IT General Controls • The Bull’s Eye
Common SAS 115 Comments Business Process Controls Percentage Finding / Risk 33% Due to the limited number of employees working at the buying sites, many of critical duties are combined and given to the available employees. Presently, a single individual prepares and signs checks as well as maintains the general ledger. 20% At the time of our audit, there were several large checks that had been outstanding for several months. Tracking outstanding checks is an important control procedure that ensures that all outgoing checks are accounted for. 13% One person is responsible for preparing payroll input, reviewing the payroll journals from the payroll system, finalizing each payroll for employees and amounts, determining the bank transfer and distribution of bank transfer to the employees accounts for each payroll. This combination of duties is completely incompatible and significantly increases the chance of an error or irregularity going undetected. 13% During the review of internal control processes related to AP we noted that all employees with access to the AP module also maintained the ability to create vendors.
Common SAS 115 Comments General Computer Controls Percentage Finding / Risk 60% Passwords to log onto the network / financial application(s) are not required to change (expire) periodically. 60% Backup media is not being rotated off site to an environmentally and physically secure location. Backup media is not being tested periodically to ensure recoverability. 47% The CFO/Controller have administrator rights to the financial application(s). 40% Access to the physical location of the computer hardware is not restricted. 40% Written disaster recovery procedures do not exist. 33% While many IT and operational procedures are standardized and routinely followed, they have not been documented and approved by management. 27% Segregation of duties does not exist within the financial application 20% Shared users IDs are being used. 13% An evaluation of the outside service provider's SAS 70 Type II report is not being conducted. 1% User access within the financially significant applications is not being reviewed periodically. 1% Programmers have access to the live application's source code / supporting data, and change documentation is not standardized.
Common Applications ERP Custom (Unix) Dynamics Farm Business Software (FBS) Macola MAS200 MAS90 Peachtree Quantum Platinum Taylor Made Solutions
Common Applications Live Inventory Dynamics Farm Business Software (FBS) Lot Tracker Macola MAS200 MAS90 MTech PigKnows ProTrack Taylor Made Solutions
Common Applications Feed Mill Agris CTN Data Dynamics Feed Office Pro Repete Taylor Made Solutions WEM4000
Common Applications Payroll ADP CompuPay Custom (Unix) Evolution Farm Business Software (FBS) Macola MAS90 Platinum Redwing Taylor Made Solutions WebPay
Outsourcing / Cloud Computing • What controls do you have in place? • Do you still own your data? • What happens if you decide to change providers? • Did you have an attorney assist with the contract? • Do they have a SAS 70?
SAS 70 • A SAS 70 audit is a process in which an independent accounting firm assesses the internal controls of a service organization and issues both a service auditor’s report and an opinion based on the assessment. • Service auditor reports are referred to as SAS 70 reports because they are defined by Statement on Auditing Standard (SAS) No. 70 issued by the American Institute of Certified Public Accountants (AICPA).
Type 1 vs. Type 2 Report • Type 1 Report: A service auditor's report on the fair presentation of a service organization's description of its controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, and on whether they had been placed in operation as of a specific date. No Testing Limited Value
Type 1 vs. Type 2 Report (cont.) • Type 2 Report: provides a description of the controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, on whether they had been placed in operation as of a specific date, and on whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved during the period specified. Testing Most Common Most Customer Value
Importance of User Control Considerations
User Control Considerations: What are they? • Controls important to the process but that are left to the responsibility of user organization • Outside the scope of the controls the service organization can provide • Guidance for user auditor for controls to test at the user organization
User Control Considerations: How do they help service organizations? • Clearly Define Responsibility: If the control cannot be maintained internally it provides a way to notify user that they are responsible for the control. • Limit Liability: User control considerations help more clearly define where liability for controls is situated.
Identification of controls Question: What is a control? Answer: A control is an activity put in place to mitigate a risk. Question: What types of risks should we be thinking about in our work? Answer: The risk that Financial Statement Assertions and Information Processing Objectives are not met.
Think controls! What words are often associated with controls? • Match • Review • Re-perform • Compare • Restrict • Validate • Reconcile
Control Evaluation Questions • Automated or Manual • Close to process or far from process • Close to accounts or far from accounts • Control has been placed in operation • Staff are competent • Control covers 100% of the population
Attributes of the “best” controls: • Invisible • Automated • Preventative • Risk-based
IT General Controls • Access to Programs and Data • Computer Operations • Program Changes • Program Development & Implementation
Access to Programs and Data Objective To ensure that only authorized access is granted to programs and data upon authentication of a user's identity.
Computer Operations Objective To ensure that production systems are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data.
Program Changes Objective To ensure that changes to programs and related infrastructure components are requested, prioritized, performed, tested, and implemented in accordance with management’s objectives.
Program Development Objective To ensure that systems are developed, configured, and implemented to achieve management’s objectives.
Cody Griffin, CPA, CITP, CISA cgriffin@frazerfrost.com (501) 537-7441

Recommended

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Manoj Agarwal
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit Approach
Nur Dalila Zamri
 
