University of Maryland University College
SearchSearch  MyUMUCMyUMUC  WebTychoWebTycho 

Financial Management and Accounting

Graduate School of Management and Technology

Master of Science in Accounting and Information Technology (MSAT)

Kathryn Klose, CPA, program director for Financial Management and Accounting

Donald Gakenheimer, academic coordinator

Announcements/News

Continuous Auditing

The Information Systems Control Journal (Volume I, 2008) discusses the audit industry’s push to use technology in continuous audits that “monitor controls and transactions in real time”(p. 50).  The example cited is Siemens’ continuous audit management (CAM) program.  The software, provided by Approva, continuously audits for controls such as  segregation of duties, changes to the general ledger, and the purchase-to-pay and order-to-cash processes. 

The goal of continuous auditing of IT and business controls is to reduce audit costs and increase operating efficiency.  Other expected benefits include audits that are deeper and broader, but take less time; provide for more transparency and better communication between auditors and auditees; and where controls are optimized. 

Take the Fraud IQ Test

While technology helps in the detection of fraud, accountants and financial managers require an intellectual understanding of what motivates fraud and how to look for signs of dishonesty and deception. 

Check your ‘fraud IQ’ by responding to these select questions from a test that recently appeared in the Journal of Accountancy (May 2007). 

  • Which of the following assets are most often pilfered?
    • Cash
    • Accounts receivable
    • Inventory
    • Intellectual property
  • __________________is the crediting of one account through the abstraction of money from another account.
    • Skimming
    • Lapping
    • Rigging
    • Padding
  • Jones is a buyer for Smith.  He buys exclusively from Brown despite the fact that other suppliers are better and cheaper.  Jones has an undisclosed interest in Brown’s business.  This situation would be classified as _____________________.
    • Embezzlement
    • Larceny
    • Conflict of interest
    • Bribery

Click here for the answers:  Your Fraud IQ.

To take and read the entire Journal of Accountancy article, go to What is Your Fraud IQ? .

Evaluting IT Controls - Your Value-Added

The article, “A Better Way to Evaluate IT Controls” by Martin J. Coe, appearing in the July 2006 issue of the Journal of Accountancy, describes the three options available to company management when evaluating their internal controls for the purpose of complying with   Section 404 of the Sarbanes Oxley Act.   The Securities and Exchange Commission (SEC) requires that companies include in their annual report a statement that describes “management's responsibility for establishing and maintaining adequate internal control, an assessment of the effectiveness of those controls as of the end of the most recent fiscal year.” (Coe, 2006)  Additionally, management must identify the control framework that it employs in assessing its internal controls. 

As prescribed by the SEC, companies must employ a control framework that is established by a recognized body or group. Three options that meet the criteria set by SEC are

  • COSO – which was established by Committee of Sponsoring Organizations of the Treadway Commission COSO.org.  These standards have been guiding the establishment of internal controls in organizations since their release in 1992.  They identify the five components of internal control as the control environment, risk assessment, control activities, information and communication, and monitoring.  The framework provides specific definitions on each component and outlines how to maximize and test the effectiveness of each.  To review the principles of the COSO framework check out: Putting COSO’s Theory into Practice.
  • COBIT - is a framework that has been advanced by the Information Systems Audit and Control Association ISACA.org  It is a generally accepted framework for IT governance and security that can be specifically applied to internal controls. The framework focuses on mapping process (IT governance) to the interrelated business objectives of strategic alignment, value delivery, resource management, performance management, and risk management (all encompassing accounting and financial processes).  To learn more about Cobit refer to: What’s New in Cobit 4.0.
  • AICPA/CICA Trust Services – is a framework sponsored by the AICPA (AICPA.org) which offers a set of best practices for CPAs assessing internal controls, including IT controls.  The framework emphasizes security, availability, processing integrity, and confidentiality.  To read more about this framework refer to: Trust Services.

Whether you are the company’s CFO/Controller or the company’s external accountant, the importance of understanding the differences between these control frameworks is vital.  The selection and implementation of a control environment that will assist the organization in achieving its mission, generating value, and guarding against risk is an opportunity to demonstrate your value-added.   

 

Contact UMUC 1-800-888-8682 | Press | Accreditation | Copyright | Nondiscrimination Statement | Privacy | Security