Internal Control and Risk Evaluation
Internal Control and Risk Evaluation Accounting Information Systems 542 October 10, 2011 Analyze the risks in the systems that your team analyzed An Accounting Information System is an integral part of the new design of Kudler’s computer system. Accountants do not necessarily need to understand completely how computers process data of the accounting application, but it is essential for them to understand the flowcharts and documentation that shows how this processing works. The purpose of the new system is to integrate the four Kudler locations.
Centralizing the accounting system will save Kudler money by automating accounting, inventory, human resources, and purchasing. Additionally, implementing levels of security, the new system will help detect employee theft and fraud. There are always risks associated with implementing a new accounting system. Identify all Risks and Internal Control points by Incorporating the Controls and Risks into the Flowcharts The record suggests that insufficient or deficient documentation costs organizations time and money; and that good documentation is as important as the software it describes.
Two examples are document flowcharts and system flowcharts. A document flowchart traces the physical flow of documents through an organization from the departments, groups, or individuals who first create them to their final dispositions (2004, Bagranoff, p. 69). Information Technology function managers are principally responsible for administering the workflow, managing the computing environment, handling third-party services, and assisting users. Therefore, proper management of each of these responsibilities minimizes business and audit risks.
Information Technology functions include security, input, processing, output, databases, backup, and recovery. Kudler’s internal controls is vitally important for the IT auditors to assess whether control risk is within a tolerable range or otherwise existing controls may have to be strengthened or compensating controls may have to be developed in to lower control risk to an acceptable level (Hunton, Bryant, & Bagranoff, 2004, p. 103-106). Design internal controls to mitigate risks to the systems
First, training employees to use the system properly will help minimize security risks. User-friendly documentation includes manuals, and operating instructions that help employees learn and understand how the accounting information systems flow. Additionally, the documentation helps the employees to solve operational problems, and perform their jobs better. When IT distributes documentation they usually conduct structured walkthroughs in which they review system documentation to ensure the integrity and completeness of their designs and to identify flaws.
Next, to help mitigate risks, documentation helps depict audit trails because the auditors usually focus on internal controls; and documentation helps determine the strengths and weaknesses of a system’s controls, and therefore the scope and complexity of the audit. The auditors will trace outputs to the original or source transactions that created them. System documentation helps auditors perform these tasks.
Though Kudler is not publicly traded they still should adhere to Section 404 of the Sarbanes-Oxley Act of 2002 that requires publicly traded companies to identify the major sources of business risks, document their internal control procedures, and hire external auditors to evaluate the validity and effectiveness of such procedures. Therefore documentation is necessary for analyzing the risks of errors, frauds, omissions, as well as helping auditors evaluate the controls used to mitigate such risks. An internal control to implement is a signed checklist that outlines the month-end journal entries an accountant must perform.
Such checklists verify that the accountant performed these tasks, which a reviewer approved them, and both individuals are accountable for the accuracy of the work. Similar comments apply to the checklists for preparing financial statements, tax returns, auditing papers, budgets, and similar accounting documents. Including such checklists with the statements themselves both documents the work that the employees performed as well as the procedures and controls involved in the work (Bragranoff, Simkin, & Norman, 2008, p. 66). Furthermore, IT managers usually report to whoever anages corporate accounting; and that is because most Information Technology applications deal with accounting transactions. The issue with this chain of command is that most corporate controllers can authorize and record certain transactions, such as accounting adjustments and accruals. If they are also allowed to maintain custody of assets, such as information databases and software applications, all three duties overlap fall under the same category. The result is Kudler’s controller can authorize and record seemingly valid accounting transactions while altering results to achieve fraudulent objectives.
Moreover, controllers could either make data and software changes themselves or instruct their IT function managers to make such changes which appear to be valid requests. Kudler has no reason not to trust their Controller however; the IT auditors have to be professionally skeptical when designing internal control structures, regardless of the corporate position being reviewed. Because of this, segregation of duties can be accomplished by IT managers reporting to Human Resources so that all changes are reviewed through a different department (Hunton, Bryant, & Bagranoff, 2004, p. 93-94).
Evaluate the application of internal controls to the systems In computerized systems, this task is impossible because the processing is electronic and therefore invisible. On the other hand, studying written descriptions of the inputs, processing steps, and outputs of the system make the job easier, and flowcharts, graphs or diagrams of these processing functions makes understanding easier. Documentation helps employees understand how a system works, assists accountants in designing controls for it, and gives managers confidence that it will meet their information needs (Bragranoff, Simkin, & Norman, 2008, p. 7). Well-written documentation, along with other systems-design methodologies, often helps in reducing systems failures and decreasing the time spent correcting errors and putting out fires in computer systems. Therefore, weak systems usually lead to costly mistakes and increased security (Hunton, Bryant, & Bagranoff, 2004, p. 92). Discuss other controls, outside the system, that Kudler Fine Foods may need Kudler has to consider other controls besides implementing accounting information system.
Such as how the Information technology will balance stability and change that could be challenging. Information Technology managers have to manage day-to-day duties plus an abundance of user requests demands and other priorities. IT managers attempt to please everyone however, they still have to abide by the control functions and not divvy losing sight of long-term value-added goals and therefore enabling the people they are trying to help. Unfortunately, internal controls can easily be ignored because IT is handling emergencies which can lead to not following protocol and procedures.
One way to avoid becoming drawn into the black hole of IT chaos is for managers to follow sound policies and procedures designed to structure IT work such that short-term and long-term goals are met while IT resources are productively deployed and securely employed (Hunton, Bryant, & Bagranoff, 2004). References Bragranoff, N. A. , Simkin, M. G. , & Norman, C. S. (2008). Core Concepts of Accounting Information Systems (10th ed. ). New York, NY: Wiley. Hunton, J. E. , Bryant, S. M. , & Bagranoff, N. A. (2004). Core Concepts of Information Technology Auditing. Hoboken, NJ: Wiley.