Integrated Test Facility
Integrated Test FacilityIntegrated Test Facility
Integrated Test Facility
kzoe1996
 

Recommended

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Manoj Agarwal
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit Approach
Nur Dalila Zamri
 
Integrated Test Facility
Integrated Test FacilityIntegrated Test Facility
Integrated Test Facility
kzoe1996
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
Jayesh Daga
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
MNorazizi HM
 
Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-software
kzoe1996
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
asrulsani09
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
Nur Dalila Zamri
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
NAFCU Services Corporation
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions
douglascarnicelli
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITComputer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Shahzeb Pirzada
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Sreekanth Narendran
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1
Hemang Doshi
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
Marc Vael
 

More Related Content

What's hot

03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
NAFCU Services Corporation
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 

What's hot (20)

IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
 
Generalized audit-software
Generalized audit-softwareGeneralized audit-software
Generalized audit-software
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
 
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
Internal Control Certification – It’s Not Just an Accounting Thing (Credit Un...
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDITComputer Assisted Audit Techniques (CAATS) - IS AUDIT
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1
 

Similar to Internal Controls

05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controls
Mulyadi Yusuf
 
Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?
Reveille Software
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 

Similar to Internal Controls (20)

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controls
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)Management Theory & Practice(Robbins, S. Coulter M.)
Management Theory & Practice(Robbins, S. Coulter M.)
 
Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?Are Your End Users Doing Your ECM QA?
Are Your End Users Doing Your ECM QA?
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector
 
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validationXybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
Survey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceSurvey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed compliance
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 

More from National Pork Board

More from National Pork Board (20)

Hiring and Firing Employees
Hiring and Firing EmployeesHiring and Firing Employees
Hiring and Firing Employees
 
Worker Safety / OSHA
Worker Safety / OSHAWorker Safety / OSHA
Worker Safety / OSHA
 
Credit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production CompanyCredit Analysis - Assessing the Risk Profile of a Pork Production Company
Credit Analysis - Assessing the Risk Profile of a Pork Production Company
 
Electronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh FarmsElectronic Sow Feeding at Tosh Farms
Electronic Sow Feeding at Tosh Farms
 
Taking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet MiningTaking Advantage of Balance Sheet Mining
Taking Advantage of Balance Sheet Mining
 
Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010Income & Estate Tax Update - 2010
Income & Estate Tax Update - 2010
 
Analytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing PerformanceAnalytics that Work - Tools for Creating Value and Focusing Performance
Analytics that Work - Tools for Creating Value and Focusing Performance
 
Animal Welfare Initiatives
Animal Welfare InitiativesAnimal Welfare Initiatives
Animal Welfare Initiatives
 
Reorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm StoryReorganization in the Pork Industry - The Coharie Hog Farm Story
Reorganization in the Pork Industry - The Coharie Hog Farm Story
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Integrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s CultureIntegrating “We Care” Into Your Operation’s Culture
Integrating “We Care” Into Your Operation’s Culture
 
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed CostsManaging Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
Managing Your Profit Margin Despite Unpredictable Hog Prices and Feed Costs
 
Packer Contracts and Perspective
Packer Contracts and PerspectivePacker Contracts and Perspective
Packer Contracts and Perspective
 
Legislative and Regulatory Update
Legislative and Regulatory UpdateLegislative and Regulatory Update
Legislative and Regulatory Update
 
Market Outlook - 2010
Market Outlook - 2010Market Outlook - 2010
Market Outlook - 2010
 
U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)U.S. Global Position (imports/exports)
U.S. Global Position (imports/exports)
 
National Pork Board Update - 2010
National Pork Board Update - 2010National Pork Board Update - 2010
National Pork Board Update - 2010
 
Grain Outlook - 2011
Grain Outlook - 2011Grain Outlook - 2011
Grain Outlook - 2011
 
Market Outlook - 2011
Market Outlook - 2011Market Outlook - 2011
Market Outlook - 2011
 

Recently uploaded

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
tanu pandey
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Call Girls in Nagpur High Profile
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
SUHANI PANDEY
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Call Girls in Nagpur High Profile
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
aartirawatdelhi
 

Recently uploaded (20)

An Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCAn Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCC
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCC
 
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
 
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
 
1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLS1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLS
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Scaling up coastal adaptation in Maldives through the NAP process
Scaling up coastal adaptation in Maldives through the NAP processScaling up coastal adaptation in Maldives through the NAP process
Scaling up coastal adaptation in Maldives through the NAP process
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 

