Rdc Presentation

8/6/2019 Rdc Presentation

1/15

MANAGEMENT SYSTEMS DEPARTMENT

Norkis Group of Companies

2008-09-A2-RDC-01

September 10, 2008

Internal

ControlSystem


2/15

INTERNAL CONTROL

//a process designed and effected by those charged withgovernance, management, and other personnel to provide

reasonable assurance about the achievement of the

entitys objectives//

Purpose:

reliability of financial reporting

effectiveness and efficiency of operations

compliance with applicable laws and regulations


3/15

3.4 REGULATIONS

3.5 POLICIES

3.6 RISK ASSESSMENT

O U T L I N E:

Internal Control System


4/15

3.4 REGULATIONS

Securities and Exchange Commission Acts

to oversee the setting of GAAP for publicly traded

companies

convey the authority to investigate cases of suspected

financial fraud and to censure companies from trading



5/15

Foreign Corrupt

Practices Act (1977)

requires SEC companies to maintain an internal controlsystem with reasonable assurance that organizations

objectives are being met, and even providing penalties

for violations

3.4 REGULATIONS



6/15

Copyright Laws

protect intellectual property

management is legally responsible for violations of the

organization

IS auditors responsibility: be aware of such risks

communicate these risks

review software implementation

develop adequate control procedures

incorporate appropriate techniques/tools in audit programs to detect

unauthorized use of software

3.4 REGULATIONS



7/15

Sarbanes-Oxley Act (2002)

state the responsibility of management for establishing

and maintaining an adequate internal control structureand procedures

contain an assessment of the effectiveness of internal

structure and procedures

3.4 REGULATIONS



8/15

Environmental Laws

laws regarding environmental issues that affect many

organizations. Internal auditors must be cognizant ofany applicable environmental laws due to stiff penalties

and negative public image that result from violations

3.4 REGULATIONS



9/15

3.5 POLICIES

System Development Life Cycle Policysegregates processes of systems development, usage and

maintenance

Systems Usage Policyfocus on identifying t e aut orized uses of computer

resources



10/15

3.5 POLICIES

Security Policyemp asize all stake olders t at information and data are

not just computer files, t ey are assets t at ave a value

Password Policya strategic advantage in maintaining strong internal

controls and elps to minimize adverse events suc

as computer crime and fraud



11/15

3.5 POLICIES

E-mail Policydescribes appropriate use of corporate

e-mail resources.

Bus. Recovery Policyinclude adequate planning for business recovery of systems,

disaster recovery and incident

response plan

Privacy Policy

information about individuals, eit er personal data or data

about actions



12/15

3.6 RISK ASSESSMENT

/a critical step in building an effective internalcontrol system that has the ability to manage

undesirable events/

/Internal audit activity should assist the organization

by identifying and evaluating significant exposures to

risk and contributing to the improvement of risk

management and control systems/



13/15

3.6 RISK ASSESSMENT

INTERNAL RISKS


WHO?

disgruntled employees

management employees with

personal problems

WHAT? malicious activities

accidents

ineffective accountability


14/15

3.6 RISK ASSESSMENT

EXTERNAL RISKS


WHO?

hackers

crackers intruders

WHAT?

remote access

viruses

computer crimes

theft/robbery


15/15

CHIEF EDITOR

GRAPHIC ARTIST

PHOTOGRAPHER

CONTRIBUTOR

EDITORIAL STAFF

HEADLINERSThe official publicationof Mgt. Systems Dept.

Maraming salamat po.

Documents

Rdc Presentation