Internal Controls

  • 1. Internal Controls Cody Griffin CPA, CITP, CISA Risk Assurance Services
  • 2. Content • Common SAS 115 Comments • Common Applications • Outsourcing /Cloud Computing • SAS 70 • Control Basics • IT General Controls • The Bull’s Eye
  • 3. Common SAS 115 Comments Business Process Controls Percentage Finding / Risk 33% Due to the limited number of employees working at the buying sites, many of critical duties are combined and given to the available employees. Presently, a single individual prepares and signs checks as well as maintains the general ledger. 20% At the time of our audit, there were several large checks that had been outstanding for several months. Tracking outstanding checks is an important control procedure that ensures that all outgoing checks are accounted for. 13% One person is responsible for preparing payroll input, reviewing the payroll journals from the payroll system, finalizing each payroll for employees and amounts, determining the bank transfer and distribution of bank transfer to the employees accounts for each payroll. This combination of duties is completely incompatible and significantly increases the chance of an error or irregularity going undetected. 13% During the review of internal control processes related to AP we noted that all employees with access to the AP module also maintained the ability to create vendors.
  • 4. Common SAS 115 Comments General Computer Controls Percentage Finding / Risk 60% Passwords to log onto the network / financial application(s) are not required to change (expire) periodically. 60% Backup media is not being rotated off site to an environmentally and physically secure location. Backup media is not being tested periodically to ensure recoverability. 47% The CFO/Controller have administrator rights to the financial application(s). 40% Access to the physical location of the computer hardware is not restricted. 40% Written disaster recovery procedures do not exist. 33% While many IT and operational procedures are standardized and routinely followed, they have not been documented and approved by management. 27% Segregation of duties does not exist within the financial application 20% Shared users IDs are being used. 13% An evaluation of the outside service provider's SAS 70 Type II report is not being conducted. 1% User access within the financially significant applications is not being reviewed periodically. 1% Programmers have access to the live application's source code / supporting data, and change documentation is not standardized.
  • 5. Common Applications ERP Custom (Unix) Dynamics Farm Business Software (FBS) Macola MAS200 MAS90 Peachtree Quantum Platinum Taylor Made Solutions
  • 6. Common Applications Live Inventory Dynamics Farm Business Software (FBS) Lot Tracker Macola MAS200 MAS90 MTech PigKnows ProTrack Taylor Made Solutions
  • 7. Common Applications Feed Mill Agris CTN Data Dynamics Feed Office Pro Repete Taylor Made Solutions WEM4000
  • 8. Common Applications Payroll ADP CompuPay Custom (Unix) Evolution Farm Business Software (FBS) Macola MAS90 Platinum Redwing Taylor Made Solutions WebPay
  • 9. Outsourcing / Cloud Computing • What controls do you have in place? • Do you still own your data? • What happens if you decide to change providers? • Did you have an attorney assist with the contract? • Do they have a SAS 70?
  • 10. SAS 70 • A SAS 70 audit is a process in which an independent accounting firm assesses the internal controls of a service organization and issues both a service auditor’s report and an opinion based on the assessment. • Service auditor reports are referred to as SAS 70 reports because they are defined by Statement on Auditing Standard (SAS) No. 70 issued by the American Institute of Certified Public Accountants (AICPA).
  • 11. Type 1 vs. Type 2 Report • Type 1 Report: A service auditor's report on the fair presentation of a service organization's description of its controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, and on whether they had been placed in operation as of a specific date. No Testing Limited Value
  • 12. Type 1 vs. Type 2 Report (cont.) • Type 2 Report: provides a description of the controls that may be relevant to a user organization's internal control as it relates to an audit of financial statements, on whether such controls were suitably designed to achieve specified control objectives, on whether they had been placed in operation as of a specific date, and on whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved during the period specified. Testing Most Common Most Customer Value
  • 13. Importance of User Control Considerations
  • 14. User Control Considerations: What are they? • Controls important to the process but that are left to the responsibility of user organization • Outside the scope of the controls the service organization can provide • Guidance for user auditor for controls to test at the user organization
  • 15. User Control Considerations: How do they help service organizations? • Clearly Define Responsibility: If the control cannot be maintained internally it provides a way to notify user that they are responsible for the control. • Limit Liability: User control considerations help more clearly define where liability for controls is situated.
  • 16. Identification of controls Question: What is a control? Answer: A control is an activity put in place to mitigate a risk. Question: What types of risks should we be thinking about in our work? Answer: The risk that Financial Statement Assertions and Information Processing Objectives are not met.
  • 17. Think controls! What words are often associated with controls? • Match • Review • Re-perform • Compare • Restrict • Validate • Reconcile
  • 18. Control Evaluation Questions • Automated or Manual • Close to process or far from process • Close to accounts or far from accounts • Control has been placed in operation • Staff are competent • Control covers 100% of the population
  • 19. Attributes of the “best” controls: • Invisible • Automated • Preventative • Risk-based
  • 20. IT General Controls • Access to Programs and Data • Computer Operations • Program Changes • Program Development & Implementation
  • 21. Access to Programs and Data Objective To ensure that only authorized access is granted to programs and data upon authentication of a user's identity.
  • 22. Computer Operations Objective To ensure that production systems are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data.
  • 23. Program Changes Objective To ensure that changes to programs and related infrastructure components are requested, prioritized, performed, tested, and implemented in accordance with management’s objectives.
  • 24. Program Development Objective To ensure that systems are developed, configured, and implemented to achieve management’s objectives.
  • 25.
  • 26. Cody Griffin, CPA, CITP, CISA cgriffin@frazerfrost.com (501) 537-7441